80 files changed, 14758 insertions, 0 deletions
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/accept.txt b/vendor/gems/ruby-openid-2.1.4/test/data/accept.txt
new file mode 100644
index 000000000..884ff662e
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/accept.txt
@@ -0,0 +1,124 @@
+# Accept: [Accept: header value from RFC2616,
+#     http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html]
+# Available: [whitespace-separated content types]
+# Expected: [Accept-header like list, containing the available content
+#     types with their q-values]
+
+Accept: */*
+Available: text/plain
+Expected: text/plain; q=1.0
+
+Accept: */*
+Available: text/plain, text/html
+Expected: text/plain; q=1.0, text/html; q=1.0
+
+# The order matters
+Accept: */*
+Available: text/html, text/plain
+Expected: text/html; q=1.0, text/plain; q=1.0
+
+Accept: text/*, */*; q=0.9
+Available: text/plain, image/jpeg
+Expected: text/plain; q=1.0, image/jpeg; q=0.9
+
+Accept: text/*, */*; q=0.9
+Available: image/jpeg, text/plain
+Expected: text/plain; q=1.0, image/jpeg; q=0.9
+
+# wildcard subtypes still reject differing main types
+Accept: text/*
+Available: image/jpeg, text/plain
+Expected: text/plain; q=1.0
+
+Accept: text/html
+Available: text/html
+Expected: text/html; q=1.0
+
+Accept: text/html, text/*
+Available: text/html
+Expected: text/html; q=1.0
+
+Accept: text/html, text/*
+Available: text/plain, text/html
+Expected: text/plain; q=1.0, text/html; q=1.0
+
+Accept: text/html, text/*; q=0.9
+Available: text/plain, text/html
+Expected: text/html; q=1.0, text/plain; q=0.9
+
+# If a more specific type has a higher q-value, then the higher value wins
+Accept: text/*; q=0.9, text/html
+Available: text/plain, text/html
+Expected: text/html; q=1.0, text/plain; q=0.9
+
+Accept: */*, text/*; q=0.9, text/html; q=0.1
+Available: text/plain, text/html, image/monkeys
+Expected: image/monkeys; q=1.0, text/plain; q=0.9, text/html; q=0.1
+
+Accept: text/*, text/html; q=0
+Available: text/html
+Expected:
+
+Accept: text/*, text/html; q=0
+Available: text/html, text/plain
+Expected: text/plain; q=1.0
+
+Accept: text/html
+Available: text/plain
+Expected:
+
+Accept: application/xrds+xml, text/html; q=0.9
+Available: application/xrds+xml, text/html
+Expected: application/xrds+xml; q=1.0, text/html; q=0.9
+
+Accept: application/xrds+xml, */*; q=0.9
+Available: application/xrds+xml, text/html
+Expected: application/xrds+xml; q=1.0, text/html; q=0.9
+
+Accept: application/xrds+xml, application/xhtml+xml; q=0.9, text/html; q=0.8, text/xml; q=0.7
+Available: application/xrds+xml, text/html
+Expected: application/xrds+xml; q=1.0, text/html; q=0.8
+
+# See http://www.rfc-editor.org/rfc/rfc3023.txt, section A.13
+Accept: application/xrds
+Available: application/xrds+xml
+Expected:
+
+Accept: application/xrds+xml
+Available: application/xrds
+Expected:
+
+Accept: application/xml
+Available: application/xrds+xml
+Expected:
+
+Available: application/xrds+xml
+Accept: application/xml
+Expected:
+
+Available:
+Accept: not_a_content_type
+Expected:
+
+Available: text/html
+Accept: not_a_content_type, text/html
+Expected: text/html; q=1.0
+
+#################################################
+# The tests below this line are documentation of how this library
+# works. If the implementation changes, it's acceptable to change the
+# test to reflect that. These are specified so that we can make sure
+# that the current implementation actually works the way that we
+# expect it to given these inputs.
+
+Accept: text/html;level=1
+Available: text/html
+Expected: text/html; q=1.0
+
+Accept: text/html; level=1, text/html; level=9; q=0.1
+Available: text/html
+Expected: text/html; q=1.0
+
+Accept: text/html; level=9; q=0.1, text/html; level=1
+Available: text/html
+Expected: text/html; q=1.0
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/dh.txt b/vendor/gems/ruby-openid-2.1.4/test/data/dh.txt
new file mode 100644
index 000000000..0fa523146
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/dh.txt
@@ -0,0 +1,29 @@
+130706940119084053627151828062879423433929180135817317038378606310097533503449582079984816816837125851552273641820339909167103200910805078308128174143174269944095368580519322913514764528012639683546377014716235962867583443566164615728897857285824741767070432119909660645255499710701356135207437699643611094585 139808169914464096465921128085565621767096724855516655439365028496569658038844954238931647642811548254956660405394116677296461848124300258439895306367561416289126854788101396379292925819850897858045772500578222021901631436550118958972312221974009238050517034542286574826081826542722270952769078386418682059418
+91966407878983240112417790733941098492087186469785726449910011271065622315680646030230288265496017310433513856308693810812043160919214636748486185212617634222158204354206411031403206076739932806412551605172319515223573351072757800448643935018534945933808900467686115619932664888581913179496050117713298715475 88086484332488517006277516020842172054013692832175783214603951240851750819999098631851571207693874357651112736088114133607400684776234181681933311972926752846692615822043533641407510569745606256772455614745111122033229877596984718963046218854103292937700694160593653595134512369959987897086639788909618660591
+94633950701209990078055218830969910271587805983595045023718108184189787131629772007048606080263109446462048743696369276578815611098215686598630889831104860221067872883514840819381234786050098278403321905311637820524177879167250981289318356078312300538871435101338967079907049912435983871847334104247675360099 136836393035803488129856151345450008294260680733328546556640578838845312279198933806383329293483852515700876505956362639881210101974254765087350842271260064592406308509078284840473735904755203614987286456952991025347168970462354352741159076541157478949094536405618626397435745496863324654768971213730622037771
+24685127248019769965088146297942173464487677364928435784091685260262292485380918213538979925891771204729738138857126454465630594391449913947358655368215901119137728648638547728497517587701248406019427282237279437409508871300675355166059811431191200555457304463617727969228965042729205402243355816702436970430 103488011917988946858248200111251786178288940265978921633592888293430082248387786443813155999158786903216094876295371112716734481877806417714913656921169196196571699893360825510307056269738593971532017994987406325068886420548597161498019372380511676314312298122272401348856314619382867707981701472607230523868
+116791045850880292989786005885944774698035781824784400772676299590038746153860847252706167458966356897309533614849402276819438194497464696186624618374179812548893947178936305721131565012344462048549467883494038577857638815386798694225798517783768606048713198211730870155881426709644960689953998714045816205549 25767875422998856261320430397505398614439586659207416236135894343577952114994718158163212134503751463610021489053571733974769536157057815413209619147486931502025658987681202196476489081257777148377685478756033509708349637895740799542063593586769082830323796978935454479273531157121440998804334199442003857410
+75582226959658406842894734694860761896800153014775231713388264961517169436476322183886891849966756849783437334069692683523296295601533803799559985845105706728538458624387103621364117548643541824878550074680443708148686601108223917493525070861593238005735446708555769966855130921562955491250908613793521520082 51100990616369611694975829054222013346248289055987940844427061856603230021472379888102172458517294080775792439385531234808129302064303666640376750139242970123503857186428797403843206765926798353022284672682073397573130625177187185114726049347844460311761033584101482859992951420083621362870301150543916815123
+22852401165908224137274273646590366934616265607879280260563022941455466297431255072303172649495519837876946233272420969249841381161312477263365567831938496555136366981954001163034914812189448922853839616662859772087929140818377228980710884492996109434435597500854043325062122184466315338260530734979159890875 35017410720028595029711778101507729481023945551700945988329114663345341120595162378885287946069695772429641825579528116641336456773227542256911497084242947904528367986325800537695079726856460817606404224094336361853766354225558025931211551975334149258299477750615397616908655079967952372222383056221992235704
+37364490883518159794654045194678325635036705086417851509136183713863262621334636905291385255662750747808690129471989906644041585863034419130023070856805511017402434123099100618568335168939301014148587149578150068910141065808373976114927339040964292334109797421173369274978107389084873550233108940239410902552 40916262212189137562350357241447034318002130016858244002788189310078477605649010031339865625243230798681216437501833540185827501244378529230150467789369234869122179247196276164931090039290879808162629109742198951942358028123056268054775108592325500609335947248599688175189333996086475013450537086042387719925
+42030470670714872936404499074069849778147578537708230270030877866700844337372497704027708080369726758812896818567830863540507961487472657570488625639077418109017434494794778542739932765561706796300920251933107517954265066804108669800167526425723377411855061131982689717887180411017924173629124764378241885274 124652439272864857598747946875599560379786580730218192165733924418687522301721706620565030507816884907589477351553268146177293719586287258662025940181301472851649975563004543250656807255226609296537922304346339513054316391667044301386950180277940536542183725690479451746977789001659540839582630251935163344393
+33176766914206542084736303652243484580303865879984981189372762326078776390896986743451688462101732968104375838228070296418541745483112261133079756514082093269959937647525005374035326747696591842313517634077723301677759648869372517403529488493581781546743147639937580084065663597330159470577639629864369972900 67485835091897238609131069363014775606263390149204621594445803179810038685760826651889895397414961195533694176706808504447269558421955735607423135937153901140512527504198912146656610630396284977496295289999655140295415981288181545277299615922576281262872097567020980675200178329219970170480653040350512964539
+131497983897702298481056962402569646971797912524360547236788650961059980711719600424210346263081838703940277066368168874781981151411096949736205282734026497995296147418292226818536168555712128736975034272678008697869326747592750850184857659420541708058277866000692785617873742438060271311159568468507825422571 5400380840349873337222394910303409203226429752629134721503171858543984393161548520471799318518954232197106728096866840965784563043721652790856860155702760027304915133166173298206604451826182024471262142046935060360564569939062438160049193241369468208458085699995573492688298015026628427440418009025072261296
+83265103005695640943261961853521077357830295830250157593141844209296716788437615940096402365505416686459260302419338241462783388722843946886845478224048360927114533590583464979009731440049610985062455108831881153988321298531365779084012803908832525921630534096740755274371500276660832724874701671184539131864 141285570207910287798371174771658911045525474449663877845558585668334618068814605961306961485855329182957174312715910923324965889174835444049526313968571611940626279733302104955951067959291852710640374412577070764165811275030632465290729619533330733368808295932659463215921521905553936914975786500018720073003
+68435028583616495789148116911096163791710022987677894923742899873596891423986951658100606742052014161171185231735413902875605720814417622409817842932759492013585936536452615480700628719795872201528559780249210820284350401473564919576289210869896327937002173624497942136329576506818749730506884927872345019446 134655528287263100540003157571441260698452262106680191153945271167894435782028803135774578949200580551016388918860856991026082917835209212892423567114480975540305860034439015788120390011692862968771136814777768281366591257663821495720134621172848947971117885754539770645621669309650476331439675400544167728223
+97765390064836080322590528352647421920257073063706996347334558390461274981996865736612531330863478931481491964338380362350271734683183807511097331539820133036984271653285063355715726806139083282458695728902452215405696318402583540317419929113959816258829534543044153959951908676300847164682178008704099351835 92552521881196975294401505656851872247567784546370503402756239533783651371688190302773864319828182042605239246779598629409815474038541272600580320815319709309111399294952620375093803971373108792300726524826209329889463854451846561437729676142864421966497641824498079067929811613947148353921163336822026640804
+145767094672933012300753301037546647564595762930138884463767054235112032706630891961371504668013023047595721138624016493638510710257541241706724342585654715468628355455898091951826598092812212209834746162089753649871544789379424903025374228231365026585872808685759231756517703720396301355299998059523896918448 116669462839999965355861187716880953863237226719689755457884414384663576662696981997535568446560375442532084973721539944428004043491468494548231348032618218312515409944970197902589794303562379864012797605284844016184274353252071642511293089390472576498394410829972525726474727579603392265177009323768966538608
+34172517877854802711907683049441723730724885305592620486269966708379625109832852005775048584124451699198484092407720344962116726808090368739361658889584507734617844212547181476646725256303630128954338675520938806905779837227983648887192531356390902975904503218654196581612781227843742951241442641220856414232 126013077261793777773236390821108423367648447987653714614732477073177878509574051196587476846560696305938891953527959347566502332765820074506907037627115954790645652211088723122982633069089920979477728376746424256704724173255656757918995039125823421607024407307091796807227896314403153380323770001854211384322
+9979624731056222925878866378063961280844793874828281622845276060532093809300121084179730782833657205171434732875093693074415298975346410131191865198158876447591891117577190438695367929923494177555818480377241891190442070100052523008290671797937772993634966511431668500154258765510857129203107386972819651767 76559085024395996164590986654274454741199399364851956129137304209855150918182685643729981600389513229011956888957763987167398150792454613751473654448162776379362213885827651020309844507723069713820393068520302223477225569348080362344052033711960892643036147232270133731530049660264526964146237693063093765111
+18162696663677410793062235946366423954875282212790518677684260521370996677183041664345920941714064628111537529793170736292618705900247450994864220481135611781148410617609559050220262121494712903009168783279356915189941268264177631458029177102542745167475619936272581126346266816618866806564180995726437177435 63244550218824945129624987597134280916829928261688093445040235408899092619821698537312158783367974202557699994650667088974727356690181336666077506063310290098995215324552449858513870629176838494348632073938023916155113126203791709810160925798130199717340478393420816876665127594623142175853115698049952126277
+4817943161362708117912118300716778687157593557807116683477307391846133734701449509121209661982298574607233039490570567781316652698287671086985501523197566560479906850423709894582834963398034434055472063156147829131181965140631257939036683622084290629927807369457311894970308590034407761706800045378158588657 61612160237840981966750225147965256022861527286827877531373888434780789812764688703260066154973576040405676432586962624922734102370509771313805122788566405984830112657060375568510809122230960988304085950306616401218206390412815884549481965750553137717475620505076144744211331973240555181377832337912951699135
+36363324947629373144612372870171042343590861026293829791335153646774927623889458346817049419803031378037141773848560341251355283891019532059644644509836766167835557471311319194033709837770615526356168418160386395260066262292757953919140150454538786106958252854181965875293629955562111756775391296856504912587 86831561031659073326747216166881733513938228972332631084118628692228329095617884068498116676787029033973607066377816508795286358748076949738854520048303930186595481606562375516134920902325649683618195251332651685732712539073110524182134321873838204219194459231650917098791250048469346563303077080880339797744
+26406869969418301728540993821409753036653370247174689204659006239823766914991146853283367848649039747728229875444327879875275718711878211919734397349994000106499628652960403076186651083084423734034070082770589453774926850920776427074440483233447839259180467805375782600203654373428926653730090468535611335253 100139935381469543084506312717977196291289016554846164338908226931204624582010530255955411615528804421371905642197394534614355186795223905217732992497673429554618838376065777445760355552020655667172127543653684405493978325270279321013143828897100500212200358450649158287605846102419527584313353072518101626851
+92613116984760565837109105383781193800503303131143575169488835702472221039082994091847595094556327985517286288659598094631489552181233202387028607421487026032402972597880028640156629614572656967808446397456622178472130864873587747608262139844319805074476178618930354824943672367046477408898479503054125369731 30023391082615178562263328892343821010986429338255434046051061316154579824472412477397496718186615690433045030046315908170615910505869972621853946234911296439134838951047107272129711854649412919542407760508235711897489847951451200722151978578883748353566191421685659370090024401368356823252748749449302536931
+31485815361342085113278193504381994806529237123359718043079410511224607873725611862217941085749929342777366642477711445011074784469367917758629403998067347054115844421430072631339788256386509261291675080191633908849638316409182455648806133048549359800886124554879661473112614246869101243501787363247762961784 114503770698890543429251666713050844656853278831559195214556474458830029271801818536133531843456707474500106283648085144619097572354066554819887152106174400667929098257361286338795493838820850475790977445807435511982704395422526800272723708548541616513134676140304653112325071112865020365664833601046215694089
+76882090884790547431641385530818076533805072109483843307806375918023300052767710853172670987385376253156912268523505310624133905633437815297307463917718596711590885553760690350221265675690787249135345226947453988081566088302642706234126002514517416493192624887800567412565527886687096028028124049522890448168 15056463217273240496622619354104573042767532856243223052125822509781815362480522535564283485059790932505429110157271454207173426525345813426696743168079246510944969446574354255284952839036431873039487144279164893710061580467579842173706653409487110282515691099753380094215805485573768509475850463001549608836
+52345178981230648108672997265819959243255047568833938156267924185186047373470984278294897653277996726416846430969793375429223610099546622112048283560483136389901514170116723365811871938630317974150540909650396429631704968748113009366339718498979597226137532343384889080245796447593572468846438769413505393967 32148494517199936472358017244372701214529606506776255341152991328091526865643069587953759877295255050519124541457805199596762210567333445908166076384465183589342153762720515477404466193879418014196727238972417616122646440870364200208488239778452378059236162633837824948613596114768455832408342040970780086
+41095268619128788015767564971105114602454449306041732792746397800275041704886345704294273937217484580365505320134717320083763349380629342859670693445658118959823430378844830923452105707338162448974869312012791385772125813291388247857971218575518319578818336960572244046567099555399203328678654466958536663208 92166550199033418923713824997841892577149715275633481076285269142670107687867024550593869464613175882141630640739938334001211714884975032600306279287443909448541179109981755796752132502127330056736913454039526413284519137059580845856736918773597087836203497066909257930043736166431682872083389105176299181629
+40049143661018504441607875135884755310012910557581028447435354354754245291878800571089144452035026644953322330676651798951447670184106450649737772686119714700743396359069052813433030118630105307022867200053964644574786137276428546712005171080129190959914708907200288299169344380390093918556722227705114244981 108159089972386282154772900619022507336076619354549601813179459338897131937353741544606392560724999980281424266891537298473163753022749859939445293926707568015958367188089915420630082556748668489756475027008449860889202622698060097015044886961901650857610841562477736791450080980702347705778074391774667412741
+69905259478181995876884927656894491893594530150260951315109404530530357998889589977208787140430938039028941393673520799460431992051993157468616168400324834880926190141581037597526917869362292931957289043707855837933490285814769110495657056206391880865972389421774822461752702336812585852278453803972600333734 71821415380277072313878763768684432371552628204186742842154591000123020597011744840460964835414360968627162765288463383113375595799297552681618876474019263288277398833725479226930770694271622605114061622753165584075733358178384410640349907375170170910499615355511313349300918885560131539570707695789106185664
+26945345439378873515011714350080059082081595419023056538696949766471272811362104837806324694947413603019863785876836706911406330379274553386254346050697348395574746891556054334903838949157798006141473389066020212044825140294048709654273698482867946522782450500680195477050110145664069582549935651920545151500 80313315938584480048642653013876614091607852535582224914294013785054094052454758327935781971746329853786568549510067442145637007308960551652864942042189241081946607011847245280773379099020221884296226818685556430275385068764313042226925852500883894269809033380734632866477789520106865758504064806906234130588
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/example-xrds.xml b/vendor/gems/ruby-openid-2.1.4/test/data/example-xrds.xml
new file mode 100644
index 000000000..101ba3bd5
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/example-xrds.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Sample XRDS file at: NAME -->
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+
+    <Service priority="0">
+      <Type>http://example.com/</Type>
+      <URI>http://www.openidenabled.com/</URI>
+    </Service>
+
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/linkparse.txt b/vendor/gems/ruby-openid-2.1.4/test/data/linkparse.txt
new file mode 100644
index 000000000..2fa38cde9
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/linkparse.txt
@@ -0,0 +1,587 @@
+Num Tests: 72
+
+OpenID link parsing test cases
+Copyright (C) 2005-2008, JanRain, Inc.
+See COPYING for license information.
+
+File format
+-----------
+
+All text before the first triple-newline (this chunk) should be ignored.
+
+This file may be interpreted as Latin-1 or UTF-8.
+
+Test cases separated by three line separators (`\n\n\n'). The test
+cases consist of a headers section followed by a data block. These are
+separated by a double newline. The headers consist of the header name,
+followed by a colon, a space, the value, and a newline. There must be
+one, and only one, `Name' header for a test case. There may be zero or
+more link headers. The `Link' header consists of whitespace-separated
+attribute pairs. A link header with an empty string as a value
+indicates an empty but present link tag. The attribute pairs are `='
+separated and not quoted.
+
+Optional Links and attributes have a trailing `*'. A compilant
+implementation may produce this as output or may not. A compliant
+implementation will not produce any output that is absent from this
+file.
+
+
+Name: No link tag at all
+
+<html>
+<head>
+</head>
+</html>
+
+
+Name: Link element first
+
+<link>
+
+
+Name: Link inside HTML, not head
+
+<html>
+<link>
+
+
+Name: Link inside head, not html
+
+<head>
+<link>
+
+
+Name: Link inside html, after head
+
+<html>
+<head>
+</head>
+<link>
+
+
+Name: Link inside html, before head
+
+<html>
+<link>
+<head>
+
+
+Name: Link before html and head
+
+<link>
+<html>
+<head>
+
+
+Name: Link after html document with head
+
+<html>
+<head>
+</head>
+</html>
+<link>
+
+
+Name: Link inside html inside head, inside another html
+
+<html>
+<head>
+<html>
+<link>
+
+
+Name: Link inside html inside head
+
+<head>
+<html>
+<link>
+
+
+Name: link inside body inside head inside html
+
+<html>
+<head>
+<body>
+<link>
+
+
+Name: Link inside head inside head inside html
+
+<html>
+<head>
+<head>
+<link>
+
+
+Name: Link inside script inside head inside html
+
+<html>
+<head>
+<script>
+<link>
+</script>
+
+
+Name: Link inside comment inside head inside html
+
+<html>
+<head/>
+<link>
+
+
+Name: Link inside of head after short head
+
+<html>
+<head/>
+<head>
+<link>
+
+
+Name: Plain vanilla
+Link:
+
+<html>
+<head>
+<link>
+
+
+Name: Ignore tags in the <script:... > namespace
+Link*:
+
+<html>
+<head>
+<script:paddypan>
+<link>
+</script:paddypan>
+
+
+Name: Short link tag
+Link:
+
+<html>
+<head>
+<link/>
+
+
+Name: Spaces in the HTML tag
+Link:
+
+<html >
+<head>
+<link>
+
+
+Name: Spaces in the head tag
+Link:
+
+<html>
+<head >
+<link>
+
+
+Name: Spaces in the link tag
+Link:
+
+<html>
+<head>
+<link >
+
+
+Name: No whitespace
+Link:
+
+<html><head><link>
+
+
+Name: Closed head tag
+Link:
+
+<html>
+<head>
+<link>
+</head>
+
+
+Name: One good, one bad (after close head)
+Link:
+
+<html>
+<head>
+<link>
+</head>
+<link>
+
+
+Name: One good, one bad (after open body)
+Link:
+
+<html>
+<head>
+<link>
+<body>
+<link>
+
+
+Name: ill formed (missing close head)
+Link:
+
+<html>
+<head>
+<link>
+</html>
+
+
+Name: Ill formed (no close head, link after </html>)
+Link:
+
+<html>
+<head>
+<link>
+</html>
+<link>
+
+
+Name: Ignore random tags inside of html
+Link:
+
+<html>
+<delicata>
+<head>
+<title>
+<link>
+
+
+Name: case-folding
+Link*:
+
+<HtMl>
+<hEaD>
+<LiNk>
+
+
+Name: unexpected tags
+Link:
+
+<butternut>
+<html>
+<summer>
+<head>
+<turban>
+<link>
+
+
+Name: un-closed script tags
+Link*:
+
+<html>
+<head>
+<script>
+<link>
+
+
+Name: un-closed script tags (no whitespace)
+Link*:
+
+<html><head><script><link>
+
+
+Name: un-closed comment
+Link*:
+
+<html>
+<head>
+<!--
+<link>
+
+
+Name: un-closed CDATA
+Link*:
+
+<html>
+<head>
+<![CDATA[
+<link>
+
+
+Name: cdata-like
+Link*:
+
+<html>
+<head>
+<![ACORN[
+<link>
+]]>
+
+
+Name: comment close only
+Link:
+
+<html>
+<head>
+<link>
+-->
+
+
+Name: Vanilla, two links
+Link:
+Link:
+
+<html>
+<head>
+<link>
+<link>
+
+
+Name: extra tag, two links
+Link:
+Link:
+
+<html>
+<gold nugget>
+<head>
+<link>
+<link>
+
+
+Name: case-fold, body ends, two links
+Link:
+Link*:
+
+<html>
+<head>
+<link>
+<LiNk>
+<body>
+<link>
+
+
+Name: simple, non-quoted rel
+Link: rel=openid.server
+
+<html><head><link rel=openid.server>
+
+
+Name: short tag has rel
+Link: rel=openid.server
+
+<html><head><link rel=openid.server/>
+
+
+Name: short tag w/space has rel
+Link: rel=openid.server
+
+<html><head><link rel=openid.server />
+
+
+Name: extra non-attribute, has rel
+Link: rel=openid.server hubbard*=hubbard
+
+<html><head><link hubbard rel=openid.server>
+
+
+Name: non-attr, has rel, short
+Link: rel=openid.server hubbard*=hubbard
+
+<html><head><link hubbard rel=openid.server/>
+
+
+Name: non-attr, has rel, short, space
+Link: rel=openid.server hubbard*=hubbard
+
+<html><head><link hubbard rel=openid.server />
+
+
+Name: misplaced slash has rel
+Link: rel=openid.server
+
+<html><head><link / rel=openid.server>
+
+
+Name: quoted rel
+Link: rel=openid.server
+
+<html><head><link rel="openid.server">
+
+
+Name: single-quoted rel
+Link: rel=openid.server
+
+<html><head><link rel='openid.server'>
+
+
+Name: two links w/ rel
+Link: x=y
+Link: a=b
+
+<html><head><link x=y><link a=b>
+
+
+Name: non-entity
+Link: x=&y
+
+<html><head><link x=&y>
+
+
+Name: quoted non-entity
+Link: x=&y
+
+<html><head><link x="&y">
+
+
+Name: quoted entity
+Link: x=&
+
+<html><head><link x="&amp;">
+
+
+Name: entity not processed
+Link: x=&#26;
+
+<html><head><link x="&#26;">
+
+
+Name: &lt;
+Link: x=<
+
+<html><head><link x="&lt;">
+
+
+Name: &gt;
+Link: x=>
+
+<html><head><link x="&gt;">
+
+
+Name: &quot;
+Link: x="
+
+<html><head><link x="&quot;">
+
+
+Name: &amp;&quot;
+Link: x=&"
+
+<html><head><link x="&amp;&quot;">
+
+
+Name: mixed entity and non-entity
+Link: x=&"&hellip;>
+
+<html><head><link x="&amp;&quot;&hellip;&gt;">
+
+
+Name: mixed entity and non-entity (w/normal chars)
+Link: x=x&"&hellip;>x
+
+<html><head><link x="x&amp;&quot;&hellip;&gt;x">
+
+
+Name: broken tags
+Link*: x=y
+Link*: x=y<
+
+<html><head><link x=y<>
+
+
+Name: missing close pointy
+Link*: x=y
+Link*: x=y<link z=y
+Link*: z=y
+
+<html><head><link x=y<link z=y />
+
+
+Name: missing attribute value
+Link: x=y y*=y
+Link: x=y
+
+<html><head><link x=y y=><link x=y />
+
+
+Name: Missing close pointy (no following)
+Link*: x=y
+
+<html><head><link x=y
+
+
+Name: Should be quoted
+Link*: x=<
+
+<html><head><link x="<">
+
+
+Name: Should be quoted (2)
+Link*: x=>
+Link*: x=x
+
+<html><head><link x=">">
+
+
+Name: Repeated attribute
+Link: x=y
+
+<html><head><link x=z x=y>
+
+
+Name: Repeated attribute (2)
+Link: x=y
+
+<html><head><link x=y x=y>
+
+
+Name: Two attributes
+Link: x=y y=z
+
+<html><head><link x=y y=z>
+
+
+Name: Well-formed link rel="openid.server"
+Link: rel=openid.server href=http://www.myopenid.com/server
+
+<html>
+  <head>
+    <link rel="openid.server"
+          href="http://www.myopenid.com/server" />
+  </head>
+</html>
+
+
+Name: Well-formed link rel="openid.server" and "openid.delegate"
+Link: rel=openid.server href=http://www.myopenid.com/server
+Link: rel=openid.delegate href=http://example.myopenid.com/
+
+<html><head><link rel="openid.server"
+                  href="http://www.myopenid.com/server" />
+            <link rel="openid.delegate" href="http://example.myopenid.com/" />
+</head></html>
+
+
+Name: from brian's livejournal page
+Link: rel=stylesheet href=http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711 type=text/css
+Link: rel=openid.server href=http://www.livejournal.com/openid/server.bml
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <link rel="stylesheet"
+          href="http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711"
+          type="text/css" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="foaf:maker"
+          content="foaf:mbox_sha1sum '12f8abdacb5b1a806711e23249da592c0d316260'" />
+    <meta name="robots" content="noindex, nofollow, noarchive" />
+    <meta name="googlebot" content="nosnippet" />
+    <link rel="openid.server"
+          href="http://www.livejournal.com/openid/server.bml" />
+    <title>Brian</title>
+  </head>
+
+
+Name: non-ascii (Latin-1 or UTF8)
+Link: x=®
+
+<html><head><link x="®">
+
+
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/n2b64 b/vendor/gems/ruby-openid-2.1.4/test/data/n2b64
new file mode 100644
index 000000000..b12a24604
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/n2b64
@@ -0,0 +1,650 @@
+AA== 0
+AQ== 1
+Ag== 2
+Aw== 3
+BA== 4
+BQ== 5
+Bg== 6
+Bw== 7
+CA== 8
+CQ== 9
+Cg== 10
+Cw== 11
+DA== 12
+DQ== 13
+Dg== 14
+Dw== 15
+EA== 16
+EQ== 17
+Eg== 18
+Ew== 19
+FA== 20
+FQ== 21
+Fg== 22
+Fw== 23
+GA== 24
+GQ== 25
+Gg== 26
+Gw== 27
+HA== 28
+HQ== 29
+Hg== 30
+Hw== 31
+IA== 32
+IQ== 33
+Ig== 34
+Iw== 35
+JA== 36
+JQ== 37
+Jg== 38
+Jw== 39
+KA== 40
+KQ== 41
+Kg== 42
+Kw== 43
+LA== 44
+LQ== 45
+Lg== 46
+Lw== 47
+MA== 48
+MQ== 49
+Mg== 50
+Mw== 51
+NA== 52
+NQ== 53
+Ng== 54
+Nw== 55
+OA== 56
+OQ== 57
+Og== 58
+Ow== 59
+PA== 60
+PQ== 61
+Pg== 62
+Pw== 63
+QA== 64
+QQ== 65
+Qg== 66
+Qw== 67
+RA== 68
+RQ== 69
+Rg== 70
+Rw== 71
+SA== 72
+SQ== 73
+Sg== 74
+Sw== 75
+TA== 76
+TQ== 77
+Tg== 78
+Tw== 79
+UA== 80
+UQ== 81
+Ug== 82
+Uw== 83
+VA== 84
+VQ== 85
+Vg== 86
+Vw== 87
+WA== 88
+WQ== 89
+Wg== 90
+Ww== 91
+XA== 92
+XQ== 93
+Xg== 94
+Xw== 95
+YA== 96
+YQ== 97
+Yg== 98
+Yw== 99
+ZA== 100
+ZQ== 101
+Zg== 102
+Zw== 103
+aA== 104
+aQ== 105
+ag== 106
+aw== 107
+bA== 108
+bQ== 109
+bg== 110
+bw== 111
+cA== 112
+cQ== 113
+cg== 114
+cw== 115
+dA== 116
+dQ== 117
+dg== 118
+dw== 119
+eA== 120
+eQ== 121
+eg== 122
+ew== 123
+fA== 124
+fQ== 125
+fg== 126
+fw== 127
+AIA= 128
+AIE= 129
+AII= 130
+AIM= 131
+AIQ= 132
+AIU= 133
+AIY= 134
+AIc= 135
+AIg= 136
+AIk= 137
+AIo= 138
+AIs= 139
+AIw= 140
+AI0= 141
+AI4= 142
+AI8= 143
+AJA= 144
+AJE= 145
+AJI= 146
+AJM= 147
+AJQ= 148
+AJU= 149
+AJY= 150
+AJc= 151
+AJg= 152
+AJk= 153
+AJo= 154
+AJs= 155
+AJw= 156
+AJ0= 157
+AJ4= 158
+AJ8= 159
+AKA= 160
+AKE= 161
+AKI= 162
+AKM= 163
+AKQ= 164
+AKU= 165
+AKY= 166
+AKc= 167
+AKg= 168
+AKk= 169
+AKo= 170
+AKs= 171
+AKw= 172
+AK0= 173
+AK4= 174
+AK8= 175
+ALA= 176
+ALE= 177
+ALI= 178
+ALM= 179
+ALQ= 180
+ALU= 181
+ALY= 182
+ALc= 183
+ALg= 184
+ALk= 185
+ALo= 186
+ALs= 187
+ALw= 188
+AL0= 189
+AL4= 190
+AL8= 191
+AMA= 192
+AME= 193
+AMI= 194
+AMM= 195
+AMQ= 196
+AMU= 197
+AMY= 198
+AMc= 199
+AMg= 200
+AMk= 201
+AMo= 202
+AMs= 203
+AMw= 204
+AM0= 205
+AM4= 206
+AM8= 207
+ANA= 208
+ANE= 209
+ANI= 210
+ANM= 211
+ANQ= 212
+ANU= 213
+ANY= 214
+ANc= 215
+ANg= 216
+ANk= 217
+ANo= 218
+ANs= 219
+ANw= 220
+AN0= 221
+AN4= 222
+AN8= 223
+AOA= 224
+AOE= 225
+AOI= 226
+AOM= 227
+AOQ= 228
+AOU= 229
+AOY= 230
+AOc= 231
+AOg= 232
+AOk= 233
+AOo= 234
+AOs= 235
+AOw= 236
+AO0= 237
+AO4= 238
+AO8= 239
+APA= 240
+APE= 241
+API= 242
+APM= 243
+APQ= 244
+APU= 245
+APY= 246
+APc= 247
+APg= 248
+APk= 249
+APo= 250
+APs= 251
+APw= 252
+AP0= 253
+AP4= 254
+AP8= 255
+AQA= 256
+AQE= 257
+AQI= 258
+AQM= 259
+AQQ= 260
+AQU= 261
+AQY= 262
+AQc= 263
+AQg= 264
+AQk= 265
+AQo= 266
+AQs= 267
+AQw= 268
+AQ0= 269
+AQ4= 270
+AQ8= 271
+ARA= 272
+ARE= 273
+ARI= 274
+ARM= 275
+ARQ= 276
+ARU= 277
+ARY= 278
+ARc= 279
+ARg= 280
+ARk= 281
+ARo= 282
+ARs= 283
+ARw= 284
+AR0= 285
+AR4= 286
+AR8= 287
+ASA= 288
+ASE= 289
+ASI= 290
+ASM= 291
+ASQ= 292
+ASU= 293
+ASY= 294
+ASc= 295
+ASg= 296
+ASk= 297
+ASo= 298
+ASs= 299
+ASw= 300
+AS0= 301
+AS4= 302
+AS8= 303
+ATA= 304
+ATE= 305
+ATI= 306
+ATM= 307
+ATQ= 308
+ATU= 309
+ATY= 310
+ATc= 311
+ATg= 312
+ATk= 313
+ATo= 314
+ATs= 315
+ATw= 316
+AT0= 317
+AT4= 318
+AT8= 319
+AUA= 320
+AUE= 321
+AUI= 322
+AUM= 323
+AUQ= 324
+AUU= 325
+AUY= 326
+AUc= 327
+AUg= 328
+AUk= 329
+AUo= 330
+AUs= 331
+AUw= 332
+AU0= 333
+AU4= 334
+AU8= 335
+AVA= 336
+AVE= 337
+AVI= 338
+AVM= 339
+AVQ= 340
+AVU= 341
+AVY= 342
+AVc= 343
+AVg= 344
+AVk= 345
+AVo= 346
+AVs= 347
+AVw= 348
+AV0= 349
+AV4= 350
+AV8= 351
+AWA= 352
+AWE= 353
+AWI= 354
+AWM= 355
+AWQ= 356
+AWU= 357
+AWY= 358
+AWc= 359
+AWg= 360
+AWk= 361
+AWo= 362
+AWs= 363
+AWw= 364
+AW0= 365
+AW4= 366
+AW8= 367
+AXA= 368
+AXE= 369
+AXI= 370
+AXM= 371
+AXQ= 372
+AXU= 373
+AXY= 374
+AXc= 375
+AXg= 376
+AXk= 377
+AXo= 378
+AXs= 379
+AXw= 380
+AX0= 381
+AX4= 382
+AX8= 383
+AYA= 384
+AYE= 385
+AYI= 386
+AYM= 387
+AYQ= 388
+AYU= 389
+AYY= 390
+AYc= 391
+AYg= 392
+AYk= 393
+AYo= 394
+AYs= 395
+AYw= 396
+AY0= 397
+AY4= 398
+AY8= 399
+AZA= 400
+AZE= 401
+AZI= 402
+AZM= 403
+AZQ= 404
+AZU= 405
+AZY= 406
+AZc= 407
+AZg= 408
+AZk= 409
+AZo= 410
+AZs= 411
+AZw= 412
+AZ0= 413
+AZ4= 414
+AZ8= 415
+AaA= 416
+AaE= 417
+AaI= 418
+AaM= 419
+AaQ= 420
+AaU= 421
+AaY= 422
+Aac= 423
+Aag= 424
+Aak= 425
+Aao= 426
+Aas= 427
+Aaw= 428
+Aa0= 429
+Aa4= 430
+Aa8= 431
+AbA= 432
+AbE= 433
+AbI= 434
+AbM= 435
+AbQ= 436
+AbU= 437
+AbY= 438
+Abc= 439
+Abg= 440
+Abk= 441
+Abo= 442
+Abs= 443
+Abw= 444
+Ab0= 445
+Ab4= 446
+Ab8= 447
+AcA= 448
+AcE= 449
+AcI= 450
+AcM= 451
+AcQ= 452
+AcU= 453
+AcY= 454
+Acc= 455
+Acg= 456
+Ack= 457
+Aco= 458
+Acs= 459
+Acw= 460
+Ac0= 461
+Ac4= 462
+Ac8= 463
+AdA= 464
+AdE= 465
+AdI= 466
+AdM= 467
+AdQ= 468
+AdU= 469
+AdY= 470
+Adc= 471
+Adg= 472
+Adk= 473
+Ado= 474
+Ads= 475
+Adw= 476
+Ad0= 477
+Ad4= 478
+Ad8= 479
+AeA= 480
+AeE= 481
+AeI= 482
+AeM= 483
+AeQ= 484
+AeU= 485
+AeY= 486
+Aec= 487
+Aeg= 488
+Aek= 489
+Aeo= 490
+Aes= 491
+Aew= 492
+Ae0= 493
+Ae4= 494
+Ae8= 495
+AfA= 496
+AfE= 497
+AfI= 498
+AfM= 499
+AfQ= 500
+AfU= 501
+AfY= 502
+Afc= 503
+Afg= 504
+Afk= 505
+Afo= 506
+Afs= 507
+Afw= 508
+Af0= 509
+Af4= 510
+Af8= 511
+AgA= 512
+ALDs7paJl5xPh6ORH61iDA6pONpV0rTjGiTkLEW2JsVsRKaRiS4AGn2PTR1UZXP0vXAmRXwdSegQgWPUp3Hm3RofRcDh1SykZBLif7ulau1hVO+rhwRyKc7F8F+7LcMf/v+s73eOXUDbbI2r52wfr7skZy/IELhsC8EK6HzhACI3 124241322153253947064453752054205174382289463089695815605736438952932114700118408072544073767229325045596832952652232288773280299665950768731398747700657715829631597019676014848183966683866396215048196276450953653433516126074463193382764063985175903718735372053536664711482497859539116009770850968340298474039
+AOzgU1s6Pd2IkrJlvGND8legXTe50nyDCocI5mwT9rW0YsisY5jaaEOcu51BAq9MmXBPeVX0k/jlXwH4Pn3mCpUAU1rEOsTdcmSJp35siKliDdhTZHHdZNMW+igfXGX5OCsA/BaBcGnE6NnrGWXKyTOoVUGQLEkL2T5yhNUaCT83 166340174936369324883416612727439279977041963320514134445183426741643586944819834936989524033374309932122967866930503619179389342537723598234062828695747850043368572301869699886931403612266216965783079972698791813140295203826980649434652168563255385527187360027803388963151668338040517316899628026707657178935
+AO8hrpw+lDiJ13JahLtCb1RenupQcNd0wlTSck9OLL8wB/x6gAoj0PTLV05eZIbz43N3GUSDmmckjlxdHXiBJ9rsoB0P95l1CWIV+4rXblCqxmOdmlm6VZ13bqbI0x7l0cjeMrkmk+yJ067WqUolqQBlUWMTuJVfkxALJYH5xr/C 167923899524385316022824282304301434707626789716026029252173742527362300338760906999615029022863637963070711762128687835779073122264515776657475985362344360699359591353388569856862973447791264902182048648600267737826849280828116753682917256540180401899752566540869918949003470368970029744573140084219550547906
+QxAn7yrdVs5tlHV+Glbqdaj67c6Ni8am3bBLOL8PV5HbdrLf2xIPmNugo6MfUwFSnT+ZPJ51+VTOsItaNwCFju0Eh1cqyP3JWyLRPE7emKuo6xRhf+5ik0pTg77LEF4JXW6ofDqirpR4alFi0G2d9yImQPphsYJwYGF/nNT8u0Q= 47093316905427544098193936500644355852669366083115552072584429220248776817916430034648347490325490701471113667554329499736495877969341478442613611948220957798780043076906836236556612316544460763366275536846463456405604189392790111985912854476264292503164100482712281088955640964034295834935468665872932715332
+AI9PVzrbJUvmCihwSFans1lBKwudGEZpWWu8pkSK2zVgzGhMvUoGgMp6TG2zsUd1tV8zv7KsVD2t6pXmjT1wPUynufq97GVHI06SGpflDTt30WboYRh3DgYxvso1sOjUXpnDezcaqc2Aiz4nV5MSShkBlyBjA8z2worHDE+uXqw0 100635651531872121827765663065728398779771663753008344681972226973080394359405041113312675686974926993279775427390065833081040771269307007695807025882757371805607979134114890454059957194316765342461291139168706134406917264848659448693866813989352429841300235734400772946895458374870482441457514575059390213172
+FiinVicXOqqRLpxcGTorQpSAGeQ/PfDOuzYK9ViFtmPv6D0cYPfhUH4qXEHOejvmX+0b4lfaX8MWPVZxlqpfXiU9BhG76HJxkLF4ysipukeOvhoHzvcxE5bnhSF1i//bOSifATBLBEZInwqSVg5tHHPuuCkwTL91NqhOulp7Lsk= 15560440884463435471963622630292643727112462888414585143143739400703889930416938984547754943252935620248108237258540176511252143752416771350868493435174026287082706690332705481726295797196444796135827460509780634261726494455068460028424141500629527968240913757449787164107068039175831847071025316475940056777
+aYrxyQN/hkBne2ayqo2/iDLF3DZGgk080SOMJfsj9h3Z1OfFZM7TJA+y+/O7niqatosvKrfHrAw+Qs7c6tCZ6NPwYJ4QJLOF9bqH2u2a3fkI954voNUctlUagYUJsZXV8hdhLM6NwUyIZ3ZFkPcpTZp7nKQQ84tr1a8VjDIT5/o= 74114640794666001532816944350975062126079079113921109750255283189037502412929005615388097912507598112836936032143435813588205939470002911374442844578739574773399427907766548612582213272643279263782396527705126350063372192910060171635870872236876399794128383338399728947176692692942605589343038282957050865658
+AMpCUeKUX/vtRslWiUUuXNl1KA9uDAWjMUkTrdsxxRDESI7iZIn3TR9lW+0kV5fzkLF18iYLAwSGBmX1PS/T0UVFmoBPJ9yS7yktNL0lpQ3noyGFn8HHZ6XB3FkH3jegIfGbvwwhnhhFzpHPrXlpO5iU5Y+rexzp2XHWt4yJGuIL 142031143422642739313498629438991149460874309300342349421794421544918823888598660275343727563280565210534243383322796489809683834300630555650331646026843796764549231159336347965502383849513994449309613369541991287590422095953275586374371960367000083487965487661436037637475372929033613295072397262739084075531
+AIMIQVz0JIEKEI+PREu94m3v9XoiU/Q0CpsSuqkwSSje+Wyul5ea9oU5qgtOpdkMUOW91BJo0DW/GMZ8v3C4qyyP29TtjCcAHObJi9hfLSlnTSuzXZnDStooYYKqzfToLToCaAJKCXiXAVW0vWtapLnyqafrf/KgyGZ5u4HfXKY0 92013973253053602863003242446596060337454881568126916916519869242232429836082762281129448384605359749247852792606718908482332975424967542242332487707042773885428473061056052851768940900752317020681189773407893371297668591494665352294885305475871917069040377145530889271334616499701769138948975263435137525300
+ANfP+zPBTR27afneyac1KJhOB5Pq3AXB+SoAXJvQI/GkSoNhw5KdfqoIkLcoJi8wClCm424Gm1AdrdGwDFOM/iKTSPkrvMag93+b2EbQGX66/n2X3YRFNkgq/Gtb+2M8oCcAL054Z/iiMD67aU5RWzjqS64ePHsn01bJ7dqLgpMO 151548639867177154896951257541227014781655576169318283047778755573323724856619156348444192550664853912434681577093459933599575436686424046466113215132845213008587152894642577278656978304699131916299275797578171518984206145555369576872231567191579337901913492071976578289189524123204040497290426960375042970382
+AK0kHtacLGu1NFWMADq2rG8hpzM4UEYyPOL+aMJbnwXcUYptRIxb0YFZg35RN/RiZs4lQsiq+kEJKzMMV71TsJq59vMkIZhZoB3t8g9ZqBZuq0JYcTICDwRpNSttJidVpJ6P9sR3s1xPMYKdlSwt6EEc9htOXfZU+yHKYgn98X60 121583812047864398969816595368193171848971298823388059338224714026742264861090347096116404814514279627148994345584790617974476594451626305761040465570524035369799925437276511604752129817947910677564301623631349399504187314174538914591944778074509068973226322566160587813128746039859381466427380402262866230964
+W3sZlWW1Aev3x/DiH9MzwCAZzBj++x9cknLfGAHwgFqkLH6vimEH/r8hi85hzlCOG5CjwhoZ0D/Hsfr26ZJ3X4chG84byrfDnek1V9mm1++v+clJvlYgcuVgn2Opsba2TILTm1MDB+Ujs9brJ2AAKrE9+ep5nvtQVeG9PUGtdlo= 64240043913835461386212515483198059541440539167395859777194837833769712010594411295323900074066077107346806786205590345517755715510695858065925747020336398305793661773798243627926904542715123849691490667964262778804487343218972081260210371192903128886030021862362141928329650003493687310970684093289133340250
+FTQRk9/BIj21gbLwI22fHJWYj+8Ghdcc613hOtJ+/hQmh73HwTXLpaGK9aCptxVbpjW0r/bxaRjmgxu9u1CCZh5yRd7Z46Wk/LIPXGd3ycQzqRMFB7TISFQGJIcFoxRp3Eb5wa2OyrUg7c/D+kb7oFJq9P7mEwIh8TpLzwmu4SU= 14889529068556301710329043521845510156960298822469914567758538023025100741826628180855835334285179977296740667353391766487166458692144569279381035582718738461626140662441222061900764829681913534146898551570916312642104487829660946024590782808750587095559047648957238487820069966851521487428624726655438348581
+APYXO6uGvs9qWiEAkcWsaCaCrGJJCP2Z1g++XlJ67oZIgEoWITn3T/R2/c4edAfwUUzNHAYZN1h2dSrRoqlrRXrbxFtGOuRCUrXcGLFFcEbTrtm+z5z8xGRfcorx7Cu3FIBPMK5XcGPcbRZdyP1gBkeDMvuBNAo0/To+LP/dhCNM 172810804474418448604443090732221483571611665465870520701624598983692130272337358406272727413570938793741430131635927237320173996217984860203754686741782921346604605228620148450611724714868551781003004492587584071978757421616871762681049508123223983431502852926521520561941051298696758046005573332373854233420
+AIDNxhnDEe1kTJ3XGfTS8zKXeXPRdw5yifm8j8Ibzj/quExy7hFPtKct8hRskPR2qwTlMiW9Ra8Npg2USsqHV0rBoIkX7E3psxq5LBfp/q00l3SEBuLL4K2FGR87bPgU+Duk3RVrNMnColiTcnAR5XkoeWhn/r9MfJMIN9Y0FEh8 90449107125498302548188660544012777357148118984122992664008792590422284061463729084479315745509706793674355738023180454297730948397413371686013210006834869294564190666543874617716180411178090109573192518129248278410216362657350215009192850017507998797754539132540293137589672869131300859207213449571846080636
+AIRWavxYRsGlH0Yr0DudwrpYtbrByf9ZsDawKom7ubiRfepqYzcBlwt4adMMnkYSaXeYtOsD4KBm2ZvLKN3++RkYNmxgkyarORBEg7ERyiThBj7Ksw57pNHCAoHtBEhH7Wp9mHhuZtPvPgCEptmwCu9rYhLt4zZp+Zq8a02dkXvM 92930601962515884925250459851491509622611227724602941760145671636277317511265759558869239180653492283311584982044597979173761619470326096725838197524704577188104121460089235709339932110663536557497112887112782062772810759971739760085128369628777812332518137107605855679096146402427144185104230596200130247628
+AMNJGLcAiJtL5fUfkesWKYJurdYSnvsOZeZcrg7bemkEVjF6S9CcojimUl+ncr/YY5/EXnU0mg84fObtDxWWdJ7z7l0CFcoALTyEatDYKshT0xvdKY3u+LUShxIAyk8EcGnf+KoEaa4Mx3tg2oTBnVegXClOakNTWw8bu2ItagoQ 137134165107366719462230252606689766470445826753581409513106273517221906418464863733870948759313279128624638614534848890858250894834883265387344539280755177217350585564186248554307335197387734431939154077778003706720017441895613190141376534460438929588407764609772857975000507660651583780079804513519571438096
+BmGPZt8XqqI1PuLN4K1/PZMi2rfOYtHEMrcwZdSjKRm5qTkd0Pbb/5zPV07TnM0uLRvIQYTLloEY+GYyn0K5gDTEZpEtQ8ee6Y87zYGDwcf20eqYNxkA7FVV71vqCP/Uw3Oi6B+hMvsWZbvv2vH6MkAeADCrezOtwqVS+irftyc= 4480956865245875120472829476982311611308898564405318773810939350829150182630548948231116574193987272498161864310429976564278532538229396846813874244969927890037756969704618336242255039858182439641759659872128285423988638335967412040624105824571426792562334458751137508116412821914961236269913776304372561703
+APqFgCIYbJWuRyEGuOStPvcprj2PILQ0JpgwQ2jLKn3DvkWSd83qh7PWGKozGavsjh803K+ZzI7P2wP+Nc0r0El3q4nzaHvKaCtVRyMwbXv9wYLFZICeM6J1l9ljUMts4tbDoPzkIy3ScU7pYxarBWqMkcBU8qL6NN1vEdkeu0fW 175922170410080716883576123079908758276229469783745771772401183721225804343343063277676406040455068452258961299511343441961963941297631097736305638850193978800615558067791016294285848963023036905095022181004058235239390870177623185946205281141386416867569004073524130001309977475780893497185890756991672600534
+APA/rCcGeH6A+6ZwaBBDM6mB6tTD8mjkrOWEo/pK3MCZ+rrErMBnFp2S19GhlLOfuY8BHS+D834Fdm8+3wKYkWnXZpGb+e3v8ofOQ34G1HvzULOYtrEiC4ISZRt2SSyz2hU+PBXjVnplsHWTRxZDmBxTJdgli4ItAqxGCxj/aJ9m 168708388929747822981923386197903561880341990893945097067702518857172133291360611402092714329372304718329568897960770488377524912057166920574319430820488930520807742026377043178502591886293565177404635365772829346030773275726024973460121300339258054215286249329967181244588558220467488638468686270735376228198
+AKmwrLP108dCGWOWxE/6woJVLRi/Kra/DvdsPkkrZQmWIlUT7IvwM4gU6bUr4f6wpT08cIQls2cGh7dbSEaO0xLa3mmtKhPiAlzSnz0wuifF3JT9U3uXgUfCZuFtE0z7Oi7WTOrpl3k3GA7JFvXnY0lwblIQALVf6oWyNETnajGl 119160465301384937485959146028591622947513292915838943629387700439301197965652871741710280647524383590817798553034250156068573474278225305190573334054718387045488098320076877626430189054572361967283632592181431701411266656256255758079114072932140551282607247364388070762970060420036793573956057551235306893733
+VTe3rCzAL1Sljo3QAXEkAdBy1ZARHZwtrj6ZNRa5ttqd6/l21g4z3iHCeGo4rnE2F8wYTy+NlugjXw86OS+XojW5y6UzTtx0HX5IJ4POqN64aXWmaklGzroBEYWeuFFKcgQN3NOxkuJoDQ6VElP7Epz69kj5CsKJUwL0SjbNrFY= 59841866347633473702601462509811342285929528424012250265905695635971518533504187799047710303717472950129869674786231155102509311322791323986824635569605105662070745033595366004805920086888891275288347907772640070278731650628917037915863439204501060041944275512863990729926528905725569467329169134226609384534
+AIZt1xGhC/HrvpPASsvVIVdsu//tn0noyJmVYh3FdQ6yIh1uce47iCsrV1yvYqx5ZTbC0vnfnbjFcWqH+HtLX/DelgvhEwzqJ8hwQrfE1ShLG4ZjAVo1Z4GCjrDcEUMlwKcunuSJssuxeQuXwTLS92+q6QeBSS7OmfxPX29CLb4B 94399298271083745508290936113986978382457275531684761701599029877008571741877683365769553170771833981099580359640421358853566501815723434822307977440496208486103754978934472597505865596938563438311337045817621762649604204720249750058676095769230214181772215323235427976398686727606000594646472236822594174465
+NIhTPpWXS82VTA0LTd6TfM+HgLgUcmvnMYtLqPpuqCKZwalAycwl0XFYNyVvaY21J94j92ts/lRYgVtHDhk7/9nLXq5js/lsUnG8rWPHJo11JTxvW+df88aX0pw8u+biOWt87vc1MW1dsMTTsJFJAeBx77qU/Cwto95IVqM7vSE= 36889590210230649939994518345793530042252563793069578097360569338647730438860274349862767107939590441616825589851005429465345268710487649366046960918184701290985280638488938340668212498212581853679035928093386035688597446809895381618260692378376844452061580510108168030682664507293277674052032318576713776417
+KXdi4A2Z7tSiiX9YGtDtxUXIfQvPhcc48rUH+Q2SnXL7fLNmr+F4Rf3RiFBRiHKocPfE94pothop5qQJ5X221/DbEKWK6s+ChfQ636jvRxojoLMab3dPtaAPpDJHrfZMxbT4ZaDJT0tpA2e+zZrzBuDs+UUgCpty9nxtdm1gS7A= 29118662951481660380477444121362422614202367719725087486810943918529894738076273660245405874301505615796632229852040910511025841576465052938308369421493312085081188509808322692130449282585522349552501983296872614029139293444558468751646868108213623606366977549477663987815308260383403466635254115908032940976
+AIOTBZQR2EJJRmoWdRNFLG4fceoS3KnRTHRpPdllhHODqdg+QxTOcOvqIzBqgdD0JgO12SuNAjLQOiz0jhd02qkXw9Y1adGuKvL97ARFtNEuJiNzFAj7KpDLy2zk2rPJp4Lp7cjQs0fe8BQYnTzTsNRGm+4ybln/gse1YWu9w8y5 92394618277596007469808288231093678404089765494062813665106014405059399079199990128824492247005602685377185496959522609467906358619318009231448503013528692450191782140091818984176967246749464502089280153086163239846744554575017530385347720563798041108608545014076448155956762636929707905789978331102411214009
+NzfbJRBF4pqEeborJrjoknJgpfK+DZh2k9cE5dcElMPZ2Zn9im7desWGiBSQnu3KbTO4L/t4+m6nFTNcbIJnqbVSMDHdsfG72rG/t89aOuECQw0HMVVgONNNa6i/mw0jZSWnRLD4fa1YgbUlMd8jeqO9XcBDB4mVtDTxyeGa3vU= 38775530011374537813502898274019389132620116890266344603221997943675706375698597061571989090674289834838060050848545748579361837989319487970580969082824601965845786771062335733318139530316825802589479118956745739691326447349403950997231306042638797277408335778415717988679050762936401945487285814799382535925
+Y4BVPZ6necuLSwaqYEPeZp0lt9tTGFl/WCJJbwg7XpyvuwYKtzagC1NLzY5ymBfwGFw1yRlQuyGsYd9mBfC99DuVCIeh0JNrhJN1bNfoSzy5UO5+dmTr+dm66VGSRS0tFcViDTfCIleTV+zxo/xuZT+Bjxq7kZue8zGkjp42Kmo= 69872189501616471647606976308259279995249122669120675885925763529037695584466011511740991152346215507625265226811128801733353566555339153627478941716586678793853828514394269931890370517258825006937741437480128878717892485074131232336852490940507703859793477547154689914725314529986438108117871674332626168426
+AKCP9Mto4q/a2xNqM4N7PekbKspwt48OGPre+iqVwPrSP/jWKxg3CvvLNZzN5P+/FiUGIklMMFJ8w76OaHIPqKuwckj1gvCLECJEE+UAZWrNKPmpzd/ootN9/kQhNMuloTFCyhXAUUOXJ7Z0WVLb2u6fn4zroszSMBoWQEKC6lcq 112750701794692134675959811050012620191158543234019977304167102486465198271340022889272244811582365901584420008564301920174477182946432553537794834985703732129975734658113610563794129371053853971031300761815004524681756388784922001759202643614966614186697992611399618828963452661554240362943588548146868410154
+APOTAFA2waoAODECaGNgCHa8dNN+cjMnD01M+IeQFytzo9RLMzzzg/gpTUFpyLtFMcfbCkDYQMLXwE4crTimdz5sVvjGQ+5fSFQjoDY6Bw7MO6NAcLzlV/sI/1WyNBKaLQbcl2720n16tdUcdckQNnV+cC2J48CVxYM1c7QQlxA0 171043636512232272455501595416608280460445723238023572475354665686544174728784633443479486247342724860289312593374524429736857970220153680852977711594899595712511352458264354251161579203922747468321999465061463474727943140910084880926005209538535217464825087114791420210981711903880998556269523363208766099508
+AMGpxRlB8WVnsGqyyiy3/mzrPymtJW1o1HcDErK11ZwQV5PwTF3c0THwlnxDmcziLWHSWgPQwfRddVDCXMGW9BffJn+XO6aTcWDPmDAh+1DbWJPE1aqApGbHvQ8HONy90dQMZf1ayuwceWCVTuU1wnHdo9F/sIsRbuu7ic2OJDzY 135994898408425255747055209966103741651849229328236418804928584233229830656742052333413774490626915784901255640138520158698845938184666683995579777154437927013722740366497459963753542029774185193376253885864514386760437194444013834088425088260658670140534670789371556026135595577395047002643901630053097946328
+AJAw4uDYdSYkOrjtwJVWLv3pi1+UxWge4RmkWKqVquTsAVcT2tRZ+MFdHM457Hl7fmFIyxvGZQy4c2v1AbHEfPR8ID2sCRQpdcfrxEUZPMDqxfnHHm0ziny6W4X6ggdBzMp/sBWaVNTBL0e61/pELBGYNRGFMzGws7HQkr/sro1D 101254336834199527040756567675327011562230719161388328289463594628690618298993695452746353237675715087353241661592074446889034411683413957950360025295995263477031608845241728493807755308798509893719674568267846671753070163272328014412744008880395248474446310603301447848026040555910147467745595720879397834051
+AM09TdtXgYL4FI5CGNiVjf0T/AN/pZ5zZsBOi1MAUKMURiXnc1x8VKYTqM9Xb86mqNBBqphynIQG6/3e/YbGJgHlsSdrmKbo+P9daMr02I/7Z76/7Osa8+7Ky6lhVCbU3F0tBH4WvopkCQmuJ267afgvDD5kB+9uNr28deMH00cY 144124056591600568767398029380314564902309327093641173350205276895603332085753288682409279238417493662029954512382520307259348748813767324609446500382301421328754981718014234615523158887865271179104711373675849713359713282937065993613915015084108700238420759344034475478243507306107546245540340758766909867800
+AKDhK+/BKGXbrbBh2vM61OP8LN81YwlJKe68KNwUu4tjXlQg7i49Jis7QKPI/YFPUpSNTu5N2iCgeMnCX4+r3NAfivOao9lw4N3nc9bi839SIWdlokhwBHBYmCIgjehUeBAdkU4jKqlE06pIrpRmSvBtn7O4aWTbT+C++ViYAcGF 112973480670453665543892521898882856059335781900313607790238402438320486344365203510769919022496690291280873287383392088872774202832124927485754495093552572232234532821756395965072330282810574669371524103814871172318519695921477775100282448247625395376072233777533359104085023946019406729587713120941266551173
+ALxDiSxHjfxvP8ETvpE+SyDPTS7q3o3zCK519WTepygC58KSRfvDnIVIyV3toQKzgqD50kF1Ni5D/wuaSs62y3zg3kELX1g+WuBCc8+x50+kDtbHXa1Me3et/OqVS/QeppkcjK1UZMU29fXze6P/w6aQfvKQkE7koeQtZBKkYc0p 132203344567902304830160099595561253300484092355345272411265169562971473393256361094745618829297250316196312398486598077249124198329075791740755862221465178128527292695331061023291345396067863215552021206609309872689233899464919108147533679134727064586730810633196817136739658243232643507412032417747255282985
+VF0YUTvy8Mfi5o6X06DEvLm87r72mAtTdyyLNr0/GXlk0Xj3L2Oi2bVUMtcXQNRXg/mkdGP88pgdaP/eMzqkUU++vJ7t3UgOC1i3SHegpiBhhZh+aZHH/wjFV8Mz2XZB5z8MpMgN+QwALK1TT2Pyt/feQTsOy0imVanB5+OvCeQ= 59242171319056188000481457618922567543461456096441095927600135114274111606802456239311634638536207588762066940095527920532936960549439269891703098017342732142860571277442598349453761561189719823290643146391349978698217357430495238876700400634593256155537598291759795109752990651995982467695091946768443574756
+ezpwBt0N6QhTusiPcKrBvSB6yuk/KShTLUFQHdf5J1u1fgDYrp+aOWuXOFVfOd0bweiG4UxBQNXB2IDFWfYON0fBoaDqNk/41YyqXBSkKbiNWLi1y3zPmwTAiwK0PzYp2EPfk/t/j0HsDbvebu0ygcxb2tPqj4EQ1TXEdD007kU= 86533835313999945727720083706940213467453975054116752898416709637030456504024135513972566184073843025739226187558143854850980654667596935003124034699919861200483994576288766702308068265526535622439762454501169018136389983894783905946543636163866717367545972667876983557989192393479830223914708619684891389509
+U8BT26zT46tTZnkmTNxGUAlXbJhk5cNi4AMSd8fSvZHm55siMFGJ8Jl7mtdzEFR1UFAyEztf2fUhxdtMLe8ei/OJgM0j7myQ9STucEwnsShT7QS/DjBmfvcC42sl1CRpXkb0ZLrEJCPf+crtLKGrG7ExS1oawIAgALBiMQIL6mE= 58812148564290791415180898639607206220554150794356494356250223429674091688305329629529905854147200457536549527135776329004085047145097927266797668252160196098870200925284256433894773392353678965699083286106628662506590268955650280670838340651598082083455821825076016227525614626726458235627297885815646710369
+HfYii3U1SIkBZl09RHaGGA7H3np+qxyNeeCNY07PDl8LwZAaaYk/bHPeBVboan0I2X4o78zCD/gFXFBJ4rxwwUsVjHEioyO2JcpV2/oDOelJBD//78WzBMMSWt7ZKbJV9uYr9ZUM0BUD3fsk1esFCEdnDJdr86U0UMmiig2R+ME= 21039655953870571289679214995029926285040274249531458675115179004718812090027267801012507748013357317597416722235988917212676802092082137617336199787762782958420742299451435320649616271885264333948336627286638368859041172783505464468640994920853000441536629081040963398001710173320125308624362209157720438977
+AICOlee3daFyqTrTdtWjVb5M2rclh9BpIo1CRvKo2bF7NYcjrU0/VvbOnTVXDwdeGMLupbi76f0BrfDxYtkzMXvIZlgoTit4g5ennnklDHFBC5cogaGlri8U28w4/h5oMunZ1O4ezdpRgVJe9nTP/sSEMYiNS5IA7Zshdvm/XccF 90275777798511290102824338787811725003177532250296755103300529948194832904403489332420505850668003332750291879153080212231952155092379375422537931240723308384652734942204313672973885652497290433943089371705605128843469306776615573873479312715317072986990219294942040272550822460408702072075001377245051602693
+L0QUSVIjxvE201b1ztRZyOOxy8vkUz6626TH4tbLwXjjc+AhmrvplaVlavnOgHqve+/L18XNuAYP4BqdxIcWTx+yxBKm4ZS92dRJdcAtccvZpEJtYjdJvI6qbL5Ph6HluaVZwp4dyFyXuZOJGTfYdTb7PUWM0jNT/xsqyjxSQ2U= 33191267986826803728285073844005357792766429917696698533494382218509532051029343127452480789088572904364699220151221680328978554239767633887572649589456766209242252549993823283929686430100804479376247660556781589549613316880150951333982646510273364068770923588389668733632648346075516618646974067295703417701
+APlD9ECKJuACUmQUsbd2GTOpb2PgQVT08C/5hyNEVdA5bWoICX7epmoCKCybdolk+cfEBP6fSz33j+Vn8MbeiHBLdmF6ETbmcyOjldJ902MDvU8dqAa8IgEZN5Uh5x/xzN+3dqk9o0ji7yi291u90rpfIh85PPpDat2B4l5zs9i5 175040148659257809883308984693597046378367187659749953472629929701758633206586720399909808941145946314755491399962797299295431089674294356220216615950668954164397362123668926410543898553191541662075745481299747832013627018846822876386760538344447600390187421938699064459451308870669878673306013635576901916857
+KB7N0tE+A5vFhyrd/m6Qe1wTihkjqmBn+rinfmMAzRlvtxIBSyDLzQsOQs7L4oTG64ABU+YwcWVijvoeZNamaxGl4hatAH1pRqmC/r8FMvC4vqiFTbFHzQhkjM7uoHD1aKnxyBVgjMj0E0KZjrRxydZjIR2p13FXjLP3UQSFtII= 28173452509830313810392326357601136401754938805266458365469366750775669869895498658593356375710132149836430968810246171974040975430205200958564616924399794768861923079158311829444850822144940112488994119845741191519421434257276977333662656888696213514226866147767570046232093727585815615828360199830275208322
+bxFgV7eXwnbQScl4VzS3RTdcMW+NY6pcGkT1UsqHIeDVyBb8DnH/2/Z+DX3zniR1iW6FPdvhJJeQyPIax1ohILa11R27C1TLxGvTrRBGUycxjEcBIxamHveBsXbECWusYLEakeSDg9x4BTWMz1rTQajkorBoeEjYuW+xBxQtXME= 77994515143740690952370766995249847650881300682406161400195705464876513409097078624084133111941171517535435606295232558665316819077765607639545069239931096306624817379462598756505457054433358548941076472902905065316335603665413114267741896000877284610377452471067725794013283338924419969559537339967562669249
+AOH6E2eBzD76QdTJ6QbR/7OeF7AagUif9pEYx7fMqrIsXCJKKpLV/RHIItCDYP2WO4URCaVueoAJe3M/Shj4o6efvH9pf5Q8MLM0rn5MTHWhThivqYQDwjCp1ZsPgq1VFS+gcnmwgHhj2W7XzJxiNPeRXlxI2vL+XTT/wPBYhqEP 158686346608862569574095184731081143351413141116869402750758091813874232272198082464382169470744476593016502816563462778075467588097653320101723165887488327616477297401486647183409348122990505635004320879840358339260797834264972100385692477324858942142372580281421734058008608134075577990829273447077276721423
+ANDDgNXOB/rXwmS4KEjiHj7RCDocVrMv5SU0aw6AJzNTBfseFngqidXx2AJKOEeG7RDDN2gzn4K4qJktF0AIPG2JbELlLUu0MFlpOLxamp586qyp67Cl9OuPq3UZTyQhIsSIE3VQkvxuQkGsaV1owDV3BKIWQbQEqMQI3yT4ELHm 146598844784260148346676185962272439320781765598895126402049215152385925250917998794921584290777625240122575975327405909800121511343265147922400813488099624745229653124857224399973509428158163452130086943873214460600035260925149630502192183407327427517292065083168010281295559088633086659209316582810260124134
+Vprr6oBnWuxIzyTZjuxlKSdZhBc0upeNBHVIlXpQEnN1Q+XURKzp4/6Vg/koITftr3SMSgGpE7LkrERMGFgYaqM5XZ1RXYFKT9dRJnz9VRDITVZtdkDrU04bqo2Ur+jvZhvg/oHBDTgQ4nPLJfHO3+GEmUtck+g/wOVozMMgufY= 60816213163057201559480662231646403262735082707152897397414589876256824040344252799972529759737904461369360580708093117244392116003622336721789703580184437841209963565058475060017600871779929808204093448248984201640754565635410002090180110910120481044515630478472999135146756643143415057403006410330361346550
+do4LGsm0afQLHl9alWF2RVyEKPxLIErsf4pTPgScRE7ZiTSVErbCDeyzd/KHzhBLQs/DhHHcw+OXj541cIRm6jaLVKiT8EwLW/dVG0AkVli83sFh2f56Kk+bCGSKvfGEQcGLY2k7nQ06zoMlYR/xbZCka6Q6kSq4YBDQgigQ1lU= 83252051731120517035090523892596419800592471447735288551342681962005778435125655090199060145942826521644585427683714084736143440310518046334877897672493531918539106001203807757254797471481884534543367685912500572052457610702790097953420236852480969038388056545966568595395722585797418296411673622376893961813
+OL2Qoj4xkqRrQmuuLwrABG3BMMBNGjfBtVBNTdBf7g027Ghkk/z3aK3jKT1EPpdiOdn8zXYBSO1mTRGyK3n7Jo8ICOcnlBOF6cZtDsb9bvSVE26MOD2wzl6irU7vzS+s3vGBkN3AazrxPD4czk3xezA9y13DJVnNzgAgIQHEols= 39844525812817530522650122383059885756573694015271773938493414420875846359054562126060762455794481186614035892021706051863945033061233991184379580556219478200155757966121832613842937722944431875100059046588723473670448006803481527981834627086055642349130254917244469014754132003347635357123155857820000494171
+Ljgn+3Hcg5DOf6usRumk7P+ZrdTBRmo968HdZU1mS7LwLW3Hii2KNkwMV7J77zA0P1pnvhMSEEeh1RbCUjLtSIbt3RIcOEoc+aO0eINF8r99l83xF57CBI3MDA3AAbtaYATy/NUXSC2h4W5kdsQuR88139MFi5y8E5njqxHu3UI= 32456338403763561215581247445990611953939298888251578685087656354454727113846722731945605696397627662593375001096230320486703167389461057538581895745078593206660798580358701927596287363374862536765135996838944212622199018632046955402325290145163082309469649329852148345837780541107029165352782710901375425858
+AMt5/u+ZUNm+Xsucr4RQPUu6ExAOq/Jbcjm/Kb2YIAaEQ1czIL82wsu6YmpHcfMaxLjY+EnaaF+eCWQPeGd1av919+QFbQPeh5DT7ZT9klK7BFyVsN0nEDJQ3AMMJqq6lm4sUeVxDVTmMypYnkzRl7jqzyCRY1MHA+o2LyMECdOg 142886089970163885609957244378225169093559131065687633458877059657380607541767850701139140472705242750285722732461954100519608059127637509286558848391554697942686619832870045594188204522385787253648018847569919409782188708374165437385572046835539379151066214153911415525465041951116179326632238059135825466272
+AMvXeHCaa+zk5VdB27KoS8XpjSUngaw7Gwlq6e2RrkEOxBhU2rGWGJ3fhq1HBNRxDf0quqfYTMd1speisaEr3cIyx9BhYwB6A+Nex/Sf9DSixezhcgEz6c5CfwUYP0QTTOiZDqzz+GcjKikjN7DKJTO0WSXMRG8qX8FBbH0rlc9l 143142496664357119491819741364830737485524654099662921673419335301323845847085335210884201567922636945282124120681371777665458057821603161276185071778040317947168899788341482064834489328957963447735297898161379277478278414388733161844053774747425459239004132791029364174047523473372650441001639174571312926565
+AMxoMXHfE2i4khsAkv/lPtLQhbWUjP3kxYmlJkpacpicBB6z/TmG5zjmTC/sqzBvBn3J4UvMzKYFyk9/l7Wnuc480500a3S4HRVtMtirPueV8v/SPktL67eN2zoj1VZA/Rex0aRGjW2CzEKGwEn3G2bZSgdT8hKv7AypF69ppjz6 143539479941314279463880342636704987025205547180882175105616955926182352311179043850344463145750154442573797875223178075233807385237935671604701513551125937539235111702655902037518920150424691586943553275517626347557879039695678271564616114192941679606063184290901862703975921261779714258077775731727612132602
+ODvOKg7l9RCn5CePG1FfMitkR5l9+7JK67eU+WeA5p1YXCcKS8GbYAKCtXPD2QfxmQcrNYfAc6Yb/kksaq29oW7MzZuTDzK0HXY5xBc/fJzEuvU51gaI0PR3cuU1qRlLqwmIlyt16gto+2E64BgPgIKJcAjx+TfH/EqNeJ77/W4= 39488587053253042573878502921384752550143716864908041972426777545317969264945056510991363961916339225192727727267483337259701961148978214005913510275048195308792987888118270387288989623193626554910652030960235845935461155296845475356011099372367616732243132816329531758943935324760665826550992788664237161838
+AKkznyQtB+PGvbVroM5nUIzhJUjiNj7q4fC9sSFbmDgvehnwPElVlie6PimH2FKonGV4GSaxZ+osil+9omfkb4rO3pq8fy5KcFSw/gs09X/U2eEEcUt/4oSbjs2NaMIxQftM2CauULiwfkWdkMFTBkHnh7Bbyocc8dtmrBDdoI8a 118817437232756222334188081193205110010964766506378146125932730686679941224328135190204402802650523704343176483564284220367074983943319572348376466341132480772885833789613392397284313483009178508647973749522358005819092779831781339778163122774381387989185969990310049504391258988402795259963134610905036263194
+AJfwWA7XnYbTjlJt+9hO/Q/OubHkUkyMYrN6Jd0cN5MG9Rg8W3i8U6oJxT18p4XozkiOgPlF1lE7hIAW9KRKJKGTue+iw0okLq5UNMu2Ha6l5/wzKi0QzRVTBnQm2zjPlQpgUorBBty5mcbt/B/Y3vOE4I3iVXklVtjQ7zIBHaNK 106695084438708194568048926154027115609888551145480521213711726807296356271397749432698558860759334362315257102647885062353922543502466463770991058956633500180245599467233361812610650830611712448187310827443315947425061886163301613989593906515923245020641415290300558869209909418659128196109640872398602216266
+aCXItk5XhuNrbrqJr1Qm04U4y4AzSKDMms11PgVcdf5fCGdizibh6/oZqx5OitM26nRz2vob8F+ZIP0CIyIJU0T1M50dVTbbpwuVNdv/XI6gHekQt0d2g34x1TQJIcsT1VWwGWTPNMtht1hezBAYxwv105AGKnqdLiz04YAdEk0= 73134927546833985031652237686088635686032103401394612286045377544136784429757461671691980910279873140130943470029643791712859175007885735170485461366406852784845528918253441791024065848540598601036357817496637108534035807393364939272891745520961269029038360205258229770737579266643408540634722493263322616397
+APNeoaWlyNa554OtHP8F7GAY5V9F7LMoF2ssg5wBmsgGFktrRH1C4FdyD0COrzIb0Vcko1/HiTnA9JXlfGKc3gTHEnO0gxBSDjK41L+EIgUfR0EhAD9iftTaCoBM7qZN3R1MYrSz3sevQZNMFOOnRrzwWEXnJaPKAZXvsqPzOIF9 170899982929163229592439208307232242235219591108657660041403142612622997092685093132858257827585941687488772925553142105567685213341947938835403410054637382864108739466539574004149772568683507025358331323655651148107044968424043673850583150424463706583215452211942132017052425497789362680979074312857823248765
+ALhwBfBYpOk1pfJcNut0C2fEAd4hhYU03/ZQBqVe/7MgpEDjro7oMvSdba5kjH/VBssmZVqpvuZ5lG+vI9lXLukhwRKJg7m67HG8lZXvjDmjU/PCjxBPNt5r8/DziETYmMa+fhaMTw4hedZcwDe37t1VPIflvM94sBKu6be9yJAn 129516480651398210587505113546142851617282590236388547627336279692965778911450075230961856270046942312918567973875005814982283590898552829322178788678196583244198944578081007477482775130405341039067711963061287597331433268366003672643052056973656674139309732186091974604170508497340243515339072325943686631463
+c9vpoiZvtnj71b8XguD67WayOF57QgOX4V4L++nG2u/RY9VT2+0tJ/C4NIawVa7ScQZAPVLuhV4J50HJX7FZgtY5n+lwMzNo0av7i0IqTS+1BBO8eNJy2wkCbWWBxNybuNnF6OK7eXdPb2Mmwm2OmhN2/j7HAr0cD7rK/Hnif7I= 81358980280155473712258342299472964374474635149963153129588784719499494479288254287754874893180126149146558961101860327826747785201363745989346818037655063262173536227595206355647880155693272153902647256175878517626925488264893732295267833614283963802283320574654949992393798458265266551024756663538388467634
+APArEXNLzDydcHrieLDReJryWxFzcsN1dxjpJIVGeJp6itsJOrUtnmXVnETtaZhWsmN3/Zh0R7TgJ253f7PZ/Z2xCEdqF0hs2MmnERSywdWZQ0a0McbDUUaDjBNYFht1wvS6djbI1b8RfayrnEZ0miYdzrrP1ntU+5cM1QBAvj6T 168651870043094856205824264282870999215855903395882323164614939540734011037112413507417141209480771157672307388419164831992909066097194364645695794831939514470650008210390333649278806163193463937050083854756730458780288720541495880958909249273048328511615821480782977316719631334570687241232556472064072892051
+RhGyx6xibf0OvY1XjnmX5na3G7emG8PWbvEa1kIjR6pK6K1MrMZnxFefXpHWInFS7ADESNI9LHjZB8VW5QrjRVPMksgdEAlkhY7MyQxaclUlShFl2AfKYBfIIro+vg7mUMzMctD+07BLk+jejRHtPVIxHmNnZrZYds80ve5z3Xw= 49204219353786910100605282012781696579642953908541693903348594981245301165936599174304121350092894937817100350990938057159324959104937469442065996667276651025661016077514839755853073999975805394464570132481314896694678249282338429544941873047382467276103868995474424700207571657816852575364781281563515280764
+AKbFfU3GL6NILVyONPVD/X0tffk5HS//7FBp7n6JKMXu3VXvWnfTl32R0WyVHk2yP0iIyi6SUusSicOH9ncO8KJHmaoMGN9Fn+Zq94FTFqZne5NxHmCtwRAbFNDVGg4FeemGXEe1S5Kk1VcvWqnp+QgY0uwa7RtT8C7/T+1pZlwq 117110890075563714812929271250884717870581483065920538069845585667296154465072587148155060755111295509684258790280104272121160614620669593483929827848744548171793187278583947500205314283462739235860439216105116687015890394925743036369717346234391524403038196640934551590543386844279091801685432977718405127210
+AJ0xZ9dfRc6P4W31bMHBymgOq+38ETEIMvMtr+wB5WTcsquZY1IUB4IVkrHaOo3W2SIr479IfJOOQhmvyRS4iB05yDI88Z/fJfXarkH53gDivECuo+5+JmV7e0S6gCvOuVamwoQjlK3G32bCV2946ry4EyIsVZ6Alk9xk7X5HfGU 110384671994603894282707302829898242894456931176497230904862171369974466400767175784681299142670706023468915238955836087425993929524341269289746060546848852729416925808186253355106621584826213979718185296723694190658548757311188764342751280681935289121682174507629679900374674992438818324999211250580434317716
+fjzmb1D+YBU5Wn1GlwhxjiJS07k+fXxjeNRbOv5SjktzxOXmautO8xZ5ACOlYrTt5G2gzW2PU6sYNfByQ0xoUSyutOuQlD2r+8MnDrxCo6RxT3P0dUSX7q0IVj+oLK4GPbscnKLfe6KqUcYLMgKnDYnc+ztFD+csL6BQnM9WMLk= 88647261832601702291191332432291274285041869480562430895152086741320122435409959711452438332192792226899741738806447713240934608106883094466050154088410020909933636902495700779087737304255058561688767369900548260278700135161077055869478387490726087630962098228537973426295306997128615315548440548541717688505
+YDg99aHkQSh9RjytWknbXzcgLD8MrWUEHF46yQLHYANKXaQYyf3yGM9TYPCDUqWbOapqQe+XfOCoACLyRg7vVDsnOPRDI9ZFUgCQBNG06ZOxzktEhnNJoRC99da8jyodFqqk2f9UD1lVa8tsQdatjUDocwgJaDAOpYEyGnUlbXo= 67567767932654827067250684965667741848878457020992905661955722020937161710030993261011062929936964216357930453809610708591260182295097124272956485574313839759737390934220465669626974544253750900911093325004172643146669082793591441922014060981070503803266774197958528843445580649512373693546027107823355522426
+ANdsfO+cNtWsbT/QJHGkYAL2WCHWVPrX6oEz78pO8lUwiigVEow5roLI5Tm7GP7XffjF95z5WDxzpoam+Bfp4za75D6ZEHQmuFnpWQAmNLUHdKUE6UcsWN1rbV1uY+x+Nr5Vni/M7PfQi1yRTTJTYav40tFPb9rY48FsUotivoxd 151275723772668372472508916060743043308364940375633847663054782759325087560768667906829087958412643723335046123025802453213225972572697773468957759328009026531148112732519692142632237595562259864125679649273054426879080697360204352423668940795473103047320116317252295126635024518179060076282921965794883439709
+D2Z8YA0G/vzEVVQ6itLPUC92r9n9FKRpf6lDPWIgpZOOfIkukPp7zzTlo9Ej5IsBrZBbtGz/eYmlHeZ8Y9pQj8HFW24HeKYqjmR0ujbNxI0QgoE+VUwPVg0HhoQsOGmq47zpXpkDwpOAZbMh/t1Bafq6r2zM0qmiwOacJ8KFUas= 10814483230552506566705634583020057064935800294861277580077052473134972003523900930560478187758928889017740705417070994563709463926267126567504805864719383185267204810142444719634360655595490833208838383875687102074846353850310954150927702228780599083427768247170427544730791038729428517279760042619935478187
+XoZpSMHqlOyPYJS7dWSRNDJHCkjbo6+DECzu0FpB9O8bftcxan/06Twbo5d1lEqPlLx3w0XeWtrmCSCaeVcXVtlY3QuPjdKPv8LBnnhslPOVcbGyflaTPXU+ITWE6rwnIF+yWQl3NIwCV4EBtCT+3U//Dt/Ebif9gzfKpKltD6U= 66377743237695515693282032069691369056215169443985727092982918806809030742478033317158686828712146024066618073633406428345129492010236994055590530566431286733776441810601990431112187030942086686719669823512292071202675269428014136307286941704297995292544712278047959299939833088742083527714893795660235870117
+QUbbkyJQ0Nru9c/nPbphM6VxHp5DWlai6407KIDbTGvUReVYI7de1gO/BFphL9GA7gDareYoMuej3/SVp8lEujXywtXzjiI+j2TzR3YYiMBAMhsJO1wU9pxy69Cj5xeFFlrOycjE9sPS9nrqnEEEFNPiK/GDDTHj0KuNbWSCLrI= 45838919357034925862751142472777409057791233610959872523563363744902783251621354580995921495295078179996083468819097423327554678806691589090814275138081407920379810144694354354954459732280968086760894209634364189264517251735804373673532012530665557440070501687207620525228416650281363557992436992284712644274
+F+uI7ARCeAlnPLO1YR7RJj8LyhtE/EJMcY45lsNMff0YeENe8KOITZVxNA55FcxDYpg9sKi1UV3/ASqkqpH8MOxWpBdT2UwSX3oBkp6ETfJKqiag0C4MS8cQVsfcKF39BJ6KUE7X6KUEj11j2YIIRREmLPyZ0LatG7dN7Rmv2iI= 16797235966984072293396362937533957334369977688369659112225970370748312376722010874726300554329794854683394163379447263409228872034356195791733533528404245739693397078461712458035888813157166614479153484688995068722288153129390850561042173295997770817893349738328312152341860704179681230323810266038959856162
+ALkEoXznA7BJlBIfA3Avl9kygQcxexEMApwduVRiXeYG0uEXMQU4rgMJBlPqs+ly8LTIcLFaLnJAG2KFQn2GXz2TNa7w4xkegkrslIJEtBWX/lc7VzRtcLbhaXEs0Ci1ValnW9Up7dYOj3Qw9eNo/9M9b1fD9TI+0QXFtp1ge728 129924120553920201168632484268654219915712271781591182777925696006023100660478316445751842982460082888615429513674356810187315558964251402722465707617058251479494744427428152566665405423424700027316505872162698141109433045594670140335040479559124757490095995568556894332243767736124299898808796118800328801724
+Ki3FNTEE870E9GaNtbT418CLSmf++s6Di3hzAy8NgiDOFo+uuicJa54V3JNRxOBc99sl/chfZuaBQt14BFOQ0i+9rm2KD82okNABd+SNfXOb0Ow2taZX8CpkVJYDyphFPyHbPIKmzwMShNx9X2z9w4++tJgzBzGcFTPv1nhAlxc= 29618953883711174042338818332957726953262658484143534778541769862244883781157097499904047532839425875312731531093860721544220959674634750905085721866390609141599426547378130082409488797303960018348798930232014390380383063108812922828160584483043190739354817699497573863286563890071313017508437166939160221463
+AJq8tcSnAq6M32ViO4hVGiHY7Tb08cLVyxpl/v0Y5adYblvjrbsFcCmsNDi5PnBOBl5awR7KZdQ1xgq6jIs+SQbccEMvJvGUZW5MgcHrXBj9XVd+8oB0z0eahqXpgYBqLDeHLU6238xR3dJYFf+Xrcrzjg8swx66OmQKkAQVJtdq 108660120968150664552423780971948386965268856900017812123107864829782135741514930439461240950044759098603910762272795612101834680870627850178371693837566833495418727543557712057554231215186486008080050486837716071537742708913279026303380104388546316647349432118287628353129105425052237438199445863950767806314
+AI3mfrgcRwtE3mA12gSoQV1xyIGy/YA4pCCvja4mTjvzQOAfiZL0efadxZH5awohCC1SpZDCFsE9yYp4LugHKu/A8zMcp4k5ena8sTPDkSod1yucjybgmVJ5h17Pru28AzHQ/YUmCnojQv55aV2+AUhxzIfojY+NT2PKRqr+vuf+ 99645829268436288676280252226747461064597487404802430565833102291706103139410465131373666856042539909746769688396958963177805479987372681967013633920910376342526433530508868114301205524789149997372160919406352823342811006288909548557622230243808373083272214426118230701324879006645047374853535922112549545982
+TmXQ+D8XFKSclXwnTIH8d+sb1IV0gfm7GagJahaFL6A9rvYaZ0NTizkG5DQ0RmXyo0wPmLork/296whsdNdUxVAwnGFlWWvMV0ftR1fOvN9KoT0WtVZ4Rmu6Fuc7q1PskAZzIp7MkOAxILO4iX5dNuVC+GLZYIbpTel3Ga8fXuU= 55052751096768041533898435453266875315629605001878362193939750978427494147944918632414581744895066623527980497732722163665712245580312596487741856071020477624754815927936394948233480228964159047139170955663289543349257377302556035170334384320502468579367401821986660515827461352578142560630318492817238744805
+EF6KIBWQiQoHOnBdJs1p+WIcAv9ILt0cnQVo+o/2niOtI0C+eFBSiNgeddhotkQFgHvGUjq8BPYgtLC8A5IFKGzXu4SYj5ziagka0hqfhVs9zVHKNx2NUoMhPDG5R7+giwEGGPOayGHVNbsBf1FBYG91+mwy8hnNbhcHSnvLGk4= 11494909948912248031301686864833544028186348338729984264372557659364976118965740281229664413031002362633393381744365783802034700038490736736266032000546393704814403638058993380993275865674190555703046732456017652317200288968188655019374159412919163798248766655991273308390043613040731449231289437754791500366
+AL7wCh8tkFe07qChFAzRkrnNehvda/Teroj65X1Bmcr14+/zeJlZDObYRYBOm8YYSYNgJekcL3o9lLFE34sCMbSJgm4dGwpEVexiLVi+zc8ndnqBDSAnRqtC+3jbInm/v8l6cUvuzrUNtzXIQ/H4FrmPMiVy0EMerkMtkfw5GBsd 134080980697158076909534078193319899756347955848461100874771253577754225619652121295523443912922220564492468474647193062555347746840044705102003079330399499915801536721237211615317000955332058281901995149084303143543150689010335818219129745452688372571010816270728441637278434982752674030696337642893239393053
+APunLhlblRi3bbRBwSV8dsw8h5SvT8ncAmXPnca+e1dLzrQZzL7P2OhFope0mW1MCDl2kJPiGTdK3SiYJVsAFeR3r/0z96g3oq+8uS66T6VaJym0QToMsqQF4/fUMaTo9HsukyPyOgjVIU+6TiFd3SxQKIu1/GpQWVQIP2pkHFKM 176716779397275986910036615967409090183531310366246043951791503601618945774743601662530806467045971394247287367421508126613573039423674729894091424105133906122821596079925540513892022311039293333114333317886304014722168786051080135090242879622144693440448171583324154550086458411590240882982297314605229953676
+MM6B5AgdJKe5OLlPzcXwi9WhqQjx5KsnBYxxa3kWdGNTdk/IN6TVd4Ptn8lWkLm78mw3DXP4Ol1sQbIfkHRoKFUN6TaWg5aDCJBDXyHSTZI2FDc1di0Te1SwziYn0sIOe+R+rfuLuHlcT1xaZBgL6+dDLAZaZza36UEjn5i/pTs= 34273208848307582992498656582721015257885595139328466874135636009184357438445251703533153492315835793684794951576799764181908090765379592683793969576893243386892292517067596035059342970830813419330530731370385186653239446376170533147020072285887964430731437765184844167400169982662183791828762458682426369339
+AJK1dx77ZA4F0sYCgRL1LKSTvjGTKBHd4QBeVnE6FKJxIow82puqtsVZ7TBxbECex+LkLQPrEbuQaVr3giUDjg0aJCE0D9ZVXCUS06qulqcCCdWgGFHXDOQzTWDn6TlJCGxtTEMbMxSlUq1q0iKZ19kwMHiT3GydBn8/G7tIYd23 103022457217861194294329435482792508957642944252832971366936865663608381648431732294396977429863681671686490913575377744795372643599438468695483808375208871881849232129651519218503507811863794426234594709451104684234156597418383183271923307418704786548452806494411689822939919114966188329657999811363991575991
+fPZNsqUYBbVGA2FAiglnByxGJOZkVSpj8Y4QNW5wq6o/1e/PRwp0TLYJXIoCJRs82pAj0QDpQbHl5lCZmNxEIQP8o8xI//HCPxPIdgBJmSfm3VGetrOpqEGU0KJJqK4IsjoVpAfPFMUMOpGNz9CSvCHGk1AKrtYvrTJEKmETuig= 87751387019308584846595931543798879607048239290774788042055795835726250309378365187899578817976976035304304847968410200168743967600896348021636654074952051821111673620467434295067182213181329543946368332581250062140819766061014427755090798550122401239987766844126425179573454145697756278292448630509686471208
+EmT6DUd0bxcdprYhAnycQaxm89kltJOlIOGFFRmEK90H3RhzBGr5PRVTJVqemFVpVliO1gy1nPHgqDGVNIE1GXhrhyFJU6m+HJeNcduippRe38xPCiuraRkXao79X7WAiVYUq6RIH+UIRnfTvHBgzTwjrOvKJ5853hYmGaanjh0= 12917015385266582065020051081997430892582163827812227349569911846746592973268746845211126663077128575098045461893559476227689488349263954564361736197688317585888118974603264677576027836032271531903881104937422976121352854003385726888601980526287956222142458858211589791399646989299770657341412683499692330525
+APtOYyWzdY1A/YU0SGrtjPdMZA5E50Y3hJVXppwuuSk04TjXzcbu2Sqp7sMnKYbToRW4nB5p2UnaLPhTRy0yszOd1auLngW+0ttCybD6nTcVoP65gYOwXGfSEQysqKLb1OfV8kYq5Ba92Efn+CcWWWuS0wEr97W5M/Hccx9bGu0r 176473215292413922394356058789571494026727424839036665031567966488209592078148711908841964690807374236235612412767651029865069639786447019874344449598703213025389428836803984245755885691094364960118900160737925054803955567361126391353868279642836569627177281508980029006921064654964339077608785831304875404587
+Vs6bjpYfFA1R/QTeCfhMuZLZ+Zxo6wxq1jFZpi5SBR1LaUwAtOAj38OJC8L7zmxSOj/RGEmJHkulI3E1MH7P7xlWbY468/azfot5fX9BgHrtptV6Q0dkBUg7H91+tcxdbm4/V0HGQGa2rZp+XK1rO+U/d0ki6iNbsCsCR+OeyvI= 60957991334776853645581868230398759578123373154273044785333939425321390401088800849629483265841435899835570419798325123273632247193463641611211088549152950252041797959644227170492417662363676228611376046334386877555777556575818860902071813120592757466883038430756577949025778080997296219236534786815367760626
+GiauT9A+wmwJsFbS2OPIM6ultIbU+kT2NgACn1jFAy+vNBahdfHMCH0jJdCs5TbmKTCeiEf3ITc5TV1OSvIejJ0GRkTf80nY47TAhiP1aehZvMAv59NQHHTDUE1U4TPVYKIyFpm1V1A+JBHKJzuGrB4lvqB2ed7k4m/ZD5lFLMM= 18363925023885496669420377869542744504974590667921570026763131637088916425434675950812384919000566852243714758512996458727914094904422651029609645299422563453163291342992902510788457007623888307499601267675322986672697397389663297565071582648674012080122614260400848960757021864980761735684874056409664531651
+AL/9KOZLtZu4+ZQYQsmOgbST8F4RV4N/Z+l8qsbCFlHdXHqTTkcN0chsccE/3KkVTZsAnAyJqogbAvB/RZqttaK5a8iKlOEoerUS92FVQw/42WhsVaFggR9cHVuvCD6QqclZjSBQKQzUMy0YWPWlycAZDIv96tooA+V+Fk0jbcFs 134819194171226950171930028888667967094069342154233489571728632904658607624703819928943642011918061760802468868660586005724399808048609316802502143143910585363214684061242274402109137825176291816945489430125510625857564490981683683589784133305376252294774711594646923226452625156299996630452243345104727556460
+AK5x2N/4+PKlsW/fNrw76CnE+nS76Rd7Ugo3IKhMTB/IuCc5xG4MQHo5MlWE0oVkZ+Gs4CxUpvD/WCCjHHFlSxKG4mC6ehz3NVLglBt+f1RWfPkF28JPd0UaIOG3um8kG4J3JDN48PXOPP86A0H8ZYbE5+ImmXsGAcwvScUQRInU 122499245103202714319465533564374494931278163571999934877854825659720649344163774228004853964635693562785966889622928722984134944784141208867445419597834322541679973956606275877526560988151196822256754309120410807075405427166696093800381410682490767468563176131997424692783482903880902119461752084196789357012
+ALZ12i0hqFhwRAikcoahYzH/BUolhgZ9Jz6adLvvTO4wk6LLOpNC/zCz+LjM7HazZomT1SqeYJ2X+WeGFLADHuWo+Gp/I3S0UEneYHKJxoU7OoOtE0mB0BCncLckHao/LmbpnQpS+Lx5bRsr0yE6oWNea6gbyRm/R0to74MI3/KK 128128022342420083856194424802390993133863171077961467523372211039771843125192435716337829530528063182315478279257832480290950255315151577221042903861075751839976362752440630888566422581799720709574650482021111126414843635330535518992034746102956214991673417580508389225948159518319625680855827280146399752842
+APXxvLifWgehdwdTRAJP5KrchRzgbUsyMWKcPGm2ZkwGDJjoTl2LIOOGVFiL4CyPBxahkEHf0nMxBN5oNGX/Y4W4PuOAC8gMgHzdLkPWkpnTcyoe5DD+fQsqNuKVw9nvyB15fx8k0d6b056nfFjnnRqgybby7MSllAWSKRYRdxVm 172707950911363219032118650562553641123743396229371815589867086054370029540557395298194067635069298952836929253340374819975848769009260895874615676938511747311585257140973518651959463416682165208985512233703837931718385346209362040743041262031997793519095342415901373534535662377972036003546589624834285049190
+O+9ohtZ9SzGLJoZM8IRQAjhc/GPt2X5G+M22ZidYjx9WgOTrZDXorSyxLuHxay6djsJSgjxYMj8MuanYSn/DzPWBB1Gn4cDmIsfeYuzO+vUJ4l6d0nIvBg9Iqs61/PGFd46YxhnDiVQ9HEznyTjzESnNqc0+/OkQVJcwNHAcZBg= 42087920806448980363073662127262313840530298932643042322138035915324224188032438119079107631420338701086802583985117830416851550991102672642532160807467909040086448764318690465254898516502941122327185894900817634110254371864896139724173087625913998657136384357741816102965779105122269429701537815263708996632
+VJOZmvqrqsIUTQSSJpZPhbQIYN2tsfBhAciWnfAYpwjK9/ts7OP4Qgdp6T/V2EsSRPnfZ0VKdLg1CnEWDhfcODo+/BZcUrJ0AviFAEtdeUhoMSWXtjel9Ln2guHY4s33z2cN70+e8gfjes65lCzrxUIXEF4nKxzKBnScoooQP5k= 59391682001673484862915842850714742391303140646889359425353339320546979084250010101273851580028171449840778038774656177449549941659895629203970455580974953864068394275066532699748911169800076515776388213090834432354601344176559839798153004796057709798368011673585434643656820656931921831615507416411999846297
+FRyJCOgPziO6RDHX1JgYGZRcSAuoQFIZM4niD/B0twK3l+TRpmVigKZAJnZZFtmX+0JQkDwQn3lcBGQIL6mgy+j0hD58U2/Wd6xebuHSzf4OHVGo1cYoqZLplszA+hVCoDVTHi2YAZ+GtfQEggumcNVxqfEZd6D9Nu//hm0t21M= 14824975573460749317081504809641216868382341402512168178334301409725840669112911061147252565570697788806398498723577368905065980113760265945344671897779830912242224090954834750057278285419880820811348943398148063418809729356397202526234113316098584002071850758705282845646489058224513019380757604894853946195
+dUk5LyS7mduFJlvh5o8R73kJIeeTh0Zli/y3XjtIXfCaNRf+wDlD/pX91JEwsQ5Mvj8yq/Uq13QyWhoNwsPpXVcJtJ+02wtIn5darsBDfzcD/LbWhl7zTRUeMjZ72gAWi1djx94SWjrZJS2oWZU92Og1yOyKRG+ua0AhHfYYh6g= 82361050315899968537319599868832189063658136463903643442673674137187842597528653416212822014359684261704550279153006971937114135373937934986951573613797195556144113400128502946618028800530164890707031379614952207482505803377774320259789692177752930767589642007257364960987343146063216186985472686575891023784
+AI6rejwEznR35rIPuIz0CP2aWyhRUR3unJ90YfxyuVYxrqOJQGSDTSf6SGDDw5MqpZXa9pWuwpyrb6smOq4ZtC3Er7lipJfXDjhy+0k1qcfMjmqbATUscwXGpgW+MO71cttccEz6vhbjndi8gvG5M/vfL2l1jA8nXuBd4e254dbz 100186164434910864539376019601151338080943067893748898987236087770762310617199833479771711726248130012472861788210345311298499515751355424063761182369333224929721733015910055321263016834247318907562652286587380604998130368845939290804442878127169587599285040969551065995197981341260363722618429042861484922611
+AJ5vLZX0fSs8dUSBqd5hki48T9cYuR0atxR+qv7cRu9nD1vP8uNVR8dLitg3XH0RARt3ZmOgi/AuggZt6tTxuIBg+9JhBY9WW+BLL5CnYWHC3AKMi7MQBWciLtmBpyF152bDaEcV1PXxtml2KxX0Ba0C+hGVDmJSdi8Kjd4AkfU6 111256341508463539324514225759801553679558662737345522765042612717818066374840372549356543720386819501973783940451033901079765311790026584654529398345993992144903839534037331533660672892487693477412528974248713261092693018326068480417183236210881306241164169849090833681510163753605662526243408192127670285626
+ZhXtSzn1GiFfHHnSKUYZiTcEWqlI8owyCKFjCQ+VEvkdk50m8uN7RCQ6ZhI545tN7Uy0WdLstJhgJETBYLHHIoWsJn07mgPxuyO0XsqNroICMQEOO/YWQFk1c0VqZifcohQAwJj7fONzM7hTcA22/7gVigJ3iLq178jZOJsEPQs= 71686982768953132894579286530164112027530221141251507987469672039995314435159469907420372652392376452531392493658576814100773556880394271726970628960571077839124343525055625420896355363707908511865700866168843075071778015504724409171911254647909938237551680861008772396291072284353858575645679153885560978699
+Vc8Cw5m5yI+bJ5sUJYm/F2wyZ5x3D4ydyL0uU/3eVF2ZJu55OOlC9pUyyv7WGExClHvWpR9mhMnsqCLyseLfM2Q/YXJ7cjGPKp2xd+fvwHa4hRi1FdOxs96rJnb+HUt9hTwQByXgzpnUfs7AqrqaNf4WSlBNMu0IOOqDdB4iVHU= 60256873326783629723455608618518793848697944184579877638436234491615392142659293975260290798403892159720925893207048153291000664050780029732557737984085196691225472664027706406879051455184548871511448456651238810812870905640934953489289909009741493031472382758586341375517766302753448531830002512912250459253
+QmeUn6cbpE8YrDfMETz/+KVFaK+d4NHHzcdj/MnjcmqQSLpP/XwCW/aeudlN3SfKd6rNo1XZefunZO/ek+PHEIy899WzjiJaajhf2X05fl9WuPEaMES3Yrr+ClogFNQ+9jL8+7L+J8lDuqQzvchT0U0RPay5HSNZw+ZouVCiQ18= 46630904037845609335515965570673490721137364238213103678233212262384415738654627185220187275286458759154841820256007930773120637898228224906635911124921895934056288121005350040349882413280772888907627838315559544636626856478316691755270725623680935763476199888127096014398699432042227882284223578563208692575
+ALUBYIShA4w5kRUa6iNF8S33DqaprdOWjVBnO+j9CCGtUh+NNwfpKR8AKf536MtuFFtwaQvRIlkLpaTYXuRxzyU/YG2+UfRQF3pEmXQhcMxJqFzqZ5nWCIWlJ/KtYS4lcC/B7hD2UGAktnIdjVUTSxX60VzA+zxeunV2iBZXQlEs 127106299687401374061881872616647348819431126560557369258073443762502337592227172639640997680536372567116568811258505773087926491911004324918919511363985868314578663758269650473780772688462266790559846182685481907703974916356209771821075179827563487466641669110315430790405454641953880582274165368514679034156
+ANyAdMnVCVjmUZGiVdyvGE5mUQpKoJOJINqMAfzVUGvvxXFmGdoAx+xsDRNAP4KoijpXk6E3yPBPBZEWyhiHnyjEkktK/gX6gnb745afS0QIlsjhKCk/W/BHXkzC862Llnc1ZGAIsERnGceEoZHdICfDUh/7nMFp5WuSMzPB7nEO 154841617115465511611746667401422322067517612306328612547616471923266281876818466022676728696273611923942543658633762267658490816264271663863494188027433799849037906883352478212451733963905925106470599843045599411842850386623187980045961158399934160107237440980574028985561404965317132715808604373199725949198
+AJ4nfhDe+HojR2YrprDHW9FVUxsZvoIekwlNL2iKFRFcTB9IcEdh6QnGcaRinev7yEYUsL6saSxUj39uWlqo8udJFdszuuQUmnloIi34L5uj0m1OpLy2dawpFQr8pqyA7go4ugMMj6XCtiVnISUcK8wjHgY3Jed/EKK8k5ce0Jxt 111059703393618496515021583605572584329116596402705082562306930876194742195701060137568030171429700588269665205795898835699633817098262654446852249498668467827435829513531633390969638488553144849154126899372953755511962841193763362947708260103832329116485114451074371844037650417731807385491783373627950406765
+AL+heSTflb2MkRYFTKghfzqlVQ1oE5vcx0eCIsy9NJ2NGFXCRRvoGDVoB8UEsUWIRnaA+MIpwDKGpbOS8kRQrvBvPe/xM/t3jrGkaS6pN064+bCBx8Y/Jq31ZXNG8oUol+y1Eo6fkUKNl4EOetmZWK8VmhVwol5YngDffj4Q8ned 134567692290185631768518572983694048149859804864902017394351513816079806629664302312927579302025923096596995134868068794900003728293470554490807959649153000914807604036531509869958441069678002226922395630284261949256022972967357884468325217602330254290548618134453007903724438628204981673400911693835033278365
+AI272d2sbYIi637kHZC+6lievgcDvT5VKaCnus3fHwm2vfao7oYu31P4st9DlqPWJ635X6QtLkU5HgvVSy66MDj2fcOfwVL09ffkZYnoGNdhMADVgOq62Ro5cCpOdw8Ko0cCyVpVIaSysPuqY7kiClf9GTdyZz/uYHDgwWeNrc4R 99528854246023003959943182132914587584844397870416002887630245681136432049666385367430032197518895755482367603560037194955739661569172773017279832774100155646116233705958563163070414171045438199561777058338188494271322834524386565519620661180246416329082614115142485663975718653564590519408413408765689056785
+AN9S8vPzo4SkyKsk07nfyD0um1riJzRqqWF9KCL+kWMHajurgPACikYzu61tL7l1mNEaIU16Ndz541o+y76DgsTLYszu4KXUOEt1Gu3eHy05Fq18zCDlNesSVjkZjPmuJr2ku+p0cP0TLLMn7/KuVOm4GlEVc6OvBNZuEzRriSYZ 156823459768092337875922818543729136404805918580285507923139232733465414368775678369646914249412830351437211620056021568154043505276475345347569200977945836210758870414054407438380975491139001471954448623922841964684437333066353208837709613982022690623722155151315252634380695513434502419141555410441456920089
+AMc5H8kywLgiT4zz5xgoI90jejsHorbqUGtBeX9wke7zyvEKyWxRKScZwzRbinjDZzN48eg/30qTZOV2Rw97JFg+EA63iZ0vqfF8jErIt3hODniKX8zayCuNmiSb5kiZL0UDU1SNh8ER4m6o5vshBKkmqs0PeozfCGQtR3bZXlx4 139899247405256530335276706333424670310599977544642091674186635734421385499036688803073040921114325725234673132788498809189814711681909865484671959982394306416477300458309408833281654917008031099378445580498219376391819745965887864647387211647794422908411100892195529730435423964537342228510107659017578765432
+AKv+3H/TruTX3wdMWnLzD05em8u/QMl6lCHT4VkK+uZwBXoLeji54Tcs/hZIhj0Bdj0URrRt+7JdGSTy4Sr986AtVFxBJZA3lT+JT4JSrq3oY1Tv+tX/yg8ZodQmbpQyyfaFg3BgeHNmsUoCrdqhj4IwBqEXoOBRIXnzaTuqqSEw 120779384043726135670909127168686589868907326577918074234323699599475436892003731971700278391108690400460261929381703781833059801757700386671579819341589048987186473249926590758009001670959004477454905417357202448886738669226760846888369186457452643053236389556969071303251275912453385963613554945645058007344
+ANXIB+HxOyJd3YYsscMpqZpi/eYjZi5q6A0MohU4BiWEJK/E4uIObLJDH5yd4ng+hn7UMhc+R/AxG88hIdOc5NyG/QyFs95ZLUC26F9rkRifu2CBkgqR5EQi2cgwC8jGxQOkC62YND6cAn/ILsKTYaH0iavtO9Tz04vQp9Ypc82H 150122383481070201614242107655752525590609186454390549085509458064289390813495886095936526832230958746095739308601699615024239939948911472291507190108935262129646691795733786714291498653838550751365834947465294261687773081563139416397262227609481906371677917295227469553787085145970923979142676551778927103367
+ZQLFoW+dJ7vrHdMlcLRGKY6T6PZKnE2L3NjXymS/55my2CDBLdDf3oXwLlRjVt9KnEiXyQzLhyY2PrFA4k3N/3P5lVDLHero5c36TMshbHgbIKRGN2CGWPEFeQ4j040IwVbQCPJeuF3jL5ikCxWZFXfeEnTL6TqumLfD9yLQfKA= 70932215714423143395949105745758445705072524008235214324766464113352968998429901322485575506330607802260244612268338586532462314021433435523464635419846126736185176246740838082062856583684393425704173881940108783636582561707441482446854068022535943408999200681879161519209676205165680598258447492092651404448
+LzzvPw0FdtM2G/RRiqoajJiIH+Lw3jpL4H+08yOpp1bNITR2Aq0beu2nP0H4o2Z1/FNr2hzuGakkAhVbmmRXc8keoOkeaAQAP/8OYxHpjrqou3WPWaKx+vUCTSqVYYf8gnVKpAAC2cD+3lW+/ZJ538o+c0ovbUKNu1u1j1OBtA0= 33171669664542509840621265032202455391098253465550501094201777336478104142847268103467889435377685359857979277521589539506627375165485879405453566052091202280471235979376217319335800766353336252760793484157724210008639813552207624049019149744883918494762511376489708611103181576211531366514802868659603747853
+APrGj1lIIlxA57DNh+bTEAFbJK2Y2P3MxLShb4fPx2aY6j88k3umoe07ISQLf9PzNPeml4/0I3w0KNd2x4s9KHbj7NsIT64lhO6eQSEteqZXZGXUYUyNzhrTbAjt+Q9LVKItQhsTkTW2HTQ5RQZfGrkL118b/I18J4P+T8CGZdDz 176100632478477421621142147788721746818712752858710594712903769452749028606541677227413333567013253138397373757811889654342173021761934591400685421771460440213093509170325205622261487145789848227404883040799927313402244625239515162996390018403365063394514244196976794479529075569412676472840544017222373593331
+Fvcl/LemWk29I5LCjU1QedTjGlkvFF/kZXNkRJv+vNZ7qgq6pX8WB9yVkk6AoclDYAhCRfKTKuEpR23iafVuHpprPfNXcqBH8n01kq3U27xqIy2hS+D6BRBK67PQaekq31EB0aOcEb/DuNaXakS9+mtTMx6BKt+WoEY+NkzHK6c= 16126868736093163702771491576570380743773057522016869811780571865928979861357811080042796140032050364543242385458140594532945509386155523162799601656485075247603490060565663264947465987286983338572455184901756399862440455644131755848583379822279676555143231305246033911608913609591095831135803702269767527335
+AKW8tvaB8YZ7J5W2lmquBniJzUhRfqFdPZPqvBoMzR4cRh1CMNdSFsYsnsaF3KolNzogdsxFpHAaEMG6zSvpNJAoi4nixCqb5SETXrSLASXvNjI9MvCoE2JCRq7kMbjPL7cem+mBPWZITGUI6KVlJPLxQngHYSFxukqlx7jznwJH 116384596458828069344020651216200368975621068920641012055593076864629080375946542748377736186556382088448816531408136815533164209947323588157210859294774679831647934533061547276394884474877353537242203645373945111105805934070657589374883764420038511061919092743520704686962593876316976299391579463759429567047
+D5N2P4FrqDf7/2Z2BJsqah4SjUtolic/yNqdNzvNEogDKZKAJyGq4zhnHvkYXkEm2ueU/FDPJRqisszG0oULdU6c7p8acirEwsGLVh4RamnFRgmQSK1vbiYB3bR+P+iFX/bZ+TWjN2Y3YMa5UB//I6Zb5kEIjmTpjY2LEPI1e6s= 10937855369372570149476727082965401421189236366492771695094788039313362971972373068736123833330006002198346944149230147444718818161877123407713821100752433128205189334393732633989950841577315682292180735057952587083688644195300641998709155269462601925653013312848413290208844194513502358901613104779186502571
+V/A1ktS0xrcwlI8xrYqvlLCFYrdVp8tEzZaZ9iNNpPH/pzVsA0WbnnUeHbdilkje+4OdoX9C4U2xaOuWOfvqLR0c7GeCkSffCqyf4ZsBmjy/BQL6rCpxMF0gIHXO5O8aJ1h17hy9LTuNzWm4zVh4pNFuHC9L6nAcf92udMiIQzk= 61752386563628388546439207444896778638632243226541303179646524864765343154194512297447627825411023405896612559648434895675553567405277169056807223959390559391191382555701580549902639604424290133917402316755076644943742815711432111554988540913643347167948778404861099845961151998728662878854088239266688156473
+APoPgEKA0/r1FYmt/Iso6ChYK6dDU62Y+vH5h/LVE00biBYG1f7aL3GdllUTN+XQSHpqlDw8CD+9xojwZIMfgpgjOwLbbe7Aso460zLrg3R8aHBpbVt8iZUgjACwPYr5UyKbFzIAWaXcnYYQ+tCO9aDIuOz+/7eIF62C81zXFJVZ 175598490446477604563905754135475294999639698464908622773037381109011373179895295130424828038708319325919451724985361900259676699137657615076219968061941008972496322083528922054390781811699677037439989404270415929836486610353098273115864435328533577114470407444852521009919911888840405368858409835197558461785
+cL54ymLJhRx3U20Y9aUTIsXy9Ags+XHy4qk3F7uJyO46eiXSL7VrrR9vTQXAbETbu1YiVWfslsPht810eUDUVaVir6yLnXkywn46Ci42FEvVoTEFjO22uYcCh8nqB8H589w/+lVSlNrcILugwfdfCvK1iZzVimOO6l3qzfXToOU= 79171550718114578361958369278761819285111811576818442980166457146638966315793211967882077899426611721874954146020093740153495693185472340728106727284441726113022873005252623222594060645383105757498856463065370975867121188445567981809371870213273555432308279508351518168027875538720367440153667708369625129189
+QdQN4qW2QZq8/fmSaqlRiPSoDbhmF0oYjaY29HcKYGHdlOH0AMJb+RUIq1aszvVtjh7AYay2TNhaZMWQ6Qi3c42SNk3A1MVknT6zqiRCGjNFfxf/matbRLbTFQF832MAId708vrFLF/o2HpekMkc5hcHB6bkUUhEI1NLcMXwGck= 46226230186280253581676626651942823886592433541360244612432763620730826574920825070086312767146345247802570752482654580909236388357139147786783758670999083804670979821212991224400629053427330483809790366665043598754931511997925850227997764381723288657884346974360232490075739442406431704368767588177525348809
+cxHvCK/dyVDvaqCCQyLeaiBGA36mV5el+1lc2eUTkHGUzX5gU0QQCEp+iSXNJhIOON8VFpKOFsziuV0Z+3cegWRw/VnxnjXcBh6IDKdupzOPB+Yl8MA1ti/GrQjLC6ikcNYNjQT0ZThL7KTqEvvZJH68WYmD0IuK26swjNGIGaI= 80804939616399473443737611589382762718815989847332356984276911837267997590368701684135326680567847542004499684038240485603420973682522792156533112356849436451918522884749244246467852622918805139990256619014116276456718693703261686778030658826952213058982142604346352178078750879100976710761147710018148637090
+AIQ3OIZevkYoRGBmsFaXJobSfLeInuKKReVYNjP5VEPoMq0mXTltY6l09/rQ3d1JjsMD1PfA7emhxex+H9t3leBIfCi6Ux34GQEjXWpQc4awuiy9tbR077HaJyecvb8Qy1FTnOHoH5C043QJzrKYT/sFXjgB60piI8Y0R/hwxO4r 92845026347218330987427785323244729176754623818531419911990153715676845614711324345879159989637824921793015074978358052562420379797956750450245721653716740651389924718711940869162230097839047895842495414221110468446944827052871968998907462191349838598297775847512250220907563815783358238473966349820476321323
+LoG6ib5lUh57rdmSkZSWzBoudytFohS4uoU/uly6OaQDOi34GeNVxu/yr6RszJyL9JWkGNgFaBIv/HirH5zA9VQAL/6kpL93a0/GQ/nuHkHy3GWZPF/2+yJ0PfazQ40fWhHZfRxBngWslbguFPjj1XaJ37YzpQAYb/+QcUai9ic= 32658152290878644668906121702816147999633088014476055330179597550087921141413344679134407016170035735846077181424615228657687216737432274043674411132745299610950657139041836412322040866250189120286839287690983293111362228893996267791120043532014262644480689231457941173330523718758287779526551822788227954215
+AKu2jgOQCCfYZ3CLkXEH44aO4TtwMPeK/eq4FtNj9HZ9FxT0LLNJh0ZXPOaPJjgznvIw5C7/hNm7rUs1JeV8I8dj3nbS3EVERQz1gc/ckYB3H1bViWREOD5+TScDusi86YO/z4ar3dauKkg5kT1kKDuU/OP5kNMWvtJjHc4Vd3L3 120581042599355202025471829872601846477331097842315143148145881424071317426176264583672725691485724160094190478865850305422057632110749683552966861219554215519032344086824849470294473808177223497912069335635933312949412445851201918768630656712413082629164792850095444166888072453190903931430551124946191872759
+ANLs7OsR7oBM5jSjVADrk+Mx9d0TeieTIkxwWiJ5STKNQmW2EzPOjgbfcLhbYEhzzDFJveXO2dzz6/c8V5oW2yqg7VMx88DzEbpQnQpk/rOQRw9jbI4fxXNJHkNZCeysEVvFfLJb4ecsGA0xJ3Aylny/jP10ahPv2z5K99edGZSU 148116916208650944522110872759145096907599612943009577897396622287067669897712748449324334650112672914917664881091633448764667172850435775162090891556266912697811031318228334453406561952979778127173704706529448647577013482442758465809198730066784986763500579667100246958959793527011919373534159474250508506260
+AL+Er3n1qj+SBsZVtOMJYg4m0CN+DE6gRnC1F7nPvd2XnBe+QE0+LKfcpUDHVNxoydW4BDzNVwnUNbyjXZ+iuddPtO9hchVEI36UiuL0ydeldFpOZ9mtHJaAF6abd0MlHw4vXRf8CbOvXb5N4s76ggijlZBjRtU563sSmBcyq6Zt 134488725667189507159811764480908602790838430340670328479145818969651133017546803581865897303917708192047926432630297993507146075655594931523561067937580218599890162311074002344315818494246433967228889645359283635389151927472221799543158424012020308449895562192866672439712148770104592027035768027605661099629
+AK/04XOBSjjPpuFXTDF82RNWnKqZz9mJQbS2B5bn0ehFnBa6j+B+MazX+AxXTL/d5+hPLT1uexcnSMl3DcGGwKipOXg7Dtuj3pfJXHTrCqXAUYrIXI+8vKVQO55yQPGfzIg9SVgetwW1sDk+a28ZhJ5a9OddqNoi5C+dLce7ZtNb 123560902006294001923570614486104726169564351074482936927091682096999779538353161007361361829586988452098646362280351148131540524964916445100589671458589346440250329883789099771417949746709217272531950438336245613419967556433467843237384555807236658182067742367748737224684334525934210197178231424396818830171
+PzOEGHlihiveoWFAALY+LOfkRJfm0NUF/uR6cSU/tbpGAq4onNpr+iZIzEP5o3JBLOtDC595/NBPI0fzaXl0vQvgJs6KG8iKANjsLKQjIpZBkoKhdbG9MzTVQuAeuDW0w3sn2iMZ/v2dgAzRwfqmQYXJr3I2BbcwWraIJuZXw5A= 44381416070253681813077725822442106641846565789204187691647505370231831464947935035197059366680327425453811558282831465960889061956588244308214943856009686127871667376028831540813257349779756631357122923723235595360268572998278795110672666089470210929411514949652537714634611421849780859192966935514197771152
+APnuduN01GS9dO2m2uCLs400AR2lX7elOnIPC5U6e17qbukxWYzNhilZlM4kdGXAIeYpzFdSIW/gxRMZe6TXq9krFWRaaPyT2QwRfGHYnazS9F1QNYmW1zXdt+qVp0JGxmh5PyDstbP8Z3x50/E8Mb0gLLPhNAvzY2Jnr9A8Q1Hy 175507868985304663005133968393406051624825489142498103948374797086106732382869120248515993626061853699363294022457032257026588816021007648668265488426495800459085474654859258116280251546902009156490112550154951965894022789029787886785376415437170872937201839249103828294508088966180386198213606090453461193202
+QHEhL4iVzNdUsfG0izTEepwTOvxka8t/9MwuF1Ey6kxsI+ry4g4sJPgR2xMnbtOmvQn2NitAkfvA8JPCiL7a8+gmf+DVRDjKDfpfrtgAVmo+3rH+uJYTrKhAp8R7ggU2xIrvbIrgeUj7ieThPI3Rtap+IdkPCL853JC/+oKtytM= 45252649968839515171157821292772647085425694172492111870169593872127007254353374581972876464918186509502070064028725519394859148593053614163356612260257013360168930649423732336969778875205250872728821432415158634190866775855521719727700464116412886964736859295086745723651735554245035077902615220578218265299
+APeaekK4mVhEShCfM0mkRebcg1Iq5CgrFIEGOoh1nHzgebr5A9Wrhm9yD1Vd3e+fFD9urDRB4y5MHPJHX1U2NFToC+H8nQkFXL8bfd/9Wl2c7y8m0Mxwi53pLIdzETLbbfeOOtJvuSYYT3n8+/PeMnJ46UD8OfqtnFuS0/bVpFLS 173873040145444066957050580959132871919216036714423404143335635770937773583761934638398867981658394368476005882852706046614562314432695052874974848076542261910660410561876043187368112065303981001507235893831108658530338308496461162623683138693880482650786841100027392293758260448606244283355655751440485602002
+FqC/wgZDPTUoObPFSH5w4QR79zj/O+ZiHGTEnsBMwNZD3Gl/ClRDIsFMDDupNLgwgXsqCQbpwSOHOtAvUuAFwRpzt5B7lwIgtP5ism/AZRno5p+9WVSmUAM3glHsNtvYydz2MkXtnXzSMIR1ZVoLrdwMnckE4pbMzggqz+JZqxw= 15889870005716350976759704672045310928616256175405784574141006779373730686049218680335525720670897894546334915362899913262232170795516176419192840427996647372619000239408311568577050460995518058850793096827271653902583271225799114408537346367483775593212272587811309978019791973449354003275559762102731778844
+AJXNbv2AMWadF5h99ZAUy5gLnVK/hMaakFo0ZedtPNRJobxPmwj+h52G+Czd0U48G0V0wpdeUJC9v/4BhjzhCvNhNsdAT1+vQXDuteYQ1aspsEKLQ6b+NknO88QSbRJw53+KeOY2xe7PKOa4V89XnFFBF7wljRnIYrM8vvcqVQDk 105194875227030598769888785590198577650278341586165110611689226597424766274486797264032300493674927704016605741286512271390703088626381669060095573361828932336327125438452066548897528158329044309005232090053420259033538936293519762277428283316506398965916381374819450858053512398634116052299066189424983605476
+AIDRnUpBHepjBqYAlU4MG/8JxzX1mPxVNHpWvnEVgvqTQx/bisFPpXrYs3jAKIR/lzevYwhH0K/8Vvw4NK9iTMFqgSnU44AZztKsoxUXsEsl1UU56UscY5C7ciKU6vjjWI7nm/uHNOXdE82TQXkk2WX8ferNqZU5DaLFCb+zxb7w 90459642084794142567976043425270153270545560059973413835786695756473295513758287577749768786155290305189883600338986370836806413936196854410098516254596146039255388020628703824195128439558127783534033672712705194483515442668075394018677699876614329419492391568463215822656901183478205197671375262145069825776
+AIdvVNzJqWPgAShvi3GhbhMQft+SLigKGrhoqas2Saz/bA9u9Td6fAxa2LjrAqshW6cnm2aalc3Yv6RW/Y8vg7Ho31NSaRjT4zMUenykcC0/Y88UNxREi85wdnHwGytms6Lq49H8/7EFGJIyL1PLRWPmZn6XFkegscI/HUq/hiKm 95105613103051650721863964216778532448106311156426028879315612217763044797186635476805213120469258258125661666950525364331551671653846368977016286153840829836509696804585927581668281228810410814602664419962214359687545209312836366693384158782798559255789953908588601637765910472073600954502095647132310971046
+DdchOPjXrI6lpV84IdKCisPmdqZan8AARXRLADEhixsfXCYuO+WhNatI/fM1vgv+/TxwwIQjIfG1vOZcB36JUfjHYdItYQ70vUXaVFdpqvoBGyfOTU50Ds/11iGPCF8mWiQwR30/XAXytqDZtaVJVWsgHD3RigBSnSHhnvZAWYg= 9719024770319024562623340689338530708271347986326272393419504304391837979619189392867902307307106771234732135400958362219711925045600118964223238147375808749507928768896918369395426933218443166133187066167663170936604731896932630589251946733237697936733924510107175304126061649311812536190882160340308613512
+I+Z6rdTOt26/v3dtUP1plITb15fjb6aMDvqFS3AD1+nxBqnnk7ISGE9j6dv762EIWQpMzcCG5NCCq35KOHEwRXP28zup6olOMt3CBFgYVcBE2pWOpGiO19G/iFweYZXZPY5HgIkex7HBbb7l6HhomPc2sLL/IRhh2oogyHx2JMM= 25210054612455888156900839678249806510561198051210010474517915819801056434402727631042894881559517808906460418029149538469607239850657781476308872923928122553395468026744382526167194202058040459679991391557937527079948356545086684521068912222036707113005006607012596093923970784177288565193670152033981048003
+ALbBoyelCs4UkfnPjMT3S67ujhBHBEE0uxLx6kSGZq2IOMU/QdWYPFElRgYC/y++334FSEycjS6NAJJo2ITpZCO5AjNJ93J3WYgbDLiwu1VzKHX6ItfFNEk45km+QTi07+pDKcKNd1k0mxqpLd/PuZd5hRpPDDoKBb6i+mrCb2yF 128335905497646745013379107761994003743181143126608677203818152878840562628631384684712779135591095534911406031545494164782375276574093777950840330452805743803067864740000758175436633463846967335728314347497013853264454015790847388463800323796888198433722196292529074568758149650782323407298620158495364705413
+ANwlxEkeqmqYTxw1ZwMi1v2wo4ntPaEYZYoTLTJQfa+kuIksnHW9va243HAiOixd+rviVdm1dEwzESBbX0wiJNtRBpP+bnRxy4xOBjNoOB0c/tfka5JVwu5eeskyHx4V3inLviUaj86Yck42n5NaJFMfBvhzVftZ/YF9WBITI8g6 154592850289860621115358362871905683265658659789986179554827712019629689749439795961607030363152337159590319622241556795951071651584979664762468782303706550885785493534656062553770262954861884613383561063525714923031691298088562054236178003658891902606245782350998076658704876516153027797371814038658244397114
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test1-discover.txt b/vendor/gems/ruby-openid-2.1.4/test/data/test1-discover.txt
new file mode 100644
index 000000000..7ec9b8788
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test1-discover.txt
@@ -0,0 +1,137 @@
+equiv
+Status: 200 OK
+Content-Type: text/html
+
+<html>
+<head>
+<meta http-equiv="YADIS_HEADER" content="URL_BASE/xrds">
+<title>Joe Schmoe's Homepage</title>
+</head>
+<body>
+<h1>Joe Schmoe's Homepage</h1>
+<p>Blah blah blah blah blah blah blah</p>
+</body>
+</html>
+
+header
+Status: 200 OK
+Content-Type: text/html
+YADIS_HEADER: URL_BASE/xrds
+
+<html>
+<head>
+<title>Joe Schmoe's Homepage</title>
+</head>
+<body>
+<h1>Joe Schmoe's Homepage</h1>
+<p>Blah blah blah blah blah blah blah</p>
+</body>
+
+xrds
+Status: 200 OK
+Content-Type: application/xrds+xml
+
+<XRDS Content>
+
+xrds_ctparam
+Status: 200 OK
+Content-Type: application/xrds+xml; charset=UTF8
+
+<XRDS Content>
+
+xrds_ctcase
+Status: 200 OK
+Content-Type: appliCATION/XRDS+xml
+
+<XRDS Content>
+
+xrds_html
+Status: 200 OK
+Content-Type: text/html
+
+<XRDS Content>
+
+redir_equiv
+Status: 302 Found
+Content-Type: text/plain
+Location: URL_BASE/equiv
+
+You are presently being redirected.
+
+redir_header
+Status: 302 Found
+Content-Type: text/plain
+Location: URL_BASE/header
+
+You are presently being redirected.
+
+redir_xrds
+Status: 302 Found
+Content-Type: application/xrds+xml
+Location: URL_BASE/xrds
+
+<XRDS Content>
+
+redir_xrds_html
+Status: 302 Found
+Content-Type: text/plain
+Location: URL_BASE/xrds_html
+
+You are presently being redirected.
+
+redir_redir_equiv
+Status: 302 Found
+Content-Type: text/plain
+Location: URL_BASE/redir_equiv
+
+You are presently being redirected.
+
+lowercase_header
+Status: 200 OK
+Content-Type: text/html
+x-xrds-location: URL_BASE/xrds
+
+<html>
+<head>
+<title>Joe Schmoe's Homepage</title>
+</head>
+<body>
+<h1>Joe Schmoe's Homepage</h1>
+<p>Blah blah blah blah blah blah blah</p>
+</body>
+
+404_server_response
+Status: 404 Not Found
+
+EEk!
+
+500_server_response
+Status: 500 Server error
+
+EEk!
+
+201_server_response
+Status: 201 Created
+
+EEk!
+
+404_with_header
+Status: 404 Not Found
+YADIS_HEADER: URL_BASE/xrds
+
+EEk!
+
+404_with_meta
+Status: 404 Not Found
+Content-Type: text/html
+
+<html>
+<head>
+<meta http-equiv="YADIS_HEADER" content="URL_BASE/xrds">
+<title>Joe Schmoe's Homepage</title>
+</head>
+<body>
+<h1>Joe Schmoe's Homepage</h1>
+<p>Blah blah blah blah blah blah blah</p>
+</body>
+</html>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test1-parsehtml.txt b/vendor/gems/ruby-openid-2.1.4/test/data/test1-parsehtml.txt
new file mode 100644
index 000000000..8ed59d33e
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test1-parsehtml.txt
@@ -0,0 +1,152 @@
+found
+<!-- minimal well-formed success case -->
+<html><head><meta http-equiv="X-XRDS-Location" content="found"></head></html>
+
+found
+<!-- minimal well-formed success case, xhtml closing, whitespace -->
+<html><head><meta http-equiv="X-XRDS-Location" content="found" /></head></html>
+
+found
+<!-- minimal well-formed success case, xhtml closing, no whitespace -->
+<html><head><meta http-equiv="X-XRDS-Location" content="found"/></head></html>
+
+found
+<!-- minimal success case -->
+<html><head><meta http-equiv="X-XRDS-Location" content="found">
+
+found
+<!-- ignore bogus top-level tags -->
+</porky><html><head><meta http-equiv="X-XRDS-Location" content="found">
+
+found
+<!-- Case folding for header name -->
+<html><head><meta http-equiv="x-xrds-location" content="found">
+
+found
+<!-- missing <html> tag -->
+<head><meta http-equiv="X-XRDS-Location" content="found">
+
+found
+<!-- javascript in head -->
+<html><head><script type="text/javascript">document.write("<body>");</script><META http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- no close script tag in head -->
+<html><head><script type="text/javascript">document.write("<body>");<META http-equiv="X-XRDS-Location" content="found">
+
+found
+<!-- case folding for tag names -->
+<html><head><META http-equiv="X-XRDS-Location" content="found">
+
+found
+<!-- Stop after first one found -->
+<html><head>
+<meta http-equiv="x-xrds-location" content="found">
+<meta http-equiv="x-xrds-location" content="not-found">
+
+&
+<!-- standard entity -->
+<head><meta http-equiv="X-XRDS-Location" content="&amp;">
+
+found
+<!-- hex entity -->
+<html>
+  <head>
+    <meta http-equiv="X-XRDS-Location" content="&#x66;ound">
+  </head>
+</html>
+
+found
+<!-- decimal entity -->
+<html>
+  <head>
+    <meta http-equiv="X-XRDS-Location" content="&#102;ound">
+  </head>
+</html>
+
+/
+<!-- hex entity -->
+<html>
+  <head>
+    <meta http-equiv="X-XRDS-Location" content="&#x2f;">
+  </head>
+</html>
+
+
+<!-- empty string -->
+<html><head><meta http-equiv="X-XRDS-Location" content="">
+
+EOF
+<!-- No markup, except this comment -->
+
+None
+<!-- No meta, just standard HTML -->
+<html>
+  <head>
+    <title>A boring document</title>
+  </head>
+  <body>
+    <h1>A boring document</h1>
+    <p>There's really nothing interesting about this</p>
+  </body>
+</html>
+
+EOF
+<!-- No <html> or <head> -->
+<meta http-equiv="X-XRDS-Location" content="found">
+
+EOF
+<!-- No <head> tag -->
+<html><meta http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- No <html> or <head> and a <body> -->
+<body><meta http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- <head> and <html> reversed -->
+<head><html><meta http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- <meta> is inside of <body> -->
+<html><head><body><meta http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- <meta> is inside comment -->
+<html>
+  <head>
+    <!--<meta http-equiv="X-XRDS-Location" content="found">-->
+  </head>
+</html>
+
+None
+<!-- <meta> is inside of <body> -->
+<html>
+  <head>
+    <title>Someone's blog</title>
+  </head>
+  <body>
+    <h1>My blog</h1>
+    <p>This is my blog</p>
+    <h2>Comments</h2>
+    <p><meta http-equiv="X-XRDS-Location" content="found"></p>
+  </body>
+</html>
+
+None
+<!-- short head tag -->
+<html><head/>
+<meta http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- <body> comes first -->
+<body><html><head>
+<meta http-equiv="X-XRDS-Location" content="found">
+
+None
+<!-- </body> comes first -->
+</body><html><head>
+<meta http-equiv="X-XRDS-Location" content="found">
+
+None
+<!bad processing instruction!>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/malformed_meta_tag.html b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/malformed_meta_tag.html
new file mode 100644
index 000000000..80dd3b45a
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/malformed_meta_tag.html
@@ -0,0 +1,19 @@
+<html>
+<head>
+<title />
+
+<link rel="openid.server"
+	href="http://www.myopenid.com/server" />
+<link rel="openid.delegate"
+	href="http://user.myopenid.com/" />
+<link rel="openid2.local_id"
+	href="http://user.myopenid.com/" />
+<link rel="openid2.provider"
+	href="http://www.myopenid.com/server" />
+<meta http-equiv="X-XRDS-Location"
+	http://www.myopenid.com/xrds?username=user.myopenid.com" />
+
+</head>
+<body>
+</body>
+</html>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid.html b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid.html
new file mode 100644
index 000000000..1a57d44f2
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+  <head>
+    <title>Identity Page for Smoker</title>
+    <link rel="openid.server" href="http://www.myopenid.com/server" />
+    <link rel="openid.delegate" href="http://smoker.myopenid.com/" />
+  </head>
+  <body>
+    <p>foo</p>
+  </body>
+</html>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2.html b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2.html
new file mode 100644
index 000000000..a74c042e7
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+  <head>
+    <title>Identity Page for Smoker</title>
+    <link rel="openid2.provider" href="http://www.myopenid.com/server" />
+    <link rel="openid2.local_id" href="http://smoker.myopenid.com/" />
+  </head>
+  <body>
+    <p>foo</p>
+  </body>
+</html>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2_xrds.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2_xrds.xml
new file mode 100644
index 000000000..8091ab94d
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2_xrds.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           >
+  <XRD>
+    <Service priority="10">
+      <Type>http://specs.openid.net/auth/2.0/signon</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <LocalID>http://smoker.myopenid.com/</LocalID>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2_xrds_no_local_id.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2_xrds_no_local_id.xml
new file mode 100644
index 000000000..e6a0eb977
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid2_xrds_no_local_id.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           >
+  <XRD>
+    <Service priority="10">
+      <Type>http://specs.openid.net/auth/2.0/signon</Type>
+      <URI>http://www.myopenid.com/server</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2.html b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2.html
new file mode 100644
index 000000000..5e581287b
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+  <head>
+    <title>Identity Page for Smoker</title>
+    <link rel="openid2.provider openid.server" href="http://www.myopenid.com/server" />
+    <link rel="openid2.local_id openid.delegate" href="http://smoker.myopenid.com/" />
+  </head>
+  <body>
+    <p>foo</p>
+  </body>
+</html>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2_xrds.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2_xrds.xml
new file mode 100644
index 000000000..6d85d57e3
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2_xrds.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+
+    <Service priority="10">
+      <Type>http://specs.openid.net/auth/2.0/signon</Type>
+      <Type>http://openid.net/signon/1.1</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <LocalID>http://smoker.myopenid.com/</LocalID>
+      <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2_xrds_bad_delegate.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2_xrds_bad_delegate.xml
new file mode 100644
index 000000000..db7282e2b
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_1_and_2_xrds_bad_delegate.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+
+    <Service priority="10">
+      <Type>http://specs.openid.net/auth/2.0/signon</Type>
+      <Type>http://openid.net/signon/1.0</Type>
+      <Type>http://openid.net/signon/1.1</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <LocalID>http://smoker.myopenid.com/</LocalID>
+      <openid:Delegate>http://localid.mismatch.invalid/</openid:Delegate>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_and_yadis.html b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_and_yadis.html
new file mode 100644
index 000000000..3befa6fc3
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_and_yadis.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+  <head>
+    <title>Identity Page for Smoker</title>
+    <meta http-equiv="X-XRDS-Location" content="http://someuser.unittest/xrds" />
+    <link rel="openid.server" href="http://www.myopenid.com/server" />
+    <link rel="openid.delegate" href="http://smoker.myopenid.com/" />
+  </head>
+  <body>
+    <p>foo</p>
+  </body>
+</html>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_no_delegate.html b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_no_delegate.html
new file mode 100644
index 000000000..f5180b3dc
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/openid_no_delegate.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+  <head>
+    <title>Identity Page for Smoker</title>
+    <link rel="openid.server" href="http://www.myopenid.com/server" />
+  </head>
+  <body>
+    <p>foo</p>
+  </body>
+</html>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_0entries.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_0entries.xml
new file mode 100644
index 000000000..f161a0b31
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_0entries.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+    <Service >
+      <Type>http://is-not-openid.unittest/</Type>
+      <URI>http://noffing.unittest./</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2_bad_local_id.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2_bad_local_id.xml
new file mode 100644
index 000000000..68c2ce1fc
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2_bad_local_id.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+
+    <Service priority="10">
+      <Type>http://specs.openid.net/auth/2.0/signon</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <LocalID>http://smoker.myopenid.com/</LocalID>
+      <LocalID>http://localid.mismatch.invalid/</LocalID>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2entries_delegate.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2entries_delegate.xml
new file mode 100644
index 000000000..372955b02
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2entries_delegate.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+    <CanonicalID>=!1000</CanonicalID>
+
+    <Service priority="10">
+      <Type>http://openid.net/signon/1.0</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate>
+    </Service>
+
+    <Service priority="20">
+      <Type>http://openid.net/signon/1.0</Type>
+      <URI>http://www.livejournal.com/openid/server.bml</URI>
+      <openid:Delegate>http://frank.livejournal.com/</openid:Delegate>
+    </Service>
+
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2entries_idp.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2entries_idp.xml
new file mode 100644
index 000000000..9a07b3d40
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_2entries_idp.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+    <CanonicalID>=!1000</CanonicalID>
+
+    <Service priority="10">
+      <Type>http://specs.openid.net/auth/2.0/signon</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <openid:LocalID>http://smoker.myopenid.com/</openid:LocalID>
+    </Service>
+
+    <Service priority="20">
+      <Type>http://specs.openid.net/auth/2.0/server</Type>
+      <URI>http://www.livejournal.com/openid/server.bml</URI>
+    </Service>
+
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_another_delegate.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_another_delegate.xml
new file mode 100644
index 000000000..2f3b9af37
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_another_delegate.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+
+    <Service priority="10">
+      <Type>http://openid.net/signon/1.0</Type>
+      <URI>http://vroom.unittest/server</URI>
+      <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_idp.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_idp.xml
new file mode 100644
index 000000000..f570d0437
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_idp.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+    <Service priority="10">
+      <Type>http://specs.openid.net/auth/2.0/server</Type>
+      <URI>http://www.myopenid.com/server</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_idp_delegate.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_idp_delegate.xml
new file mode 100644
index 000000000..541060053
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_idp_delegate.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0"
+           >
+  <XRD>
+    <Service>
+      <Type>http://specs.openid.net/auth/2.0/server</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_no_delegate.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_no_delegate.xml
new file mode 100644
index 000000000..fbd673490
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_discover/yadis_no_delegate.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           >
+  <XRD>
+    <Service priority="10">
+      <Type>http://openid.net/signon/1.0</Type>
+      <URI>http://www.myopenid.com/server</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/=j3h.2007.11.14.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/=j3h.2007.11.14.xrds
new file mode 100644
index 000000000..f0246e22a
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/=j3h.2007.11.14.xrds
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://=j3h" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*j3h</Query>
+  <Status code="100"/>
+  <Expires>2007-11-15T01:35:07.000Z</Expires>
+  <ProviderID>xri://=</ProviderID>
+  <LocalID priority="10">!378C.2F61.25D6.F7EB</LocalID>
+  <CanonicalID priority="10">=!378C.2F61.25D6.F7EB</CanonicalID>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="2">http://2idi.com/openid/</URI>
+   <URI append="qxri" priority="1">https://2idi.com/openid/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">xri://+i-service*(+contact)*($v*1.0)</Type>
+   <Type match="default"/>
+   <ProviderID/>
+   <Path select="true">(+contact)</Path>
+   <Path match="null"/>
+   <URI append="qxri" priority="1">http://2idi.com/contact/</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/README b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/README
new file mode 100644
index 000000000..3739cf1c7
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/README
@@ -0,0 +1,12 @@
+delegated-20060809.xrds    - results from proxy.xri.net, determined by 
+                             Drummond and Kevin to be incorrect.
+delegated-20060809-r1.xrds - Drummond's 1st correction
+delegated-20060809-r2.xrds - Drummond's 2nd correction
+
+spoofs: keturn's (=!E4)'s attempts to log in with Drummond's i-number (=!D2)
+spoof1.xrds
+spoof2.xrds
+spoof3.xrds - attempt to steal @!C0!D2 by having "at least one" CanonicalID
+    match the $res service ProviderID.
+
+ref.xrds - resolving @ootao*test.ref, which refers to a neustar XRI.
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809-r1.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809-r1.xrds
new file mode 100644
index 000000000..f994b140e
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809-r1.xrds
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://@ootao*test1" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*ootao</Query>
+  <Status code="100"/>
+  <Expires>2006-08-09T22:07:13.000Z</Expires>
+  <ProviderID>xri://@</ProviderID>
+  <LocalID priority="10">!5BAD.2AA.3C72.AF46</LocalID>
+  <CanonicalID priority="10">@!5BAD.2AA.3C72.AF46</CanonicalID>
+  <Service priority="10">
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <ProviderID>xri://!!1003</ProviderID>
+   <MediaType>application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://resolve.ezibroker.net/resolve/@ootao/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*test1</Query>
+  <Status code="100">SUCCESS</Status>
+  <ProviderID>xri://!!1003</ProviderID>
+  <LocalID>!0000.0000.3B9A.CA01</LocalID>
+  <CanonicalID>@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01</CanonicalID>
+  <Service>
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809-r2.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809-r2.xrds
new file mode 100644
index 000000000..68c08dc44
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809-r2.xrds
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://@ootao*test1" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*ootao</Query>
+  <Status code="100"/>
+  <Expires>2006-08-09T22:07:13.000Z</Expires>
+  <ProviderID>xri://@</ProviderID>
+  <LocalID priority="10">!5BAD.2AA.3C72.AF46</LocalID>
+  <CanonicalID priority="10">@!5BAD.2AA.3C72.AF46</CanonicalID>
+  <Service priority="10">
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <ProviderID>xri://@!5BAD.2AA.3C72.AF46</ProviderID>
+   <MediaType>application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://resolve.ezibroker.net/resolve/@ootao/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*test1</Query>
+  <Status code="100">SUCCESS</Status>
+  <ProviderID>xri://@!5BAD.2AA.3C72.AF46</ProviderID>
+  <LocalID>!0000.0000.3B9A.CA01</LocalID>
+  <CanonicalID>@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01</CanonicalID>
+  <Service>
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809.xrds
new file mode 100644
index 000000000..073ee6889
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/delegated-20060809.xrds
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://@ootao*test1" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*ootao</Query>
+  <Status code="100"/>
+  <Expires>2006-08-09T22:07:13.000Z</Expires>
+  <ProviderID>xri://@</ProviderID>
+  <LocalID priority="10">!5BAD.2AA.3C72.AF46</LocalID>
+  <CanonicalID priority="10">@!5BAD.2AA.3C72.AF46</CanonicalID>
+  <Service priority="10">
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <ProviderID/>
+   <MediaType>application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://resolve.ezibroker.net/resolve/@ootao/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*test1</Query>
+  <Status code="100">SUCCESS</Status>
+  <ProviderID>xri://!!1003</ProviderID>
+  <LocalID>!0000.0000.3B9A.CA01</LocalID>
+  <CanonicalID>@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01</CanonicalID>
+  <Service>
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/no-xrd.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/no-xrd.xml
new file mode 100644
index 000000000..ca66f7359
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/no-xrd.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns:openid="http://openid.net/xmlns/1.0"
+    xmlns:typekey="http://typekey.com/xmlns/1.0"
+    xmlns="xri://$xrd*($v*2.0)">
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/not-xrds.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/not-xrds.xml
new file mode 100644
index 000000000..7f5bfd511
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/not-xrds.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<x></x>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/prefixsometimes.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/prefixsometimes.xrds
new file mode 100644
index 000000000..5522a6e5e
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/prefixsometimes.xrds
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://@ootao*test1" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*ootao</Query>
+  <Status code="100"/>
+  <Expires>2006-08-09T22:07:13.000Z</Expires>
+  <ProviderID>xri://@</ProviderID>
+  <LocalID priority="10">!5BAD.2AA.3C72.AF46</LocalID>
+  <CanonicalID priority="10">@!5BAD.2AA.3C72.AF46</CanonicalID>
+  <Service priority="10">
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <ProviderID>xri://@!5BAD.2AA.3C72.AF46</ProviderID>
+   <MediaType>application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://resolve.ezibroker.net/resolve/@ootao/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*test1</Query>
+  <Status code="100">SUCCESS</Status>
+  <ProviderID>xri://@!5BAD.2AA.3C72.AF46</ProviderID>
+  <LocalID>!0000.0000.3B9A.CA01</LocalID>
+  <CanonicalID>xri://@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01</CanonicalID>
+  <Service>
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/ref.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/ref.xrds
new file mode 100644
index 000000000..69cf683db
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/ref.xrds
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://@ootao*test.ref" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*ootao</Query>
+  <Status code="100"/>
+  <Expires>2006-08-15T18:56:09.000Z</Expires>
+  <ProviderID>xri://@</ProviderID>
+  <LocalID priority="10">!5BAD.2AA.3C72.AF46</LocalID>
+  <CanonicalID priority="10">@!5BAD.2AA.3C72.AF46</CanonicalID>
+  <Service priority="10">
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <ProviderID/>
+   <MediaType>application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://resolve.ezibroker.net/resolve/@ootao/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*test.ref</Query>
+  <Status code="100">SUCCESS</Status>
+  <ProviderID>xri://!!1003</ProviderID>
+  <LocalID>!0000.0000.3B9A.CA03</LocalID>
+  <CanonicalID>@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA03</CanonicalID>
+  <Ref>@!BAE.A650.823B.2475</Ref>
+  <Service>
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+ <XRDS ref="xri://@!BAE.A650.823B.2475" xmlns="xri://$xrds">
+  <XRD xmlns="xri://$xrd*($v*2.0)">
+   <Query>!BAE.A650.823B.2475</Query>
+   <Status code="100"/>
+   <Expires>2006-08-15T18:56:10.000Z</Expires>
+   <ProviderID>xri://@</ProviderID>
+   <LocalID priority="10">!BAE.A650.823B.2475</LocalID>
+   <CanonicalID priority="10">@!BAE.A650.823B.2475</CanonicalID>
+   <Service priority="10">
+    <Type select="true">(+wdnc)</Type>
+    <ProviderID/>
+    <Path select="true">(+wdnc)</Path>
+    <URI append="none" priority="10">http://www.tcpacompliance.us</URI>
+   </Service>
+   <Service priority="10">
+    <Type match="content" select="true">xri://$res*auth*($v*2.0)</Type>
+    <ProviderID/>
+    <MediaType match="content" select="false">application/xrds+xml;trust=none</MediaType>
+    <URI priority="10">http://dev.dready.org/cgi-bin/xri</URI>
+   </Service>
+   <Service priority="10">
+    <Type match="content" select="true">(+i-name)</Type>
+    <ProviderID/>
+    <Path match="content" select="true">(+i-name)</Path>
+    <URI append="none" priority="10">http://www.inames.net</URI>
+   </Service>
+   <Service priority="10">
+    <Type select="true">xri://+i-service*(+contact)*($v*1.0)</Type>
+    <Type match="default" select="false"/>
+    <ProviderID>xri://!!1001</ProviderID>
+    <Path select="true">(+contact)</Path>
+    <Path match="null" select="false"/>
+    <MediaType select="false">text/html</MediaType>
+    <MediaType match="default" select="false"/>
+    <URI append="none" priority="10">http://www.neustar.biz</URI>
+   </Service>
+  </XRD>
+ </XRDS>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>!BAE.A650.823B.2475</Query>
+  <Status code="100"/>
+  <Expires>2006-08-15T18:56:10.000Z</Expires>
+  <ProviderID>xri://@</ProviderID>
+  <LocalID priority="10">!BAE.A650.823B.2475</LocalID>
+  <CanonicalID priority="10">@!BAE.A650.823B.2475</CanonicalID>
+  <Service priority="10">
+   <Type select="true">(+wdnc)</Type>
+   <ProviderID/>
+   <Path select="true">(+wdnc)</Path>
+   <URI append="none" priority="10">http://www.tcpacompliance.us</URI>
+  </Service>
+  <Service priority="10">
+   <Type match="content" select="true">xri://$res*auth*($v*2.0)</Type>
+   <ProviderID/>
+   <MediaType match="content" select="false">application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://dev.dready.org/cgi-bin/xri</URI>
+  </Service>
+  <Service priority="10">
+   <Type match="content" select="true">(+i-name)</Type>
+   <ProviderID/>
+   <Path match="content" select="true">(+i-name)</Path>
+   <URI append="none" priority="10">http://www.inames.net</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">xri://+i-service*(+contact)*($v*1.0)</Type>
+   <Type match="default" select="false"/>
+   <ProviderID>xri://!!1001</ProviderID>
+   <Path select="true">(+contact)</Path>
+   <Path match="null" select="false"/>
+   <MediaType select="false">text/html</MediaType>
+   <MediaType match="default" select="false"/>
+   <URI append="none" priority="10">http://www.neustar.biz</URI>
+  </Service>
+ </XRD>
+</XRDS>
+\ No newline at end of file
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/sometimesprefix.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/sometimesprefix.xrds
new file mode 100644
index 000000000..eff755543
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/sometimesprefix.xrds
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://@ootao*test1" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*ootao</Query>
+  <Status code="100"/>
+  <Expires>2006-08-09T22:07:13.000Z</Expires>
+  <ProviderID>xri://@</ProviderID>
+  <LocalID priority="10">!5BAD.2AA.3C72.AF46</LocalID>
+  <CanonicalID priority="10">xri://@!5BAD.2AA.3C72.AF46</CanonicalID>
+  <Service priority="10">
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <ProviderID>xri://@!5BAD.2AA.3C72.AF46</ProviderID>
+   <MediaType>application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://resolve.ezibroker.net/resolve/@ootao/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*test1</Query>
+  <Status code="100">SUCCESS</Status>
+  <ProviderID>xri://@!5BAD.2AA.3C72.AF46</ProviderID>
+  <LocalID>!0000.0000.3B9A.CA01</LocalID>
+  <CanonicalID>@!5BAD.2AA.3C72.AF46!0000.0000.3B9A.CA01</CanonicalID>
+  <Service>
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID/>
+   <URI append="qxri" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof1.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof1.xrds
new file mode 100644
index 000000000..8e870c815
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof1.xrds
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://=keturn*isDrummond" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+ <Query>*keturn</Query>
+ <ProviderID>xri://=</ProviderID>
+ <LocalID>!E4</LocalID>
+ <CanonicalID>=!E4</CanonicalID>
+
+ <Service>
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <URI>http://keturn.example.com/resolve/</URI>
+   <ProviderID>=!E4</ProviderID>
+ </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*isDrummond</Query>
+  <ProviderID>=!E4</ProviderID>
+  <LocalID>!D2</LocalID>
+  <CanonicalID>=!D2</CanonicalID>
+  <Service>
+    <Type>http://openid.net/signon/1.0</Type>
+    <URI>http://keturn.example.com/openid</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof2.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof2.xrds
new file mode 100644
index 000000000..7547561e1
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof2.xrds
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://=keturn*isDrummond" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+ <Query>*keturn</Query>
+ <ProviderID>xri://=</ProviderID>
+ <LocalID>!E4</LocalID>
+ <CanonicalID>=!E4</CanonicalID>
+
+ <Service>
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <URI>http://keturn.example.com/resolve/</URI>
+   <ProviderID>xri://=</ProviderID>
+ </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*isDrummond</Query>
+  <ProviderID>xri://=</ProviderID>
+  <LocalID>!D2</LocalID>
+  <CanonicalID>=!D2</CanonicalID>
+  <Service>
+    <Type>http://openid.net/signon/1.0</Type>
+    <URI>http://keturn.example.com/openid</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof3.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof3.xrds
new file mode 100644
index 000000000..f4c43c9b4
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/spoof3.xrds
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://=keturn*isDrummond" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+ <Query>*keturn</Query>
+ <ProviderID>xri://@</ProviderID>
+ <LocalID>@E4</LocalID>
+ <CanonicalID>@!E4</CanonicalID>
+
+ <Service>
+   <Type>xri://$res*auth*($v*2.0)</Type>
+   <URI>http://keturn.example.com/resolve/</URI>
+   <ProviderID>@!E4</ProviderID>
+ </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*is</Query>
+  <ProviderID>@!E4</ProviderID>
+  <LocalID>!D2</LocalID>
+  <CanonicalID>=!C0</CanonicalID>
+  <CanonicalID>=!E4!01</CanonicalID>
+  <Service>
+    <Type>xri://$res*auth*($v*2.0)</Type>
+    <URI>http://keturn.example.com/resolve/</URI>
+    <ProviderID>@!C0</ProviderID>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*drummond</Query>
+  <ProviderID>@!C0</ProviderID>
+  <LocalID>!D2</LocalID>
+  <CanonicalID>@!C0!D2</CanonicalID>
+  <Service>
+    <Type>http://openid.net/signon/1.0</Type>
+    <URI>http://keturn.example.com/openid</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/status222.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/status222.xrds
new file mode 100644
index 000000000..84cd5c906
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/status222.xrds
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://=x" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*x</Query>
+  <Status code="222">The subsegment does not exist</Status>
+  <Expires>2006-08-18T00:02:35.000Z</Expires>
+  <ProviderID>xri://=</ProviderID>
+ </XRD>
+</XRDS>
+\ No newline at end of file
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/subsegments.xrds b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/subsegments.xrds
new file mode 100644
index 000000000..11d2e9122
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/subsegments.xrds
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRDS ref="xri://=nishitani*masaki" xmlns="xri://$xrds">
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*nishitani</Query>
+  <Status code="100"/>
+  <Expires>2007-12-25T11:33:39.000Z</Expires>
+  <ProviderID>xri://=</ProviderID>
+  <LocalID priority="10">!E117.EF2F.454B.C707</LocalID>
+  <CanonicalID priority="10">=!E117.EF2F.454B.C707</CanonicalID>
+  <Service priority="10">
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID>xri://!!1003!103</ProviderID>
+   <URI append="none" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+  <Service priority="10">
+   <Type select="true">xri://$res*auth*($v*2.0)</Type>
+   <ProviderID>xri://!!1003!103</ProviderID>
+   <MediaType>application/xrds+xml;trust=none</MediaType>
+   <URI priority="10">http://resolve.ezibroker.net/resolve/=nishitani/</URI>
+  </Service>
+  <Service priority="1">
+   <Type match="content" select="true">xri://+i-service*(+forwarding)*($v*1.0)</Type>
+   <Type match="null" select="false"/>
+   <ProviderID>xri://!!1003!103</ProviderID>
+   <Path match="content">(+index)</Path>
+   <Path match="default"/>
+   <URI append="qxri" priority="1">http://linksafe-forward.ezibroker.net/forwarding/</URI>
+  </Service>
+ </XRD>
+ <XRD xmlns="xri://$xrd*($v*2.0)">
+  <Query>*masaki</Query>
+  <Status code="100">SUCCESS</Status>
+  <ProviderID>xri://!!1003</ProviderID>
+  <LocalID>!0000.0000.3B9A.CA01</LocalID>
+  <CanonicalID>=!E117.EF2F.454B.C707!0000.0000.3B9A.CA01</CanonicalID>
+  <Service>
+   <Type select="true">http://openid.net/signon/1.0</Type>
+   <ProviderID>xri://!!1003!103</ProviderID>
+   <URI append="none" priority="1">https://linksafe.ezibroker.net/server/</URI>
+  </Service>
+  <Service>
+   <Type select="true">xri://+i-service*(+contact)*($v*1.0)</Type>
+   <Type match="null"/>
+   <ProviderID>xri://!!1003!103</ProviderID>
+   <Path select="true">(+contact)</Path>
+   <Path match="null"/>
+   <URI append="authority" priority="1">http://linksafe-contact.ezibroker.net/contact/</URI>
+  </Service>
+  <Service priority="1">
+   <Type match="content" select="true">xri://+i-service*(+forwarding)*($v*1.0)</Type>
+   <Type match="null" select="false"/>
+   <ProviderID>xri://!!1003!103</ProviderID>
+   <Path match="content">(+index)</Path>
+   <Path match="default"/>
+   <URI append="qxri" priority="1">http://linksafe-forward.ezibroker.net/forwarding/</URI>
+  </Service>
+ </XRD>
+</XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/valid-populated-xrds.xml b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/valid-populated-xrds.xml
new file mode 100644
index 000000000..60e5ca7b1
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/test_xrds/valid-populated-xrds.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns:openid="http://openid.net/xmlns/1.0"
+    xmlns:typekey="http://typekey.com/xmlns/1.0"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+
+    <Service priority="0">
+      <Type>http://openid.net/signon/1.0</Type>
+      <URI>http://www.myopenid.com/server</URI>
+      <openid:Delegate>http://josh.myopenid.com/</openid:Delegate>
+    </Service>
+
+    <Service priority="20">
+      <Type>http://lid.netmesh.org/sso/2.0b5</Type>
+      <Type>http://lid.netmesh.org/2.0b5</Type>
+      <URI>http://mylid.net/josh</URI>
+    </Service>
+
+    <Service priority="10">
+      <Type>http://openid.net/signon/1.0</Type>
+      <URI>http://www.livejournal.com/openid/server.bml</URI>
+      <openid:Delegate>http://www.livejournal.com/users/nedthealpaca/</openid:Delegate>
+    </Service>
+
+    <Service priority="15">
+      <Type>http://typekey.com/services/1.0</Type>
+      <typekey:MemberName>joshhoyt</typekey:MemberName>
+    </Service>
+
+    <Service priority="5">
+      <Type>http://openid.net/signon/1.0</Type>
+      <URI>http://www.schtuff.com/openid</URI>
+      <openid:Delegate>http://users.schtuff.com/josh</openid:Delegate>
+    </Service>
+
+  </XRD>
+</xrds:XRDS>
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/trustroot.txt b/vendor/gems/ruby-openid-2.1.4/test/data/trustroot.txt
new file mode 100644
index 000000000..736816570
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/trustroot.txt
@@ -0,0 +1,153 @@
+========================================
+Trust root parsing checking
+========================================
+
+----------------------------------------
+23: Does not parse
+----------------------------------------
+baz.org
+*.foo.com
+http://*.schtuff.*/
+ftp://foo.com
+ftp://*.foo.com
+http://*.foo.com:80:90/
+foo.*.com
+http://foo.*.com
+http://www.*
+http://*foo.com/
+http://foo.com/invalid#fragment
+http://..it/
+http://.it/
+http://*:8081/
+http://*:80
+http://localhost:1900foo/
+http://foo.com\/
+http://π.pi.com/
+http://lambda.com/Λ
+
+ 
+ 	
+5
+
+----------------------------------------
+14: Insane
+----------------------------------------
+http:///
+http://*/
+https://*/
+http://*.com
+http://*.com/
+https://*.com/
+http://*.com.au/
+http://*.co.uk/
+http://*.foo.notatld/
+https://*.foo.notatld/
+http://*.museum/
+https://*.museum/
+http://www.schtuffcom/
+http://it/
+
+----------------------------------------
+18: Sane
+----------------------------------------
+http://*.schtuff.com./
+http://*.schtuff.com/
+http://*.foo.schtuff.com/
+http://*.schtuff.com
+http://www.schtuff.com/
+http://www.schtuff.com./
+http://www.schutff.com
+http://*.this.that.schtuff.com/
+http://*.foo.com/path
+http://*.foo.com/path?action=foo2
+http://x.foo.com/path?action=foo2
+http://x.foo.com/path?action=%3D
+http://localhost:8081/
+http://localhost:8082/?action=openid
+https://foo.com/
+http://kink.fm/should/be/sane
+http://beta.lingu.no/
+http://goathack.livejournal.org:8020/openid/login.bml
+
+========================================
+return_to matching
+========================================
+
+----------------------------------------
+46: matches
+----------------------------------------
+http://*/                             http://cnn.com/
+http://*/                             http://livejournal.com/
+http://*/                             http://met.museum/
+http://localhost:8081/x?action=openid http://localhost:8081/x?action=openid
+http://*.foo.com                      http://b.foo.com
+http://*.foo.com                      http://b.foo.com/
+http://*.foo.com/                     http://b.foo.com
+http://b.foo.com                      http://b.foo.com
+http://b.foo.com                      http://b.foo.com/
+http://b.foo.com/                     http://b.foo.com
+http://*.b.foo.com                    http://b.foo.com
+http://*.b.foo.com                    http://b.foo.com/
+http://*.b.foo.com/                   http://b.foo.com
+http://*.b.foo.com                    http://x.b.foo.com
+http://*.b.foo.com                    http://w.x.b.foo.com
+http://*.bar.co.uk                    http://www.bar.co.uk
+http://*.uoregon.edu                  http://x.cs.uoregon.edu
+http://x.com/abc                      http://x.com/abc
+http://x.com/abc                      http://x.com/abc/def
+http://10.0.0.1/abc                   http://10.0.0.1/abc
+http://*.x.com                        http://x.com/gallery
+http://*.x.com                        http://foo.x.com/gallery
+http://foo.x.com                      http://foo.x.com/gallery/xxx
+http://*.x.com/gallery                http://foo.x.com/gallery
+http://localhost:8082/?action=openid  http://localhost:8082/?action=openid
+http://goathack.livejournal.org:8020/ http://goathack.livejournal.org:8020/openid/login.bml
+https://foo.com                       https://foo.com
+http://Foo.com                        http://foo.com
+http://foo.com                        http://Foo.com
+http://foo.com:80/                    http://foo.com/
+http://foo.com/?x=y                   http://foo.com/?x=y&a=b
+http://foo.com/x                      http://foo.com/x?y
+http://mylid.net/j3h.                 http://mylid.net/j3h.?x=y
+http://j3h.us                         http://j3h.us?ride=unicycle
+https://www.filmclans.com:443/mattmartin/FilmClans https://www.filmclans.com/mattmartin/FilmClans/Logon.aspx?nonce=BVjqSOee
+http://foo.com:80                     http://foo.com
+http://foo.com                        http://foo.com:80
+http://foo.com                        http://foo.com/
+http://foo.com/                       http://foo.com
+http://foo.com/                       http://foo.com:80
+http://foo.com:80/                    http://foo.com:80/stuff
+http://foo.com:80/                    http://foo.com/stuff
+http://foo.com/path                   http://foo.com/path/extra
+http://foo.com/path2                  http://foo.com/path2?extra=query
+http://foo.com/path2                  http://foo.com/path2/?extra=query
+http://foo.com/                       HTTP://foo.com/
+
+----------------------------------------
+25: does not match
+----------------------------------------
+http://*/                             ftp://foo.com/
+http://*/                             xxx
+http://foo.com/                       http://oo.com/
+http://*.x.com/abc                    http://foo.x.com
+http://*.x.com/abc                    http://*.x.com
+http://*.com/                         http://*.com/
+http://x.com/abc                      http://x.com/
+http://x.com/abc                      http://x.com/a
+http://x.com/abc                      http://x.com/ab
+http://x.com/abc                      http://x.com/abcd
+http://*.cs.uoregon.edu               http://x.uoregon.edu
+http://*.foo.com                      http://bar.com
+http://*.foo.com                      http://www.bar.com
+http://*.bar.co.uk                    http://xxx.co.uk
+https://foo.com                       http://foo.com
+http://foo.com                        https://foo.com
+http://foo.com:81                     http://foo.com:80
+http://foo.com/?a=b                   http://foo.com/?x=y
+http://foo.com/?a=b                   http://foo.com/?x=y&a=b
+http://foo.com/?a=b                   http://foo.com/
+http://*.oo.com/                      http://foo.com/
+http://foo.com/*                      http://foo.com/anything
+http://foo.com                        http://foo.com:443
+https://foo.com                       https://foo.com:80
+http://foo.com/path/xev               http://foo.com/path?extra=more
diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/urinorm.txt b/vendor/gems/ruby-openid-2.1.4/test/data/urinorm.txt
new file mode 100644
index 000000000..95262fe2d
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/data/urinorm.txt
@@ -0,0 +1,79 @@
+Already normal form
+http://example.com/
+http://example.com/
+
+Add a trailing slash
+http://example.com
+http://example.com/
+
+Remove an empty port segment
+http://example.com:/
+http://example.com/
+
+Remove a default port segment
+http://example.com:80/
+http://example.com/
+
+Capitalization in host names
+http://wWw.exaMPLE.COm/
+http://www.example.com/
+
+Capitalization in scheme names
+htTP://example.com/
+http://example.com/
+
+Capitalization in percent-escaped reserved characters
+http://example.com/foo%2cbar
+http://example.com/foo%2Cbar
+
+Unescape percent-encoded unreserved characters
+http://example.com/foo%2Dbar%2dbaz
+http://example.com/foo-bar-baz
+
+remove_dot_segments example 1
+http://example.com/a/b/c/./../../g
+http://example.com/a/g
+
+remove_dot_segments example 2
+http://example.com/mid/content=5/../6
+http://example.com/mid/6
+
+remove_dot_segments: single-dot
+http://example.com/a/./b
+http://example.com/a/b
+
+remove_dot_segments: double-dot
+http://example.com/a/../b
+http://example.com/b
+
+remove_dot_segments: leading double-dot
+http://example.com/../b
+http://example.com/b
+
+remove_dot_segments: trailing single-dot
+http://example.com/a/.
+http://example.com/a/
+
+remove_dot_segments: trailing double-dot
+http://example.com/a/..
+http://example.com/
+
+remove_dot_segments: trailing single-dot-slash
+http://example.com/a/./
+http://example.com/a/
+
+remove_dot_segments: trailing double-dot-slash
+http://example.com/a/../
+http://example.com/
+
+Test of all kinds of syntax-based normalization
+hTTPS://a/./b/../b/%63/%7bfoo%7d
+https://a/b/c/%7Bfoo%7D
+
+Unsupported scheme
+ftp://example.com/
+fail
+
+Non-absolute URI
+http:/foo
+fail
+\ No newline at end of file
diff --git a/vendor/gems/ruby-openid-2.1.4/test/discoverdata.rb b/vendor/gems/ruby-openid-2.1.4/test/discoverdata.rb
new file mode 100644
index 000000000..7b21749f0
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/discoverdata.rb
@@ -0,0 +1,131 @@
+
+require 'uri'
+require 'openid/yadis/constants'
+require 'openid/yadis/discovery'
+require 'openid/extras'
+require 'openid/util'
+
+module OpenID
+
+  module DiscoverData
+
+    include TestDataMixin
+    include Util
+
+    TESTLIST = [
+                # success,  input_name,          id_name,            result_name
+                [true,  "equiv",             "equiv",            "xrds"],
+                [true,  "header",            "header",           "xrds"],
+                [true,  "lowercase_header",  "lowercase_header", "xrds"],
+                [true,  "xrds",              "xrds",             "xrds"],
+                [true,  "xrds_ctparam",      "xrds_ctparam",     "xrds_ctparam"],
+                [true,  "xrds_ctcase",       "xrds_ctcase",      "xrds_ctcase"],
+                [false, "xrds_html",         "xrds_html",        "xrds_html"],
+                [true,  "redir_equiv",       "equiv",            "xrds"],
+                [true,  "redir_header",      "header",           "xrds"],
+                [true,  "redir_xrds",        "xrds",             "xrds"],
+                [false, "redir_xrds_html",   "xrds_html",        "xrds_html"],
+                [true,  "redir_redir_equiv", "equiv",            "xrds"],
+                [false, "404_server_response", nil,             nil],
+                [false, "404_with_header",     nil,             nil],
+                [false, "404_with_meta",       nil,             nil],
+                [false, "201_server_response", nil,             nil],
+                [false, "500_server_response", nil,             nil],
+             ]
+
+    @@example_xrds_file = 'example-xrds.xml'
+    @@default_test_file = 'test1-discover.txt'
+    @@discover_tests = {}
+
+    def readTests(filename)
+      data = read_data_file(filename, false)
+      tests = {}
+      data.split("\f\n", -1).each { |case_|
+        name, content = case_.split("\n", 2)
+        tests[name] = content
+      }
+
+      return tests
+    end
+
+    def getData(filename, name)
+      if !@@discover_tests.member?(filename)
+        @@discover_tests[filename] = readTests(filename)
+      end
+
+      file_tests = @@discover_tests[filename]
+      return file_tests[name]
+    end
+
+    def fillTemplate(test_name, template, base_url, example_xrds)
+      mapping = [
+                 ['URL_BASE/', base_url],
+                 ['<XRDS Content>', example_xrds],
+                 ['YADIS_HEADER', Yadis::YADIS_HEADER_NAME],
+                 ['NAME', test_name],
+                ]
+
+      mapping.each { |k, v|
+        template = template.gsub(/#{k}/, v)
+      }
+
+      return template
+    end
+
+    def generateSample(test_name, base_url,
+                       example_xrds=nil,
+                       filename=@@default_test_file)
+      if example_xrds.nil?
+        example_xrds = read_data_file(@@example_xrds_file, false)
+      end
+
+      begin
+        template = getData(filename, test_name)
+      rescue Errno::ENOENT
+        raise ArgumentError(filename)
+      end
+
+      return fillTemplate(test_name, template, base_url, example_xrds)
+    end
+
+    def generateResult(base_url, input_name, id_name, result_name, success)
+      uri = URI::parse(base_url)
+
+      input_url = (uri + input_name).to_s
+
+      # If the name is None then we expect the protocol to fail, which
+      # we represent by None
+      if id_name.nil?
+        Util.assert(result_name.nil?)
+        return input_url, DiscoveryFailure
+      end
+
+      result = generateSample(result_name, base_url)
+      headers, content = result.split("\n\n", 2)
+      header_lines = headers.split("\n")
+
+      ctype = nil
+      header_lines.each { |header_line|
+        if header_line.starts_with?('Content-Type:')
+          _, ctype = header_line.split(':', 2)
+          ctype = ctype.strip()
+          break
+        else
+          ctype = nil
+        end
+      }
+
+      id_url = (uri + id_name).to_s
+      result = Yadis::DiscoveryResult.new(input_url)
+      result.normalized_uri = id_url
+
+      if success
+        result.xrds_uri = (uri + result_name).to_s
+      end
+
+      result.content_type = ctype
+      result.response_text = content
+      return [input_url, result]
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_accept.rb b/vendor/gems/ruby-openid-2.1.4/test/test_accept.rb
new file mode 100644
index 000000000..06db85bfa
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_accept.rb
@@ -0,0 +1,170 @@
+
+require 'test/unit'
+require 'openid/yadis/accept'
+require 'openid/extras'
+require 'openid/util'
+
+module OpenID
+
+  class AcceptTest < Test::Unit::TestCase
+    include TestDataMixin
+
+    def getTestData()
+      # Read the test data off of disk
+      #
+      # () -> [(int, str)]
+      lines = read_data_file('accept.txt')
+      line_no = 1
+      return lines.collect { |line|
+        pair = [line_no, line]
+        line_no += 1
+        pair
+      }
+    end
+
+    def chunk(lines)
+      # Return groups of lines separated by whitespace or comments
+      #
+      # [(int, str)] -> [[(int, str)]]
+      chunks = []
+      chunk = []
+      lines.each { |lineno, line|
+        stripped = line.strip()
+        if (stripped == '') or stripped.starts_with?('#')
+          if chunk.length > 0
+            chunks << chunk
+            chunk = []
+          end
+        else
+          chunk << [lineno, stripped]
+        end
+      }
+
+      if chunk.length > 0
+        chunks << chunk
+      end
+
+      return chunks
+    end
+
+    def parseLines(chunk)
+      # Take the given chunk of lines and turn it into a test data
+      # dictionary
+      #
+      # [(int, str)] -> {str:(int, str)}
+      items = {}
+      chunk.each { |lineno, line|
+        header, data = line.split(':', 2)
+        header = header.downcase
+        items[header] = [lineno, data.strip]
+      }
+      return items
+    end
+
+    def parseAvailable(available_text)
+      # Parse an Available: line's data
+      #
+      # str -> [str]
+      return available_text.split(',', -1).collect { |s| s.strip }
+    end
+
+    def parseExpected(expected_text)
+      # Parse an Expected: line's data
+      #
+      # str -> [(str, float)]
+      expected = []
+      if expected_text != ''
+        expected_text.split(',', -1).each { |chunk|
+          chunk = chunk.strip
+          mtype, qstuff = chunk.split(';', -1)
+          mtype = mtype.strip
+          Util.assert(!mtype.index('/').nil?)
+          qstuff = qstuff.strip
+          q, qstr = qstuff.split('=', -1)
+          Util.assert(q == 'q')
+          qval = qstr.to_f
+          expected << [mtype, qval]
+        }
+      end
+
+      return expected
+    end
+
+    def test_accept_headers
+      lines = getTestData()
+      chunks = chunk(lines)
+      data_sets = chunks.collect { |chunk| parseLines(chunk) }
+      cases = []
+      data_sets.each { |data|
+        lnos = []
+        lno, header = data['accept']
+        lnos << lno
+        lno, avail_data = data['available']
+        lnos << lno
+        begin
+          available = parseAvailable(avail_data)
+        rescue
+          print 'On line', lno
+          raise
+        end
+
+        lno, exp_data = data['expected']
+        lnos << lno
+        begin
+          expected = parseExpected(exp_data)
+        rescue
+          print 'On line', lno
+          raise
+        end
+
+        descr = sprintf('MatchAcceptTest for lines %s', lnos)
+
+        # Test:
+        accepted = Yadis.parse_accept_header(header)
+        actual = Yadis.match_types(accepted, available)
+        assert_equal(expected, actual)
+
+        assert_equal(Yadis.get_acceptable(header, available),
+                     expected.collect { |mtype, _| mtype })
+      }
+    end
+
+    def test_generate_accept_header
+      # TODO: move this into a test case file and write parsing code
+      # for it.
+
+      # Form: [input_array, expected_header_string]
+      cases = [
+               # Empty input list
+               [[], ""],
+               # Content type name only; no q value
+               [["test"], "test"],
+               # q = 1.0 should be omitted from the header
+               [[["test", 1.0]], "test"],
+               # Test conversion of float to string
+               [["test", ["with_q", 0.8]], "with_q; q=0.8, test"],
+               # Allow string q values, too
+               [["test", ["with_q_str", "0.7"]], "with_q_str; q=0.7, test"],
+               # Test q values out of bounds
+               [[["test", -1.0]], nil],
+               [[["test", 1.1]], nil],
+               # Test sorting of types by q value
+               [[["middle", 0.5], ["min", 0.1], "max"],
+                "min; q=0.1, middle; q=0.5, max"],
+
+              ].each { |input, expected_header|
+
+        if expected_header.nil?
+          assert_raise(ArgumentError) {
+            Yadis.generate_accept_header(*input)
+          }
+        else
+          assert_equal(expected_header, Yadis.generate_accept_header(*input),
+                       [input, expected_header].inspect)
+        end
+      }
+    end
+
+  end
+
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_association.rb b/vendor/gems/ruby-openid-2.1.4/test/test_association.rb
new file mode 100644
index 000000000..1b273321b
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_association.rb
@@ -0,0 +1,266 @@
+require "test/unit"
+require "openid/association"
+
+module OpenID
+  class AssociationTestCase < Test::Unit::TestCase
+    def setup
+      # Use this funny way of getting a time so that it does not have
+      # fractional seconds, and so can be serialized exactly using our
+      # standard code.
+      issued = Time.at(Time.now.to_i)
+      lifetime = 600
+
+      @assoc = Association.new('handle', 'secret', issued,
+                               lifetime, 'HMAC-SHA1')
+    end
+
+    def test_round_trip
+      assoc2 = Association.deserialize(@assoc.serialize())
+      [:handle, :secret, :lifetime, :assoc_type].each do |attr|
+        assert_equal(@assoc.send(attr), assoc2.send(attr))
+      end
+    end
+
+    def test_deserialize_failure
+      field_list = Util.kv_to_seq(@assoc.serialize)
+      kv = Util.seq_to_kv(field_list + [['monkeys', 'funny']])
+      assert_raises(ProtocolError) {
+        Association.deserialize(kv)
+      }
+
+      bad_version_list = field_list.dup
+      bad_version_list[0] = ['version', 'moon']
+      bad_version_kv = Util.seq_to_kv(bad_version_list)
+      assert_raises(ProtocolError) {
+        Association.deserialize(bad_version_kv)
+      }
+    end
+
+    def test_serialization_identity
+      assoc2 = Association.deserialize(@assoc.serialize)
+      assert_equal(@assoc, assoc2)
+    end
+
+    def test_expires_in
+      # Allow one second of slop
+      assert(@assoc.expires_in.between?(599,600))
+      assert(@assoc.expires_in(Time.now.to_i).between?(599,600))
+      assert_equal(0,@assoc.expires_in(Time.now.to_i + 10000),"negative expires_in")
+    end
+
+    def test_from_expires_in
+      start_time = Time.now
+      expires_in = @assoc.expires_in
+      assoc = Association.from_expires_in(expires_in,
+                                          @assoc.handle,
+                                          @assoc.secret,
+                                          @assoc.assoc_type)
+
+      # Allow one second of slop here for code execution time
+      assert_in_delta(1, assoc.expires_in, @assoc.expires_in)
+      [:handle, :secret, :assoc_type].each do |attr|
+        assert_equal(@assoc.send(attr), assoc.send(attr))
+      end
+
+      # Make sure the issued time is near the start
+      assert(assoc.issued >= start_time)
+      assert_in_delta(1, assoc.issued.to_f, start_time.to_f)
+    end
+
+    def test_sign_sha1
+      pairs = [['key1', 'value1'],
+               ['key2', 'value2']]
+
+      [['HMAC-SHA256', "\xfd\xaa\xfe;\xac\xfc*\x988\xad\x05d6-"\
+                       "\xeaVy\xd5\xa5Z.<\xa9\xed\x18\x82\\$"\
+                       "\x95x\x1c&"],
+       ['HMAC-SHA1', "\xe0\x1bv\x04\xf1G\xc0\xbb\x7f\x9a\x8b"\
+                     "\xe9\xbc\xee}\\\xe5\xbb7*"],
+      ].each do |assoc_type, expected|
+        assoc = Association.from_expires_in(3600, "handle", 'very_secret',
+                                            assoc_type)
+        sig = assoc.sign(pairs)
+        assert_equal(sig, expected)
+
+        m = Message.new(OPENID2_NS)
+        pairs.each { |k, v|
+          m.set_arg(OPENID_NS, k, v)
+        }
+        m.set_arg(BARE_NS, "not_an_openid_arg", "bogus")
+
+        signed_m = assoc.sign_message(m)
+        assert(signed_m.has_key?(OPENID_NS, 'sig'))
+        assert_equal(signed_m.get_arg(OPENID_NS, 'signed'),
+                     'assoc_handle,key1,key2,ns,signed')
+      end
+    end
+
+    def test_sign_message_with_sig
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'sig', 'noise')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+
+    def test_sign_message_with_signed
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'signed', 'fields')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+
+    def test_sign_different_assoc_handle
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'assoc_handle', 'different')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+
+    def test_sign_bad_assoc_type
+      @assoc.instance_eval { @assoc_type = 'Cookies' }
+      assert_raises(ProtocolError) {
+        @assoc.sign([])
+      }
+    end
+
+    def test_make_pairs
+      msg = Message.new(OPENID2_NS)
+      msg.update_args(OPENID2_NS, {
+                        'mode' => 'id_res',
+                        'identifier' => '=example',
+                        'signed' => 'identifier,mode',
+                        'sig' => 'cephalopod',
+                      })
+      msg.update_args(BARE_NS, {'xey' => 'value'})
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      pairs = assoc.make_pairs(msg)
+      assert_equal([['identifier', '=example'],
+                    ['mode', 'id_res']], pairs)
+    end
+
+    def test_check_message_signature_no_signed
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'sig' => 'coyote',
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert_raises(ProtocolError) {
+        assoc.check_message_signature(m)
+      }
+    end
+
+    def test_check_message_signature_no_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert_raises(ProtocolError) {
+        assoc.check_message_signature(m)
+      }
+    end
+
+    def test_check_message_signature_bad_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                      'sig' => Util.to_base64('coyote'),
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert(!assoc.check_message_signature(m))
+    end
+
+    def test_check_message_signature_good_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                      'sig' => Util.to_base64('coyote'),
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      class << assoc
+        # Override sign, because it's already tested elsewhere
+        def sign(pairs)
+          "coyote"
+        end
+      end
+
+      assert(assoc.check_message_signature(m))
+    end
+  end
+
+  class AssociationNegotiatorTestCase < Test::Unit::TestCase
+    def assert_equal_under(item1, item2)
+      val1 = yield(item1)
+      val2 = yield(item2)
+      assert_equal(val1, val2)
+    end
+
+    def test_copy
+      neg = AssociationNegotiator.new([['HMAC-SHA1', 'DH-SHA1']])
+      neg2 = neg.copy
+      assert_equal_under(neg, neg2) {|n| n.instance_eval{@allowed_types} }
+      assert(neg.object_id != neg2.object_id)
+    end
+
+    def test_add_allowed
+      neg = AssociationNegotiator.new([])
+      assert(!neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(!neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      neg.add_allowed_type('HMAC-SHA1')
+      assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      neg.add_allowed_type('HMAC-SHA256', 'DH-SHA256')
+      assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      assert_equal(neg.get_allowed_type, ['HMAC-SHA1', 'DH-SHA1'])
+    end
+
+    def test_bad_assoc_type
+      assert_raises(ProtocolError) {
+        AssociationNegotiator.new([['OMG', 'Ponies']])
+      }
+    end
+
+    def test_bad_session_type
+      assert_raises(ProtocolError) {
+        AssociationNegotiator.new([['HMAC-SHA1', 'OMG-Ponies']])
+      }
+    end
+
+    def test_default_negotiator
+      assert_equal(DefaultNegotiator.get_allowed_type,
+                   ['HMAC-SHA1', 'DH-SHA1'])
+      assert(DefaultNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
+    end
+
+    def test_encrypted_negotiator
+      assert_equal(EncryptedNegotiator.get_allowed_type,
+                   ['HMAC-SHA1', 'DH-SHA1'])
+      assert(!EncryptedNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_associationmanager.rb b/vendor/gems/ruby-openid-2.1.4/test/test_associationmanager.rb
new file mode 100644
index 000000000..2a17a0a95
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_associationmanager.rb
@@ -0,0 +1,917 @@
+require "openid/consumer/associationmanager"
+require "openid/association"
+require "openid/dh"
+require "openid/util"
+require "openid/cryptutil"
+require "openid/message"
+require "openid/store/memory"
+require "test/unit"
+require "util"
+require "time"
+
+module OpenID
+  class DHAssocSessionTest < Test::Unit::TestCase
+    def test_sha1_get_request
+      # Initialized without an explicit DH gets defaults
+      sess = Consumer::DiffieHellmanSHA1Session.new
+      assert_equal(['dh_consumer_public'], sess.get_request.keys)
+      assert_nothing_raised do
+        Util::from_base64(sess.get_request['dh_consumer_public'])
+      end
+    end
+
+    def test_sha1_get_request_custom_dh
+      dh = DiffieHellman.new(1299721, 2)
+      sess = Consumer::DiffieHellmanSHA1Session.new(dh)
+      req = sess.get_request
+      assert_equal(['dh_consumer_public', 'dh_modulus', 'dh_gen'].sort,
+                   req.keys.sort)
+      assert_equal(dh.modulus, CryptUtil.base64_to_num(req['dh_modulus']))
+      assert_equal(dh.generator, CryptUtil.base64_to_num(req['dh_gen']))
+      assert_nothing_raised do
+        Util::from_base64(req['dh_consumer_public'])
+      end
+    end
+  end
+
+  module TestDiffieHellmanResponseParametersMixin
+    def setup
+      session_cls = self.class.session_cls
+
+      # Pre-compute DH with small prime so tests run quickly.
+      @server_dh = DiffieHellman.new(100389557, 2)
+      @consumer_dh = DiffieHellman.new(100389557, 2)
+
+      # base64(btwoc(g ^ xb mod p))
+      @dh_server_public = CryptUtil.num_to_base64(@server_dh.public)
+
+      @secret = CryptUtil.random_string(session_cls.secret_size)
+
+      enc_mac_key_unencoded =
+        @server_dh.xor_secret(session_cls.hashfunc,
+                              @consumer_dh.public,
+                              @secret)
+
+      @enc_mac_key = Util.to_base64(enc_mac_key_unencoded)
+
+      @consumer_session = session_cls.new(@consumer_dh)
+
+      @msg = Message.new(self.class.message_namespace)
+    end
+
+    def test_extract_secret
+      @msg.set_arg(OPENID_NS, 'dh_server_public', @dh_server_public)
+      @msg.set_arg(OPENID_NS, 'enc_mac_key', @enc_mac_key)
+
+      extracted = @consumer_session.extract_secret(@msg)
+      assert_equal(extracted, @secret)
+    end
+
+    def test_absent_serve_public
+      @msg.set_arg(OPENID_NS, 'enc_mac_key', @enc_mac_key)
+
+      assert_raises(Message::KeyNotFound) {
+        @consumer_session.extract_secret(@msg)
+      }
+    end
+
+    def test_absent_mac_key
+      @msg.set_arg(OPENID_NS, 'dh_server_public', @dh_server_public)
+
+      assert_raises(Message::KeyNotFound) {
+        @consumer_session.extract_secret(@msg)
+      }
+    end
+
+    def test_invalid_base64_public
+      @msg.set_arg(OPENID_NS, 'dh_server_public', 'n o t b a s e 6 4.')
+      @msg.set_arg(OPENID_NS, 'enc_mac_key', @enc_mac_key)
+
+      assert_raises(ArgumentError) {
+        @consumer_session.extract_secret(@msg)
+      }
+    end
+
+    def test_invalid_base64_mac_key
+      @msg.set_arg(OPENID_NS, 'dh_server_public', @dh_server_public)
+      @msg.set_arg(OPENID_NS, 'enc_mac_key', 'n o t base 64')
+
+      assert_raises(ArgumentError) {
+        @consumer_session.extract_secret(@msg)
+      }
+    end
+  end
+
+  class TestConsumerOpenID1DHSHA1 < Test::Unit::TestCase
+    include TestDiffieHellmanResponseParametersMixin
+    class << self
+      attr_reader :session_cls, :message_namespace
+    end
+
+    @session_cls = Consumer::DiffieHellmanSHA1Session
+    @message_namespace = OPENID1_NS
+  end
+
+  class TestConsumerOpenID2DHSHA1 < Test::Unit::TestCase
+    include TestDiffieHellmanResponseParametersMixin
+    class << self
+      attr_reader :session_cls, :message_namespace
+    end
+
+    @session_cls = Consumer::DiffieHellmanSHA1Session
+    @message_namespace = OPENID2_NS
+  end
+
+  class TestConsumerOpenID2DHSHA256 < Test::Unit::TestCase
+    include TestDiffieHellmanResponseParametersMixin
+    class << self
+      attr_reader :session_cls, :message_namespace
+    end
+
+    @session_cls = Consumer::DiffieHellmanSHA256Session
+    @message_namespace = OPENID2_NS
+  end
+
+  class TestConsumerNoEncryptionSession < Test::Unit::TestCase
+    def setup
+      @sess = Consumer::NoEncryptionSession.new
+    end
+
+    def test_empty_request
+      assert_equal(@sess.get_request, {})
+    end
+
+    def test_get_secret
+      secret = 'shhh!' * 4
+      mac_key = Util.to_base64(secret)
+      msg = Message.from_openid_args({'mac_key' => mac_key})
+      assert_equal(secret, @sess.extract_secret(msg))
+    end
+  end
+
+  class TestCreateAssociationRequest < Test::Unit::TestCase
+    def setup
+      @server_url = 'http://invalid/'
+      @assoc_manager = Consumer::AssociationManager.new(nil, @server_url)
+      class << @assoc_manager
+        def compatibility_mode=(val)
+            @compatibility_mode = val
+        end
+      end
+      @assoc_type = 'HMAC-SHA1'
+    end
+
+    def test_no_encryption_sends_type
+      session_type = 'no-encryption'
+      session, args = @assoc_manager.send(:create_associate_request,
+                                          @assoc_type,
+                                          session_type)
+
+      assert(session.is_a?(Consumer::NoEncryptionSession))
+      expected = Message.from_openid_args(
+            {'ns' => OPENID2_NS,
+             'session_type' => session_type,
+             'mode' => 'associate',
+             'assoc_type' => @assoc_type,
+             })
+
+      assert_equal(expected, args)
+    end
+
+    def test_no_encryption_compatibility
+      @assoc_manager.compatibility_mode = true
+      session_type = 'no-encryption'
+      session, args = @assoc_manager.send(:create_associate_request,
+                                          @assoc_type,
+                                          session_type)
+
+      assert(session.is_a?(Consumer::NoEncryptionSession))
+      assert_equal(Message.from_openid_args({'mode' => 'associate',
+                                              'assoc_type' => @assoc_type,
+                                            }), args)
+    end
+
+    def test_dh_sha1_compatibility
+      @assoc_manager.compatibility_mode = true
+      session_type = 'DH-SHA1'
+      session, args = @assoc_manager.send(:create_associate_request,
+                                          @assoc_type,
+                                          session_type)
+
+
+      assert(session.is_a?(Consumer::DiffieHellmanSHA1Session))
+
+      # This is a random base-64 value, so just check that it's
+      # present.
+      assert_not_nil(args.get_arg(OPENID1_NS, 'dh_consumer_public'))
+      args.del_arg(OPENID1_NS, 'dh_consumer_public')
+
+      # OK, session_type is set here and not for no-encryption
+      # compatibility
+      expected = Message.from_openid_args({'mode' => 'associate',
+                                            'session_type' => 'DH-SHA1',
+                                            'assoc_type' => @assoc_type,
+                                          })
+      assert_equal(expected, args)
+    end
+  end
+
+  class TestAssociationManagerExpiresIn < Test::Unit::TestCase
+    def expires_in_msg(val)
+      msg = Message.from_openid_args({'expires_in' => val})
+      Consumer::AssociationManager.extract_expires_in(msg)
+    end
+
+    def test_parse_fail
+      ['',
+       '-2',
+       ' 1',
+       ' ',
+       '0x00',
+       'foosball',
+       '1\n',
+       '100,000,000,000',
+      ].each do |x|
+        assert_raises(ProtocolError) {expires_in_msg(x)}
+      end
+    end
+
+    def test_parse
+      ['0',
+       '1',
+       '1000',
+       '9999999',
+       '01',
+      ].each do |n|
+        assert_equal(n.to_i, expires_in_msg(n))
+      end
+    end
+  end
+
+  class TestAssociationManagerCreateSession < Test::Unit::TestCase
+    def test_invalid
+      assert_raises(ArgumentError) {
+        Consumer::AssociationManager.create_session('monkeys')
+      }
+    end
+
+    def test_sha256
+      sess = Consumer::AssociationManager.create_session('DH-SHA256')
+      assert(sess.is_a?(Consumer::DiffieHellmanSHA256Session))
+    end
+  end
+
+  module NegotiationTestMixin
+    include TestUtil
+    def mk_message(args)
+      args['ns'] = @openid_ns
+      Message.from_openid_args(args)
+    end
+
+    def call_negotiate(responses, negotiator=nil)
+      store = nil
+      compat = self.class::Compat
+      assoc_manager = Consumer::AssociationManager.new(store, @server_url,
+                                                       compat, negotiator)
+      class << assoc_manager
+        attr_accessor :responses
+
+        def request_association(assoc_type, session_type)
+          m = @responses.shift
+          if m.is_a?(Message)
+            raise ServerError.from_message(m)
+          else
+            return m
+          end
+        end
+      end
+      assoc_manager.responses = responses
+      assoc_manager.negotiate_association
+    end
+  end
+
+  # Test the session type negotiation behavior of an OpenID 2
+  # consumer.
+  class TestOpenID2SessionNegotiation < Test::Unit::TestCase
+    include NegotiationTestMixin
+
+    Compat = false
+
+    def setup
+      @server_url = 'http://invalid/'
+      @openid_ns = OPENID2_NS
+    end
+
+    # Test the case where the response to an associate request is a
+    # server error or is otherwise undecipherable.
+    def test_bad_response
+      assert_log_matches('Server error when requesting an association') {
+        assert_equal(call_negotiate([mk_message({})]), nil)
+      }
+    end
+
+    # Test the case where the association type (assoc_type) returned
+    # in an unsupported-type response is absent.
+    def test_empty_assoc_type
+      msg = mk_message({'error' => 'Unsupported type',
+                              'error_code' => 'unsupported-type',
+                              'session_type' => 'new-session-type',
+                            })
+
+      assert_log_matches('Unsupported association type',
+                         "Server #{@server_url} responded with unsupported "\
+                         "association session but did not supply a fallback."
+                         ) {
+        assert_equal(call_negotiate([msg]), nil)
+      }
+
+    end
+
+    # Test the case where the session type (session_type) returned
+    # in an unsupported-type response is absent.
+    def test_empty_session_type
+      msg = mk_message({'error' => 'Unsupported type',
+                              'error_code' => 'unsupported-type',
+                              'assoc_type' => 'new-assoc-type',
+                            })
+
+      assert_log_matches('Unsupported association type',
+                         "Server #{@server_url} responded with unsupported "\
+                         "association session but did not supply a fallback."
+                         ) {
+        assert_equal(call_negotiate([msg]), nil)
+      }
+    end
+
+    # Test the case where an unsupported-type response specifies a
+    # preferred (assoc_type, session_type) combination that is not
+    # allowed by the consumer's SessionNegotiator.
+    def test_not_allowed
+      negotiator = AssociationNegotiator.new([])
+      negotiator.instance_eval{
+        @allowed_types = [['assoc_bogus', 'session_bogus']]
+      }
+      msg = mk_message({'error' => 'Unsupported type',
+                              'error_code' => 'unsupported-type',
+                              'assoc_type' => 'not-allowed',
+                              'session_type' => 'not-allowed',
+                            })
+
+      assert_log_matches('Unsupported association type',
+                         'Server sent unsupported session/association type:') {
+        assert_equal(call_negotiate([msg], negotiator), nil)
+      }
+    end
+
+    # Test the case where an unsupported-type response triggers a
+    # retry to get an association with the new preferred type.
+    def test_unsupported_with_retry
+      msg = mk_message({'error' => 'Unsupported type',
+                              'error_code' => 'unsupported-type',
+                              'assoc_type' => 'HMAC-SHA1',
+                              'session_type' => 'DH-SHA1',
+                            })
+
+      assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
+
+      assert_log_matches('Unsupported association type') {
+        assert_equal(assoc, call_negotiate([msg, assoc]))
+      }
+    end
+
+    # Test the case where an unsupported-typ response triggers a
+    # retry, but the retry fails and nil is returned instead.
+    def test_unsupported_with_retry_and_fail
+      msg = mk_message({'error' => 'Unsupported type',
+                              'error_code' => 'unsupported-type',
+                              'assoc_type' => 'HMAC-SHA1',
+                              'session_type' => 'DH-SHA1',
+                            })
+
+      assert_log_matches('Unsupported association type',
+                         "Server #{@server_url} refused") {
+        assert_equal(call_negotiate([msg, msg]), nil)
+      }
+    end
+
+    # Test the valid case, wherein an association is returned on the
+    # first attempt to get one.
+    def test_valid
+      assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
+
+      assert_log_matches() {
+        assert_equal(call_negotiate([assoc]), assoc)
+      }
+    end
+  end
+
+
+  # Tests for the OpenID 1 consumer association session behavior.  See
+  # the docs for TestOpenID2SessionNegotiation.  Notice that this
+  # class is not a subclass of the OpenID 2 tests.  Instead, it uses
+  # many of the same inputs but inspects the log messages logged with
+  # oidutil.log.  See the calls to self.failUnlessLogMatches.  Some of
+  # these tests pass openid2-style messages to the openid 1
+  # association processing logic to be sure it ignores the extra data.
+  class TestOpenID1SessionNegotiation < Test::Unit::TestCase
+    include NegotiationTestMixin
+
+    Compat = true
+
+    def setup
+      @server_url = 'http://invalid/'
+      @openid_ns = OPENID1_NS
+    end
+
+    def test_bad_response
+      assert_log_matches('Server error when requesting an association') {
+        response = call_negotiate([mk_message({})])
+        assert_equal(nil, response)
+      }
+    end
+
+    def test_empty_assoc_type
+      msg = mk_message({'error' => 'Unsupported type',
+                         'error_code' => 'unsupported-type',
+                         'session_type' => 'new-session-type',
+                       })
+
+      assert_log_matches('Server error when requesting an association') {
+        response = call_negotiate([msg])
+        assert_equal(nil, response)
+      }
+    end
+
+    def test_empty_session_type
+      msg = mk_message({'error' => 'Unsupported type',
+                         'error_code' => 'unsupported-type',
+                         'assoc_type' => 'new-assoc-type',
+                       })
+
+      assert_log_matches('Server error when requesting an association') {
+        response = call_negotiate([msg])
+        assert_equal(nil, response)
+      }
+    end
+
+    def test_not_allowed
+      negotiator = AssociationNegotiator.new([])
+      negotiator.instance_eval{
+        @allowed_types = [['assoc_bogus', 'session_bogus']]
+      }
+
+      msg = mk_message({'error' => 'Unsupported type',
+                         'error_code' => 'unsupported-type',
+                         'assoc_type' => 'not-allowed',
+                         'session_type' => 'not-allowed',
+                       })
+
+      assert_log_matches('Server error when requesting an association') {
+        response = call_negotiate([msg])
+        assert_equal(nil, response)
+      }
+    end
+
+    def test_unsupported_with_retry
+      msg = mk_message({'error' => 'Unsupported type',
+                         'error_code' => 'unsupported-type',
+                         'assoc_type' => 'HMAC-SHA1',
+                         'session_type' => 'DH-SHA1',
+                       })
+
+      assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
+
+
+      assert_log_matches('Server error when requesting an association') {
+        response = call_negotiate([msg, assoc])
+        assert_equal(nil, response)
+      }
+    end
+
+    def test_valid
+      assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
+      assert_log_matches() {
+        response = call_negotiate([assoc])
+        assert_equal(assoc, response)
+      }
+    end
+  end
+
+
+  class TestExtractAssociation < Test::Unit::TestCase
+    include ProtocolErrorMixin
+
+    # An OpenID associate response (without the namespace)
+    DEFAULTS = {
+      'expires_in' => '1000',
+      'assoc_handle' => 'a handle',
+      'assoc_type' => 'a type',
+      'session_type' => 'a session type',
+    }
+
+    def setup
+      @assoc_manager = Consumer::AssociationManager.new(nil, nil)
+    end
+
+    # Make tests that ensure that an association response that is
+    # missing required fields will raise an Message::KeyNotFound.
+    #
+    # According to 'Association Session Response' subsection 'Common
+    # Response Parameters', the following fields are required for
+    # OpenID 2.0:
+    #
+    #  * ns
+    #  * session_type
+    #  * assoc_handle
+    #  * assoc_type
+    #  * expires_in
+    #
+    # In OpenID 1, everything except 'session_type' and 'ns' are
+    # required.
+    MISSING_FIELD_SETS = ([["no_fields", []]] +
+                          (DEFAULTS.keys.map do |f|
+                             fields = DEFAULTS.keys
+                             fields.delete(f)
+                             ["missing_#{f}", fields]
+                           end)
+                          )
+
+    [OPENID1_NS, OPENID2_NS].each do |ns|
+      MISSING_FIELD_SETS.each do |name, fields|
+        # OpenID 1 is allowed to be missing session_type
+        if ns != OPENID1_NS and name != 'missing_session_type'
+          test = lambda do
+            msg = Message.new(ns)
+            fields.each do |field|
+              msg.set_arg(ns, field, DEFAULTS[field])
+            end
+            assert_raises(Message::KeyNotFound) do
+              @assoc_manager.send(:extract_association, msg, nil)
+            end
+          end
+          define_method("test_#{name}", test)
+        end
+      end
+    end
+
+    # assert that extracting a response that contains the given
+    # response session type when the request was made for the given
+    # request session type will raise a ProtocolError indicating
+    # session type mismatch
+    def assert_session_mismatch(req_type, resp_type, ns)
+      # Create an association session that has "req_type" as its
+      # session_type and no allowed_assoc_types
+      assoc_session_class = Class.new do
+        @session_type = req_type
+        def self.session_type
+          @session_type
+        end
+        def self.allowed_assoc_types
+          []
+        end
+      end
+      assoc_session = assoc_session_class.new
+
+      # Build an OpenID 1 or 2 association response message that has
+      # the specified association session type
+      msg = Message.new(ns)
+      msg.update_args(ns, DEFAULTS)
+      msg.set_arg(ns, 'session_type', resp_type)
+
+      # The request type and response type have been chosen to produce
+      # a session type mismatch.
+      assert_protocol_error('Session type mismatch') {
+        @assoc_manager.send(:extract_association, msg, assoc_session)
+      }
+    end
+
+    [['no-encryption', '', OPENID2_NS],
+     ['DH-SHA1', 'no-encryption', OPENID2_NS],
+     ['DH-SHA256', 'no-encryption', OPENID2_NS],
+     ['no-encryption', 'DH-SHA1', OPENID2_NS],
+     ['DH-SHA1', 'DH-SHA256', OPENID1_NS],
+     ['DH-SHA256', 'DH-SHA1', OPENID1_NS],
+     ['no-encryption', 'DH-SHA1', OPENID1_NS],
+    ].each do |req_type, resp_type, ns|
+      test = lambda { assert_session_mismatch(req_type, resp_type, ns) }
+      name = "test_mismatch_req_#{req_type}_resp_#{resp_type}_#{ns}"
+      define_method(name, test)
+    end
+
+    def test_openid1_no_encryption_fallback
+      # A DH-SHA1 session
+      assoc_session = Consumer::DiffieHellmanSHA1Session.new
+
+      # An OpenID 1 no-encryption association response
+      msg = Message.from_openid_args({
+                                       'expires_in' => '1000',
+                                       'assoc_handle' => 'a handle',
+                                       'assoc_type' => 'HMAC-SHA1',
+                                       'mac_key' => 'X' * 20,
+                                     })
+
+      # Should succeed
+      assoc = @assoc_manager.send(:extract_association, msg, assoc_session)
+      assert_equal('a handle', assoc.handle)
+      assert_equal('HMAC-SHA1', assoc.assoc_type)
+      assert(assoc.expires_in.between?(999, 1000))
+      assert('X' * 20, assoc.secret)
+    end
+  end
+
+  class GetOpenIDSessionTypeTest < Test::Unit::TestCase
+    include TestUtil
+
+    SERVER_URL = 'http://invalid/'
+
+    def do_test(expected_session_type, session_type_value)
+      # Create a Message with just 'session_type' in it, since
+      # that's all this function will use. 'session_type' may be
+      # absent if it's set to None.
+      args = {}
+      if !session_type_value.nil?
+        args['session_type'] = session_type_value
+      end
+      message = Message.from_openid_args(args)
+      assert(message.is_openid1)
+
+      assoc_manager = Consumer::AssociationManager.new(nil, SERVER_URL)
+      actual_session_type = assoc_manager.send(:get_openid1_session_type,
+                                               message)
+      error_message = ("Returned session type parameter #{session_type_value}"\
+                       "was expected to yield session type "\
+                       "#{expected_session_type}, but yielded "\
+                       "#{actual_session_type}")
+      assert_equal(expected_session_type, actual_session_type, error_message)
+    end
+
+
+    [['nil', 'no-encryption', nil],
+     ['empty', 'no-encryption', ''],
+     ['dh_sha1', 'DH-SHA1', 'DH-SHA1'],
+     ['dh_sha256', 'DH-SHA256', 'DH-SHA256'],
+    ].each {|name, expected, input|
+      # Define a test method that will check what session type will be
+      # used if the OpenID 1 response to an associate call sets the
+      # 'session_type' field to `session_type_value`
+      test = lambda {assert_log_matches() { do_test(expected, input) } }
+      define_method("test_#{name}", &test)
+    }
+
+    # This one's different because it expects log messages
+    def test_explicit_no_encryption
+      assert_log_matches("WARNING: #{SERVER_URL} sent 'no-encryption'"){
+        do_test('no-encryption', 'no-encryption')
+      }
+    end
+  end
+
+  class ExtractAssociationTest < Test::Unit::TestCase
+    include ProtocolErrorMixin
+
+    SERVER_URL = 'http://invalid/'
+
+    def setup
+      @session_type = 'testing-session'
+
+      # This must something that works for Association::from_expires_in
+      @assoc_type = 'HMAC-SHA1'
+
+      @assoc_handle = 'testing-assoc-handle'
+
+      # These arguments should all be valid
+      @assoc_response =
+        Message.from_openid_args({
+                                   'expires_in' => '1000',
+                                   'assoc_handle' => @assoc_handle,
+                                   'assoc_type' => @assoc_type,
+                                   'session_type' => @session_type,
+                                   'ns' => OPENID2_NS,
+                                 })
+      assoc_session_cls = Class.new do
+        class << self
+          attr_accessor :allowed_assoc_types, :session_type
+        end
+
+        attr_reader :extract_secret_called, :secret
+        def initialize
+          @extract_secret_called = false
+          @secret = 'shhhhh!'
+        end
+
+        def extract_secret(_)
+          @extract_secret_called = true
+          @secret
+        end
+      end
+      @assoc_session = assoc_session_cls.new
+      @assoc_session.class.allowed_assoc_types = [@assoc_type]
+      @assoc_session.class.session_type = @session_type
+
+      @assoc_manager = Consumer::AssociationManager.new(nil, SERVER_URL)
+    end
+
+    def call_extract
+      @assoc_manager.send(:extract_association,
+                          @assoc_response, @assoc_session)
+    end
+
+    # Handle a full successful association response
+    def test_works_with_good_fields
+      assoc = call_extract
+      assert(@assoc_session.extract_secret_called)
+      assert_equal(@assoc_session.secret, assoc.secret)
+      assert_equal(1000, assoc.lifetime)
+      assert_equal(@assoc_handle, assoc.handle)
+      assert_equal(@assoc_type, assoc.assoc_type)
+    end
+
+    def test_bad_assoc_type
+      # Make sure that the assoc type in the response is not valid
+      # for the given session.
+      @assoc_session.class.allowed_assoc_types = []
+      assert_protocol_error('Unsupported assoc_type for sess') {call_extract}
+    end
+
+    def test_bad_expires_in
+      # Invalid value for expires_in should cause failure
+      @assoc_response.set_arg(OPENID_NS, 'expires_in', 'forever')
+      assert_protocol_error('Invalid expires_in') {call_extract}
+    end
+  end
+
+  class TestExtractAssociationDiffieHellman < Test::Unit::TestCase
+    include ProtocolErrorMixin
+
+    SECRET = 'x' * 20
+
+    def setup
+      @assoc_manager = Consumer::AssociationManager.new(nil, nil)
+    end
+
+    def setup_dh
+      sess, message = @assoc_manager.send(:create_associate_request,
+                                          'HMAC-SHA1', 'DH-SHA1')
+
+      server_dh = DiffieHellman.new
+      cons_dh = sess.instance_variable_get('@dh')
+
+      enc_mac_key = server_dh.xor_secret(CryptUtil.method(:sha1),
+                                         cons_dh.public, SECRET)
+
+      server_resp = {
+        'dh_server_public' => CryptUtil.num_to_base64(server_dh.public),
+        'enc_mac_key' => Util.to_base64(enc_mac_key),
+        'assoc_type' => 'HMAC-SHA1',
+        'assoc_handle' => 'handle',
+        'expires_in' => '1000',
+        'session_type' => 'DH-SHA1',
+      }
+      if @assoc_manager.instance_variable_get(:@compatibility_mode)
+        server_resp['ns'] = OPENID2_NS
+      end
+      return [sess, Message.from_openid_args(server_resp)]
+    end
+
+    def test_success
+      sess, server_resp = setup_dh
+      ret = @assoc_manager.send(:extract_association, server_resp, sess)
+      assert(!ret.nil?)
+      assert_equal(ret.assoc_type, 'HMAC-SHA1')
+      assert_equal(ret.secret, SECRET)
+      assert_equal(ret.handle, 'handle')
+      assert_equal(ret.lifetime, 1000)
+    end
+
+    def test_openid2success
+      # Use openid 1 type in endpoint so _setUpDH checks
+      # compatibility mode state properly
+      @assoc_manager.instance_variable_set('@compatibility_mode', true)
+      test_success()
+    end
+
+    def test_bad_dh_values
+      sess, server_resp = setup_dh
+      server_resp.set_arg(OPENID_NS, 'enc_mac_key', '\x00\x00\x00')
+      assert_protocol_error('Malformed response for') {
+        @assoc_manager.send(:extract_association, server_resp, sess)
+      }
+    end
+  end
+
+  class TestAssocManagerGetAssociation < Test::Unit::TestCase
+    include FetcherMixin
+    include TestUtil
+
+    attr_reader :negotiate_association
+
+    def setup
+      @server_url = 'http://invalid/'
+      @store = Store::Memory.new
+      @assoc_manager = Consumer::AssociationManager.new(@store, @server_url)
+      @assoc_manager.extend(Const)
+      @assoc = Association.new('handle', 'secret', Time.now, 10000,
+                               'HMAC-SHA1')
+    end
+
+    def set_negotiate_response(assoc)
+      @assoc_manager.const(:negotiate_association, assoc)
+    end
+
+    def test_not_in_store_no_response
+      set_negotiate_response(nil)
+      assert_equal(nil, @assoc_manager.get_association)
+    end
+
+    def test_not_in_store_negotiate_assoc
+      # Not stored beforehand:
+      stored_assoc = @store.get_association(@server_url, @assoc.handle)
+      assert_equal(nil, stored_assoc)
+
+      # Returned from associate call:
+      set_negotiate_response(@assoc)
+      assert_equal(@assoc, @assoc_manager.get_association)
+
+      # It should have been stored:
+      stored_assoc = @store.get_association(@server_url, @assoc.handle)
+      assert_equal(@assoc, stored_assoc)
+    end
+
+    def test_in_store_no_response
+      set_negotiate_response(nil)
+      @store.store_association(@server_url, @assoc)
+      assert_equal(@assoc, @assoc_manager.get_association)
+    end
+
+    def test_request_assoc_with_status_error
+      fetcher_class = Class.new do
+        define_method(:fetch) do |*args|
+          MockResponse.new(500, '')
+        end
+      end
+      with_fetcher(fetcher_class.new) do
+        assert_log_matches('Got HTTP status error when requesting') {
+          result = @assoc_manager.send(:request_association, 'HMAC-SHA1',
+                                       'no-encryption')
+          assert(result.nil?)
+        }
+      end
+    end
+  end
+
+  class TestAssocManagerRequestAssociation < Test::Unit::TestCase
+    include FetcherMixin
+    include TestUtil
+
+    def setup
+      @assoc_manager = Consumer::AssociationManager.new(nil, 'http://invalid/')
+      @assoc_type = 'HMAC-SHA1'
+      @session_type = 'no-encryption'
+      @message = Message.new(OPENID2_NS)
+      @message.update_args(OPENID_NS, {
+                             'assoc_type' => @assoc_type,
+                             'session_type' => @session_type,
+                             'assoc_handle' => 'kaboodle',
+                             'expires_in' => '1000',
+                             'mac_key' => 'X' * 20,
+                           })
+    end
+
+    def make_request
+      kv = @message.to_kvform
+      fetcher_class = Class.new do
+        define_method(:fetch) do |*args|
+          MockResponse.new(200, kv)
+        end
+      end
+      with_fetcher(fetcher_class.new) do
+        @assoc_manager.send(:request_association, @assoc_type, @session_type)
+      end
+    end
+
+    # The association we get is from valid processing of our result,
+    # and that no errors are raised
+    def test_success
+      assert_equal('kaboodle', make_request.handle)
+    end
+
+    # A missing parameter gets translated into a log message and
+    # causes the method to return nil
+    def test_missing_fields
+      @message.del_arg(OPENID_NS, 'assoc_type')
+      assert_log_matches('Missing required par') {
+        assert_equal(nil, make_request)
+      }
+    end
+
+    # A bad value results in a log message and causes the method to
+    # return nil
+    def test_protocol_error
+      @message.set_arg(OPENID_NS, 'expires_in', 'goats')
+      assert_log_matches('Protocol error processing') {
+        assert_equal(nil, make_request)
+      }
+    end
+  end
+
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_ax.rb b/vendor/gems/ruby-openid-2.1.4/test/test_ax.rb
new file mode 100644
index 000000000..c1dcfb1f5
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_ax.rb
@@ -0,0 +1,648 @@
+require 'openid/extensions/ax'
+require 'openid/message'
+require 'openid/consumer/responses'
+require 'openid/consumer/discovery'
+require 'openid/consumer/checkid_request'
+
+module OpenID
+  module AX
+    class BogusAXMessage < AXMessage
+      @mode = 'bogus'
+
+      def get_extension_args
+        new_args
+      end
+
+      def do_check_mode(args)
+        check_mode(args)
+      end
+
+      def do_check_mode_new_args
+        check_mode(new_args)
+      end
+    end
+
+    class AXMessageTest < Test::Unit::TestCase
+      def setup
+        @bax = BogusAXMessage.new
+      end
+
+      def test_check_mode
+        assert_raises(Error) { @bax.do_check_mode({'mode' => 'fetch_request'})}
+        @bax.do_check_mode({'mode' => @bax.mode})
+      end
+
+      def test_check_mode_new_args
+        @bax.do_check_mode_new_args
+      end
+    end
+
+    class AttrInfoTest < Test::Unit::TestCase
+      def test_construct
+        assert_raises(ArgumentError) { AttrInfo.new }
+        type_uri = 'uri geller'
+        ainfo = AttrInfo.new(type_uri)
+
+        assert_equal(type_uri, ainfo.type_uri)
+        assert_equal(1, ainfo.count)
+        assert_equal(false, ainfo.required)
+        assert_equal(nil, ainfo.ns_alias)
+      end
+    end
+
+    class ToTypeURIsTest < Test::Unit::TestCase
+      def setup
+        @aliases = NamespaceMap.new
+      end
+
+      def test_empty
+        [nil, ''].each{|empty|
+          uris = AX.to_type_uris(@aliases, empty)
+          assert_equal([], uris)
+        }
+      end
+
+      def test_undefined
+        assert_raises(IndexError) {
+          AX.to_type_uris(@aliases, 'http://janrain.com/')
+        }
+      end
+
+      def test_one
+        uri = 'http://janrain.com/'
+        name = 'openid_hackers'
+        @aliases.add_alias(uri, name)
+        uris = AX::to_type_uris(@aliases, name)
+        assert_equal([uri], uris)
+      end
+
+      def test_two
+        uri1 = 'http://janrain.com/'
+        name1 = 'openid_hackers'
+        @aliases.add_alias(uri1, name1)
+
+        uri2 = 'http://jyte.com/'
+        name2 = 'openid_hack'
+        @aliases.add_alias(uri2, name2)
+
+        uris = AX.to_type_uris(@aliases, [name1, name2].join(','))
+        assert_equal([uri1, uri2], uris)
+      end
+    end
+
+    class ParseAXValuesTest < Test::Unit::TestCase
+      def ax_values(ax_args, expected_args)
+        msg = KeyValueMessage.new
+        msg.parse_extension_args(ax_args)
+        assert_equal(expected_args, msg.data)
+      end
+
+      def ax_error(ax_args, error)
+        msg = KeyValueMessage.new
+        assert_raises(error) {
+          msg.parse_extension_args(ax_args)
+        }
+      end
+
+      def test_empty_is_valid
+        ax_values({}, {})
+      end
+
+      def test_missing_value_for_alias_explodes
+        ax_error({'type.foo'=>'urn:foo'}, IndexError)
+      end
+
+      def test_count_present_but_not_value
+        ax_error({'type.foo'=>'urn:foo', 'count.foo' => '1'}, IndexError)
+      end
+
+      def test_invalid_count_value
+        msg = FetchRequest.new
+        assert_raises(Error) {
+          msg.parse_extension_args({'type.foo'=>'urn:foo', 
+                                     'count.foo' => 'bogus'})
+        }
+      end
+
+      def test_request_unlimited_values
+        msg = FetchRequest.new
+        args = {'mode' => 'fetch_request',
+          'required' => 'foo',
+          'type.foo' => 'urn:foo',
+          'count.foo' => UNLIMITED_VALUES
+        }
+        msg.parse_extension_args(args)
+        foo = msg.attributes[0]
+        assert_equal(UNLIMITED_VALUES, foo.count)
+        assert(foo.wants_unlimited_values?)
+      end
+
+      def test_long_alias
+        # spec says we must support at least 32 character-long aliases
+        name = 'x' * MINIMUM_SUPPORTED_ALIAS_LENGTH
+
+        msg = KeyValueMessage.new
+        args = {
+          "type.#{name}" => 'urn:foo',
+          "count.#{name}" => '1',
+          "value.#{name}.1" => 'first',
+        }
+        msg.parse_extension_args(args)
+        assert_equal(['first'],msg['urn:foo'])
+      end
+
+      def test_invalid_alias
+        types = [
+                 KeyValueMessage,
+                 FetchRequest
+                ]
+        inputs = [
+                  {'type.a.b'=>'urn:foo',
+                    'count.a.b'=>'1'},
+                  {'type.a,b'=>'urn:foo',
+                    'count.a,b'=>'1'},
+                 ]
+        types.each{|t|
+          inputs.each{|input|
+            msg = t.new
+            assert_raises(Error) {msg.parse_extension_args(input)}
+          }
+        }
+      end
+
+      def test_count_present_and_is_zero
+        ax_values(
+                  {'type.foo'=>'urn:foo',
+                    'count.foo'=>'0',
+                  },
+                  {'urn:foo'=>[]}
+                  )
+      end
+
+      def test_singleton_empty
+        ax_values(
+                  {'type.foo'=>'urn:foo',
+                    'value.foo'=>'',
+                  },
+                  {'urn:foo'=>[]}
+                  )
+      end
+
+      def test_double_alias
+        ax_error(
+                 {'type.foo'=>'urn:foo',
+                   'value.foo'=>'',
+                   'type.bar'=>'urn:foo',
+                   'value.bar'=>'',
+                 },
+                 IndexError
+                 )
+      end
+
+      def test_double_singleton
+        ax_values(
+                  {'type.foo'=>'urn:foo',
+                    'value.foo'=>'',
+                    'type.bar'=>'urn:bar',
+                    'value.bar'=>'',
+                  },
+                  {'urn:foo'=>[],'urn:bar'=>[]}
+                  )
+      end
+
+      def singleton_value
+        ax_values(
+                  {'type.foo'=>'urn:foo',
+                    'value.foo'=>'something',
+                  },
+                  {'urn:foo'=>['something']}
+                  )     
+      end
+    end
+
+    class FetchRequestTest < Test::Unit::TestCase
+      def setup
+        @msg = FetchRequest.new
+        @type_a = 'http://janrain.example.com/a'
+        @name_a = 'a'
+      end
+
+      def test_mode
+        assert_equal('fetch_request', @msg.mode)
+      end
+
+      def test_construct
+        assert_equal({}, @msg.requested_attributes)
+        assert_equal(nil, @msg.update_url)
+
+        msg = FetchRequest.new('hailstorm')
+        assert_equal({}, msg.requested_attributes)
+        assert_equal('hailstorm', msg.update_url)
+      end
+
+      def test_add
+        uri = 'mud://puddle'
+
+        assert(! @msg.member?(uri))
+        a = AttrInfo.new(uri)
+        @msg.add(a)
+        assert(@msg.member?(uri))
+      end
+
+      def test_add_twice
+        uri = 'its://raining'
+        a = AttrInfo.new(uri)
+        @msg.add(a)
+        assert_raises(IndexError) {@msg.add(a)}
+      end
+
+      def do_extension_args(expected_args)
+        expected_args['mode'] = @msg.mode
+        assert_equal(expected_args, @msg.get_extension_args)
+      end
+
+      def test_get_extension_args_empty
+        do_extension_args({})
+      end
+
+      def test_get_extension_args_no_alias
+        a = AttrInfo.new('foo://bar')
+        @msg.add(a)
+        ax_args = @msg.get_extension_args
+        ax_args.each{|k,v|
+          if v == a.type_uri and k.index('type.') == 0
+            @name = k[5..-1]
+            break
+          end
+        }
+        do_extension_args({'type.'+@name => a.type_uri,
+                            'if_available' => @name})
+      end
+
+      def test_get_extension_args_alias_if_available
+        a = AttrInfo.new('type://of.transportation',
+                         'transport')
+        @msg.add(a)
+        do_extension_args({'type.'+a.ns_alias => a.type_uri,
+                            'if_available' => a.ns_alias})
+      end
+
+      def test_get_extension_args_alias_req
+        a = AttrInfo.new('type://of.transportation',
+                         'transport',
+                         true)
+        @msg.add(a)
+        do_extension_args({'type.'+a.ns_alias => a.type_uri,
+                            'required' => a.ns_alias})
+      end
+
+      def test_get_required_attrs_empty
+        assert_equal([], @msg.get_required_attrs)
+      end
+
+      def test_parse_extension_args_extra_type
+        args = {
+          'mode' => 'fetch_request',
+          'type.' + @name_a => @type_a
+        }
+        assert_raises(Error) {@msg.parse_extension_args(args)}
+      end
+
+      def test_parse_extension_args
+        args = {
+          'mode' => 'fetch_request',
+          'type.' + @name_a => @type_a,
+          'if_available' => @name_a
+        }
+        @msg.parse_extension_args(args)
+        assert(@msg.member?(@type_a) )
+        assert_equal([@type_a], @msg.requested_types)
+        ai = @msg.requested_attributes[@type_a]
+        assert(ai.is_a?(AttrInfo))
+        assert(!ai.required)
+        assert_equal(@type_a, ai.type_uri)
+        assert_equal(@name_a, ai.ns_alias)
+        assert_equal([ai], @msg.attributes)
+      end
+
+      def test_extension_args_idempotent
+        args = {
+          'mode' => 'fetch_request',
+          'type.' + @name_a => @type_a,
+          'if_available' => @name_a
+        }
+        @msg.parse_extension_args(args)
+        assert_equal(args, @msg.get_extension_args)
+        assert(!@msg.requested_attributes[@type_a].required)
+      end
+
+      def test_extension_args_idempotent_count_required
+        args = {
+          'mode' => 'fetch_request',
+          'type.' + @name_a => @type_a,
+          'count.' + @name_a => '2',
+          'required' => @name_a
+        }
+        @msg.parse_extension_args(args)
+        assert_equal(args, @msg.get_extension_args)
+        assert(@msg.requested_attributes[@type_a].required)
+      end
+
+      def test_extension_args_count1
+        args = {
+          'mode' => 'fetch_request',
+          'type.' + @name_a => @type_a,
+          'count.' + @name_a => '1',
+          'if_available' => @name_a
+        }
+        norm_args = {
+          'mode' => 'fetch_request',
+          'type.' + @name_a => @type_a,
+          'if_available' => @name_a
+        }
+        @msg.parse_extension_args(args)
+        assert_equal(norm_args, @msg.get_extension_args)
+      end
+
+      def test_from_openid_request_no_ax
+        message = Message.new
+        openid_req = Server::OpenIDRequest.new
+        openid_req.message = message
+        ax_req = FetchRequest.from_openid_request(openid_req)
+        assert(ax_req.nil?)
+      end
+
+      def test_openid_update_url_verification_error
+        openid_req_msg = Message.from_openid_args({
+                                                    'mode' => 'checkid_setup',
+                                                    'ns' => OPENID2_NS,
+                                                    'realm' => 'http://example.com/realm',
+                                                    'ns.ax' => AXMessage::NS_URI,
+                                                    'ax.update_url' => 'http://different.site/path',
+                                                    'ax.mode' => 'fetch_request',
+                                                  })
+        openid_req = Server::OpenIDRequest.new
+        openid_req.message = openid_req_msg
+        assert_raises(Error) { 
+          FetchRequest.from_openid_request(openid_req)
+        }
+      end
+
+      def test_openid_no_realm
+        openid_req_msg = Message.from_openid_args({
+                                                    'mode' => 'checkid_setup',
+                                                    'ns' => OPENID2_NS,
+                                                    'ns.ax' => AXMessage::NS_URI,
+                                                    'ax.update_url' => 'http://different.site/path',
+                                                    'ax.mode' => 'fetch_request',
+                                                  })
+        openid_req = Server::OpenIDRequest.new
+        openid_req.message = openid_req_msg
+        assert_raises(Error) { 
+          FetchRequest.from_openid_request(openid_req)
+        }
+      end
+
+      def test_openid_update_url_verification_success
+        openid_req_msg = Message.from_openid_args({
+                                                    'mode' => 'checkid_setup',
+                                                    'ns' => OPENID2_NS,
+                                                    'realm' => 'http://example.com/realm',
+                                                    'ns.ax' => AXMessage::NS_URI,
+                                                    'ax.update_url' => 'http://example.com/realm/update_path',
+                                                    'ax.mode' => 'fetch_request',
+                                                  })
+        openid_req = Server::OpenIDRequest.new
+        openid_req.message = openid_req_msg
+        fr = FetchRequest.from_openid_request(openid_req)
+        assert(fr.is_a?(FetchRequest))
+      end
+
+      def test_openid_update_url_verification_success_return_to
+        openid_req_msg = Message.from_openid_args({
+                                                    'mode' => 'checkid_setup',
+                                                    'ns' => OPENID2_NS,
+                                                    'return_to' => 'http://example.com/realm',
+                                                    'ns.ax' => AXMessage::NS_URI,
+                                                    'ax.update_url' => 'http://example.com/realm/update_path',
+                                                    'ax.mode' => 'fetch_request',
+                                                  })
+        openid_req = Server::OpenIDRequest.new
+        openid_req.message = openid_req_msg
+        fr = FetchRequest.from_openid_request(openid_req)
+        assert(fr.is_a?(FetchRequest))
+      end
+
+      def test_add_extension
+        openid_req_msg = Message.from_openid_args({
+                                                    'mode' => 'checkid_setup',
+                                                    'ns' => OPENID2_NS,
+                                                    'return_to' => 'http://example.com/realm',
+                                                  })
+
+        e = OpenID::OpenIDServiceEndpoint.new
+        openid_req = Consumer::CheckIDRequest.new(nil, e)
+        openid_req.message = openid_req_msg
+
+        fr = FetchRequest.new
+        fr.add(AttrInfo.new("urn:bogus"))
+
+        openid_req.add_extension(fr)
+
+        expected = {
+          'mode' => 'fetch_request',
+          'if_available' => 'ext0',
+          'type.ext0' => 'urn:bogus',
+        }
+
+        expected.each { |k,v|
+          assert(openid_req.message.get_arg(AXMessage::NS_URI, k) == v)
+        }
+      end
+    end
+
+    class FetchResponseTest < Test::Unit::TestCase
+      def setup
+        @msg = FetchResponse.new
+        @value_a = 'commodity'
+        @type_a = 'http://blood.transfusion/'
+        @name_a = 'george'
+        @request_update_url = 'http://some.url.that.is.awesome/'
+      end
+
+      def test_construct
+        assert_equal(nil, @msg.update_url)
+        assert_equal({}, @msg.data)
+      end
+
+      def test_get_extension_args_empty
+        eargs = {
+          'mode' => 'fetch_response'
+        }
+        assert_equal(eargs, @msg.get_extension_args)
+      end
+
+      def test_get_extension_args_empty_request
+        eargs = {
+          'mode' => 'fetch_response'
+        }
+        req = FetchRequest.new
+        assert_equal(eargs, @msg.get_extension_args(req))
+      end
+
+      def test_get_extension_args_empty_request_some
+        uri = 'http://not.found/'
+        name = 'ext0'
+        eargs = {
+          'mode' => 'fetch_response',
+          'type.' + name => uri,
+          'count.' + name => '0'
+        }
+        req = FetchRequest.new
+        req.add(AttrInfo.new(uri))
+        assert_equal(eargs, @msg.get_extension_args(req))
+      end
+
+      def test_update_url_in_response
+        uri = 'http://not.found/'
+        name = 'ext0'
+        eargs = {
+          'mode' => 'fetch_response',
+          'update_url' => @request_update_url,
+          'type.' + name => uri,
+          'count.' + name => '0'
+        }
+        req = FetchRequest.new(@request_update_url)
+        req.add(AttrInfo.new(uri))
+        assert_equal(eargs, @msg.get_extension_args(req))
+      end
+
+      def test_get_extension_args_some_request
+        eargs = {
+          'mode' => 'fetch_response',
+          'type.' + @name_a => @type_a,
+          'value.' + @name_a + '.1' => @value_a,
+          'count.' + @name_a =>  '1'
+        }
+        req = FetchRequest.new
+        req.add(AttrInfo.new(@type_a, @name_a))
+        @msg.add_value(@type_a, @value_a)
+        assert_equal(eargs, @msg.get_extension_args(req))
+      end
+
+      def test_get_extension_args_some_not_request
+        req = FetchRequest.new
+        @msg.add_value(@type_a, @value_a)
+        assert_raises(IndexError) {@msg.get_extension_args(req)}
+      end
+
+      def test_get_single_success
+        req = FetchRequest.new
+        @msg.add_value(@type_a, @value_a)
+        assert_equal(@value_a, @msg.get_single(@type_a))
+      end
+
+      def test_get_single_none
+        assert_equal(nil, @msg.get_single(@type_a))
+      end
+
+      def test_get_single_extra
+        @msg.set_values(@type_a, ['x', 'y'])
+        assert_raises(Error) { @msg.get_single(@type_a) }
+      end
+
+      def test_from_success_response
+        uri = 'http://under.the.sea/'
+        name = 'ext0'
+        value = 'snarfblat'
+
+        m = OpenID::Message.from_openid_args({
+                                               'mode' => 'id_res',
+                                               'ns' => OPENID2_NS,
+                                               'ns.ax' => AXMessage::NS_URI,
+                                               'ax.update_url' => 'http://example.com/realm/update_path',
+                                               'ax.mode' => 'fetch_response',
+                                               'ax.type.' + name => uri,
+                                               'ax.count.' + name => '1',
+                                               'ax.value.' + name + '.1' => value,
+                                             })
+
+        e = OpenID::OpenIDServiceEndpoint.new()
+        resp = OpenID::Consumer::SuccessResponse.new(e, m, [])
+
+        ax_resp = FetchResponse.from_success_response(resp, false)
+
+        values = ax_resp[uri]
+        assert_equal(values, [value])
+      end
+
+      def test_from_success_response_empty
+        e = OpenID::OpenIDServiceEndpoint.new()
+        m = OpenID::Message.from_openid_args({'mode' => 'id_res'})
+        resp = OpenID::Consumer::SuccessResponse.new(e, m, [])
+        ax_resp = FetchResponse.from_success_response(resp)
+        assert(ax_resp.nil?)
+      end
+    end
+
+    class StoreRequestTest < Test::Unit::TestCase
+      def setup
+        @msg = StoreRequest.new
+        @type_a = 'http://oranges.are.for/'
+        @name_a = 'juggling'
+      end
+
+      def test_construct
+        assert_equal({}, @msg.data)
+      end
+
+      def test_get_extension_args_empty
+        eargs = {
+          'mode' => 'store_request'
+        }
+        assert_equal(eargs, @msg.get_extension_args)
+      end
+
+      def test_get_extension_args_nonempty
+        @msg.set_values(@type_a, ['foo','bar'])
+        aliases = NamespaceMap.new
+        aliases.add_alias(@type_a, @name_a)
+        eargs = {
+          'mode' => 'store_request',
+          'type.' + @name_a => @type_a,
+          'value.' + @name_a + '.1' => 'foo',
+          'value.' + @name_a + '.2' => 'bar',
+          'count.' + @name_a =>  '2'
+        }
+        assert_equal(eargs, @msg.get_extension_args(aliases))
+      end
+    end
+
+    class StoreResponseTest < Test::Unit::TestCase
+      def test_success
+        msg = StoreResponse.new
+        assert(msg.succeeded?)
+        assert(!msg.error_message)
+        assert_equal({'mode' => 'store_response_success'}, 
+                     msg.get_extension_args)
+      end
+
+      def test_fail_nomsg
+        msg = StoreResponse.new(false)
+        assert(! msg.succeeded? )
+        assert(! msg.error_message )
+        assert_equal({'mode' => 'store_response_failure'}, 
+                     msg.get_extension_args)
+      end
+
+      def test_fail_msg
+        reason = "because I said so"
+        msg = StoreResponse.new(false, reason)
+        assert(! msg.succeeded? )
+        assert_equal(reason,  msg.error_message)
+        assert_equal({'mode' => 'store_response_failure', 'error' => reason}, 
+                     msg.get_extension_args)
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_checkid_request.rb b/vendor/gems/ruby-openid-2.1.4/test/test_checkid_request.rb
new file mode 100644
index 000000000..e1d95c91b
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_checkid_request.rb
@@ -0,0 +1,294 @@
+require "openid/consumer/checkid_request"
+require "openid/message"
+require "test/unit"
+require "testutil"
+require "util"
+
+module OpenID
+  class Consumer
+    class CheckIDRequest
+      class DummyEndpoint
+        attr_accessor :preferred_namespace, :local_id, :server_url,
+          :is_op_identifier, :claimed_id
+
+        def initialize
+          @preferred_namespace = nil
+          @local_id = nil
+          @server_url = nil
+          @is_op_identifier = false
+        end
+
+        def get_local_id
+          @local_id
+        end
+
+        def compatibility_mode
+          @preferred_namespace == OPENID1_NS
+        end
+      end
+
+      module CheckIDTestMixin
+        include TestUtil
+
+        def setup
+          @endpoint = DummyEndpoint.new
+          @endpoint.local_id = 'http://server.unittest/joe'
+          @endpoint.claimed_id = 'http://joe.vanity.example/'
+          @endpoint.server_url = 'http://server.unittest/'
+          @endpoint.preferred_namespace = preferred_namespace
+          @realm = 'http://example/'
+          @return_to = 'http://example/return/'
+          @assoc = GoodAssoc.new
+          @checkid_req = CheckIDRequest.new(@assoc, @endpoint)
+        end
+
+        def assert_has_identifiers(msg, local_id, claimed_id)
+          assert_openid_value_equal(msg, 'identity', local_id)
+          assert_openid_value_equal(msg, 'claimed_id', claimed_id)
+        end
+
+        def assert_openid_key_exists(msg, key)
+          assert(msg.get_arg(OPENID_NS, key),
+                 "#{key} not present in #{msg.get_args(OPENID_NS).inspect}")
+        end
+
+        def assert_openid_key_absent(msg, key)
+          assert(msg.get_arg(OPENID_NS, key).nil?)
+        end
+
+        def assert_openid_value_equal(msg, key, expected)
+          actual = msg.get_arg(OPENID_NS, key, NO_DEFAULT)
+          error_text = ("Expected #{expected.inspect} for openid.#{key} "\
+                        "but got #{actual.inspect}: #{msg.inspect}")
+          assert_equal(expected, actual, error_text)
+        end
+
+        def assert_anonymous(msg)
+          ['claimed_id', 'identity'].each do |key|
+            assert_openid_key_absent(msg, key)
+          end
+        end
+
+        def assert_has_required_fields(msg)
+          internal_message = @checkid_req.instance_variable_get(:@message)
+          assert_equal(preferred_namespace,
+                       internal_message.get_openid_namespace)
+
+          assert_equal(preferred_namespace, msg.get_openid_namespace)
+          assert_openid_value_equal(msg, 'mode', expected_mode)
+
+          # Implement these in subclasses because they depend on
+          # protocol differences!
+          assert_has_realm(msg)
+          assert_identifiers_present(msg)
+        end
+
+        # TESTS
+
+        def test_check_no_assoc_handle
+          @checkid_req.instance_variable_set('@assoc', nil)
+          msg = assert_log_matches("Generated checkid") {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_openid_key_absent(msg, 'assoc_handle')
+        end
+
+        def test_check_with_assoc_handle
+          msg = assert_log_matches("Generated checkid") {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+
+          assert_openid_value_equal(msg, 'assoc_handle', @assoc.handle)
+        end
+
+        def test_add_extension_arg
+          @checkid_req.add_extension_arg('bag:', 'color', 'brown')
+          @checkid_req.add_extension_arg('bag:', 'material', 'paper')
+          assert(@checkid_req.message.namespaces.member?('bag:'))
+          assert_equal(@checkid_req.message.get_args('bag:'),
+                       {'color' => 'brown', 'material' => 'paper'})
+
+          msg = assert_log_matches("Generated checkid") {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+
+          # XXX: this depends on the way that Message assigns
+          # namespaces. Really it doesn't care that it has alias "0",
+          # but that is tested anyway
+          post_args = msg.to_post_args()
+          assert_equal('brown', post_args['openid.ext0.color'])
+          assert_equal('paper', post_args['openid.ext0.material'])
+        end
+
+        def test_standard
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_identifiers(msg, @endpoint.local_id, @endpoint.claimed_id)
+        end
+
+        def test_send_redirect?
+          silence_logging {
+            url = @checkid_req.redirect_url(@realm, @return_to, immediate)
+            assert(url.length < OPENID1_URL_LIMIT)
+            assert(@checkid_req.send_redirect?(@realm, @return_to, immediate))
+
+            @return_to << '/foo' * 1000
+            url = @checkid_req.redirect_url(@realm, @return_to, immediate)
+            assert(url.length > OPENID1_URL_LIMIT)
+            actual = @checkid_req.send_redirect?(@realm, @return_to, immediate)
+            expected = preferred_namespace != OPENID2_NS
+            assert_equal(expected, actual)
+          }
+        end
+      end
+
+      class TestCheckIDRequestOpenID2 < Test::Unit::TestCase
+        include CheckIDTestMixin
+
+        def immediate
+          false
+        end
+
+        def expected_mode
+          'checkid_setup'
+        end
+
+        def preferred_namespace
+          OPENID2_NS
+        end
+
+        # check presence of proper realm key and absence of the wrong
+        # one.
+        def assert_has_realm(msg)
+          assert_openid_value_equal(msg, 'realm', @realm)
+          assert_openid_key_absent(msg, 'trust_root')
+        end
+
+        def assert_identifiers_present(msg)
+          identity_present = msg.has_key?(OPENID_NS, 'identity')
+          claimed_present = msg.has_key?(OPENID_NS, 'claimed_id')
+
+          assert_equal(claimed_present, identity_present)
+        end
+
+        # OpenID Checkid_Requests should be able to set 'anonymous' to true.
+        def test_set_anonymous_works_for_openid2
+          assert(@checkid_req.message.is_openid2)
+          assert_nothing_raised {@checkid_req.anonymous = true}
+          assert_nothing_raised {@checkid_req.anonymous = false}
+        end
+
+        def test_user_anonymous_ignores_identfier
+          @checkid_req.anonymous = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_anonymous(msg)
+        end
+
+        def test_op_anonymous_ignores_identifier
+          @endpoint.is_op_identifier = true
+          @checkid_req.anonymous = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_anonymous(msg)
+        end
+
+        def test_op_identifier_sends_identifier_select
+          @endpoint.is_op_identifier = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_has_identifiers(msg, IDENTIFIER_SELECT, IDENTIFIER_SELECT)
+        end
+      end
+
+      class TestCheckIDRequestOpenID1 < Test::Unit::TestCase
+        include CheckIDTestMixin
+
+        def immediate
+          false
+        end
+
+        def preferred_namespace
+          OPENID1_NS
+        end
+
+        def expected_mode
+          'checkid_setup'
+        end
+
+        # Make sure claimed_is is *absent* in request.
+        def assert_has_identifiers(msg, op_specific_id, claimed_id)
+          assert_openid_value_equal(msg, 'identity', op_specific_id)
+          assert_openid_key_absent(msg, 'claimed_id')
+        end
+
+        def assert_identifiers_present(msg)
+          assert_openid_key_absent(msg, 'claimed_id')
+          assert(msg.has_key?(OPENID_NS, 'identity'))
+        end
+
+        # check presence of proper realm key and absence of the wrong
+        # one.
+        def assert_has_realm(msg)
+          assert_openid_value_equal(msg, 'trust_root', @realm)
+          assert_openid_key_absent(msg, 'realm')
+        end
+
+        # TESTS
+
+        # OpenID 1 requests MUST NOT be able to set anonymous to true
+        def test_set_anonymous_fails_for_openid1
+          assert(@checkid_req.message.is_openid1)
+          assert_raises(ArgumentError) {
+            @checkid_req.anonymous = true
+          }
+          assert_nothing_raised{
+            @checkid_req.anonymous = false
+          }
+        end
+
+        # Identfier select SHOULD NOT be sent, but this pathway is in
+        # here in case some special discovery stuff is done to trigger
+        # it with OpenID 1. If it is triggered, it will send
+        # identifier_select just like OpenID 2.
+        def test_identifier_select
+          @endpoint.is_op_identifier = true
+          msg = assert_log_matches('Generated checkid') {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_has_required_fields(msg)
+          assert_equal(IDENTIFIER_SELECT,
+                       msg.get_arg(OPENID1_NS, 'identity'))
+        end
+
+      end
+
+      class TestCheckIDRequestOpenID1Immediate < TestCheckIDRequestOpenID1
+        def immediate
+          true
+        end
+
+        def expected_mode
+          'checkid_immediate'
+        end
+      end
+
+      class TestCheckid_RequestOpenID2Immediate < TestCheckIDRequestOpenID2
+        def immediate
+          true
+        end
+
+        def expected_mode
+          'checkid_immediate'
+        end
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_consumer.rb b/vendor/gems/ruby-openid-2.1.4/test/test_consumer.rb
new file mode 100644
index 000000000..dc4a09e69
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_consumer.rb
@@ -0,0 +1,257 @@
+require "openid/consumer"
+require "test/unit"
+require "testutil"
+
+module OpenID
+  class Consumer
+    module TestConsumer
+      class TestLastEndpoint < Test::Unit::TestCase
+        def test_set_get
+          session = {}
+          consumer = Consumer.new(session, nil)
+          consumer.send(:last_requested_endpoint=, :endpoint)
+          ep = consumer.send(:last_requested_endpoint)
+          assert_equal(:endpoint, ep)
+          ep = consumer.send(:last_requested_endpoint)
+          assert_equal(:endpoint, ep)
+          consumer.send(:cleanup_last_requested_endpoint)
+          ep = consumer.send(:last_requested_endpoint)
+          assert_equal(nil, ep)
+        end
+      end
+
+      class TestBegin < Test::Unit::TestCase
+        attr_accessor :user_input, :anonymous, :services,
+          :discovered_identifier, :checkid_request, :service
+
+        def setup
+          @discovered_identifier = 'http://discovered/'
+          @user_input = 'user.input'
+          @service = :service
+          @services = [@service]
+          @session = {}
+          @anonymous = false
+          @checkid_request = :checkid_request
+        end
+
+        def consumer
+          test = self
+          consumer = Consumer.new(@session, nil)
+          consumer.extend(InstanceDefExtension)
+          consumer.instance_def(:discover) do |identifier|
+            test.assert_equal(test.user_input, identifier)
+            [test.discovered_identifier, test.services]
+          end
+          consumer.instance_def(:begin_without_discovery) do
+            |service, sent_anonymous|
+            test.assert_equal(test.service, service)
+            test.assert_equal(test.anonymous, sent_anonymous)
+            test.checkid_request
+          end
+          consumer
+        end
+
+        def test_begin
+          checkid_request = consumer.begin(@user_input, @anonymous)
+          assert_equal(:checkid_request, checkid_request)
+          assert_equal(['OpenID::Consumer::DiscoveredServices::'\
+                        'OpenID::Consumer::'], @session.keys.sort!)
+        end
+
+        def test_begin_failure
+          @services = []
+          assert_raises(DiscoveryFailure) {
+            consumer.begin(@user_input, @anonymous)
+          }
+        end
+
+        def test_begin_fallback
+          @services = [:service1, :service2]
+          consumer = self.consumer
+          @service = :service1
+          consumer.begin(@user_input, @anonymous)
+          @service = :service2
+          consumer.begin(@user_input, @anonymous)
+          @service = :service1
+          consumer.begin(@user_input, @anonymous)
+          @service = :service2
+          consumer.begin(@user_input, @anonymous)
+        end
+      end
+
+      class TestBeginWithoutDiscovery < Test::Unit::TestCase
+        attr_reader :assoc
+        def setup
+          @session = {}
+          @assoc = :assoc
+          @service = OpenIDServiceEndpoint.new
+          @claimed_id = 'http://claimed.id/'
+          @service.claimed_id = @claimed_id
+          @anonymous = false
+        end
+
+        def consumer
+          test = self
+          assoc_manager = Object.new
+          assoc_manager.extend(InstanceDefExtension)
+          assoc_manager.instance_def(:get_association) do
+            test.assoc
+          end
+
+          consumer = Consumer.new(@session, nil)
+          consumer.extend(InstanceDefExtension)
+          consumer.instance_def(:association_manager) do |service|
+            assoc_manager
+          end
+          consumer
+        end
+
+        def call_begin_without_discovery
+          result = consumer.begin_without_discovery(@service, @anonymous)
+          assert(result.instance_of?(CheckIDRequest))
+          assert_equal(@anonymous, result.anonymous)
+          assert_equal(@service, consumer.send(:last_requested_endpoint))
+          assert_equal(result.instance_variable_get(:@assoc), @assoc)
+          return result
+        end
+
+        def cid_name
+          Consumer.openid1_return_to_claimed_id_name
+        end
+
+        def nonce_name
+          Consumer.openid1_return_to_nonce_name
+        end
+
+        def test_begin_without_openid1
+          result = call_begin_without_discovery
+
+          assert_equal(@claimed_id, result.return_to_args[cid_name])
+          assert_equal([cid_name, nonce_name].sort!,
+                       result.return_to_args.keys.sort!)
+        end
+
+        def test_begin_without_openid1_anonymous
+          @anonymous = true
+          assert_raises(ArgumentError) {
+            call_begin_without_discovery
+          }
+        end
+
+        def test_begin_without_openid2
+          @service.type_uris = [OPENID_2_0_TYPE]
+          result = call_begin_without_discovery
+
+          assert(result.return_to_args.empty?)
+        end
+
+        def test_begin_without_openid2_anonymous
+          @anonymous = true
+          @service.type_uris = [OPENID_2_0_TYPE]
+          result = call_begin_without_discovery
+
+          assert(result.return_to_args.empty?)
+        end
+      end
+
+      class TestComplete < Test::Unit::TestCase
+        def setup
+          @session = {}
+          @consumer = Consumer.new(@session, nil)
+        end
+
+        def test_bad_mode
+          response = @consumer.complete({'openid.ns' => OPENID2_NS,
+                                        'openid.mode' => 'bad'}, nil)
+          assert_equal(FAILURE, response.status)
+        end
+
+        def test_missing_mode
+          response = @consumer.complete({'openid.ns' => OPENID2_NS}, nil)
+          assert_equal(FAILURE, response.status)
+        end
+
+        def test_cancel
+          response = @consumer.complete({'openid.mode' => 'cancel'}, nil)
+          assert_equal(CANCEL, response.status)
+        end
+
+        def test_setup_needed_openid1
+          response = @consumer.complete({'openid.mode' => 'setup_needed'}, nil)
+          assert_equal(FAILURE, response.status)
+        end
+
+        def test_setup_needed_openid2
+          args = {'openid.ns' => OPENID2_NS, 'openid.mode' => 'setup_needed'}
+          response = @consumer.complete(args, nil)
+          assert_equal(SETUP_NEEDED, response.status)
+        end
+
+        def test_idres_setup_needed_openid1
+          setup_url = 'http://setup.url/'
+          args = {
+            'openid.user_setup_url' => setup_url,
+            'openid.mode' => 'id_res',
+          }
+          response = @consumer.complete(args, nil)
+          assert_equal(SETUP_NEEDED, response.status)
+        end
+
+        def test_error
+          contact = 'me'
+          reference = 'thing thing'
+          args = {
+            'openid.mode' => 'error',
+            'openid.contact' => contact,
+            'openid.reference' => reference,
+          }
+          response = @consumer.complete(args, nil)
+          assert_equal(FAILURE, response.status)
+          assert_equal(contact, response.contact)
+          assert_equal(reference, response.reference)
+
+          args['openid.ns'] = OPENID2_NS
+          response = @consumer.complete(args, nil)
+          assert_equal(FAILURE, response.status)
+          assert_equal(contact, response.contact)
+          assert_equal(reference, response.reference)
+        end
+
+        def test_idres_openid1
+          args = {
+            'openid.mode' => 'id_res',
+          }
+
+          endpoint = OpenIDServiceEndpoint.new
+          endpoint.claimed_id = :test_claimed_id
+
+          idres = Object.new
+          idres.extend(InstanceDefExtension)
+          idres.instance_def(:endpoint){endpoint}
+          idres.instance_def(:signed_fields){:test_signed_fields}
+
+          test = self
+          @consumer.extend(InstanceDefExtension)
+          @consumer.instance_def(:handle_idres) {|message, return_to|
+            test.assert_equal(args, message.to_post_args)
+            test.assert_equal(:test_return_to, return_to)
+            idres
+          }
+
+          response = @consumer.complete(args, :test_return_to)
+          assert_equal(SUCCESS, response.status, response.message)
+          assert_equal(:test_claimed_id, response.identity_url)
+          assert_equal(endpoint, response.endpoint)
+
+          error_message = "In Soviet Russia, id_res handles you!"
+          @consumer.instance_def(:handle_idres) {|message, return_to|
+            raise ProtocolError, error_message
+          }
+          response = @consumer.complete(args, :test_return_to)
+          assert_equal(FAILURE, response.status)
+          assert_equal(error_message, response.message)
+        end
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_cryptutil.rb b/vendor/gems/ruby-openid-2.1.4/test/test_cryptutil.rb
new file mode 100644
index 000000000..f6a38a0da
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_cryptutil.rb
@@ -0,0 +1,119 @@
+# coding: ASCII-8BIT
+require 'test/unit'
+require "openid/cryptutil"
+require "pathname"
+
+class CryptUtilTestCase < Test::Unit::TestCase
+  BIG = 2 ** 256
+
+  def test_rand
+    # If this is not true, the rest of our test won't work
+    assert(BIG.is_a?(Bignum))
+
+    # It's possible that these will be small enough for fixnums, but
+    # extraorindarily unlikely.
+    a = OpenID::CryptUtil.rand(BIG)
+    b = OpenID::CryptUtil.rand(BIG)
+    assert(a.is_a?(Bignum))
+    assert(b.is_a?(Bignum))
+    assert_not_equal(a, b)
+  end
+
+  def test_rand_doesnt_depend_on_srand
+    Kernel.srand(1)
+    a = OpenID::CryptUtil.rand(BIG)
+    Kernel.srand(1)
+    b = OpenID::CryptUtil.rand(BIG)
+    assert_not_equal(a, b)
+  end
+
+  def test_random_binary_convert
+    (0..500).each do
+      n = (0..10).inject(0) {|sum, element| sum + OpenID::CryptUtil.rand(BIG) }
+      s = OpenID::CryptUtil.num_to_binary n
+      assert(s.is_a?(String))
+      n_converted_back = OpenID::CryptUtil.binary_to_num(s)
+      assert_equal(n, n_converted_back)
+    end
+  end
+
+  def test_enumerated_binary_convert
+    {
+        "\x00" => 0,
+        "\x01" => 1,
+        "\x7F" => 127,
+        "\x00\xFF" => 255,
+        "\x00\x80" => 128,
+        "\x00\x81" => 129,
+        "\x00\x80\x00" => 32768,
+        "OpenID is cool" => 1611215304203901150134421257416556,
+    }.each do |str, num|
+      num_prime = OpenID::CryptUtil.binary_to_num(str)
+      str_prime = OpenID::CryptUtil.num_to_binary(num)
+      assert_equal(num, num_prime)
+      assert_equal(str, str_prime)
+    end
+  end
+
+  def with_n2b64
+    test_dir = Pathname.new(__FILE__).dirname
+    filename = test_dir.join('data', 'n2b64')
+    File.open(filename) do |file|
+      file.each_line do |line|
+        base64, base10 = line.chomp.split
+        yield base64, base10.to_i
+      end
+    end
+  end
+
+  def test_base64_to_num
+    with_n2b64 do |base64, num|
+      assert_equal(num, OpenID::CryptUtil.base64_to_num(base64))
+    end
+  end
+
+  def test_base64_to_num_invalid
+    assert_raises(ArgumentError) {
+      OpenID::CryptUtil.base64_to_num('!@#$')
+    }
+  end
+
+  def test_num_to_base64
+    with_n2b64 do |base64, num|
+      assert_equal(base64, OpenID::CryptUtil.num_to_base64(num))
+    end
+  end
+
+  def test_randomstring
+    s1 = OpenID::CryptUtil.random_string(42)
+    assert_equal(42, s1.length)
+    s2 = OpenID::CryptUtil.random_string(42)
+    assert_equal(42, s2.length)
+    assert_not_equal(s1, s2)
+  end
+
+  def test_randomstring_population
+    s1 = OpenID::CryptUtil.random_string(42, "XO")
+    assert_match(/[XO]{42}/, s1)
+  end
+
+  def test_sha1
+    assert_equal("\x11\xf6\xad\x8e\xc5*)\x84\xab\xaa\xfd|;Qe\x03x\\ r",
+                 OpenID::CryptUtil.sha1('x'))
+  end
+
+  def test_hmac_sha1
+    assert_equal("\x8bo\xf7O\xa7\x18*\x90\xac ah\x16\xf7\xb8\x81JB\x9f|",
+                 OpenID::CryptUtil.hmac_sha1('x', 'x'))
+  end
+
+  def test_sha256
+    assert_equal("-q\x16B\xb7&\xb0D\x01b|\xa9\xfb\xac2\xf5\xc8S\x0f\xb1\x90<\xc4\xdb\x02%\x87\x17\x92\x1aH\x81",
+                 OpenID::CryptUtil.sha256('x'))
+  end
+
+  def test_hmac_sha256
+    assert_equal("\x94{\xd2w\xb2\xd3\\\xfc\x07\xfb\xc7\xe3b\xf2iuXz1\xf8:}\xffx\x8f\xda\xc1\xfaC\xc4\xb2\x87",
+                 OpenID::CryptUtil.hmac_sha256('x', 'x'))
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_dh.rb b/vendor/gems/ruby-openid-2.1.4/test/test_dh.rb
new file mode 100644
index 000000000..397c15e53
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_dh.rb
@@ -0,0 +1,86 @@
+require 'test/unit'
+require 'openid/dh'
+require 'testutil'
+
+module OpenID
+  class DiffieHellmanExposed < OpenID::DiffieHellman
+    def DiffieHellmanExposed.strxor_for_testing(a, b)
+      return DiffieHellmanExposed.strxor(a, b)
+    end
+  end
+
+  class DiffieHellmanTestCase < Test::Unit::TestCase
+    include OpenID::TestDataMixin
+
+    NUL = "\x00"
+
+    def test_strxor_success
+      [#input 1   input 2   expected
+       [NUL,      NUL,      NUL     ],
+       ["\x01",   NUL,      "\x01"  ],
+       ["a",      "a",      NUL     ],
+       ["a",      NUL,      "a"     ],
+       ["abc",    NUL * 3,  "abc"   ],
+       ["x" * 10, NUL * 10, "x" * 10],
+       ["\x01",   "\x02",   "\x03"  ],
+       ["\xf0",   "\x0f",   "\xff"  ],
+       ["\xff",   "\x0f",   "\xf0"  ],
+      ].each do |input1, input2, expected|
+        actual = DiffieHellmanExposed.strxor_for_testing(input1, input2)
+        assert_equal(expected, actual)
+      end
+    end
+
+    def test_strxor_failure
+      [
+       ['',      'a'    ],
+       ['foo',   'ba'   ],
+       [NUL * 3, NUL * 4],
+       [255,     127    ].map{|h| (0..h).map{|i|i.chr}.join('')},
+      ].each do |aa, bb|
+        assert_raises(ArgumentError) {
+          DiffieHellmanExposed.strxor(aa, bb)
+        }
+      end
+    end
+
+    def test_simple_exchange
+      dh1 = DiffieHellman.from_defaults()
+      dh2 = DiffieHellman.from_defaults()
+      secret1 = dh1.get_shared_secret(dh2.public)
+      secret2 = dh2.get_shared_secret(dh1.public)
+      assert_equal(secret1, secret2)
+    end
+
+    def test_xor_secret
+      dh1 = DiffieHellman.from_defaults()
+      dh2 = DiffieHellman.from_defaults()
+      secret = "Shhhhhh! don't tell!"
+      encrypted = dh1.xor_secret((CryptUtil.method :sha1), dh2.public, secret)
+      decrypted = dh2.xor_secret((CryptUtil.method :sha1), dh1.public, encrypted)
+      assert_equal(secret, decrypted)
+    end
+
+    def test_dh
+      dh = DiffieHellman.from_defaults()
+      class << dh
+        def set_private_test(priv)
+          set_private(priv)
+        end
+      end
+
+      read_data_file('dh.txt', true).each do |line|
+        priv, pub = line.split(' ').map {|x| x.to_i}
+        dh.set_private_test(priv)
+        assert_equal(dh.public, pub)
+      end
+    end
+
+    def test_using_defaults
+      dh = DiffieHellman.from_defaults()
+      assert(dh.using_default_values?)
+      dh = DiffieHellman.new(3, 2750161)
+      assert(!dh.using_default_values?)
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_discover.rb b/vendor/gems/ruby-openid-2.1.4/test/test_discover.rb
new file mode 100644
index 000000000..13b115ce1
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_discover.rb
@@ -0,0 +1,838 @@
+
+require 'testutil'
+require 'util'
+
+require 'test/unit'
+require 'openid/fetchers'
+require 'openid/yadis/discovery'
+require 'openid/consumer/discovery'
+require 'openid/yadis/xrires'
+require 'openid/yadis/xri'
+require 'openid/message'
+require 'openid/util'
+
+### Tests for conditions that trigger DiscoveryFailure
+
+module OpenID
+  class SimpleMockFetcher
+    def initialize(test, responses)
+      @test = test
+      @responses = responses.dup
+    end
+
+    def fetch(url, body=nil, headers=nil, limit=nil)
+      response = @responses.shift
+      @test.assert(body.nil?)
+      @test.assert_equal(response.final_url, url)
+      return response
+    end
+  end
+
+  class TestDiscoveryFailure < Test::Unit::TestCase
+    def initialize(*args)
+      super(*args)
+
+      @responses = [
+                    [HTTPResponse._from_raw_data(nil, nil, {}, 'http://network.error/')],
+                    [HTTPResponse._from_raw_data(404, nil, {}, 'http://not.found/')],
+                    [HTTPResponse._from_raw_data(400, nil, {}, 'http://bad.request/')],
+                    [HTTPResponse._from_raw_data(500, nil, {}, 'http://server.error/')],
+                    [HTTPResponse._from_raw_data(200, nil, {'x-xrds-location' => 'http://xrds.missing/'},
+                                                 'http://header.found/'),
+                     HTTPResponse._from_raw_data(404, nil, {}, 'http://xrds.missing/')],
+                    ]
+    end
+
+    def test_discovery_failure
+
+      @responses.each { |response_set|
+        @url = response_set[0].final_url
+        OpenID.fetcher = SimpleMockFetcher.new(self, response_set)
+      
+        expected_status = response_set[-1].code
+        begin
+          OpenID.discover(@url)
+        rescue DiscoveryFailure => why
+          assert_equal(why.http_response.code, expected_status)
+        else
+          flunk('Did not raise DiscoveryFailure')
+        end
+
+        OpenID.fetcher = nil
+      }
+    end
+  end
+
+  ### Tests for raising/catching exceptions from the fetcher through
+  ### the discover function
+
+  class ErrorRaisingFetcher
+    # Just raise an exception when fetch is called
+
+    def initialize(thing_to_raise)
+      @thing_to_raise = thing_to_raise
+    end
+
+    def fetch(url, body=nil, headers=nil, limit=nil)
+      raise @thing_to_raise
+    end
+  end
+
+  class DidFetch < Exception
+    # Custom exception just to make sure it's not handled differently
+  end
+
+  class TestFetchException < Test::Unit::TestCase
+    # Discovery should only raise DiscoveryFailure
+
+    def initialize(*args)
+      super(*args)
+
+      @cases = [
+                DidFetch.new(),
+                Exception.new(),
+                ArgumentError.new(),
+                RuntimeError.new(),
+               ]
+    end
+
+    def test_fetch_exception
+      @cases.each { |exc|
+        OpenID.fetcher = ErrorRaisingFetcher.new(exc)
+        assert_raises(DiscoveryFailure) {
+          OpenID.discover('http://doesnt.matter/')
+        }
+        OpenID.fetcher = nil
+      }
+    end
+  end
+
+  ### Tests for openid.consumer.discover.discover
+
+  class TestNormalization < Test::Unit::TestCase
+    def test_addingProtocol
+      f = ErrorRaisingFetcher.new(RuntimeError.new())
+      OpenID.fetcher = f
+
+      begin
+        OpenID.discover('users.stompy.janrain.com:8000/x')
+      rescue DiscoveryFailure => why
+        assert why.to_s.match("Failed to fetch")
+      rescue RuntimeError
+      end
+
+      OpenID.fetcher = nil
+    end
+  end
+
+  class DiscoveryMockFetcher
+    def initialize(documents)
+      @redirect = nil
+      @documents = documents
+      @fetchlog = []
+    end
+
+    def fetch(url, body=nil, headers=nil, limit=nil)
+      @fetchlog << [url, body, headers]
+      if @redirect
+        final_url = @redirect
+      else
+        final_url = url
+      end
+
+      begin
+        ctype, body = @documents.fetch(url)
+      rescue IndexError
+        status = 404
+        ctype = 'text/plain'
+        body = ''
+      else
+        status = 200
+      end
+
+      return HTTPResponse._from_raw_data(status, body, {'content-type' => ctype}, final_url)
+    end
+  end
+
+  class BaseTestDiscovery < Test::Unit::TestCase
+    attr_accessor :id_url, :fetcher_class
+
+    def initialize(*args)
+      super(*args)
+      @id_url = "http://someuser.unittest/"
+      @documents = {}
+      @fetcher_class = DiscoveryMockFetcher
+    end
+
+    def _checkService(s, server_url, claimed_id=nil,
+                      local_id=nil, canonical_id=nil,
+                      types=nil, used_yadis=false,
+                      display_identifier=nil)
+      assert_equal(server_url, s.server_url)
+      if types == ['2.0 OP']
+        assert(!claimed_id)
+        assert(!local_id)
+        assert(!s.claimed_id)
+        assert(!s.local_id)
+        assert(!s.get_local_id())
+        assert(!s.compatibility_mode())
+        assert(s.is_op_identifier())
+        assert_equal(s.preferred_namespace(),
+                     OPENID_2_0_MESSAGE_NS)
+      else
+        assert_equal(claimed_id, s.claimed_id)
+        assert_equal(local_id, s.get_local_id())
+      end
+
+      if used_yadis
+        assert(s.used_yadis, "Expected to use Yadis")
+      else
+        assert(!s.used_yadis,
+               "Expected to use old-style discovery")
+      end
+
+      openid_types = {
+        '1.1' => OPENID_1_1_TYPE,
+        '1.0' => OPENID_1_0_TYPE,
+        '2.0' => OPENID_2_0_TYPE,
+        '2.0 OP' => OPENID_IDP_2_0_TYPE,
+      }
+
+      type_uris = types.collect { |t| openid_types[t] }
+
+      assert_equal(type_uris, s.type_uris)
+      assert_equal(canonical_id, s.canonical_id)
+
+      if canonical_id.nil?
+        assert_equal(claimed_id, s.display_identifier)
+      else
+        assert_equal(display_identifier, s.display_identifier)
+      end
+    end
+
+    def setup
+      # @documents = @documents.dup
+      @fetcher = @fetcher_class.new(@documents)
+      OpenID.fetcher = @fetcher
+    end
+
+    def teardown
+      OpenID.fetcher = nil
+    end
+
+    def test_blank
+      # XXX to avoid > 0 test requirement
+    end
+  end
+
+#   def readDataFile(filename):
+#     module_directory = os.path.dirname(os.path.abspath(__file__))
+#     filename = os.path.join(
+#         module_directory, 'data', 'test_discover', filename)
+#     return file(filename).read()
+
+  class TestDiscovery < BaseTestDiscovery
+    include TestDataMixin
+
+    def _discover(content_type, data,
+                  expected_services, expected_id=nil)
+      if expected_id.nil?
+        expected_id = @id_url
+      end
+
+      @documents[@id_url] = [content_type, data]
+      id_url, services = OpenID.discover(@id_url)
+
+      assert_equal(expected_services, services.length)
+      assert_equal(expected_id, id_url)
+      return services
+    end
+
+    def test_404
+      assert_raise(DiscoveryFailure) {
+        OpenID.discover(@id_url + '/404')
+      }
+    end
+
+    def test_noOpenID
+      services = _discover('text/plain',
+                           "junk", 0)
+
+      services = _discover(
+                           'text/html',
+                           read_data_file('test_discover/openid_no_delegate.html', false),
+                           1)
+
+      _checkService(
+                    services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    @id_url,
+                    nil,
+                    ['1.1'],
+                    false)
+    end
+
+    def test_malformed_meta_tag
+      @id_url = "http://user.myopenid.com/"
+
+      services = _discover(
+                           'text/html',
+                           read_data_file('test_discover/malformed_meta_tag.html', false),
+                           2)
+
+      _checkService(
+                    services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    @id_url,
+                    nil,
+                    ['2.0'],
+                    false)
+
+      _checkService(
+                    services[1],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    @id_url,
+                    nil,
+                    ['1.1'],
+                    false)
+    end
+
+    def test_html1
+      services = _discover('text/html',
+                           read_data_file('test_discover/openid.html', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    'http://smoker.myopenid.com/',
+                    nil,
+                    ['1.1'],
+                    false)
+    end
+
+    def test_html1Fragment
+      # Ensure that the Claimed Identifier does not have a fragment if
+      # one is supplied in the User Input.
+      content_type = 'text/html'
+      data = read_data_file('test_discover/openid.html', false)
+      expected_services = 1
+
+      @documents[@id_url] = [content_type, data]
+      expected_id = @id_url
+      @id_url = @id_url + '#fragment'
+      id_url, services = OpenID.discover(@id_url)
+
+      assert_equal(expected_services, services.length)
+      assert_equal(expected_id, id_url)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    expected_id,
+                    'http://smoker.myopenid.com/',
+                    nil,
+                    ['1.1'],
+                    false)
+    end
+
+    def test_html2
+      services = _discover('text/html',
+                           read_data_file('test_discover/openid2.html', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    'http://smoker.myopenid.com/',
+                    nil,
+                    ['2.0'],
+                    false)
+    end
+
+    def test_html1And2
+      services = _discover(
+                           'text/html',
+                           read_data_file('test_discover/openid_1_and_2.html', false),
+                           2)
+
+      services.zip(['2.0', '1.1']).each { |s, t|
+          _checkService(s,
+                        "http://www.myopenid.com/server",
+                        @id_url,
+                        'http://smoker.myopenid.com/',
+                        nil,
+                        [t],
+                        false)
+      }
+    end
+
+    def test_yadisEmpty
+      services = _discover('application/xrds+xml',
+                           read_data_file('test_discover/yadis_0entries.xml', false),
+                           0)
+    end
+
+    def test_htmlEmptyYadis
+      # HTML document has discovery information, but points to an
+      # empty Yadis document.  The XRDS document pointed to by
+      # "openid_and_yadis.html"
+      @documents[@id_url + 'xrds'] = ['application/xrds+xml',
+                                      read_data_file('test_discover/yadis_0entries.xml', false)]
+
+      services = _discover('text/html',
+                           read_data_file('test_discover/openid_and_yadis.html', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    'http://smoker.myopenid.com/',
+                    nil,
+                    ['1.1'],
+                    false)
+    end
+
+    def test_yadis1NoDelegate
+      services = _discover('application/xrds+xml',
+                           read_data_file('test_discover/yadis_no_delegate.xml', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    @id_url,
+                    nil,
+                    ['1.0'],
+                    true)
+    end
+
+    def test_yadis2NoLocalID
+      services = _discover('application/xrds+xml',
+                           read_data_file('test_discover/openid2_xrds_no_local_id.xml', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    @id_url,
+                    nil,
+                    ['2.0'],
+                    true)
+    end
+
+    def test_yadis2
+      services = _discover('application/xrds+xml',
+                           read_data_file('test_discover/openid2_xrds.xml', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    'http://smoker.myopenid.com/',
+                    nil,
+                    ['2.0'],
+                    true)
+    end
+
+    def test_yadis2OP
+      services = _discover('application/xrds+xml',
+                           read_data_file('test_discover/yadis_idp.xml', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    nil, nil, nil,
+                    ['2.0 OP'],
+                    true)
+    end
+
+    def test_yadis2OPDelegate
+      # The delegate tag isn't meaningful for OP entries.
+      services = _discover('application/xrds+xml',
+                           read_data_file('test_discover/yadis_idp_delegate.xml', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    nil, nil, nil,
+                    ['2.0 OP'],
+                    true)
+    end
+
+    def test_yadis2BadLocalID
+      assert_raise(DiscoveryFailure) {
+        _discover('application/xrds+xml',
+                  read_data_file('test_discover/yadis_2_bad_local_id.xml', false),
+                  1)
+      }
+    end
+
+    def test_yadis1And2
+      services = _discover('application/xrds+xml',
+                           read_data_file('test_discover/openid_1_and_2_xrds.xml', false),
+                           1)
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    'http://smoker.myopenid.com/',
+                    nil,
+                    ['2.0', '1.1'],
+                    true)
+    end
+
+    def test_yadis1And2BadLocalID
+      assert_raise(DiscoveryFailure) {
+        _discover('application/xrds+xml',
+                  read_data_file('test_discover/openid_1_and_2_xrds_bad_delegate.xml', false),
+                  1)
+      }
+    end
+  end
+
+  class MockFetcherForXRIProxy
+
+    def initialize(documents, proxy_url=Yadis::XRI::ProxyResolver::DEFAULT_PROXY)
+      @documents = documents
+      @fetchlog = []
+      @proxy_url = nil
+    end
+
+    def fetch(url, body=nil, headers=nil, limit=nil)
+      @fetchlog << [url, body, headers]
+
+      u = URI::parse(url)
+      proxy_host = u.host
+      xri = u.path
+      query = u.query
+
+      if !headers and !query
+        raise ArgumentError.new("No headers or query; you probably didn't " +
+                                "mean to do that.")
+      end
+
+      if xri.starts_with?('/')
+        xri = xri[1..-1]
+      end
+
+      begin
+        ctype, body = @documents.fetch(xri)
+      rescue IndexError
+        status = 404
+        ctype = 'text/plain'
+        body = ''
+      else
+        status = 200
+      end
+
+      return HTTPResponse._from_raw_data(status, body,
+                                         {'content-type' => ctype}, url)
+    end
+  end
+
+  class TestXRIDiscovery < BaseTestDiscovery
+
+    include TestDataMixin
+    include TestUtil
+
+    def initialize(*args)
+      super(*args)
+
+      @fetcher_class = MockFetcherForXRIProxy
+
+      @documents = {'=smoker' => ['application/xrds+xml',
+                                  read_data_file('test_discover/yadis_2entries_delegate.xml', false)],
+        '=smoker*bad' => ['application/xrds+xml',
+                          read_data_file('test_discover/yadis_another_delegate.xml', false)]}
+    end
+
+    def test_xri
+      user_xri, services = OpenID.discover_xri('=smoker')
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    Yadis::XRI.make_xri("=!1000"),
+                    'http://smoker.myopenid.com/',
+                    Yadis::XRI.make_xri("=!1000"),
+                    ['1.0'],
+                    true,
+                    '=smoker')
+
+      _checkService(services[1],
+                    "http://www.livejournal.com/openid/server.bml",
+                    Yadis::XRI.make_xri("=!1000"),
+                    'http://frank.livejournal.com/',
+                    Yadis::XRI.make_xri("=!1000"),
+                    ['1.0'],
+                    true,
+                    '=smoker')
+    end
+
+    def test_xri_normalize
+      user_xri, services = OpenID.discover_xri('xri://=smoker')
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    Yadis::XRI.make_xri("=!1000"),
+                    'http://smoker.myopenid.com/',
+                    Yadis::XRI.make_xri("=!1000"),
+                    ['1.0'],
+                    true,
+                    '=smoker')
+
+      _checkService(services[1],
+                    "http://www.livejournal.com/openid/server.bml",
+                    Yadis::XRI.make_xri("=!1000"),
+                    'http://frank.livejournal.com/',
+                    Yadis::XRI.make_xri("=!1000"),
+                    ['1.0'],
+                    true,
+                    '=smoker')
+    end
+
+    def test_xriNoCanonicalID
+      silence_logging {
+        user_xri, services = OpenID.discover_xri('=smoker*bad')
+        assert(services.empty?)
+      }
+    end
+
+    def test_useCanonicalID
+      # When there is no delegate, the CanonicalID should be used with
+      # XRI.
+      endpoint = OpenIDServiceEndpoint.new()
+      endpoint.claimed_id = Yadis::XRI.make_xri("=!1000")
+      endpoint.canonical_id = Yadis::XRI.make_xri("=!1000")
+      assert_equal(endpoint.get_local_id, Yadis::XRI.make_xri("=!1000"))
+    end
+  end
+
+  class TestXRIDiscoveryIDP < BaseTestDiscovery
+    include TestDataMixin
+
+    def initialize(*args)
+      super(*args)
+
+      @fetcher_class = MockFetcherForXRIProxy
+
+      @documents = {'=smoker' => ['application/xrds+xml',
+                                  read_data_file('test_discover/yadis_2entries_idp.xml', false)] }
+    end
+
+    def test_xri
+      user_xri, services = OpenID.discover_xri('=smoker')
+      assert(!services.empty?, "Expected services, got zero")
+      assert_equal(services[0].server_url,
+                   "http://www.livejournal.com/openid/server.bml")
+    end
+  end
+
+  class TestPreferredNamespace < Test::Unit::TestCase
+    def initialize(*args)
+      super(*args)
+
+      @cases = [
+               [OPENID1_NS, []],
+               [OPENID1_NS, ['http://jyte.com/']],
+               [OPENID1_NS, [OPENID_1_0_TYPE]],
+               [OPENID1_NS, [OPENID_1_1_TYPE]],
+               [OPENID2_NS, [OPENID_2_0_TYPE]],
+               [OPENID2_NS, [OPENID_IDP_2_0_TYPE]],
+               [OPENID2_NS, [OPENID_2_0_TYPE,
+                             OPENID_1_0_TYPE]],
+               [OPENID2_NS, [OPENID_1_0_TYPE,
+                             OPENID_2_0_TYPE]],
+              ]
+    end
+
+    def test_preferred_namespace
+
+      @cases.each { |expected_ns, type_uris|
+        endpoint = OpenIDServiceEndpoint.new()
+        endpoint.type_uris = type_uris
+        actual_ns = endpoint.preferred_namespace()
+        assert_equal(actual_ns, expected_ns)
+      }
+    end
+  end
+
+  class TestIsOPIdentifier < Test::Unit::TestCase
+    def setup
+      @endpoint = OpenIDServiceEndpoint.new()
+    end
+
+    def test_none
+      assert(!@endpoint.is_op_identifier())
+    end
+
+    def test_openid1_0
+      @endpoint.type_uris = [OPENID_1_0_TYPE]
+      assert(!@endpoint.is_op_identifier())
+    end
+
+    def test_openid1_1
+      @endpoint.type_uris = [OPENID_1_1_TYPE]
+      assert(!@endpoint.is_op_identifier())
+    end
+
+    def test_openid2
+      @endpoint.type_uris = [OPENID_2_0_TYPE]
+      assert(!@endpoint.is_op_identifier())
+    end
+
+    def test_openid2OP
+      @endpoint.type_uris = [OPENID_IDP_2_0_TYPE]
+      assert(@endpoint.is_op_identifier())
+    end
+
+    def test_multipleMissing
+      @endpoint.type_uris = [OPENID_2_0_TYPE,
+                             OPENID_1_0_TYPE]
+      assert(!@endpoint.is_op_identifier())
+    end
+
+    def test_multiplePresent
+      @endpoint.type_uris = [OPENID_2_0_TYPE,
+                             OPENID_1_0_TYPE,
+                             OPENID_IDP_2_0_TYPE]
+      assert(@endpoint.is_op_identifier())
+    end
+  end
+
+  class TestFromOPEndpointURL < Test::Unit::TestCase
+    def setup
+      @op_endpoint_url = 'http://example.com/op/endpoint'
+      @endpoint = OpenIDServiceEndpoint.from_op_endpoint_url(@op_endpoint_url)
+    end
+
+    def test_isOPEndpoint
+      assert(@endpoint.is_op_identifier())
+    end
+
+    def test_noIdentifiers
+      assert_equal(@endpoint.get_local_id, nil)
+      assert_equal(@endpoint.claimed_id, nil)
+    end
+
+    def test_compatibility
+      assert(!@endpoint.compatibility_mode())
+    end
+
+    def test_canonical_id
+      assert_equal(@endpoint.canonical_id, nil)
+    end
+
+    def test_serverURL
+      assert_equal(@endpoint.server_url, @op_endpoint_url)
+    end
+  end
+
+  class TestDiscoverFunction < Test::Unit::TestCase
+    def test_discover_function
+      # XXX these were all different tests in python, but they're
+      # combined here so I only have to use with_method_overridden
+      # once.
+      discoverXRI = Proc.new { |identifier|
+        return 'XRI'
+      }
+
+      discoverURI = Proc.new { |identifier|
+        return 'URI'
+      }
+
+      OpenID.extend(OverrideMethodMixin)
+
+      OpenID.with_method_overridden(:discover_uri, discoverURI) do
+        OpenID.with_method_overridden(:discover_xri, discoverXRI) do
+          assert_equal('URI', OpenID.discover('http://woo!'))
+          assert_equal('URI', OpenID.discover('not a URL or XRI'))
+          assert_equal('XRI', OpenID.discover('xri://=something'))
+          assert_equal('XRI', OpenID.discover('=something'))
+        end
+      end
+    end
+  end
+
+  class TestEndpointSupportsType < Test::Unit::TestCase
+    def setup
+      @endpoint = OpenIDServiceEndpoint.new()
+    end
+
+    def failUnlessSupportsOnly(*types)
+      ['foo',
+       OPENID_1_1_TYPE,
+       OPENID_1_0_TYPE,
+       OPENID_2_0_TYPE,
+       OPENID_IDP_2_0_TYPE].each { |t|
+        if types.member?(t)
+          assert(@endpoint.supports_type(t),
+                 sprintf("Must support %s", t))
+        else
+          assert(!@endpoint.supports_type(t),
+                 sprintf("Shouldn't support %s", t))
+        end
+      }
+    end
+
+    def test_supportsNothing
+      failUnlessSupportsOnly()
+    end
+
+    def test_openid2
+      @endpoint.type_uris = [OPENID_2_0_TYPE]
+      failUnlessSupportsOnly(OPENID_2_0_TYPE)
+    end
+
+    def test_openid2provider
+      @endpoint.type_uris = [OPENID_IDP_2_0_TYPE]
+      failUnlessSupportsOnly(OPENID_IDP_2_0_TYPE,
+                             OPENID_2_0_TYPE)
+    end
+
+    def test_openid1_0
+      @endpoint.type_uris = [OPENID_1_0_TYPE]
+      failUnlessSupportsOnly(OPENID_1_0_TYPE)
+    end
+
+    def test_openid1_1
+      @endpoint.type_uris = [OPENID_1_1_TYPE]
+      failUnlessSupportsOnly(OPENID_1_1_TYPE)
+    end
+
+    def test_multiple
+      @endpoint.type_uris = [OPENID_1_1_TYPE,
+                             OPENID_2_0_TYPE]
+      failUnlessSupportsOnly(OPENID_1_1_TYPE,
+                             OPENID_2_0_TYPE)
+    end
+
+    def test_multipleWithProvider
+      @endpoint.type_uris = [OPENID_1_1_TYPE,
+                             OPENID_2_0_TYPE,
+                             OPENID_IDP_2_0_TYPE]
+      failUnlessSupportsOnly(OPENID_1_1_TYPE,
+                             OPENID_2_0_TYPE,
+                             OPENID_IDP_2_0_TYPE)
+    end
+  end
+
+  class TestEndpointDisplayIdentifier < Test::Unit::TestCase
+    def test_strip_fragment
+      @endpoint = OpenIDServiceEndpoint.new()
+      @endpoint.claimed_id = 'http://recycled.invalid/#123'
+      assert_equal 'http://recycled.invalid/', @endpoint.display_identifier
+    end
+  end
+
+
+  class TestNormalizeURL < Test::Unit::TestCase
+    def test_no_host
+      assert_raise(DiscoveryFailure) {
+        OpenID::normalize_url('http:///too-many.invalid/slashes')
+      }
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_discovery_manager.rb b/vendor/gems/ruby-openid-2.1.4/test/test_discovery_manager.rb
new file mode 100644
index 000000000..da966f384
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_discovery_manager.rb
@@ -0,0 +1,262 @@
+
+require 'test/unit'
+require 'openid/consumer/discovery_manager'
+require 'openid/extras'
+
+require 'testutil'
+
+module OpenID
+  class TestDiscoveredServices < Test::Unit::TestCase
+    def setup
+      @starting_url = "http://starting.url.com/"
+      @yadis_url = "http://starting.url.com/xrds"
+      @services = ["bogus", "not_a_service"]
+
+      @disco_services = Consumer::DiscoveredServices.new(@starting_url,
+                                                         @yadis_url,
+                                                         @services.dup)
+    end
+
+    def test_next
+      assert_equal(@disco_services.next, @services[0])
+      assert_equal(@disco_services.current, @services[0])
+
+      assert_equal(@disco_services.next, @services[1])
+      assert_equal(@disco_services.current, @services[1])
+
+      assert_equal(@disco_services.next, nil)
+      assert_equal(@disco_services.current, nil)
+    end
+
+    def test_for_url
+      assert(@disco_services.for_url?(@starting_url))
+      assert(@disco_services.for_url?(@yadis_url))
+
+      assert(!@disco_services.for_url?(nil))
+      assert(!@disco_services.for_url?("invalid"))
+    end
+
+    def test_started
+      assert(!@disco_services.started?)
+      @disco_services.next
+      assert(@disco_services.started?)
+      @disco_services.next
+      assert(@disco_services.started?) 
+      @disco_services.next
+      assert(!@disco_services.started?)
+    end
+
+    def test_empty
+      assert(Consumer::DiscoveredServices.new(nil, nil, []).empty?)
+
+      assert(!@disco_services.empty?)
+
+      @disco_services.next
+      @disco_services.next
+
+      assert(@disco_services.started?)
+    end
+  end
+
+  # I need to be able to test the protected methods; this lets me do
+  # that.
+  class PassthroughDiscoveryManager < Consumer::DiscoveryManager
+    def method_missing(m, *args)
+      method(m).call(*args)
+    end
+  end
+
+  class TestDiscoveryManager < Test::Unit::TestCase
+    def setup
+      @session = {}
+      @url = "http://unittest.com/"
+      @key_suffix = "testing"
+      @yadis_url = "http://unittest.com/xrds"
+      @manager = PassthroughDiscoveryManager.new(@session, @url, @key_suffix)
+      @key = @manager.session_key
+    end
+
+    def test_construct
+      # Make sure the default session key suffix is not nil.
+      m = Consumer::DiscoveryManager.new(nil, nil)
+      assert(!m.instance_variable_get("@session_key_suffix").nil?)
+
+      m = Consumer::DiscoveryManager.new(nil, nil, "override")
+      assert_equal(m.instance_variable_get("@session_key_suffix"), "override")
+    end
+
+    def test_get_next_service
+      assert_equal(@session[@key], nil)
+
+      next_service = @manager.get_next_service {
+        [@yadis_url, ["one", "two", "three"]]
+      }
+
+      disco = @session[@key]
+      assert_equal(disco.current, "one")
+      assert_equal(next_service, "one")
+      assert(disco.for_url?(@url))
+      assert(disco.for_url?(@yadis_url))
+
+      # The first two calls to get_next_service should return the
+      # services in @disco.
+      assert_equal(@manager.get_next_service, "two")
+      assert_equal(@manager.get_next_service, "three")
+      assert_equal(@session[@key], disco)
+
+      # The manager is exhausted and should be deleted and a new one
+      # should be created.
+      @manager.get_next_service {
+        [@yadis_url, ["four"]]
+      }
+
+      disco2 = @session[@key]
+      assert_equal(disco2.current, "four")
+
+      # create_manager may return a nil manager, in which case the
+      # next service should be nil.
+      @manager.extend(OpenID::InstanceDefExtension)
+      @manager.instance_def(:create_manager) do |yadis_url, services|
+        nil
+      end
+
+      result = @manager.get_next_service { |url|
+        ["unused", []]
+      }
+
+      assert_equal(result, nil)
+    end
+
+    def test_cleanup
+      # With no preexisting manager, cleanup() returns nil.
+      assert_equal(@manager.cleanup, nil)
+
+      # With a manager, it returns the manager's current service.
+      disco = Consumer::DiscoveredServices.new(@url, @yadis_url, ["one", "two"])
+
+      @session[@key] = disco
+      assert_equal(@manager.cleanup, nil)
+      assert_equal(@session[@key], nil)
+
+      @session[@key] = disco
+      disco.next
+      assert_equal(@manager.cleanup, "one")
+      assert_equal(@session[@key], nil)
+
+      # The force parameter should be passed through to get_manager
+      # and destroy_manager.
+      force_value = "yo"
+      testcase = self
+
+      m = Consumer::DiscoveredServices.new(nil, nil, ["inner"])
+      m.next
+
+      @manager.extend(OpenID::InstanceDefExtension)
+      @manager.instance_def(:get_manager) do |force|
+        testcase.assert_equal(force, force_value)
+        m
+      end
+
+      @manager.instance_def(:destroy_manager) do |force|
+        testcase.assert_equal(force, force_value)
+      end
+
+      assert_equal("inner", @manager.cleanup(force_value))
+    end
+
+    def test_get_manager
+      # get_manager should always return the loaded manager when
+      # forced.
+      @session[@key] = "bogus"
+      assert_equal("bogus", @manager.get_manager(true))
+
+      # When not forced, only managers for @url should be returned.
+      disco = Consumer::DiscoveredServices.new(@url, @yadis_url, ["one"])
+      @session[@key] = disco
+      assert_equal(@manager.get_manager, disco)
+
+      # Try to get_manager for a manger that doesn't manage @url:
+      disco2 = Consumer::DiscoveredServices.new("http://not.this.url.com/",
+                                                "http://other.yadis.url/", ["one"])
+      @session[@key] = disco2
+      assert_equal(@manager.get_manager, nil)
+      assert_equal(@manager.get_manager(true), disco2)
+    end
+
+    def test_create_manager
+      assert(@session[@key].nil?)
+
+      services = ["created", "manager"]
+      returned_disco = @manager.create_manager(@yadis_url, services)
+
+      stored_disco = @session[@key]
+      assert(stored_disco.for_url?(@yadis_url))
+      assert_equal(stored_disco.next, "created")
+
+      assert_equal(stored_disco, returned_disco)
+
+      # Calling create_manager with a preexisting manager should
+      # result in StandardError.
+      assert_raise(StandardError) {
+        @manager.create_manager(@yadis_url, services)
+      }
+
+      # create_manager should do nothing (and return nil) if given no
+      # services.
+      @session[@key] = nil
+      result = @manager.create_manager(@yadis_url, [])
+      assert(result.nil?)
+      assert(@session[@key].nil?)
+    end
+
+    class DestroyCalledException < StandardError; end
+
+    def test_destroy_manager
+      # destroy_manager should remove the manager from the session,
+      # forcibly if necessary.
+      valid_disco = Consumer::DiscoveredServices.new(@url, @yadis_url, ["serv"])
+      invalid_disco = Consumer::DiscoveredServices.new("http://not.mine.com/",
+                                                       "http://different.url.com/",
+                                                       ["serv"])
+
+      @session[@key] = valid_disco
+      @manager.destroy_manager
+      assert(@session[@key].nil?)
+
+      @session[@key] = invalid_disco
+      @manager.destroy_manager
+      assert_equal(@session[@key], invalid_disco)
+
+      # Force destruction of manager, no matter which URLs it's for.
+      @manager.destroy_manager(true)
+      assert(@session[@key].nil?)
+    end
+
+    def test_session_key
+      assert(@manager.session_key.ends_with?(
+               @manager.instance_variable_get("@session_key_suffix")))
+    end
+
+    def test_store
+      thing = "opaque"
+      assert(@session[@key].nil?)
+      @manager.store(thing)
+      assert_equal(@session[@key], thing)
+    end
+
+    def test_load
+      thing = "opaque"
+      @session[@key] = thing
+      assert_equal(@manager.load, thing)
+    end
+
+    def test_destroy!
+      thing = "opaque"
+      @manager.store(thing)
+      assert_equal(@manager.load, thing)
+      @manager.destroy!
+      assert(@session[@key].nil?)
+      assert(@manager.load.nil?)
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_extension.rb b/vendor/gems/ruby-openid-2.1.4/test/test_extension.rb
new file mode 100644
index 000000000..bfe14e9b2
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_extension.rb
@@ -0,0 +1,46 @@
+require 'openid/extension'
+require 'openid/message'
+require 'test/unit'
+
+module OpenID
+  class DummyExtension < OpenID::Extension
+    TEST_URI = 'http://an.extension'
+    TEST_ALIAS = 'dummy'
+    def initialize
+      @ns_uri = TEST_URI
+      @ns_alias = TEST_ALIAS
+    end
+
+    def get_extension_args
+      return {}
+    end
+  end
+
+  class ToMessageTest < Test::Unit::TestCase
+     def test_OpenID1
+       oid1_msg = Message.new(OPENID1_NS)
+       ext = DummyExtension.new
+       ext.to_message(oid1_msg)
+       namespaces = oid1_msg.namespaces
+       assert(namespaces.implicit?(DummyExtension::TEST_URI))
+       assert_equal(
+                    DummyExtension::TEST_URI,
+                    namespaces.get_namespace_uri(DummyExtension::TEST_ALIAS))
+       assert_equal(DummyExtension::TEST_ALIAS,
+                    namespaces.get_alias(DummyExtension::TEST_URI))
+     end
+ 
+     def test_OpenID2
+       oid2_msg = Message.new(OPENID2_NS)
+       ext = DummyExtension.new
+       ext.to_message(oid2_msg)
+       namespaces = oid2_msg.namespaces
+       assert(!namespaces.implicit?(DummyExtension::TEST_URI))
+       assert_equal(
+             DummyExtension::TEST_URI,
+             namespaces.get_namespace_uri(DummyExtension::TEST_ALIAS))
+       assert_equal(DummyExtension::TEST_ALIAS,
+                    namespaces.get_alias(DummyExtension::TEST_URI))
+     end
+   end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_extras.rb b/vendor/gems/ruby-openid-2.1.4/test/test_extras.rb
new file mode 100644
index 000000000..c30861cc4
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_extras.rb
@@ -0,0 +1,35 @@
+require 'test/unit'
+require 'openid/extras'
+
+class StartsWithTestCase < Test::Unit::TestCase
+    def test_starts_with
+        [["anything", ""],
+         ["something else", ""],
+         ["", ""],
+         ["foos", "foo"],
+        ].each{|str,target| assert(str.starts_with?(target))}
+    end
+
+    def test_not_starts_with
+        [["x", "y"],
+         ["foos", "ball"],
+         ["xx", "xy"],
+        ].each{|str,target| assert(!(str.starts_with? target)) }
+    end
+
+    def test_ends_with
+        [["anything", ""],
+         ["something else", " else"],
+         ["", ""],
+         ["foos", "oos"],
+        ].each{|str,target| assert(str.ends_with?(target))}
+    end
+
+    def test_not_ends_with
+        [["x", "y"],
+         ["foos", "ball"],
+         ["xx", "xy"],
+         ["foosball", "foosbal"],
+        ].each{|str,target| assert(!(str.ends_with? target)) }
+    end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_fetchers.rb b/vendor/gems/ruby-openid-2.1.4/test/test_fetchers.rb
new file mode 100644
index 000000000..7130da55e
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_fetchers.rb
@@ -0,0 +1,538 @@
+require 'test/unit'
+require 'net/http'
+require 'webrick'
+
+require 'testutil'
+require 'util'
+
+require 'openid/fetchers'
+
+require 'stringio'
+
+begin
+  require 'net/https'
+rescue LoadError
+  # We need these names for testing.
+
+  module OpenSSL
+    module SSL
+      class SSLError < StandardError; end
+    end
+  end
+end
+
+module HttpResultAssertions
+  def assert_http_result_is(expected, result)
+    assert_equal expected.code, result.code
+    assert_equal expected.body, result.body
+    assert_equal expected.final_url, result.final_url
+  end
+end
+
+class BogusFetcher
+  RESPONSE = "bogus"
+
+  def fetch(url, body=nil, headers=nil, redirect_limit=5)
+    return BogusFetcher::RESPONSE
+  end
+end
+
+class FetcherTestCase < Test::Unit::TestCase
+  include HttpResultAssertions
+  include OpenID::TestUtil
+
+  @@test_header_name = 'X-test-header'
+  @@test_header_value = 'marmoset'
+
+  class ExpectedResponse < Net::HTTPResponse
+    attr_reader :final_url
+
+    def initialize(code, final_url, body="the expected body",
+                   httpv="1.1", msg=nil)
+      super(httpv, code, msg)
+      @code = code
+      @body = body
+      @final_url = final_url
+    end
+
+    def body
+      @body
+    end
+  end
+
+  @@cases =
+    [
+     # path, status code, expected url (nil = default to path)
+     ['/success', 200, nil],
+     ['/notfound', 404, nil],
+     ['/badreq', 400, nil],
+     ['/forbidden', 403, nil],
+     ['/error', 500, nil],
+     ['/server_error', 503, nil],
+     ['/301redirect', 200, '/success'],
+     ['/302redirect', 200, '/success'],
+     ['/303redirect', 200, '/success'],
+     ['/307redirect', 200, '/success'],
+    ]
+
+  def _redirect_with_code(code)
+    lambda { |req, resp|
+      resp.status = code
+      resp['Location'] = _uri_build('/success')
+    }
+  end
+
+  def _respond_with_code(code)
+    lambda { |req, resp|
+      resp.status = code
+      resp.body = "the expected body"
+    }
+  end
+
+  def _require_header
+    lambda { |req, resp|
+      assert_equal @@test_header_value, req[@@test_header_name]
+      assert_match 'ruby-openid', req['User-agent']
+    }
+  end
+
+  def _require_post
+    lambda { |req, resp|
+      assert_equal 'POST', req.request_method
+      assert_equal "postbody\n", req.body
+    }
+  end
+
+  def _redirect_loop
+    lambda { |req, resp|
+      @_redirect_counter += 1
+      resp.status = 302
+      resp['Location'] = _uri_build('/redirect_loop')
+      resp.body = "Fetched #{@_redirect_counter} times."
+      assert_block("Fetched too many times.") { @_redirect_counter < 10 }
+    }
+  end
+  
+  def setup
+    @fetcher = OpenID::StandardFetcher.new
+    @logfile = StringIO.new
+    @weblog = WEBrick::Log.new(logfile=@logfile)
+    @server = WEBrick::HTTPServer.new(:Port => 0,
+                                      :Logger => @weblog,
+                                      :AccessLog => [])
+    @server_thread = Thread.new {
+      @server.mount_proc('/success', _respond_with_code(200))
+      @server.mount_proc('/301redirect', _redirect_with_code(301))
+      @server.mount_proc('/302redirect', _redirect_with_code(302))
+      @server.mount_proc('/303redirect', _redirect_with_code(303))
+      @server.mount_proc('/307redirect', _redirect_with_code(307))
+      @server.mount_proc('/badreq', _respond_with_code(400))
+      @server.mount_proc('/forbidden', _respond_with_code(403))
+      @server.mount_proc('/notfound', _respond_with_code(404))
+      @server.mount_proc('/error', _respond_with_code(500))
+      @server.mount_proc('/server_error', _respond_with_code(503))
+      @server.mount_proc('/require_header', _require_header)
+      @server.mount_proc('/redirect_to_reqheader') { |req, resp|
+        resp.status = 302
+        resp['Location'] = _uri_build('/require_header')
+      }
+      @server.mount_proc('/post', _require_post)
+      @server.mount_proc('/redirect_loop', _redirect_loop)
+      @server.start
+    }
+    @uri = _uri_build
+    sleep 0.2
+  end
+
+  def _uri_build(path='/')
+    u = URI::HTTP.build({
+                          :host => @server.config[:ServerName],
+                          :port => @server.config[:Port],
+                          :path => path,
+                        })
+    return u.to_s
+  end
+
+  def teardown
+    @server.shutdown
+    # Sleep a little because sometimes this blocks forever.
+    @server_thread.join
+  end
+
+=begin
+# XXX This test no longer works since we're not dealing with URI
+# objects internally.
+  def test_final_url_tainted
+    uri = _uri_build('/301redirect')
+    result = @fetcher.fetch(uri)
+
+    final_url = URI::parse(result.final_url)
+
+    assert final_url.host.tainted?
+    assert final_url.path.tainted?
+  end
+=end
+
+  def test_headers
+    headers = {
+      @@test_header_name => @@test_header_value
+    }
+    uri = _uri_build('/require_header')
+    result = @fetcher.fetch(uri, nil, headers)
+    # The real test runs under the WEBrick handler _require_header,
+    # this just checks the return code from that.
+    assert_equal '200', result.code, @logfile.string
+  end
+
+  def test_headers_after_redirect
+    headers = {
+      @@test_header_name => @@test_header_value
+    }
+    uri = _uri_build('/redirect_to_reqheader')
+    result = @fetcher.fetch(uri, nil, headers)
+    # The real test runs under the WEBrick handler _require_header,
+    # this just checks the return code from that.
+    assert_equal '200', result.code, @logfile.string
+  end
+
+  def test_post
+    uri = _uri_build('/post')
+    result = @fetcher.fetch(uri, "postbody\n")
+    # The real test runs under the WEBrick handler _require_header,
+    # this just checks the return code from that.
+    assert_equal '200', result.code, @logfile.string
+  end
+
+  def test_redirect_limit
+    @_redirect_counter = 0
+    uri = _uri_build('/redirect_loop')
+    assert_raise(OpenID::HTTPRedirectLimitReached) {
+      @fetcher.fetch(uri)
+    }
+  end
+
+  def test_cases
+    for path, expected_code, expected_url in @@cases
+      uri = _uri_build(path)
+      if expected_url.nil?
+        expected_url = uri
+      else
+        expected_url = _uri_build(expected_url)
+      end
+
+      expected = ExpectedResponse.new(expected_code.to_s, expected_url)
+      result = @fetcher.fetch(uri)
+
+      begin
+        assert_http_result_is expected, result
+      rescue Test::Unit::AssertionFailedError => err
+        if result.code == '500' && expected_code != 500
+          # Looks like our WEBrick harness broke.
+          msg = <<EOF
+Status #{result.code} from case #{path}.  Logs:
+#{@logfile.string}
+EOF
+          raise msg
+        end
+
+        # Wrap failure messages so we can tell which case failed.
+        new_msg = "#{path}: #{err.message.to_s}"
+        new_err = Test::Unit::AssertionFailedError.new(new_msg)
+        new_err.set_backtrace(err.backtrace)
+        raise new_err
+      end
+    end
+  end
+
+  def test_https_no_openssl
+    # Override supports_ssl? to always claim that connections don't
+    # support SSL.  Test the behavior of fetch() for HTTPS URLs in
+    # that case.
+    f = OpenID::StandardFetcher.new
+    f.extend(OpenID::InstanceDefExtension)
+
+    f.instance_def(:supports_ssl?) do |conn|
+      false
+    end
+
+    begin
+      f.fetch("https://someurl.com/")
+      flunk("Expected RuntimeError")
+    rescue RuntimeError => why
+      assert_equal(why.to_s, "SSL support not found; cannot fetch https://someurl.com/")
+    end
+  end
+
+  class FakeConnection < Net::HTTP
+    attr_reader :use_ssl, :ca_file
+
+    def initialize *args
+      super
+      @ca_file = nil
+    end
+
+    def use_ssl=(v)
+      @use_ssl = v
+    end
+
+    def ca_file=(ca_file)
+      @ca_file = ca_file
+    end
+  end
+
+  def test_ssl_with_ca_file
+    f = OpenID::StandardFetcher.new
+    ca_file = "BOGUS"
+    f.ca_file = ca_file
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_http) do |uri|
+      FakeConnection.new(uri.host, uri.port)
+    end
+
+    testcase = self
+
+    f.instance_def(:set_verified) do |conn, verified|
+      testcase.assert(verified)
+    end
+
+    conn = f.make_connection(URI::parse("https://someurl.com"))
+    assert_equal(conn.ca_file, ca_file)
+  end
+
+  def test_ssl_without_ca_file
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_http) do |uri|
+      FakeConnection.new(uri.host, uri.port)
+    end
+
+    testcase = self
+
+    f.instance_def(:set_verified) do |conn, verified|
+      testcase.assert(!verified)
+    end
+
+    conn = nil
+    assert_log_matches(/making https request to https:\/\/someurl.com without verifying/) {
+      conn = f.make_connection(URI::parse("https://someurl.com"))
+    }
+
+    assert(conn.ca_file.nil?)
+  end
+
+  def test_make_http_nil
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_http) do |uri|
+      nil
+    end
+
+    assert_raise(RuntimeError) {
+      f.make_connection(URI::parse("http://example.com/"))
+    }
+  end
+
+  def test_make_http_invalid
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_http) do |uri|
+      "not a Net::HTTP object"
+    end
+
+    assert_raise(RuntimeError) {
+      f.make_connection(URI::parse("http://example.com/"))
+    }
+  end
+
+  class BrokenSSLConnection
+    def start(&block)
+      raise OpenSSL::SSL::SSLError
+    end
+  end
+
+  def test_sslfetchingerror
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_connection) do |uri|
+      BrokenSSLConnection.new
+    end
+
+    assert_raise(OpenID::SSLFetchingError) {
+      f.fetch("https://bogus.com/")
+    }
+  end
+
+  class TimeoutConnection
+    def start(&block)
+      raise Timeout::Error
+    end
+  end
+
+  def test_fetchingerror
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_connection) do |uri|
+      TimeoutConnection.new
+    end
+
+    assert_raise(OpenID::FetchingError) {
+      f.fetch("https://bogus.com/")
+    }
+  end
+  
+  class TestingException < OpenID::FetchingError; end
+
+  class NoSSLSupportConnection
+    def supports_ssl?
+      false
+    end
+
+    def start
+      yield
+    end
+
+    def request_get(*args)
+      raise TestingException
+    end
+
+    def post_connection_check(hostname)
+      raise RuntimeError
+    end
+
+    def use_ssl?
+      true
+    end
+  end
+
+  class NoUseSSLConnection < NoSSLSupportConnection
+    def use_ssl?
+      false
+    end
+  end
+
+  def test_post_connection_check_no_support_ssl
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_connection) do |uri|
+      NoSSLSupportConnection.new
+    end
+
+    # post_connection_check should not be called.
+    assert_raise(TestingException) {
+      f.fetch("https://bogus.com/")
+    }
+  end
+
+  def test_post_connection_check_no_use_ssl
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_connection) do |uri|
+      NoUseSSLConnection.new
+    end
+
+    # post_connection_check should not be called.
+    assert_raise(TestingException) {
+      f.fetch("https://bogus.com/")
+    }
+  end
+
+  class PostConnectionCheckException < OpenID::FetchingError; end
+
+  class UseSSLConnection < NoSSLSupportConnection
+    def use_ssl?
+      true
+    end
+
+    def post_connection_check(hostname)
+      raise PostConnectionCheckException
+    end
+  end
+
+  def test_post_connection_check
+    f = OpenID::StandardFetcher.new
+
+    f.extend(OpenID::InstanceDefExtension)
+    f.instance_def(:make_connection) do |uri|
+      UseSSLConnection.new
+    end
+
+    f.instance_def(:supports_ssl?) do |conn|
+      true
+    end
+
+    # post_connection_check should be called.
+    assert_raise(PostConnectionCheckException) {
+      f.fetch("https://bogus.com/")
+    }
+  end
+end
+
+class DefaultFetcherTest < Test::Unit::TestCase
+  def setup
+    OpenID.fetcher = nil
+  end
+
+  def test_default_fetcher
+    assert(OpenID.fetcher.is_a?(OpenID::StandardFetcher))
+
+    # A custom fetcher can be set
+    OpenID.fetcher = BogusFetcher.new
+
+    # A test fetch should call the new fetcher
+    assert(OpenID.fetch('not-a-url') == BogusFetcher::RESPONSE)
+
+    # Set the fetcher to nil again
+    OpenID.fetcher = nil
+    assert(OpenID.fetcher.is_a?(OpenID::StandardFetcher))
+  end
+end
+
+class ProxyTest < Test::Unit::TestCase
+  def test_proxy_unreachable
+    begin
+      f = OpenID::StandardFetcher.new('127.0.0.1', 1)
+      # If this tries to connect to the proxy (on port 1), I expect
+      # a 'connection refused' error.  If it tries to contact the below
+      # URI first, it will get some other sort of error.
+      f.fetch("http://unittest.invalid")
+    rescue OpenID::FetchingError => why
+      # XXX: Is this a translatable string that is going to break?
+      if why.message =~ /Connection refused/
+        return
+      end
+      raise why
+    end
+    flunk "expected Connection Refused, but it passed."
+  end
+
+  def test_proxy_env
+    ENV['http_proxy'] = 'http://127.0.0.1:3128/'
+    OpenID.fetcher_use_env_http_proxy
+    
+    # make_http just to give us something with readable attributes to inspect.
+    conn = OpenID.fetcher.make_http(URI.parse('http://127.0.0.2'))
+    assert_equal('127.0.0.1', conn.proxy_address)
+    assert_equal(3128, conn.proxy_port)
+  end
+  # These aren't fully automated tests, but if you start a proxy
+  # on port 8888 (tinyproxy's default) and check its logs...
+#   def test_proxy
+#     f = OpenID::StandardFetcher.new('127.0.0.1', 8888)
+#     result = f.fetch("http://www.example.com/")
+#     assert_match(/RFC.*2606/, result.body)
+#   end
+
+#   def test_proxy_https
+#     f = OpenID::StandardFetcher.new('127.0.0.1', 8888)
+#     result = f.fetch("https://www.myopenid.com/")
+#     assert_match(/myOpenID/, result.body)
+#   end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_filters.rb b/vendor/gems/ruby-openid-2.1.4/test/test_filters.rb
new file mode 100644
index 000000000..990201f02
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_filters.rb
@@ -0,0 +1,270 @@
+
+require 'test/unit'
+require 'openid/yadis/filters'
+
+module OpenID
+  class BasicServiceEndpointTest < Test::Unit::TestCase
+    def test_match_types
+      # Make sure the match_types operation returns the expected
+      # results with various inputs.
+      types = ["urn:bogus", "urn:testing"]
+      yadis_url = "http://yadis/"
+
+      no_types_endpoint = Yadis::BasicServiceEndpoint.new(yadis_url, [], nil, nil)
+
+      some_types_endpoint = Yadis::BasicServiceEndpoint.new(yadis_url, types,
+                                                            nil, nil)
+
+      assert(no_types_endpoint.match_types([]) == [])
+      assert(no_types_endpoint.match_types(["urn:absent"]) == [])
+
+      assert(some_types_endpoint.match_types([]) == [])
+      assert(some_types_endpoint.match_types(["urn:absent"]) == [])
+      assert(some_types_endpoint.match_types(types) == types)
+      assert(some_types_endpoint.match_types([types[1], types[0]]) == types)
+      assert(some_types_endpoint.match_types([types[0]]) == [types[0]])
+      assert(some_types_endpoint.match_types(types + ["urn:absent"]) == types)
+    end
+
+    def test_from_basic_service_endpoint
+      # Check BasicServiceEndpoint.from_basic_service_endpoint
+      endpoint = "unused"
+      e = Yadis::BasicServiceEndpoint.new(nil, [], nil, nil)
+
+      assert(Yadis::BasicServiceEndpoint.from_basic_service_endpoint(endpoint) ==
+             endpoint)
+      assert(e.from_basic_service_endpoint(endpoint) ==
+             endpoint)
+    end
+  end
+
+  class TransformFilterMakerTest < Test::Unit::TestCase
+    def make_service_element(types, uris)
+      service = REXML::Element.new('Service')
+      types.each { |type_text|
+        service.add_element('Type').text = type_text
+      }
+      uris.each { |uri_text|
+        service.add_element('URI').text = uri_text
+      }
+      return service
+    end
+    def test_get_service_endpoints
+      yadis_url = "http://yad.is/"
+      uri = "http://uri/"
+      type_uris = ["urn:type1", "urn:type2"]
+      element = make_service_element(type_uris, [uri])
+
+      data = [
+              [type_uris, uri, element],
+             ]
+
+      filters = [Proc.new { |endpoint|
+                   if endpoint.service_element == element
+                     endpoint
+                   else
+                     nil
+                   end
+                 }
+                ]
+
+      tf = Yadis::TransformFilterMaker.new(filters)
+      result = tf.get_service_endpoints(yadis_url, element)
+
+      assert_equal(result[0].yadis_url, yadis_url, result)
+      assert_equal(result[0].uri, uri, result)
+    end
+
+    def test_empty_transform_filter
+      # A transform filter with no filter procs should return nil.
+      endpoint = "unused"
+      t = Yadis::TransformFilterMaker.new([])
+      assert(t.apply_filters(endpoint).nil?)
+    end
+
+    def test_nil_filter
+      # A transform filter with a single nil filter should return nil.
+      nil_filter = Proc.new { |endpoint| nil }
+      t = Yadis::TransformFilterMaker.new([nil_filter])
+      endpoint = "unused"
+      assert(t.apply_filters(endpoint).nil?)
+    end
+
+    def test_identity_filter
+      # A transform filter with an identity filter should return the
+      # input.
+      identity_filter = Proc.new { |endpoint| endpoint }
+      t = Yadis::TransformFilterMaker.new([identity_filter])
+      endpoint = "unused"
+      assert(t.apply_filters(endpoint) == endpoint)
+    end
+
+    def test_return_different_endpoint
+      # Make sure the result of the filter is returned, rather than
+      # the input.
+      returned_endpoint = "returned endpoint"
+      filter = Proc.new { |endpoint| returned_endpoint }
+      t = Yadis::TransformFilterMaker.new([filter])
+      endpoint = "unused"
+      assert(t.apply_filters(endpoint) == returned_endpoint)
+    end
+
+    def test_multiple_filters
+      # Check filter fallback behavior on different inputs.
+      odd, odd_result = 45, "odd"
+      even, even_result = 46, "even"
+
+      filter_odd = Proc.new { |endpoint|
+        if endpoint % 2 == 1
+          odd_result
+        else
+          nil
+        end
+      }
+
+      filter_even = Proc.new { |endpoint|
+        if endpoint % 2 == 0
+          even_result
+        else
+          nil
+        end
+      }
+
+      t = Yadis::TransformFilterMaker.new([filter_odd, filter_even])
+      assert(t.apply_filters(odd) == odd_result)
+      assert(t.apply_filters(even) == even_result)
+    end
+  end
+
+  class BogusServiceEndpointExtractor
+    def initialize(data)
+      @data = data
+    end
+
+    def get_service_endpoints(yadis_url, service_element)
+      return @data
+    end
+  end
+
+  class CompoundFilterTest < Test::Unit::TestCase
+    def test_get_service_endpoints
+      first = ["bogus", "test"]
+      second = ["third"]
+      all = first + second
+
+      subfilters = [
+                    BogusServiceEndpointExtractor.new(first),
+                    BogusServiceEndpointExtractor.new(second),
+                   ]
+
+      cf = Yadis::CompoundFilter.new(subfilters)
+      assert(cf.get_service_endpoints("unused", "unused") == all)
+    end
+  end
+
+  class MakeFilterTest < Test::Unit::TestCase
+    def test_parts_nil
+      result = Yadis.make_filter(nil)
+      assert(result.is_a?(Yadis::TransformFilterMaker),
+             result)
+    end
+
+    def test_parts_array
+      e1 = Yadis::BasicServiceEndpoint.new(nil, [], nil, nil)
+      e2 = Yadis::BasicServiceEndpoint.new(nil, [], nil, nil)
+
+      result = Yadis.make_filter([e1, e2])
+      assert(result.is_a?(Yadis::TransformFilterMaker),
+             result)
+      assert(result.filter_procs[0] == e1.method('from_basic_service_endpoint'))
+      assert(result.filter_procs[1] == e2.method('from_basic_service_endpoint'))
+    end
+
+    def test_parts_single
+      e = Yadis::BasicServiceEndpoint.new(nil, [], nil, nil)
+      result = Yadis.make_filter(e)
+      assert(result.is_a?(Yadis::TransformFilterMaker),
+             result)
+    end
+  end
+
+  class MakeCompoundFilterTest < Test::Unit::TestCase
+    def test_no_filters
+      result = Yadis.mk_compound_filter([])
+      assert(result.subfilters == [])
+    end
+
+    def test_single_transform_filter
+      f = Yadis::TransformFilterMaker.new([])
+      assert(Yadis.mk_compound_filter([f]) == f)
+    end
+
+    def test_single_endpoint
+      e = Yadis::BasicServiceEndpoint.new(nil, [], nil, nil)
+      result = Yadis.mk_compound_filter([e])
+      assert(result.is_a?(Yadis::TransformFilterMaker))
+
+      # Expect the transform filter to call
+      # from_basic_service_endpoint on the endpoint
+      filter = result.filter_procs[0]
+      assert(filter == e.method('from_basic_service_endpoint'),
+             filter)
+    end
+
+    def test_single_proc
+      # Create a proc that just returns nil for any endpoint
+      p = Proc.new { |endpoint| nil }
+      result = Yadis.mk_compound_filter([p])
+      assert(result.is_a?(Yadis::TransformFilterMaker))
+
+      # Expect the transform filter to call
+      # from_basic_service_endpoint on the endpoint
+      filter = result.filter_procs[0]
+      assert(filter == p)
+    end
+
+    def test_multiple_filters_same_type
+      f1 = Yadis::TransformFilterMaker.new([])
+      f2 = Yadis::TransformFilterMaker.new([])
+
+      # Expect mk_compound_filter to actually make a CompoundFilter
+      # from f1 and f2.
+      result = Yadis.mk_compound_filter([f1, f2])
+
+      assert(result.is_a?(Yadis::CompoundFilter))
+      assert(result.subfilters == [f1, f2])
+    end
+
+    def test_multiple_filters_different_type
+      f1 = Yadis::TransformFilterMaker.new([])
+      f2 = Yadis::BasicServiceEndpoint.new(nil, [], nil, nil)
+      f3 = Proc.new { |endpoint| nil }
+
+      e = Yadis::BasicServiceEndpoint.new(nil, [], nil, nil)
+      f4 = [e]
+
+      # Expect mk_compound_filter to actually make a CompoundFilter
+      # from f1 and f2.
+      result = Yadis.mk_compound_filter([f1, f2, f3, f4])
+
+      assert(result.is_a?(Yadis::CompoundFilter))
+
+      assert(result.subfilters[0] == f1)
+      assert(result.subfilters[1].filter_procs[0] ==
+             e.method('from_basic_service_endpoint'))
+      assert(result.subfilters[2].filter_procs[0] ==
+             f2.method('from_basic_service_endpoint'))
+      assert(result.subfilters[2].filter_procs[1] == f3)
+    end
+
+    def test_filter_type_error
+      # Pass various non-filter objects and make sure the filter
+      # machinery explodes.
+      [nil, ["bogus"], [1], [nil, "bogus"]].each { |thing|
+        assert_raise(TypeError) {
+          Yadis.mk_compound_filter(thing)
+        }
+      }
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_idres.rb b/vendor/gems/ruby-openid-2.1.4/test/test_idres.rb
new file mode 100644
index 000000000..2abe45bbd
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_idres.rb
@@ -0,0 +1,906 @@
+require "testutil"
+require "util"
+require "test/unit"
+require "openid/consumer/idres"
+require "openid/protocolerror"
+require "openid/store/memory"
+require "openid/store/nonce"
+
+module OpenID
+  class Consumer
+    class IdResHandler
+
+      # Subclass of IdResHandler that doesn't do verification upon
+      # construction. All of the tests call this, except for the ones
+      # explicitly for id_res.
+      class IdResHandler < OpenID::Consumer::IdResHandler
+        def id_res
+        end
+      end
+
+      class CheckForFieldsTest < Test::Unit::TestCase
+        include ProtocolErrorMixin
+
+        BASE_FIELDS = ['return_to', 'assoc_handle', 'sig', 'signed']
+        OPENID2_FIELDS = BASE_FIELDS + ['op_endpoint']
+        OPENID1_FIELDS = BASE_FIELDS + ['identity']
+
+        OPENID1_SIGNED = ['return_to', 'identity']
+        OPENID2_SIGNED =
+          OPENID1_SIGNED + ['response_nonce', 'claimed_id', 'assoc_handle']
+
+        def mkMsg(ns, fields, signed_fields)
+          msg = Message.new(ns)
+          fields.each do |field|
+            msg.set_arg(OPENID_NS, field, "don't care")
+          end
+          if fields.member?('signed')
+            msg.set_arg(OPENID_NS, 'signed', signed_fields.join(','))
+          end
+          msg
+        end
+
+        1.times do # so as not to bleed into the outer namespace
+          n = 0
+          [[],
+           ['foo'],
+           ['bar', 'baz'],
+          ].each do |signed_fields|
+            test = lambda do
+              msg = mkMsg(OPENID2_NS, OPENID2_FIELDS, signed_fields)
+              idres = IdResHandler.new(msg, nil)
+              assert_equal(signed_fields, idres.send(:signed_list))
+              # Do it again to make sure logic for caching is correct
+              assert_equal(signed_fields, idres.send(:signed_list))
+            end
+            define_method("test_signed_list_#{n += 1}", test)
+          end
+        end
+
+        # test all missing fields for OpenID 1 and 2
+        1.times do
+          [["openid1", OPENID1_NS, OPENID1_FIELDS],
+           ["openid2", OPENID2_NS, OPENID2_FIELDS],
+          ].each do |ver, ns, all_fields|
+            all_fields.each do |field|
+              test = lambda do
+                fields = all_fields.dup
+                fields.delete(field)
+                msg = mkMsg(ns, fields, [])
+                idres = IdResHandler.new(msg, nil)
+                assert_protocol_error("Missing required field #{field}") {
+                  idres.send(:check_for_fields)
+                }
+              end
+              define_method("test_#{ver}_check_missing_#{field}", test)
+            end
+          end
+        end
+
+        # Test all missing signed for OpenID 1 and 2
+        1.times do
+          [["openid1", OPENID1_NS, OPENID1_FIELDS, OPENID1_SIGNED],
+           ["openid2", OPENID2_NS, OPENID2_FIELDS, OPENID2_SIGNED],
+          ].each do |ver, ns, all_fields, signed_fields|
+            signed_fields.each do |signed_field|
+              test = lambda do
+                fields = signed_fields.dup
+                fields.delete(signed_field)
+                msg = mkMsg(ns, all_fields, fields)
+                # Make sure the signed field is actually in the request
+                msg.set_arg(OPENID_NS, signed_field, "don't care")
+                idres = IdResHandler.new(msg, nil)
+                assert_protocol_error("#{signed_field.inspect} not signed") {
+                  idres.send(:check_for_fields)
+                }
+              end
+              define_method("test_#{ver}_check_missing_signed_#{signed_field}", test)
+            end
+          end
+        end
+
+        def test_112
+          args = {'openid.assoc_handle' => 'fa1f5ff0-cde4-11dc-a183-3714bfd55ca8', 
+                  'openid.claimed_id' => 'http://binkley.lan/user/test01', 
+                  'openid.identity' => 'http://test01.binkley.lan/', 
+                  'openid.mode' => 'id_res', 
+                  'openid.ns' => 'http://specs.openid.net/auth/2.0', 
+                  'openid.ns.pape' => 'http://specs.openid.net/extensions/pape/1.0', 
+                  'openid.op_endpoint' => 'http://binkley.lan/server', 
+                  'openid.pape.auth_policies' => 'none', 
+                  'openid.pape.auth_time' => '2008-01-28T20:42:36Z', 
+                  'openid.pape.nist_auth_level' => '0', 
+                  'openid.response_nonce' => '2008-01-28T21:07:04Z99Q=', 
+                  'openid.return_to' => 'http://binkley.lan:8001/process?janrain_nonce=2008-01-28T21%3A07%3A02Z0tMIKx', 
+                  'openid.sig' => 'YJlWH4U6SroB1HoPkmEKx9AyGGg=', 
+                  'openid.signed' => 'assoc_handle,identity,response_nonce,return_to,claimed_id,op_endpoint,pape.auth_time,ns.pape,pape.nist_auth_level,pape.auth_policies' 
+	         } 
+          assert_equal(args['openid.ns'], OPENID2_NS)
+          incoming = Message.from_post_args(args)
+          assert(incoming.is_openid2)
+          idres = IdResHandler.new(incoming, nil)
+          car = idres.send(:create_check_auth_request)
+          expected_args = args.dup
+          expected_args['openid.mode'] = 'check_authentication'
+          expected = Message.from_post_args(expected_args)
+          assert(expected.is_openid2)
+          assert_equal(expected, car)
+          assert_equal(expected_args, car.to_post_args)
+        end        
+
+        def test_no_signed_list
+          msg = Message.new(OPENID2_NS)
+          idres = IdResHandler.new(msg, nil)
+          assert_protocol_error("Response missing signed") {
+            idres.send(:signed_list)
+          }
+        end
+
+        def test_success_openid1
+          msg = mkMsg(OPENID1_NS, OPENID1_FIELDS, OPENID1_SIGNED)
+          idres = IdResHandler.new(msg, nil)
+          assert_nothing_raised {
+            idres.send(:check_for_fields)
+          }
+        end
+      end
+
+      class ReturnToArgsTest < Test::Unit::TestCase
+        include OpenID::ProtocolErrorMixin
+
+        def check_return_to_args(query)
+          idres = IdResHandler.new(Message.from_post_args(query), nil)
+          class << idres
+            def verify_return_to_base(unused)
+            end
+          end
+          idres.send(:verify_return_to)
+        end
+
+        def assert_bad_args(msg, query)
+          assert_protocol_error(msg) {
+            check_return_to_args(query)
+          }
+        end
+
+        def test_return_to_args_okay
+          assert_nothing_raised {
+            check_return_to_args({
+              'openid.mode' => 'id_res',
+              'openid.return_to' => 'http://example.com/?foo=bar',
+              'foo' => 'bar',
+              })
+          }
+        end
+
+        def test_unexpected_arg_okay
+          assert_bad_args("Unexpected parameter", {
+              'openid.mode' => 'id_res',
+              'openid.return_to' => 'http://example.com/',
+              'foo' => 'bar',
+              })
+        end
+
+        def test_return_to_mismatch
+          assert_bad_args('Message missing ret', {
+            'openid.mode' => 'id_res',
+            'openid.return_to' => 'http://example.com/?foo=bar',
+            })
+
+          assert_bad_args("Parameter 'foo' val", {
+            'openid.mode' => 'id_res',
+            'openid.return_to' => 'http://example.com/?foo=bar',
+            'foo' => 'foos',
+            })
+        end
+      end
+
+      class ReturnToVerifyTest < Test::Unit::TestCase
+        def test_bad_return_to
+          return_to = "http://some.url/path?foo=bar"
+
+          m = Message.new(OPENID1_NS)
+          m.set_arg(OPENID_NS, 'mode', 'cancel')
+          m.set_arg(BARE_NS, 'foo', 'bar')
+
+          # Scheme, authority, and path differences are checked by
+          # IdResHandler.verify_return_to_base.  Query args checked by
+          # IdResHandler.verify_return_to_args.
+          [
+            # Scheme only
+            "https://some.url/path?foo=bar",
+            # Authority only
+            "http://some.url.invalid/path?foo=bar",
+            # Path only
+            "http://some.url/path_extra?foo=bar",
+            # Query args differ
+            "http://some.url/path?foo=bar2",
+            "http://some.url/path?foo2=bar",
+            ].each do |bad|
+              m.set_arg(OPENID_NS, 'return_to', bad)
+              idres = IdResHandler.new(m, return_to)
+              assert_raises(ProtocolError) {
+                idres.send(:verify_return_to)
+              }
+          end
+        end
+
+        def test_good_return_to
+          base = 'http://example.janrain.com/path'
+          [ [base, {}],
+            [base + "?another=arg", {'another' => 'arg'}],
+            [base + "?another=arg#frag", {'another' => 'arg'}],
+            ['HTTP'+base[4..-1], {}],
+            [base.sub('com', 'COM'), {}],
+            ['http://example.janrain.com:80/path', {}],
+            ['http://example.janrain.com/p%61th', {}],
+            ['http://example.janrain.com/./path',{}],
+          ].each do |return_to, args|
+            args['openid.return_to'] = return_to
+            msg = Message.from_post_args(args)
+            idres = IdResHandler.new(msg, base)
+            assert_nothing_raised {
+              idres.send(:verify_return_to)
+            }
+          end
+        end
+      end
+
+      class DummyEndpoint
+        attr_accessor :server_url
+        def initialize(server_url)
+          @server_url = server_url
+        end
+      end
+
+      class CheckSigTest < Test::Unit::TestCase
+        include ProtocolErrorMixin
+        include TestUtil
+
+        def setup
+          @assoc = GoodAssoc.new('{not_dumb}')
+          @store = Store::Memory.new
+          @server_url = 'http://server.url/'
+          @endpoint = DummyEndpoint.new(@server_url)
+          @store.store_association(@server_url, @assoc)
+
+          @message = Message.from_post_args({
+              'openid.mode' => 'id_res',
+              'openid.identity' => '=example',
+              'openid.sig' => GOODSIG,
+              'openid.assoc_handle' => @assoc.handle,
+              'openid.signed' => 'mode,identity,assoc_handle,signed',
+              'frobboz' => 'banzit',
+              })
+        end
+
+        def call_idres_method(method_name)
+          idres = IdResHandler.new(@message, nil, @store, @endpoint)
+          idres.extend(InstanceDefExtension)
+          yield idres
+          idres.send(method_name)
+        end
+
+        def call_check_sig(&proc)
+          call_idres_method(:check_signature, &proc)
+        end
+
+        def no_check_auth(idres)
+          idres.instance_def(:check_auth) { fail "Called check_auth" }
+        end
+
+        def test_sign_good
+          assert_nothing_raised {
+            call_check_sig(&method(:no_check_auth))
+          }
+        end
+
+        def test_bad_sig
+          @message.set_arg(OPENID_NS, 'sig', 'bad sig!')
+          assert_protocol_error('Bad signature') {
+            call_check_sig(&method(:no_check_auth))
+          }
+        end
+
+        def test_check_auth_ok
+          @message.set_arg(OPENID_NS, 'assoc_handle', 'dumb-handle')
+          check_auth_called = false
+          call_check_sig do |idres|
+            idres.instance_def(:check_auth) do
+              check_auth_called = true
+            end
+          end
+          assert(check_auth_called)
+        end
+
+        def test_check_auth_ok_no_store
+          @store = nil
+          check_auth_called = false
+          call_check_sig do |idres|
+            idres.instance_def(:check_auth) do
+              check_auth_called = true
+            end
+          end
+          assert(check_auth_called)
+        end
+
+        def test_expired_assoc
+          @assoc.expires_in = -1
+          @store.store_association(@server_url, @assoc)
+          assert_protocol_error('Association with') {
+            call_check_sig(&method(:no_check_auth))
+          }
+        end
+
+        def call_check_auth(&proc)
+          assert_log_matches("Using 'check_authentication'") {
+            call_idres_method(:check_auth, &proc)
+          }
+        end
+
+        def test_check_auth_create_fail
+          assert_protocol_error("Could not generate") {
+            call_check_auth do |idres|
+              idres.instance_def(:create_check_auth_request) do
+                raise Message::KeyNotFound, "Testing"
+              end
+            end
+          }
+        end
+
+        def test_check_auth_okay
+          OpenID.extend(OverrideMethodMixin)
+          me = self
+          send_resp = Proc.new do |req, server_url|
+            me.assert_equal(:req, req)
+            :expected_response
+          end
+
+          OpenID.with_method_overridden(:make_kv_post, send_resp) do
+            final_resp = call_check_auth do |idres|
+              idres.instance_def(:create_check_auth_request) {
+                :req
+              }
+              idres.instance_def(:process_check_auth_response) do |resp|
+                me.assert_equal(:expected_response, resp)
+              end
+            end
+          end
+        end
+
+        def test_check_auth_process_fail
+          OpenID.extend(OverrideMethodMixin)
+          me = self
+          send_resp = Proc.new do |req, server_url|
+            me.assert_equal(:req, req)
+            :expected_response
+          end
+
+          OpenID.with_method_overridden(:make_kv_post, send_resp) do
+            assert_protocol_error("Testing") do
+              final_resp = call_check_auth do |idres|
+                idres.instance_def(:create_check_auth_request) { :req }
+                idres.instance_def(:process_check_auth_response) do |resp|
+                  me.assert_equal(:expected_response, resp)
+                  raise ProtocolError, "Testing"
+                end
+              end
+            end
+          end
+        end
+
+        1.times do
+          # Fields from the signed list
+          ['mode', 'identity', 'assoc_handle'
+          ].each do |field|
+            test = lambda do
+              @message.del_arg(OPENID_NS, field)
+              assert_raises(Message::KeyNotFound) {
+                call_idres_method(:create_check_auth_request) {}
+              }
+            end
+            define_method("test_create_check_auth_missing_#{field}", test)
+          end
+        end
+
+        def test_create_check_auth_request_success
+          ca_msg = call_idres_method(:create_check_auth_request) {}
+          expected = @message.copy
+          expected.set_arg(OPENID_NS, 'mode', 'check_authentication')
+          assert_equal(expected, ca_msg)
+        end
+
+      end
+
+      class CheckAuthResponseTest < Test::Unit::TestCase
+        include TestUtil
+        include ProtocolErrorMixin
+
+        def setup
+          @message = Message.from_openid_args({
+            'is_valid' => 'true',
+            })
+          @assoc = GoodAssoc.new
+          @store = Store::Memory.new
+          @server_url = 'http://invalid/'
+          @endpoint =  DummyEndpoint.new(@server_url)
+          @idres = IdResHandler.new(nil, nil, @store, @endpoint)
+        end
+
+        def call_process
+          @idres.send(:process_check_auth_response, @message)
+        end
+
+        def test_valid
+          assert_log_matches() { call_process }
+        end
+
+        def test_invalid
+          for is_valid in ['false', 'monkeys']
+            @message.set_arg(OPENID_NS, 'is_valid', 'false')
+            assert_protocol_error("Server #{@server_url} responds") {
+              assert_log_matches() { call_process }
+            }
+          end
+        end
+
+        def test_valid_invalidate
+          @message.set_arg(OPENID_NS, 'invalidate_handle', 'cheese')
+          assert_log_matches("Received 'invalidate_handle'") { call_process }
+        end
+
+        def test_invalid_invalidate
+          @message.set_arg(OPENID_NS, 'invalidate_handle', 'cheese')
+          for is_valid in ['false', 'monkeys']
+            @message.set_arg(OPENID_NS, 'is_valid', 'false')
+            assert_protocol_error("Server #{@server_url} responds") {
+              assert_log_matches("Received 'invalidate_handle'") {
+                call_process
+              }
+            }
+          end
+        end
+
+        def test_invalidate_no_store
+          @idres.instance_variable_set(:@store, nil)
+          @message.set_arg(OPENID_NS, 'invalidate_handle', 'cheese')
+          assert_log_matches("Received 'invalidate_handle'",
+                             'Unexpectedly got "invalidate_handle"') {
+            call_process
+          }
+        end
+      end
+
+      class NonceTest < Test::Unit::TestCase
+        include TestUtil
+        include ProtocolErrorMixin
+
+        def setup
+          @store = Object.new
+          class << @store
+            attr_accessor :nonces, :succeed
+            def use_nonce(server_url, time, extra)
+              @nonces << [server_url, time, extra]
+              @succeed
+            end
+          end
+          @store.nonces = []
+          @nonce = Nonce.mk_nonce
+        end
+
+        def call_check_nonce(post_args, succeed=false)
+          response = Message.from_post_args(post_args)
+          if !@store.nil?
+            @store.succeed = succeed
+          end
+          idres = IdResHandler.new(response, nil, @store, nil)
+          idres.send(:check_nonce)
+        end
+
+        def test_openid1_success
+          assert_nothing_raised {
+            call_check_nonce({'rp_nonce' => @nonce}, true)
+          }
+        end
+
+        def test_openid1_missing
+          assert_protocol_error('Nonce missing') { call_check_nonce({}) }
+        end
+
+        def test_openid2_ignore_rp_nonce
+          assert_protocol_error('Nonce missing') {
+            call_check_nonce({'rp_nonce' => @nonce,
+                               'openid.ns' => OPENID2_NS})
+          }
+        end
+
+        def test_openid2_success
+          assert_nothing_raised {
+            call_check_nonce({'openid.response_nonce' => @nonce,
+                               'openid.ns' => OPENID2_NS}, true)
+          }
+        end
+
+        def test_openid1_ignore_response_nonce
+          assert_protocol_error('Nonce missing') {
+            call_check_nonce({'openid.response_nonce' => @nonce})
+          }
+        end
+
+        def test_no_store
+          @store = nil
+          assert_nothing_raised {
+            call_check_nonce({'rp_nonce' => @nonce})
+          }
+        end
+
+        def test_already_used
+          assert_protocol_error('Nonce already used') {
+            call_check_nonce({'rp_nonce' => @nonce}, false)
+          }
+        end
+
+        def test_malformed_nonce
+          assert_protocol_error('Malformed nonce') {
+            call_check_nonce({'rp_nonce' => 'whee!'})
+          }
+        end
+      end
+
+      class DiscoveryVerificationTest < Test::Unit::TestCase
+        include ProtocolErrorMixin
+        include TestUtil
+
+        def setup
+          @endpoint = OpenIDServiceEndpoint.new
+        end
+
+        def call_verify(msg_args)
+          call_verify_modify(msg_args){}
+        end
+
+        def call_verify_modify(msg_args)
+          msg = Message.from_openid_args(msg_args)
+          idres = IdResHandler.new(msg, nil, nil, @endpoint)
+          idres.extend(InstanceDefExtension)
+          yield idres
+          idres.send(:verify_discovery_results)
+          idres.instance_variable_get(:@endpoint)
+        end
+
+        def assert_verify_protocol_error(error_prefix, openid_args)
+          assert_protocol_error(error_prefix) {call_verify(openid_args)}
+        end
+
+        def test_openid1_no_local_id
+          @endpoint.claimed_id = 'http://invalid/'
+          assert_verify_protocol_error("Missing required field: "\
+                                       "<#{OPENID1_NS}>identity", {})
+        end
+
+        def test_openid1_no_endpoint
+          @endpoint = nil
+          assert_raises(ProtocolError) {
+            call_verify({'identity' => 'snakes on a plane'})
+          }
+        end
+
+        def test_openid1_fallback_1_0
+          claimed_id = 'http://claimed.id/'
+          @endpoint = nil
+          resp_mesg = Message.from_openid_args({
+            'ns' => OPENID1_NS,
+            'identity' => claimed_id,
+            })
+
+          # Pass the OpenID 1 claimed_id this way since we're passing
+          # None for the endpoint.
+          resp_mesg.set_arg(BARE_NS, 'openid1_claimed_id', claimed_id)
+
+          # We expect the OpenID 1 discovery verification to try
+          # matching the discovered endpoint against the 1.1 type and
+          # fall back to 1.0.
+          expected_endpoint = OpenIDServiceEndpoint.new
+          expected_endpoint.type_uris = [OPENID_1_0_TYPE]
+          expected_endpoint.local_id = nil
+          expected_endpoint.claimed_id = claimed_id
+  
+          hacked_discover = Proc.new {
+            |_claimed_id| ['unused', [expected_endpoint]]
+          }
+          idres = IdResHandler.new(resp_mesg, nil, nil, @endpoint)
+          assert_log_matches('Performing discovery') {
+            OpenID.with_method_overridden(:discover, hacked_discover) {
+              idres.send(:verify_discovery_results)
+            }
+          }
+          actual_endpoint = idres.instance_variable_get(:@endpoint)
+          assert_equal(actual_endpoint, expected_endpoint)
+
+        end
+
+        def test_openid2_no_op_endpoint
+          assert_protocol_error("Missing required field: "\
+                                "<#{OPENID2_NS}>op_endpoint") {
+            call_verify({'ns'=>OPENID2_NS})
+          }
+        end
+
+        def test_openid2_local_id_no_claimed
+          assert_verify_protocol_error('openid.identity is present without',
+                                       {'ns' => OPENID2_NS,
+                                         'op_endpoint' => 'Phone Home',
+                                         'identity' => 'Jorge Lius Borges'})
+        end
+
+        def test_openid2_no_local_id_claimed
+          assert_log_matches() {
+            assert_protocol_error('openid.claimed_id is present without') {
+              call_verify({'ns' => OPENID2_NS,
+                            'op_endpoint' => 'Phone Home',
+                            'claimed_id' => 'Manuel Noriega'})
+            }
+          }
+        end
+
+        def test_openid2_no_identifiers
+          op_endpoint = 'Phone Home'
+          result_endpoint = assert_log_matches() {
+            call_verify({'ns' => OPENID2_NS,
+                          'op_endpoint' => op_endpoint})
+          }
+          assert(result_endpoint.is_op_identifier)
+          assert_equal(op_endpoint, result_endpoint.server_url)
+          assert(result_endpoint.claimed_id.nil?)
+        end
+
+        def test_openid2_no_endpoint_does_disco
+          endpoint = OpenIDServiceEndpoint.new
+          endpoint.claimed_id = 'monkeysoft'
+          @endpoint = nil
+          result = assert_log_matches('No pre-discovered') {
+            call_verify_modify({'ns' => OPENID2_NS,
+                                 'identity' => 'sour grapes',
+                                 'claimed_id' => 'monkeysoft',
+                                 'op_endpoint' => 'Phone Home'}) do |idres|
+              idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
+                @endpoint = endpoint
+              end
+            end
+          }
+          assert_equal(endpoint, result)
+        end
+
+
+        def test_openid2_mismatched_does_disco
+          @endpoint.claimed_id = 'nothing special, but different'
+          @endpoint.local_id = 'green cheese'
+
+          endpoint = OpenIDServiceEndpoint.new
+          endpoint.claimed_id = 'monkeysoft'
+
+          result = assert_log_matches('Error attempting to use stored',
+                             'Attempting discovery') {
+            call_verify_modify({'ns' => OPENID2_NS,
+                                 'identity' => 'sour grapes',
+                                 'claimed_id' => 'monkeysoft',
+                                 'op_endpoint' => 'Green Cheese'}) do |idres|
+                        idres.extend(InstanceDefExtension)
+              idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
+                @endpoint = endpoint
+              end
+            end
+          }
+          assert(endpoint.equal?(result))
+        end
+
+        def test_openid2_use_pre_discovered
+          @endpoint.local_id = 'my identity'
+          @endpoint.claimed_id = 'http://i-am-sam/'
+          @endpoint.server_url = 'Phone Home'
+          @endpoint.type_uris = [OPENID_2_0_TYPE]
+
+          result = assert_log_matches() {
+            call_verify({'ns' => OPENID2_NS,
+                          'identity' => @endpoint.local_id,
+                          'claimed_id' => @endpoint.claimed_id,
+                          'op_endpoint' => @endpoint.server_url
+                        })
+          }
+          assert(result.equal?(@endpoint))
+        end
+
+        def test_openid2_use_pre_discovered_wrong_type
+          text = "verify failed"
+          me = self
+
+          @endpoint.local_id = 'my identity'
+          @endpoint.claimed_id = 'i am sam'
+          @endpoint.server_url = 'Phone Home'
+          @endpoint.type_uris = [OPENID_1_1_TYPE]
+          endpoint = @endpoint
+
+          msg = Message.from_openid_args({'ns' => OPENID2_NS,
+                                           'identity' => @endpoint.local_id,
+                                           'claimed_id' =>
+                                           @endpoint.claimed_id,
+                                           'op_endpoint' =>
+                                           @endpoint.server_url})
+
+          idres = IdResHandler.new(msg, nil, nil, @endpoint)
+          idres.extend(InstanceDefExtension)
+          idres.instance_def(:discover_and_verify) { |claimed_id, to_match|
+            me.assert_equal(endpoint.claimed_id, to_match[0].claimed_id)
+            me.assert_equal(claimed_id, endpoint.claimed_id)
+            raise ProtocolError, text
+          }
+          assert_log_matches('Error attempting to use stored',
+                             'Attempting discovery') {
+            assert_protocol_error(text) {
+              idres.send(:verify_discovery_results)
+            }
+          }
+        end
+
+
+        def test_openid1_use_pre_discovered
+          @endpoint.local_id = 'my identity'
+          @endpoint.claimed_id = 'http://i-am-sam/'
+          @endpoint.server_url = 'Phone Home'
+          @endpoint.type_uris = [OPENID_1_1_TYPE]
+
+          result = assert_log_matches() {
+            call_verify({'ns' => OPENID1_NS,
+                          'identity' => @endpoint.local_id})
+          }
+          assert(result.equal?(@endpoint))
+        end
+
+
+        def test_openid1_use_pre_discovered_wrong_type
+          verified_error = Class.new(Exception)
+
+          @endpoint.local_id = 'my identity'
+          @endpoint.claimed_id = 'i am sam'
+          @endpoint.server_url = 'Phone Home'
+          @endpoint.type_uris = [OPENID_2_0_TYPE]
+
+          assert_log_matches('Error attempting to use stored',
+                             'Attempting discovery') {
+            assert_raises(verified_error) {
+              call_verify_modify({'ns' => OPENID1_NS,
+                                   'identity' => @endpoint.local_id}) { |idres|
+                idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
+                  raise verified_error
+                end
+              }
+            }
+          }
+        end
+
+        def test_openid2_fragment
+          claimed_id = "http://unittest.invalid/"
+          claimed_id_frag = claimed_id + "#fragment"
+
+          @endpoint.local_id = 'my identity'
+          @endpoint.claimed_id = claimed_id
+          @endpoint.server_url = 'Phone Home'
+          @endpoint.type_uris = [OPENID_2_0_TYPE]
+
+          result = assert_log_matches() {
+            call_verify({'ns' => OPENID2_NS,
+                          'identity' => @endpoint.local_id,
+                          'claimed_id' => claimed_id_frag,
+                          'op_endpoint' => @endpoint.server_url})
+          }
+
+          [:local_id, :server_url, :type_uris].each do |sym|
+            assert_equal(@endpoint.send(sym), result.send(sym))
+          end
+          assert_equal(claimed_id_frag, result.claimed_id)
+        end
+
+        def test_endpoint_without_local_id
+          # An endpoint like this with no local_id is generated as a result of
+          # e.g. Yadis discovery with no LocalID tag.
+          @endpoint.server_url = "http://localhost:8000/openidserver"
+          @endpoint.claimed_id = "http://localhost:8000/id/id-jo"
+
+          to_match = OpenIDServiceEndpoint.new
+          to_match.server_url = "http://localhost:8000/openidserver"
+          to_match.claimed_id = "http://localhost:8000/id/id-jo"
+          to_match.local_id = "http://localhost:8000/id/id-jo"
+
+          idres = IdResHandler.new(nil, nil)
+          assert_log_matches() {
+            result = idres.send(:verify_discovery_single, @endpoint, to_match)
+          }
+        end
+      end
+
+      class IdResTopLevelTest < Test::Unit::TestCase
+        def test_id_res
+          endpoint = OpenIDServiceEndpoint.new
+          endpoint.server_url = 'http://invalid/server'
+          endpoint.claimed_id = 'http://my.url/'
+          endpoint.local_id = 'http://invalid/username'
+          endpoint.type_uris = [OPENID_2_0_TYPE]
+
+          assoc = GoodAssoc.new
+          store = Store::Memory.new
+          store.store_association(endpoint.server_url, assoc)
+
+          signed_fields =
+            [
+             'response_nonce',
+             'op_endpoint',
+             'assoc_handle',
+             'identity',
+             'claimed_id',
+             'ns',
+             'return_to',
+            ]
+
+          return_to = 'http://return.to/'
+          args = {
+            'ns' => OPENID2_NS,
+            'return_to' => return_to,
+            'claimed_id' => endpoint.claimed_id,
+            'identity' => endpoint.local_id,
+            'assoc_handle' => assoc.handle,
+            'op_endpoint' => endpoint.server_url,
+            'response_nonce' => Nonce.mk_nonce,
+            'signed' => signed_fields.join(','),
+            'sig' => GOODSIG,
+          }
+          msg = Message.from_openid_args(args)
+          idres = OpenID::Consumer::IdResHandler.new(msg, return_to,
+                                                     store, endpoint)
+          assert_equal(idres.signed_fields,
+                       signed_fields.map {|f|'openid.' + f})
+        end
+      end
+
+
+      class DiscoverAndVerifyTest < Test::Unit::TestCase
+        include ProtocolErrorMixin
+        include TestUtil
+
+        def test_no_services
+          me = self
+          disco = Proc.new do |e|
+            me.assert_equal(e, :sentinel)
+            [:undefined, []]
+          end
+          endpoint = OpenIDServiceEndpoint.new
+          endpoint.claimed_id = :sentinel
+          idres = IdResHandler.new(nil, nil)
+          assert_log_matches('Performing discovery on') do
+            assert_protocol_error('No OpenID information found') do
+              OpenID.with_method_overridden(:discover, disco) do
+                idres.send(:discover_and_verify, :sentinel, [endpoint])
+              end
+            end
+          end
+        end
+      end
+
+      class VerifyDiscoveredServicesTest < Test::Unit::TestCase
+        include ProtocolErrorMixin
+        include TestUtil
+
+        def test_no_services
+          endpoint = OpenIDServiceEndpoint.new
+          endpoint.claimed_id = :sentinel
+          idres = IdResHandler.new(nil, nil)
+          assert_log_matches('Discovery verification failure') do
+            assert_protocol_error('No matching endpoint') do
+              idres.send(:verify_discovered_services,
+                         'http://bogus.id/', [], [endpoint])
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_kvform.rb b/vendor/gems/ruby-openid-2.1.4/test/test_kvform.rb
new file mode 100644
index 000000000..92260573d
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_kvform.rb
@@ -0,0 +1,165 @@
+require 'test/unit'
+require 'openid/kvform'
+require 'openid/util'
+require 'util'
+
+include OpenID
+
+class KVFormTests < Test::Unit::TestCase
+  include OpenID::TestUtil
+
+  def test_kvdict
+    [
+     # (kvform, parsed dictionary, expected warnings)
+     ["", {}, 0],
+     ["\n  \n     \n", {}, 0],
+     ["college:harvey mudd\n", {"college" => "harvey mudd"}, 0],
+     ["city:claremont\nstate:CA\n",
+      {"city" => "claremont", "state" => "CA"}, 0],
+     ["is_valid:true\ninvalidate_handle:{HMAC-SHA1:2398410938412093}\n",
+      {"is_valid" => "true",
+        "invalidate_handle" => "{HMAC-SHA1:2398410938412093}"}, 0],
+
+     # Warnings from lines with no colon:
+     ["x\n", {}, 1],
+     ["x\nx\n", {}, 2],
+     ["East is least\n", {}, 1],
+
+     # But not from blank lines (because LJ generates them)
+     ["x\n\n", {}, 1],
+
+     # Warning from empty key
+     [":\n", {''=>''}, 1],
+     [":missing key\n", {''=>'missing key'}, 1],
+
+     # Warnings from leading or trailing whitespace in key or value
+     [" street:foothill blvd\n", {"street"=>"foothill blvd"}, 1],
+     ["major: computer science\n", {"major"=>"computer science"}, 1],
+     [" dorm : east \n", {"dorm"=>"east"}, 2],
+
+     # Warnings from missing trailing newline
+     ["e^(i*pi)+1:0", {"e^(i*pi)+1" => "0"}, 1],
+     ["east:west\nnorth:south", {"east"=>"west", "north"=>"south"}, 1],
+    ].each { |case_|
+      _run_kvdictTest(case_)
+    }
+  end
+
+  def _run_kvdictTest(case_)
+    kv, dct, warnings = case_
+
+    d = nil
+    d2 = nil
+    assert_log_line_count(warnings) {
+      # Convert KVForm to dict
+      d = Util.kv_to_dict(kv)
+
+      # Strict mode should raise KVFormError instead of logging
+      # messages
+      if warnings > 0
+        assert_raise(KVFormError) do
+          Util.kv_to_seq(kv, true)
+        end
+      end
+
+      # make sure it parses to expected dict
+      assert_equal(dct, d)
+    }
+
+    # Convert back to KVForm and round-trip back to dict to make sure
+    # that *** dict -> kv -> dict is identity. ***
+    kv = Util.dict_to_kv(d)
+
+    silence_logging {
+      d2 = Util.kv_to_dict(kv)
+    }
+
+    assert_equal(d, d2)
+  end
+
+  def test_kvseq
+    [
+     [[], "", 0],
+
+     [[["openid", "useful"], ["a", "b"]], "openid:useful\na:b\n", 0],
+
+     # Warnings about leading whitespace
+     [[[" openid", "useful"], ["a", "b"]], " openid:useful\na:b\n", 2],
+
+     # Warnings about leading and trailing whitespace
+     [[[" openid ", " useful "],
+       [" a ", " b "]], " openid : useful \n a : b \n", 8],
+
+     # warnings about leading and trailing whitespace, but not about
+     # internal whitespace.
+     [[[" open id ", " use ful "],
+       [" a ", " b "]], " open id : use ful \n a : b \n", 8],
+
+     [[["foo", "bar"]], "foo:bar\n", 0],
+    ].each { |case_|
+      _run_kvseqTest(case_)
+    }
+  end
+
+  def _cleanSeq(seq)
+    # Create a new sequence by stripping whitespace from start and end
+    # of each value of each pair
+    seq.collect { |k, v| [k.strip(), v.strip()] }
+  end
+
+  def _run_kvseqTest(case_)
+    seq, kvform, warnings = case_
+
+    assert_log_line_count(warnings) {
+      # seq serializes to expected kvform
+      actual = Util.seq_to_kv(seq)
+
+      assert_equal(kvform, actual)
+      assert actual.is_a?(String)
+
+      # Strict mode should raise KVFormError instead of logging
+      # messages
+      if warnings > 0
+        assert_raise(KVFormError) do
+          Util.seq_to_kv(seq, true)
+        end
+      end
+
+      # Parse back to sequence. Expected to be unchanged, except
+      # stripping whitespace from start and end of values
+      # (i. e. ordering, case, and internal whitespace is preserved)
+      seq = Util.kv_to_seq(actual)
+      clean_seq = _cleanSeq(seq)
+
+      assert_equal(seq, clean_seq)
+    }
+  end
+
+  def test_kvexc
+    [
+     [["openid", "use\nful"]],
+     [["open\nid", "useful"]],
+     [["open\nid", "use\nful"]],
+     [["open:id", "useful"]],
+     [["foo", "bar"], ["ba\n d", "seed"]],
+     [["foo", "bar"], ["bad:", "seed"]],
+    ].each { |case_|
+      _run_kvexcTest(case_)
+    }
+  end
+
+  def _run_kvexcTest(case_)
+    seq = case_
+
+    assert_raise(KVFormError) do
+      Util.seq_to_kv(seq)
+    end
+  end
+
+  def test_convert
+    assert_log_line_count(2) {
+      result = Util.seq_to_kv([[1, 1]])
+      assert_equal(result, "1:1\n")
+    }
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_kvpost.rb b/vendor/gems/ruby-openid-2.1.4/test/test_kvpost.rb
new file mode 100644
index 000000000..8f6480498
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_kvpost.rb
@@ -0,0 +1,65 @@
+require "openid/kvpost"
+require "openid/kvform"
+require "openid/message"
+require "test/unit"
+require 'testutil'
+
+module OpenID
+  class KVPostTestCase < Test::Unit::TestCase
+    include FetcherMixin
+
+    def mk_resp(status, resp_hash)
+      return MockResponse.new(status, Util.dict_to_kv(resp_hash))
+    end
+
+    def test_msg_from_http_resp_success
+      resp = mk_resp(200, {'mode' => 'seitan'})
+      msg = Message.from_http_response(resp, 'http://invalid/')
+      assert_equal({'openid.mode' => 'seitan'}, msg.to_post_args)
+    end
+
+    def test_400
+      args = {'error' => 'I ate too much cheese',
+        'error_code' => 'sadness'}
+      resp = mk_resp(400, args)
+      begin
+        val = Message.from_http_response(resp, 'http://invalid/')
+      rescue ServerError => why
+        assert_equal(why.error_text, 'I ate too much cheese')
+        assert_equal(why.error_code, 'sadness')
+        assert_equal(why.message.to_args, args)
+      else
+        fail("Expected exception. Got: #{val}")
+      end
+    end
+
+    def test_500
+      args = {'error' => 'I ate too much cheese',
+        'error_code' => 'sadness'}
+      resp = mk_resp(500, args)
+      assert_raises(HTTPStatusError) {
+        Message.from_http_response(resp, 'http://invalid')
+      }
+    end
+
+    def make_kv_post_with_response(status, args)
+      resp = mk_resp(status, args)
+      mock_fetcher = Class.new do
+        define_method(:fetch) do |url, body, xxx, yyy|
+          resp
+        end
+      end
+      fetcher = mock_fetcher.new
+
+      with_fetcher(mock_fetcher.new) do
+        OpenID.make_kv_post(Message.from_openid_args(args), 'http://invalid/')
+      end
+    end
+
+    def test_make_kv_post
+      assert_raises(HTTPStatusError) {
+        make_kv_post_with_response(500, {})
+      }
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_linkparse.rb b/vendor/gems/ruby-openid-2.1.4/test/test_linkparse.rb
new file mode 100644
index 000000000..6360d507e
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_linkparse.rb
@@ -0,0 +1,101 @@
+require 'test/unit'
+require 'testutil'
+require 'openid/consumer/html_parse'
+
+class LinkParseTestCase < Test::Unit::TestCase
+  include OpenID::TestDataMixin
+
+  def attr_cmp(expected, found)
+    e = expected.to_a.sort
+    f = found.to_a.sort
+    while (ep = e.shift)
+      ek, ev = ep
+      fk, fv = f.shift
+      ok = false
+      while ek[-1] == '*'[0] # optional entry detected
+        if fk == ek[0...-1] and fv==ev # optional entry found
+          ok = true
+          break
+        else # not found. okay, move on to next expected pair
+          ek, ev = e.shift
+        end
+        if ek.nil?
+          if fk == nil
+            ok = true
+          end
+          break
+        end
+      end
+      next if ok
+      next if fk == ek and fv == ev
+      return false
+    end
+    return f.empty?
+  end
+
+  def test_attrcmp
+    good = [
+     [{'foo' => 'bar'},{'foo' => 'bar'}],
+     [{'foo*' => 'bar'},{'foo' => 'bar'}],
+     [{'foo' => 'bar', 'bam*' => 'baz'},{'foo' => 'bar'}],
+     [{'foo' => 'bar', 'bam*' => 'baz', 'tak' => 'tal'},
+        {'foo' => 'bar', 'tak' => 'tal'}],
+     ]
+    bad = [
+     [{},{'foo' => 'bar'}],
+     [{'foo' => 'bar'}, {'bam' => 'baz'}],
+     [{'foo' => 'bar'}, {}],
+     [{'foo*' => 'bar'},{'foo*' => 'bar'}],
+     [{'foo' => 'bar', 'tak' => 'tal'}, {'foo' => 'bar'}]
+    ]
+    good.each{|c|assert(attr_cmp(c[0],c[1]),c.inspect)}
+    bad.each{|c|assert(!attr_cmp(c[0],c[1]),c.inspect)}
+
+  end
+
+  def test_linkparse
+    cases = read_data_file('linkparse.txt', false).split("\n\n\n")
+
+    numtests = nil
+    testnum = 0
+    cases.each {|c|
+      headers, html = c.split("\n\n",2)
+      expected_links = []
+      name = ""
+      testnum += 1
+      headers.split("\n").each{|h|
+        k,v = h.split(":",2)
+        v = '' if v.nil?
+        if k == "Num Tests"
+          assert(numtests.nil?, "datafile parsing error: there can be only one NumTests")
+          numtests = v.to_i
+          testnum = 0
+          next
+        elsif k == "Name"
+          name = v.strip
+        elsif k == "Link" or k == "Link*"
+          attrs = {}
+          v.strip.split.each{|a|
+            kk,vv = a.split('=')
+            attrs[kk]=vv
+          }
+          expected_links << [k== "Link*", attrs]
+        else
+          assert(false, "datafile parsing error: bad header #{h}")
+        end
+      }
+      links = OpenID::parse_link_attrs(html)
+      
+      found = links.dup
+      expected = expected_links.dup
+      while(fl = found.shift)
+        optional, el = expected.shift
+        while optional and !attr_cmp(el, fl) and not expected.empty?
+          optional, el = expected.shift
+        end
+        assert(attr_cmp(el,fl), "#{name}: #{fl.inspect} does not match #{el.inspect}")
+      end
+    }
+    assert_equal(numtests, testnum, "Number of tests")
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_message.rb b/vendor/gems/ruby-openid-2.1.4/test/test_message.rb
new file mode 100644
index 000000000..f8ef91871
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_message.rb
@@ -0,0 +1,1116 @@
+# last synced with Python openid.test.test_message on 6/29/2007.
+
+require 'test/unit'
+require 'util'
+require 'openid/message'
+
+require 'rexml/document'
+
+module OpenID
+  module GetArgsMixin
+
+    # Tests a standard set of behaviors of Message.get_arg with
+    # variations on handling defaults.
+    def get_arg_tests(ns, key, expected=nil)
+      assert_equal(expected, @m.get_arg(ns, key))
+
+      if expected.nil?
+        assert_equal(@m.get_arg(ns, key, :a_default), :a_default)
+        assert_raise(Message::KeyNotFound) { @m.get_arg(ns, key, NO_DEFAULT) }
+      else
+        assert_equal(@m.get_arg(ns, key, :a_default), expected)
+        assert_equal(@m.get_arg(ns, key, NO_DEFAULT), expected)
+      end
+
+    end
+
+  end
+
+  class EmptyMessageTestCase < Test::Unit::TestCase
+    include GetArgsMixin
+
+    def setup
+      @m = Message.new
+    end
+
+    def test_get_aliased_arg_no_default
+      assert_raises(Message::KeyNotFound) do
+        @m.get_aliased_arg('ns.pork', NO_DEFAULT)
+      end
+
+      ns_uri = "urn:pork"
+      @m.namespaces.add_alias(ns_uri, 'pork_alias')
+
+      # Should return ns_uri.
+      assert_equal(ns_uri, @m.get_aliased_arg('ns.pork_alias', NO_DEFAULT))
+    end
+
+    def test_to_post_args
+      assert_equal({}, @m.to_post_args)
+    end
+
+    def test_to_args
+      assert_equal({}, @m.to_args)
+    end
+
+    def test_to_kvform
+      assert_equal('', @m.to_kvform)
+    end
+
+    def test_from_kvform
+      kvform = "foo:bar\none:two\n"
+      args = {'foo' => 'bar', 'one' => 'two'}
+      expected_result = Message.from_openid_args(args)
+
+      assert_equal(expected_result, Message.from_kvform(kvform))
+    end
+
+    def test_to_url_encoded
+      assert_equal('', @m.to_url_encoded)
+    end
+
+    def test_to_url
+      base_url = 'http://base.url/'
+      assert_equal(base_url, @m.to_url(base_url))
+    end
+
+    def test_get_openid
+      assert_equal(nil, @m.get_openid_namespace)
+    end
+
+    def test_get_key_openid
+      assert_raise(UndefinedOpenIDNamespace) {
+        @m.get_key(OPENID_NS, nil)
+      }
+    end
+
+    def test_get_key_bare
+      assert_equal('foo', @m.get_key(BARE_NS, 'foo'))
+    end
+
+    def test_get_key_ns1
+      assert_equal(nil, @m.get_key(OPENID1_NS, 'foo'))
+    end
+
+    def test_get_key_ns2
+      assert_equal(nil, @m.get_key(OPENID2_NS, 'foo'))
+    end
+
+    def test_get_key_ns3
+      assert_equal(nil, @m.get_key('urn:something-special', 'foo'))
+    end
+
+    def test_has_key
+      assert_raise(UndefinedOpenIDNamespace) {
+        @m.has_key?(OPENID_NS, 'foo')
+      }
+    end
+
+    def test_has_key_bare
+      assert_equal(false, @m.has_key?(BARE_NS, 'foo'))
+    end
+
+    def test_has_key_ns1
+      assert_equal(false, @m.has_key?(OPENID1_NS, 'foo'))
+    end
+
+    def test_has_key_ns2
+      assert_equal(false, @m.has_key?(OPENID2_NS, 'foo'))
+    end
+
+    def test_has_key_ns3
+      assert_equal(false, @m.has_key?('urn:xxx', 'foo'))
+    end
+
+    def test_get_arg
+      assert_raise(UndefinedOpenIDNamespace) {
+        @m.get_args(OPENID_NS)
+      }
+    end
+
+    def test_get_arg_bare
+      get_arg_tests(ns=BARE_NS, key='foo')
+    end
+
+    def test_get_arg_ns1
+      get_arg_tests(ns=OPENID1_NS, key='foo')
+    end
+
+    def test_get_arg_ns2
+      get_arg_tests(ns=OPENID2_NS, key='foo')
+    end
+
+    def test_get_arg_ns3
+      get_arg_tests(ns='urn:nothing-significant', key='foo')
+    end
+
+    def test_get_args
+      assert_raise(UndefinedOpenIDNamespace) {
+        @m.get_args(OPENID_NS)
+      }
+    end
+
+    def test_get_args_bare
+      assert_equal({}, @m.get_args(BARE_NS))
+    end
+
+    def test_get_args_ns1
+      assert_equal({}, @m.get_args(OPENID1_NS))
+    end
+
+    def test_get_args_ns2
+      assert_equal({}, @m.get_args(OPENID2_NS))
+    end
+
+    def test_get_args_ns3
+      assert_equal({}, @m.get_args('urn:xxx'))
+    end
+
+    def test_update_args
+      assert_raise(UndefinedOpenIDNamespace) {
+        @m.update_args(OPENID_NS, {'does not'=>'matter'})
+      }
+    end
+
+    def _test_update_args_ns(ns)
+      updates = {
+        'camper van beethoven' => 'david l',
+        'magnolia electric, co' => 'jason m'
+      }
+      assert_equal({}, @m.get_args(ns))
+      @m.update_args(ns, updates)
+      assert_equal(updates, @m.get_args(ns))
+    end
+
+    def test_update_args_bare
+      _test_update_args_ns(BARE_NS)
+    end
+    def test_update_args_ns1
+      _test_update_args_ns(OPENID1_NS)
+    end
+    def test_update_args_ns2
+      _test_update_args_ns(OPENID2_NS)
+    end
+    def test_update_args_ns3
+      _test_update_args_ns('urn:xxx')
+    end
+
+    def test_set_arg
+      assert_raise(UndefinedOpenIDNamespace) {
+        @m.set_arg(OPENID_NS,'does not','matter')
+      }
+    end
+
+    def _test_set_arg_ns(ns)
+      key = 'Camper Van Beethoven'
+      value = 'David Lowery'
+      assert_equal(nil, @m.get_arg(ns, key))
+      @m.set_arg(ns, key, value)
+      assert_equal(value, @m.get_arg(ns, key))
+    end
+
+    def test_set_arg_bare
+      _test_set_arg_ns(BARE_NS)
+    end
+    def test_set_arg_ns1
+      _test_set_arg_ns(OPENID1_NS)
+    end
+    def test_set_arg_ns2
+      _test_set_arg_ns(OPENID2_NS)
+    end
+    def test_set_arg_ns3
+      _test_set_arg_ns('urn:xxx')
+    end
+
+    def test_del_arg
+      assert_raise(UndefinedOpenIDNamespace) {
+        @m.set_arg(OPENID_NS, 'does not', 'matter')
+      }
+    end
+
+    def _test_del_arg_ns(ns)
+      key = 'Fleeting Joys'
+      assert_equal(nil, @m.del_arg(ns, key))
+    end
+
+    def test_del_arg_bare
+      _test_del_arg_ns(BARE_NS)
+    end
+    def test_del_arg_ns1
+      _test_del_arg_ns(OPENID1_NS)
+    end
+    def test_del_arg_ns2
+      _test_del_arg_ns(OPENID2_NS)
+    end
+    def test_del_arg_ns3
+      _test_del_arg_ns('urn:xxx')
+    end
+
+    def test_isOpenID1
+      assert_equal(false, @m.is_openid1)
+    end
+
+    def test_isOpenID2
+      assert_equal(false, @m.is_openid2)
+    end
+
+    def test_set_openid_namespace
+      assert_raise(InvalidOpenIDNamespace) {
+        @m.set_openid_namespace('http://invalid/', false)
+      }
+    end
+  end
+
+  class OpenID1MessageTest < Test::Unit::TestCase
+    include GetArgsMixin
+
+    def setup
+      @m = Message.from_post_args({'openid.mode' => 'error',
+                                            'openid.error' => 'unit test'})
+    end
+
+    def test_has_openid_ns
+      assert_equal(OPENID1_NS, @m.get_openid_namespace)
+      assert_equal(OPENID1_NS,
+                   @m.namespaces.get_namespace_uri(NULL_NAMESPACE))
+    end
+
+    def test_get_aliased_arg
+      assert_equal('error', @m.get_aliased_arg('mode'))
+    end
+
+    def test_get_aliased_arg_ns
+      assert_equal(OPENID1_NS, @m.get_aliased_arg('ns'))
+    end
+
+    def test_get_aliased_arg_with_ns
+      @m = Message.from_post_args(
+          {'openid.mode' => 'error',
+           'openid.error' => 'unit test',
+           'openid.ns.invalid' => 'http://invalid/',
+           'openid.invalid.stuff' => 'things',
+           'openid.invalid.stuff.blinky' => 'powerplant',
+          })
+      assert_equal('http://invalid/', @m.get_aliased_arg('ns.invalid'))
+      assert_equal('things', @m.get_aliased_arg('invalid.stuff'))
+      assert_equal('powerplant', @m.get_aliased_arg('invalid.stuff.blinky'))
+    end
+
+    def test_get_aliased_arg_with_ns_default
+      @m = Message.from_post_args({})
+      assert_equal('monkeys!', @m.get_aliased_arg('ns.invalid',
+                                                  default="monkeys!"))
+    end
+
+    def test_to_post_args
+      assert_equal({'openid.mode' => 'error',
+                     'openid.error' => 'unit test'},
+                   @m.to_post_args)
+    end
+
+    def test_to_post_args_ns
+      invalid_ns = 'http://invalid/'
+      @m.namespaces.add_alias(invalid_ns, 'foos')
+      @m.set_arg(invalid_ns, 'ball', 'awesome')
+      @m.set_arg(BARE_NS, 'xey', 'value')
+      assert_equal({'openid.mode' => 'error',
+                     'openid.error' => 'unit test',
+                     'openid.foos.ball' => 'awesome',
+                     'xey' => 'value',
+                     'openid.ns.foos' => 'http://invalid/'
+                   }, @m.to_post_args)
+    end
+
+    def test_to_args
+      assert_equal({'mode' => 'error',
+                     'error' => 'unit test'},
+                   @m.to_args)
+    end
+
+    def test_to_kvform
+      assert_equal("error:unit test\nmode:error\n",
+                   @m.to_kvform)
+    end
+
+    def test_to_url_encoded
+      assert_equal('openid.error=unit+test&openid.mode=error',
+                   @m.to_url_encoded)
+    end
+
+    def test_to_url
+      base_url = 'http://base.url/'
+      actual = @m.to_url(base_url)
+      actual_base = actual[0...base_url.length]
+      assert_equal(base_url, actual_base)
+      assert_equal('?', actual[base_url.length].chr)
+      query = actual[base_url.length+1..-1]
+      assert_equal({'openid.mode'=>['error'],'openid.error'=>['unit test']},
+                   CGI.parse(query))
+    end
+
+    def test_get_openid
+      assert_equal(OPENID1_NS, @m.get_openid_namespace)
+    end
+
+    def test_get_key_openid
+      assert_equal('openid.mode', @m.get_key(OPENID_NS, 'mode'))
+    end
+
+    def test_get_key_bare
+      assert_equal('mode', @m.get_key(BARE_NS, 'mode'))
+    end
+
+    def test_get_key_ns1
+      assert_equal('openid.mode', @m.get_key(OPENID1_NS, 'mode'))
+    end
+
+    def test_get_key_ns2
+      assert_equal(nil, @m.get_key(OPENID2_NS, 'mode'))
+    end
+
+    def test_get_key_ns3
+      assert_equal(nil, @m.get_key('urn:xxx', 'mode'))
+    end
+
+    def test_has_key
+      assert_equal(true, @m.has_key?(OPENID_NS, 'mode'))
+    end
+    def test_has_key_bare
+      assert_equal(false, @m.has_key?(BARE_NS, 'mode'))
+    end
+    def test_has_key_ns1
+      assert_equal(true, @m.has_key?(OPENID1_NS, 'mode'))
+    end
+    def test_has_key_ns2
+      assert_equal(false, @m.has_key?(OPENID2_NS, 'mode'))
+    end
+    def test_has_key_ns3
+      assert_equal(false, @m.has_key?('urn:xxx', 'mode'))
+    end
+
+    def test_get_arg
+      assert_equal('error', @m.get_arg(OPENID_NS, 'mode'))
+    end
+
+    def test_get_arg_bare
+      get_arg_tests(ns=BARE_NS, key='mode')
+    end
+
+    def test_get_arg_ns
+      get_arg_tests(ns=OPENID_NS, key='mode', expected='error')
+    end
+
+    def test_get_arg_ns1
+      get_arg_tests(ns=OPENID1_NS, key='mode', expected='error')
+    end
+
+    def test_get_arg_ns2
+      get_arg_tests(ns=OPENID2_NS, key='mode')
+    end
+
+    def test_get_arg_ns3
+      get_arg_tests(ns='urn:nothing-significant', key='mode')
+    end
+
+    def test_get_args
+      assert_equal({'mode'=>'error','error'=>'unit test'},
+                   @m.get_args(OPENID_NS))
+    end
+    def test_get_args_bare
+      assert_equal({}, @m.get_args(BARE_NS))
+    end
+    def test_get_args_ns1
+      assert_equal({'mode'=>'error','error'=>'unit test'},
+                   @m.get_args(OPENID1_NS))
+    end
+    def test_get_args_ns2
+      assert_equal({}, @m.get_args(OPENID2_NS))
+    end
+    def test_get_args_ns3
+      assert_equal({}, @m.get_args('urn:xxx'))
+    end
+
+    def _test_update_args_ns(ns, before=nil)
+      if before.nil?
+        before = {}
+      end
+      update_args = {
+        'Camper van Beethoven'=>'David Lowery',
+        'Magnolia Electric Co.'=>'Jason Molina'
+      }
+      assert_equal(before, @m.get_args(ns))
+      @m.update_args(ns, update_args)
+      after = before.dup
+      after.update(update_args)
+      assert_equal(after, @m.get_args(ns))
+    end
+
+    def test_update_args
+      _test_update_args_ns(OPENID_NS, {'mode'=>'error','error'=>'unit test'})
+    end
+    def test_update_args_bare
+      _test_update_args_ns(BARE_NS)
+    end
+    def test_update_args_ns1
+      _test_update_args_ns(OPENID1_NS, {'mode'=>'error','error'=>'unit test'})
+    end
+    def test_update_args_ns2
+      _test_update_args_ns(OPENID2_NS)
+    end
+    def test_update_args_ns3
+      _test_update_args_ns('urn:xxx')
+    end
+
+    def _test_set_arg_ns(ns)
+      key = 'awesometown'
+      value = 'funny'
+      assert_equal(nil, @m.get_arg(ns,key))
+      @m.set_arg(ns, key, value)
+      assert_equal(value, @m.get_arg(ns,key))
+    end
+
+    def test_set_arg; _test_set_arg_ns(OPENID_NS); end
+    def test_set_arg_bare; _test_set_arg_ns(BARE_NS); end
+    def test_set_arg_ns1; _test_set_arg_ns(OPENID1_NS); end
+    def test_set_arg_ns2; _test_set_arg_ns(OPENID2_NS); end
+    def test_set_arg_ns3; _test_set_arg_ns('urn:xxx'); end
+
+    def _test_del_arg_ns(ns)
+      key = 'marry an'
+      value = 'ice cream sandwich'
+      @m.set_arg(ns, key, value)
+      assert_equal(value, @m.get_arg(ns,key))
+      @m.del_arg(ns,key)
+      assert_equal(nil, @m.get_arg(ns,key))
+    end
+
+    def test_del_arg; _test_del_arg_ns(OPENID_NS); end
+    def test_del_arg_bare; _test_del_arg_ns(BARE_NS); end
+    def test_del_arg_ns1; _test_del_arg_ns(OPENID1_NS); end
+    def test_del_arg_ns2; _test_del_arg_ns(OPENID2_NS); end
+    def test_del_arg_ns3; _test_del_arg_ns('urn:yyy'); end
+
+    def test_isOpenID1
+      assert_equal(true, @m.is_openid1)
+    end
+
+    def test_isOpenID2
+      assert_equal(false, @m.is_openid2)
+    end
+
+    def test_equal
+      assert_equal(Message.new, Message.new)
+      assert_not_equal(Message.new, nil)
+    end
+
+    def test_from_openid_args_undefined_ns
+      expected = 'almost.complete'
+      msg = Message.from_openid_args({'coverage.is' => expected})
+      actual = msg.get_arg(OPENID1_NS, 'coverage.is')
+      assert_equal(expected, actual)
+    end
+
+    # XXX: we need to implement the KVForm module before we can fix this
+    def TODOtest_from_kvform
+      kv = 'foos:ball\n'
+      msg = Message.from_kvform(kv)
+      assert_equal(msg.get(OPENID1_NS, 'foos'), 'ball')
+    end
+
+    def test_initialize_sets_namespace
+      msg = Message.new(OPENID1_NS)
+      assert_equal(OPENID1_NS, msg.get_openid_namespace)
+    end
+  end
+
+  class OpenID1ExplicitMessageTest < Test::Unit::TestCase
+    # XXX - check to make sure the test suite will get built the way this
+    # expects.
+    def setup
+      @m = Message.from_post_args({'openid.mode'=>'error',
+                                          'openid.error'=>'unit test',
+                                          'openid.ns'=>OPENID1_NS})
+    end
+
+    def test_to_post_args
+      assert_equal({'openid.mode' => 'error',
+                    'openid.error' => 'unit test',
+                    'openid.ns'=>OPENID1_NS,
+                    },
+                   @m.to_post_args)
+    end
+
+    def test_to_post_args_ns
+      invalid_ns = 'http://invalid/'
+      @m.namespaces.add_alias(invalid_ns, 'foos')
+      @m.set_arg(invalid_ns, 'ball', 'awesome')
+      @m.set_arg(BARE_NS, 'xey', 'value')
+      assert_equal({'openid.mode' => 'error',
+                     'openid.error' => 'unit test',
+                     'openid.foos.ball' => 'awesome',
+                     'xey' => 'value',
+                     'openid.ns'=>OPENID1_NS,
+                     'openid.ns.foos' => 'http://invalid/'
+                   }, @m.to_post_args)
+    end
+
+    def test_to_args
+      assert_equal({'mode' => 'error',
+                     'error' => 'unit test',
+                     'ns'=>OPENID1_NS
+                     },
+                   @m.to_args)
+    end
+
+    def test_to_kvform
+      assert_equal("error:unit test\nmode:error\nns:#{OPENID1_NS}\n",
+                   @m.to_kvform)
+    end
+
+    def test_to_url_encoded
+      assert_equal('openid.error=unit+test&openid.mode=error&openid.ns=http%3A%2F%2Fopenid.net%2Fsignon%2F1.0',
+                   @m.to_url_encoded)
+    end
+
+    def test_to_url
+      base_url = 'http://base.url/'
+      actual = @m.to_url(base_url)
+      actual_base = actual[0...base_url.length]
+      assert_equal(base_url, actual_base)
+      assert_equal('?', actual[base_url.length].chr)
+      query = actual[base_url.length+1..-1]
+      assert_equal({'openid.mode'=>['error'],
+                    'openid.error'=>['unit test'],
+                    'openid.ns'=>[OPENID1_NS],
+                    },
+                   CGI.parse(query))
+    end
+
+
+  end
+
+  class OpenID2MessageTest < Test::Unit::TestCase
+    include TestUtil
+
+    def setup
+      @m = Message.from_post_args({'openid.mode'=>'error',
+                                          'openid.error'=>'unit test',
+                                          'openid.ns'=>OPENID2_NS})
+      @m.set_arg(BARE_NS, 'xey', 'value')
+    end
+
+    def test_to_args_fails
+      assert_raises(ArgumentError) {
+        @m.to_args
+      }
+    end
+
+    def test_fix_ns_non_string
+      # Using has_key to invoke _fix_ns since _fix_ns should be private
+      assert_raises(ArgumentError) {
+        @m.has_key?(:non_string_namespace, "key")
+      }
+    end
+
+    def test_fix_ns_non_uri
+      # Using has_key to invoke _fix_ns since _fix_ns should be private
+      assert_log_matches(/identifiers SHOULD be URIs/) {
+        @m.has_key?("foo", "key")
+      }
+    end
+
+    def test_fix_ns_sreg_literal
+      # Using has_key to invoke _fix_ns since _fix_ns should be private
+      assert_log_matches(/identifiers SHOULD be URIs/, /instead of "sreg"/) {
+        @m.has_key?("sreg", "key")
+      }
+    end
+
+    def test_copy
+      n = @m.copy
+      assert_equal(@m, n)
+    end
+
+    def test_to_post_args
+      assert_equal({'openid.mode' => 'error',
+                     'openid.error' => 'unit test',
+                     'openid.ns' => OPENID2_NS,
+                     'xey' => 'value',
+                   }, @m.to_post_args)
+    end
+
+    def test_to_post_args_ns
+      invalid_ns = 'http://invalid/'
+      @m.namespaces.add_alias(invalid_ns, 'foos')
+      @m.set_arg(invalid_ns, 'ball', 'awesome')
+      assert_equal({'openid.mode' => 'error',
+                     'openid.error' => 'unit test',
+                     'openid.ns' => OPENID2_NS,
+                     'openid.ns.foos' => invalid_ns,
+                     'openid.foos.ball' => 'awesome',
+                     'xey' => 'value',
+                   }, @m.to_post_args)
+    end
+
+    def test_to_args
+      @m.del_arg(BARE_NS, 'xey')
+      assert_equal({'mode' => 'error',
+                   'error' => 'unit test',
+                   'ns' => OPENID2_NS},
+                   @m.to_args)
+    end
+
+    def test_to_kvform
+      @m.del_arg(BARE_NS, 'xey')
+      assert_equal("error:unit test\nmode:error\nns:#{OPENID2_NS}\n",
+                   @m.to_kvform)
+    end
+
+    def _test_urlencoded(s)
+      expected_list = ["openid.error=unit+test",
+                       "openid.mode=error",
+                       "openid.ns=#{CGI.escape(OPENID2_NS)}",
+                       "xey=value"]
+      # Hard to do this with string comparison since the mapping doesn't
+      # preserve order.
+      encoded_list = s.split('&')
+      encoded_list.sort!
+      assert_equal(expected_list, encoded_list)
+    end
+
+    def test_to_urlencoded
+      _test_urlencoded(@m.to_url_encoded)
+    end
+
+    def test_to_url
+      base_url = 'http://base.url/'
+      actual = @m.to_url(base_url)
+      actual_base = actual[0...base_url.length]
+      assert_equal(base_url, actual_base)
+      assert_equal('?', actual[base_url.length].chr)
+      query = actual[base_url.length+1..-1]
+      _test_urlencoded(query)
+    end
+
+    def test_get_openid
+      assert_equal(OPENID2_NS, @m.get_openid_namespace)
+    end
+
+    def test_get_key_openid
+      assert_equal('openid.mode', @m.get_key(OPENID2_NS, 'mode'))
+    end
+
+    def test_get_key_bare
+      assert_equal('mode', @m.get_key(BARE_NS, 'mode'))
+    end
+
+    def test_get_key_ns1
+      assert_equal(nil, @m.get_key(OPENID1_NS, 'mode'))
+    end
+
+    def test_get_key_ns2
+      assert_equal('openid.mode', @m.get_key(OPENID2_NS, 'mode'))
+    end
+
+    def test_get_key_ns3
+      assert_equal(nil, @m.get_key('urn:xxx', 'mode'))
+    end
+
+    def test_has_key_openid
+      assert_equal(true, @m.has_key?(OPENID_NS,'mode'))
+    end
+
+    def test_has_key_bare
+      assert_equal(false, @m.has_key?(BARE_NS,'mode'))
+    end
+
+    def test_has_key_ns1
+      assert_equal(false, @m.has_key?(OPENID1_NS,'mode'))
+    end
+
+    def test_has_key_ns2
+      assert_equal(true, @m.has_key?(OPENID2_NS,'mode'))
+    end
+
+    def test_has_key_ns3
+      assert_equal(false, @m.has_key?('urn:xxx','mode'))
+    end
+
+    # XXX - getArgTest
+    def test_get_arg_openid
+      assert_equal('error', @m.get_arg(OPENID_NS,'mode'))
+    end
+
+    def test_get_arg_bare
+      assert_equal(nil, @m.get_arg(BARE_NS,'mode'))
+    end
+
+    def test_get_arg_ns1
+      assert_equal(nil, @m.get_arg(OPENID1_NS,'mode'))
+    end
+
+    def test_get_arg_ns2
+      assert_equal('error', @m.get_arg(OPENID2_NS,'mode'))
+    end
+
+    def test_get_arg_ns3
+      assert_equal(nil, @m.get_arg('urn:bananastand','mode'))
+    end
+
+    def test_get_args_openid
+      assert_equal({'mode'=>'error','error'=>'unit test'},
+                   @m.get_args(OPENID_NS))
+    end
+
+    def test_get_args_bare
+      assert_equal({'xey'=>'value'},
+                   @m.get_args(BARE_NS))
+    end
+
+    def test_get_args_ns1
+      assert_equal({},
+                   @m.get_args(OPENID1_NS))
+    end
+
+    def test_get_args_ns2
+      assert_equal({'mode'=>'error','error'=>'unit test'},
+                   @m.get_args(OPENID2_NS))
+    end
+
+    def test_get_args_ns3
+      assert_equal({},
+                   @m.get_args('urn:loose seal'))
+    end
+
+    def _test_update_args_ns(ns, before=nil)
+      before = {} unless before
+      update_args = {'aa'=>'bb','cc'=>'dd'}
+
+      assert_equal(before, @m.get_args(ns))
+      @m.update_args(ns, update_args)
+      after = before.dup
+      after.update(update_args)
+      assert_equal(after, @m.get_args(ns))
+    end
+
+    def test_update_args_openid
+      _test_update_args_ns(OPENID_NS, {'mode'=>'error','error'=>'unit test'})
+    end
+
+    def test_update_args_bare
+      _test_update_args_ns(BARE_NS, {'xey'=>'value'})
+    end
+
+    def test_update_args_ns1
+      _test_update_args_ns(OPENID1_NS)
+    end
+
+    def test_update_args_ns2
+      _test_update_args_ns(OPENID2_NS, {'mode'=>'error','error'=>'unit test'})
+    end
+
+    def test_update_args_ns3
+      _test_update_args_ns('urn:sven')
+    end
+
+    def _test_set_arg_ns(ns)
+      key = "logan's"
+      value = "run"
+      assert_equal(nil, @m.get_arg(ns,key))
+      @m.set_arg(ns, key, value)
+      assert_equal(value, @m.get_arg(ns,key))
+    end
+
+    def test_set_arg_openid; _test_set_arg_ns(OPENID_NS); end
+    def test_set_arg_bare; _test_set_arg_ns(BARE_NS); end
+    def test_set_arg_ns1; _test_set_arg_ns(OPENID1_NS); end
+    def test_set_arg_ns2; _test_set_arg_ns(OPENID2_NS); end
+    def test_set_arg_ns3; _test_set_arg_ns('urn:g'); end
+
+    def test_bad_alias
+      # Make sure dotted aliases and OpenID protocol fields are not allowed
+      # as namespace aliases.
+
+      fields = OPENID_PROTOCOL_FIELDS + ['dotted.alias']
+
+      fields.each { |f|
+        args = {"openid.ns.#{f}" => "blah#{f}",
+          "openid.#{f}.foo" => "test#{f}"}
+
+        # .fromPostArgs covers .fromPostArgs, .fromOpenIDArgs,
+        # ._fromOpenIDArgs, and .fromOpenIDArgs (since it calls
+        # .fromPostArgs).
+        assert_raise(AssertionError) {
+          Message.from_post_args(args)
+        }
+      }
+    end
+
+    def test_from_post_args
+      msg = Message.from_post_args({'foos' => 'ball'})
+      assert_equal('ball', msg.get_arg(BARE_NS, 'foos'))
+    end
+
+    def _test_del_arg_ns(ns)
+      key = 'no'
+      value = 'socks'
+      assert_equal(nil, @m.get_arg(ns, key))
+      @m.set_arg(ns, key, value)
+      assert_equal(value, @m.get_arg(ns, key))
+      @m.del_arg(ns, key)
+      assert_equal(nil, @m.get_arg(ns, key))
+    end
+
+    def test_del_arg_openid; _test_del_arg_ns(OPENID_NS); end
+    def test_del_arg_bare; _test_del_arg_ns(BARE_NS); end
+    def test_del_arg_ns1; _test_del_arg_ns(OPENID1_NS); end
+    def test_del_arg_ns2; _test_del_arg_ns(OPENID2_NS); end
+    def test_del_arg_ns3; _test_del_arg_ns('urn:tofu'); end
+
+    def test_overwrite_extension_arg
+      ns = 'urn:unittest_extension'
+      key = 'mykey'
+      value_1 = 'value_1'
+      value_2 = 'value_2'
+
+      @m.set_arg(ns, key, value_1)
+      assert_equal(value_1, @m.get_arg(ns, key))
+      @m.set_arg(ns, key, value_2)
+      assert_equal(value_2, @m.get_arg(ns, key))
+    end
+
+    def test_argList
+      assert_raise(ArgumentError) {
+        Message.from_post_args({'arg' => [1, 2, 3]})
+      }
+    end
+
+    def test_isOpenID1
+      assert_equal(false, @m.is_openid1)
+    end
+
+    def test_isOpenID2
+      assert_equal(true, @m.is_openid2)
+    end
+  end
+
+  class MessageTest < Test::Unit::TestCase
+    def setup
+      @postargs = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => 'http://bogus.example.invalid:port/',
+        'openid.assoc_handle' => 'FLUB',
+        'openid.return_to' => 'Neverland',
+      }
+
+      @action_url = 'scheme://host:port/path?query'
+
+      @form_tag_attrs = {
+        'company' => 'janrain',
+        'class' => 'fancyCSS',
+      }
+
+      @submit_text = 'GO!'
+
+      ### Expected data regardless of input
+
+      @required_form_attrs = {
+        'accept-charset' => 'UTF-8',
+        'enctype' => 'application/x-www-form-urlencoded',
+        'method' => 'post',
+      }
+    end
+
+    def _checkForm(html, message_, action_url,
+                   form_tag_attrs, submit_text)
+      @xml = REXML::Document.new(html)
+
+      # Get root element
+      form = @xml.root
+
+      # Check required form attributes
+      @required_form_attrs.each { |k, v|
+        assert(form.attributes[k] == v,
+               "Expected '#{v}' for required form attribute '#{k}', got '#{form.attributes[k]}'")
+      }
+
+      # Check extra form attributes
+      @form_tag_attrs.each { |k, v|
+        # Skip attributes that already passed the required attribute
+        # check, since they should be ignored by the form generation
+        # code.
+        if @required_form_attrs.include?(k)
+          continue
+        end
+
+        assert(form.attributes[k] == v,
+               "Form attribute '#{k}' should be '#{v}', found '#{form.attributes[k]}'")
+
+        # Check hidden fields against post args
+        hiddens = []
+        form.each { |e|
+          if (e.is_a?(REXML::Element)) and
+              (e.name.upcase() == 'INPUT') and
+              (e.attributes['type'].upcase() == 'HIDDEN')
+            # For each post arg, make sure there is a hidden with that
+            # value.  Make sure there are no other hiddens.
+            hiddens += [e]
+          end
+        }
+
+        message_.to_post_args().each { |name, value|
+          success = false
+
+          hiddens.each { |e|
+            if e.attributes['name'] == name
+              assert(e.attributes['value'] == value,
+                     "Expected value of hidden input '#{e.attributes['name']}' " +
+                     "to be '#{value}', got '#{e.attributes['value']}'")
+              success = true
+              break
+            end
+          }
+
+          if !success
+            flunk "Post arg '#{name}' not found in form"
+          end
+        }
+
+        hiddens.each { |e|
+          assert(message_.to_post_args().keys().include?(e.attributes['name']),
+                 "Form element for '#{e.attributes['name']}' not in " +
+                 "original message")
+        }
+
+        # Check action URL
+        assert(form.attributes['action'] == action_url,
+               "Expected form 'action' to be '#{action_url}', got '#{form.attributes['action']}'")
+
+        # Check submit text
+        submits = []
+        form.each { |e|
+          if (e.is_a?(REXML::Element)) and
+              (e.name.upcase() == 'INPUT') and
+              e.attributes['type'].upcase() == 'SUBMIT'
+            submits += [e]
+          end
+        }
+
+        assert(submits.length == 1,
+               "Expected only one 'input' with type = 'submit', got #{submits.length}")
+
+        assert(submits[0].attributes['value'] == submit_text,
+               "Expected submit value to be '#{submit_text}', " +
+               "got '#{submits[0].attributes['value']}'")
+      }
+
+    end
+
+    def test_toFormMarkup
+      m = Message.from_post_args(@postargs)
+      html = m.to_form_markup(@action_url, @form_tag_attrs,
+                              @submit_text)
+      _checkForm(html, m, @action_url,
+                 @form_tag_attrs, @submit_text)
+    end
+
+    def test_overrideMethod
+      # Be sure that caller cannot change form method to GET.
+      m = Message.from_post_args(@postargs)
+
+      tag_attrs = @form_tag_attrs.clone
+      tag_attrs['method'] = 'GET'
+
+      html = m.to_form_markup(@action_url, @form_tag_attrs,
+                              @submit_text)
+      _checkForm(html, m, @action_url,
+                 @form_tag_attrs, @submit_text)
+    end
+
+    def test_overrideRequired
+      # Be sure that caller CANNOT change the form charset for
+      # encoding type.
+      m = Message.from_post_args(@postargs)
+
+      tag_attrs = @form_tag_attrs.clone
+      tag_attrs['accept-charset'] = 'UCS4'
+      tag_attrs['enctype'] = 'invalid/x-broken'
+
+      html = m.to_form_markup(@action_url, tag_attrs,
+                              @submit_text)
+      _checkForm(html, m, @action_url,
+                 tag_attrs, @submit_text)
+    end
+  end
+
+  class NamespaceMapTestCase < Test::Unit::TestCase
+
+    def test_onealias
+      nsm = NamespaceMap.new
+      uri = 'http://example.com/foo'
+      _alias = 'foo'
+      nsm.add_alias(uri, _alias)
+      assert_equal(uri, nsm.get_namespace_uri(_alias))
+      assert_equal(_alias, nsm.get_alias(uri))
+    end
+
+
+    def test_iteration
+      nsm = NamespaceMap.new
+      uripat = "http://example.com/foo%i"
+      nsm.add(uripat % 0)
+
+      (1..23).each { |i|
+        assert_equal(false, nsm.member?(uripat % i))
+        nsm.add(uripat % i)
+      }
+      nsm.each { |uri, _alias|
+        assert_equal(uri[22..-1], _alias[3..-1])
+      }
+
+      nsm = NamespaceMap.new
+      alias_ = 'bogus'
+      uri = 'urn:bogus'
+
+      nsm.add_alias(uri, alias_)
+
+      assert_equal(nsm.aliases(), [alias_])
+      assert_equal(nsm.namespace_uris(), [uri])
+    end
+
+    def test_register_default_alias
+      invalid_ns = 'http://invalid/'
+      alias_ = 'invalid'
+      Message.register_namespace_alias(invalid_ns, alias_)
+      # Doing it again doesn't raise an exception
+      Message.register_namespace_alias(invalid_ns, alias_)
+
+      # Once it's registered, you can't register it again
+      assert_raises(NamespaceAliasRegistrationError) {
+        Message.register_namespace_alias(invalid_ns, 'another_alias')
+      }
+
+      # Once it's registered, you can't register another URL with that alias
+      assert_raises(NamespaceAliasRegistrationError) {
+        Message.register_namespace_alias('http://janrain.com/', alias_)
+      }
+
+      # It gets used automatically by the Message class:
+      msg = Message.from_openid_args({'invalid.stuff' => 'things'})
+      assert(msg.is_openid1)
+      assert_equal(alias_, msg.namespaces.get_alias(invalid_ns))
+      assert_equal(invalid_ns, msg.namespaces.get_namespace_uri(alias_))
+    end
+
+    def test_alias_defined_twice
+      nsm = NamespaceMap.new
+      uri = 'urn:bogus'
+
+      nsm.add_alias(uri, 'foos')
+      assert_raises(IndexError) {
+        nsm.add_alias(uri, 'ball')
+      }
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_nonce.rb b/vendor/gems/ruby-openid-2.1.4/test/test_nonce.rb
new file mode 100644
index 000000000..b8a1a054c
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_nonce.rb
@@ -0,0 +1,89 @@
+require 'test/unit'
+require 'openid/store/nonce'
+
+module OpenID
+  class NonceTestCase < Test::Unit::TestCase
+
+     NONCE_RE = /\A\d{4}-\d\d-\d\dT\d\d:\d\d:\d\dZ/
+
+    def test_mk_nonce
+      nonce = Nonce::mk_nonce
+      assert(nonce.match(NONCE_RE))
+      assert(nonce.size == 26)
+    end
+
+    def test_mk_nonce_time
+      nonce = Nonce::mk_nonce(0)
+      assert(nonce.match(NONCE_RE))
+      assert(nonce.size == 26)
+      assert(nonce.match(/^1970-01-01T00:00:00Z/))
+    end
+
+    def test_split
+      s = '1970-01-01T00:00:00Z'
+      expected_t = 0
+      expected_salt = ''
+      actual_t, actual_salt = Nonce::split_nonce(s)
+      assert_equal(expected_t, actual_t)
+      assert_equal(expected_salt, actual_salt)
+    end
+
+    def test_mk_split
+      t = 42
+      nonce_str = Nonce::mk_nonce(t)
+      assert(nonce_str.match(NONCE_RE))
+      at, salt = Nonce::split_nonce(nonce_str)
+      assert_equal(6, salt.size)
+      assert_equal(t, at)
+    end
+
+    def test_bad_split
+      cases = [
+        '',
+        '1970-01-01T00:00:00+1:00',
+        '1969-01-01T00:00:00Z',
+        '1970-00-01T00:00:00Z',
+        '1970.01-01T00:00:00Z',
+        'Thu Sep  7 13:29:31 PDT 2006',
+        'monkeys',
+        ]
+      cases.each{|c|
+        assert_raises(ArgumentError, c.inspect) { Nonce::split_nonce(c) }
+      }
+    end
+
+    def test_check_timestamp
+      cases = [
+        # exact, no allowed skew
+        ['1970-01-01T00:00:00Z', 0, 0, true],
+
+        # exact, large skew
+        ['1970-01-01T00:00:00Z', 1000, 0, true],
+
+        # no allowed skew, one second old
+        ['1970-01-01T00:00:00Z', 0, 1, false],
+
+        # many seconds old, outside of skew
+        ['1970-01-01T00:00:00Z', 10, 50, false],
+
+        # one second old, one second skew allowed
+        ['1970-01-01T00:00:00Z', 1, 1, true],
+
+        # One second in the future, one second skew allowed
+        ['1970-01-01T00:00:02Z', 1, 1, true],
+
+        # two seconds in the future, one second skew allowed
+        ['1970-01-01T00:00:02Z', 1, 0, false],
+
+        # malformed nonce string
+        ['monkeys', 0, 0, false],
+      ]
+      
+      cases.each{|c|
+        (nonce_str, allowed_skew, now, expected) = c
+        actual = Nonce::check_timestamp(nonce_str, allowed_skew, now)
+        assert_equal(expected, actual, c.inspect)
+      }
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_openid_yadis.rb b/vendor/gems/ruby-openid-2.1.4/test/test_openid_yadis.rb
new file mode 100644
index 000000000..fb8c71e6d
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_openid_yadis.rb
@@ -0,0 +1,178 @@
+
+require 'test/unit'
+require 'openid/consumer/discovery'
+require 'openid/yadis/services'
+
+module OpenID
+
+  XRDS_BOILERPLATE = <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+           xmlns="xri://$xrd*($v*2.0)"
+           xmlns:openid="http://openid.net/xmlns/1.0">
+    <XRD>
+%s
+    </XRD>
+</xrds:XRDS>
+EOF
+
+  def self.mkXRDS(services)
+    return sprintf(XRDS_BOILERPLATE, services)
+  end
+
+  def self.mkService(uris=nil, type_uris=nil, local_id=nil, dent="        ")
+    chunks = [dent, "<Service>\n"]
+    dent2 = dent + "    "
+    if type_uris
+      type_uris.each { |type_uri|
+        chunks += [dent2 + "<Type>", type_uri, "</Type>\n"]
+      }
+    end
+
+    if uris
+      uris.each { |uri|
+        if uri.is_a?(Array)
+          uri, prio = uri
+        else
+          prio = nil
+        end
+
+        chunks += [dent2, "<URI"]
+        if !prio.nil?
+          chunks += [" priority='", str(prio), "'"]
+        end
+        chunks += [">", uri, "</URI>\n"]
+      }
+    end
+
+    if local_id
+      chunks += [dent2, "<openid:Delegate>", local_id, "</openid:Delegate>\n"]
+    end
+
+    chunks += [dent, "</Service>\n"]
+
+    return chunks.join("")
+  end
+
+  # Different sets of server URLs for use in the URI tag
+  SERVER_URL_OPTIONS = [
+                        [], # This case should not generate an endpoint object
+                        ['http://server.url/'],
+                        ['https://server.url/'],
+                        ['https://server.url/', 'http://server.url/'],
+                        ['https://server.url/',
+                         'http://server.url/',
+                         'http://example.server.url/'],
+                       ]
+
+  # Used for generating test data
+  def OpenID.subsets(l)
+    subsets_list = [[]]
+    l.each { |x|
+      subsets_list += subsets_list.collect { |t| [x] + t }
+    }
+
+    return subsets_list
+  end
+
+  # A couple of example extension type URIs. These are not at all
+  # official, but are just here for testing.
+  EXT_TYPES = [
+               'http://janrain.com/extension/blah',
+               'http://openid.net/sreg/1.0',
+              ]
+
+  # Range of valid Delegate tag values for generating test data
+  LOCAL_ID_OPTIONS = [
+                      nil,
+                      'http://vanity.domain/',
+                      'https://somewhere/yadis/',
+                     ]
+
+  class OpenIDYadisTest
+    def initialize(uris, type_uris, local_id)
+      super()
+      @uris = uris
+      @type_uris = type_uris
+      @local_id = local_id
+
+      @yadis_url = 'http://unit.test/'
+
+      # Create an XRDS document to parse
+      services = OpenID.mkService(@uris,
+                                  @type_uris,
+                                  @local_id)
+      @xrds = OpenID.mkXRDS(services)
+    end
+
+    def runTest(testcase)
+      # Parse into endpoint objects that we will check
+      endpoints = Yadis.apply_filter(@yadis_url, @xrds, OpenIDServiceEndpoint)
+
+      # make sure there are the same number of endpoints as URIs. This
+      # assumes that the type_uris contains at least one OpenID type.
+      testcase.assert_equal(@uris.length, endpoints.length)
+
+      # So that we can check equality on the endpoint types
+      type_uris = @type_uris.dup
+      type_uris.sort!
+
+      seen_uris = []
+      endpoints.each { |endpoint|
+        seen_uris << endpoint.server_url
+
+        # All endpoints will have same yadis_url
+        testcase.assert_equal(@yadis_url, endpoint.claimed_id)
+
+        # and local_id
+        testcase.assert_equal(@local_id, endpoint.local_id)
+
+        # and types
+        actual_types = endpoint.type_uris.dup
+        actual_types.sort!
+        testcase.assert_equal(type_uris, actual_types, actual_types.inspect)
+      }
+
+      # So that they will compare equal, because we don't care what
+      # order they are in
+      seen_uris.sort!
+      uris = @uris.dup
+      uris.sort!
+
+      # Make sure we saw all URIs, and saw each one once
+      testcase.assert_equal(uris, seen_uris)
+    end
+  end
+
+  class OpenIDYadisTests < Test::Unit::TestCase
+    def test_openid_yadis
+      data = []
+
+      # All valid combinations of Type tags that should produce an
+      # OpenID endpoint
+      type_uri_options = []
+
+      OpenID.subsets([OPENID_1_0_TYPE, OPENID_1_1_TYPE]).each { |ts|
+        OpenID.subsets(EXT_TYPES).each { |exts|
+          if !ts.empty?
+            type_uri_options << exts + ts
+          end
+        }
+      }
+
+      # All combinations of valid URIs, Type URIs and Delegate tags
+      SERVER_URL_OPTIONS.each { |uris|
+        type_uri_options.each { |type_uris|
+          LOCAL_ID_OPTIONS.each { |local_id|
+            data << [uris, type_uris, local_id]
+          }
+        }
+      }
+
+      data.each { |args|
+        t = OpenIDYadisTest.new(*args)
+        t.runTest(self)
+      }
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_pape.rb b/vendor/gems/ruby-openid-2.1.4/test/test_pape.rb
new file mode 100644
index 000000000..bd8289c4f
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_pape.rb
@@ -0,0 +1,247 @@
+require 'openid/extensions/pape'
+require 'openid/message'
+require 'openid/server'
+require 'openid/consumer/responses'
+
+module OpenID
+  module PAPETest
+    class PapeRequestTestCase < Test::Unit::TestCase
+      def setup
+        @req = PAPE::Request.new
+      end
+
+      def test_construct
+        assert_equal([], @req.preferred_auth_policies)
+        assert_equal(nil, @req.max_auth_age)
+        assert_equal('pape', @req.ns_alias)
+
+        req2 = PAPE::Request.new([PAPE::AUTH_MULTI_FACTOR], 1000)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.preferred_auth_policies)
+        assert_equal(1000, req2.max_auth_age)
+      end
+
+      def test_add_policy_uri
+        assert_equal([], @req.preferred_auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies)
+      end
+
+      def test_get_extension_args
+        assert_equal({'preferred_auth_policies' => ''}, @req.get_extension_args)
+        @req.add_policy_uri('http://uri')
+        assert_equal({'preferred_auth_policies' => 'http://uri'}, @req.get_extension_args)
+        @req.add_policy_uri('http://zig')
+        assert_equal({'preferred_auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
+        @req.max_auth_age = 789
+        assert_equal({'preferred_auth_policies' => 'http://uri http://zig', 'max_auth_age' => '789'}, @req.get_extension_args)
+      end
+
+      def test_parse_extension_args
+        args = {'preferred_auth_policies' => 'http://foo http://bar',
+                'max_auth_age' => '9'}
+        @req.parse_extension_args(args)
+        assert_equal(9, @req.max_auth_age)
+        assert_equal(['http://foo','http://bar'], @req.preferred_auth_policies)
+      end
+
+      def test_parse_extension_args_empty
+        @req.parse_extension_args({})
+        assert_equal(nil, @req.max_auth_age)
+        assert_equal([], @req.preferred_auth_policies)
+      end
+
+      def test_from_openid_request
+        openid_req_msg = Message.from_openid_args({
+          'mode' => 'checkid_setup',
+          'ns' => OPENID2_NS,
+          'ns.pape' => PAPE::NS_URI,
+          'pape.preferred_auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
+          'pape.max_auth_age' => '5476'
+          })
+        oid_req = Server::OpenIDRequest.new
+        oid_req.message = openid_req_msg
+        req = PAPE::Request.from_openid_request(oid_req)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.preferred_auth_policies)
+        assert_equal(5476, req.max_auth_age)
+      end
+
+      def test_from_openid_request_no_pape
+        message = Message.new
+        openid_req = Server::OpenIDRequest.new
+        openid_req.message = message
+        pape_req = PAPE::Request.from_openid_request(openid_req)
+        assert(pape_req.nil?)
+      end
+
+      def test_preferred_types
+        @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
+        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
+        pt = @req.preferred_types([PAPE::AUTH_MULTI_FACTOR,
+                                   PAPE::AUTH_MULTI_FACTOR_PHYSICAL])
+        assert_equal([PAPE::AUTH_MULTI_FACTOR], pt)
+      end
+    end
+
+    class DummySuccessResponse
+      attr_accessor :message
+
+      def initialize(message, signed_stuff)
+        @message = message
+        @signed_stuff = signed_stuff
+      end
+
+      def get_signed_ns(ns_uri)
+        return @signed_stuff
+      end
+
+    end
+
+    class PapeResponseTestCase < Test::Unit::TestCase
+      def setup
+        @req = PAPE::Response.new
+      end
+
+      def test_construct
+        assert_equal([], @req.auth_policies)
+        assert_equal(nil, @req.auth_time)
+        assert_equal('pape', @req.ns_alias)
+        assert_equal(nil, @req.nist_auth_level)
+
+        req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR], "1983-11-05T12:30:24Z", 3)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.auth_policies)
+        assert_equal("1983-11-05T12:30:24Z", req2.auth_time)
+        assert_equal(3, req2.nist_auth_level)
+      end
+
+      def test_add_policy_uri
+        assert_equal([], @req.auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies)
+        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies)
+      end
+
+      def test_get_extension_args
+        assert_equal({'auth_policies' => 'none'}, @req.get_extension_args)
+        @req.add_policy_uri('http://uri')
+        assert_equal({'auth_policies' => 'http://uri'}, @req.get_extension_args)
+        @req.add_policy_uri('http://zig')
+        assert_equal({'auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
+        @req.auth_time =  "1983-11-05T12:30:24Z"
+        assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z"}, @req.get_extension_args)
+        @req.nist_auth_level = 3
+        assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z", 'nist_auth_level' => '3'}, @req.get_extension_args)
+      end
+
+      def test_get_extension_args_error_auth_age
+        @req.auth_time = "the beginning of time"
+        assert_raises(ArgumentError) { @req.get_extension_args }
+      end
+
+      def test_get_extension_args_error_nist_auth_level
+        @req.nist_auth_level = "high as a kite"
+        assert_raises(ArgumentError) { @req.get_extension_args }
+        @req.nist_auth_level = 5
+        assert_raises(ArgumentError) { @req.get_extension_args }
+        @req.nist_auth_level = -1
+        assert_raises(ArgumentError) { @req.get_extension_args }
+      end
+
+      def test_parse_extension_args
+        args = {'auth_policies' => 'http://foo http://bar',
+                'auth_time' => '1983-11-05T12:30:24Z'}
+        @req.parse_extension_args(args)
+        assert_equal('1983-11-05T12:30:24Z', @req.auth_time)
+        assert_equal(['http://foo','http://bar'], @req.auth_policies)
+      end
+
+      def test_parse_extension_args_empty
+        @req.parse_extension_args({})
+        assert_equal(nil, @req.auth_time)
+        assert_equal([], @req.auth_policies)
+      end
+      
+      def test_parse_extension_args_strict_bogus1
+        args = {'auth_policies' => 'http://foo http://bar',
+                'auth_time' => 'this one time'}
+        assert_raises(ArgumentError) { 
+          @req.parse_extension_args(args, true)
+        }
+      end
+
+      def test_parse_extension_args_strict_bogus2
+        args = {'auth_policies' => 'http://foo http://bar',
+                'auth_time' => '1983-11-05T12:30:24Z',
+                'nist_auth_level' => 'some'}
+        assert_raises(ArgumentError) { 
+          @req.parse_extension_args(args, true)
+        }
+      end
+      
+      def test_parse_extension_args_strict_good
+        args = {'auth_policies' => 'http://foo http://bar',
+                'auth_time' => '2007-10-11T05:25:18Z',
+                'nist_auth_level' => '0'}
+        @req.parse_extension_args(args, true)
+        assert_equal(['http://foo','http://bar'], @req.auth_policies)
+        assert_equal('2007-10-11T05:25:18Z', @req.auth_time)
+        assert_equal(0, @req.nist_auth_level)
+      end
+
+      def test_parse_extension_args_nostrict_bogus
+        args = {'auth_policies' => 'http://foo http://bar',
+                'auth_time' => 'some time ago',
+                'nist_auth_level' => 'some'}
+        @req.parse_extension_args(args)
+        assert_equal(['http://foo','http://bar'], @req.auth_policies)
+        assert_equal(nil, @req.auth_time)
+        assert_equal(nil, @req.nist_auth_level)
+      end
+
+      
+      def test_from_success_response
+        
+        openid_req_msg = Message.from_openid_args({
+          'mode' => 'id_res',
+          'ns' => OPENID2_NS,
+          'ns.pape' => PAPE::NS_URI,
+          'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
+          'pape.auth_time' => '1983-11-05T12:30:24Z'
+          })
+        signed_stuff = {
+          'auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
+          'auth_time' => '1983-11-05T12:30:24Z'
+        }
+        oid_req = DummySuccessResponse.new(openid_req_msg, signed_stuff)
+        req = PAPE::Response.from_success_response(oid_req)
+        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.auth_policies)
+        assert_equal('1983-11-05T12:30:24Z', req.auth_time)
+      end
+
+      def test_from_success_response_unsigned
+        openid_req_msg = Message.from_openid_args({
+          'mode' => 'id_res',
+          'ns' => OPENID2_NS,
+          'ns.pape' => PAPE::NS_URI,
+          'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
+          'pape.auth_time' => '1983-11-05T12:30:24Z'
+          })
+        signed_stuff = {}
+        endpoint = OpenIDServiceEndpoint.new
+        oid_req = Consumer::SuccessResponse.new(endpoint, openid_req_msg, signed_stuff)
+        req = PAPE::Response.from_success_response(oid_req)
+        assert(req.nil?, req.inspect)
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_parsehtml.rb b/vendor/gems/ruby-openid-2.1.4/test/test_parsehtml.rb
new file mode 100644
index 000000000..49542a6a6
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_parsehtml.rb
@@ -0,0 +1,80 @@
+require 'test/unit'
+require "openid/yadis/parsehtml"
+require "testutil"
+
+module OpenID
+  class ParseHTMLTestCase < Test::Unit::TestCase
+    include OpenID::TestDataMixin
+
+    def test_parsehtml
+      reserved_values = ['None', 'EOF']
+      chunks = read_data_file('test1-parsehtml.txt', false).split("\f\n")
+      test_num = 1
+
+      chunks.each{|c|
+        expected, html = c.split("\n", 2)
+        found = Yadis::html_yadis_location(html)
+
+        assert(!reserved_values.member?(found))
+
+        # this case is a little hard to detect and the distinction
+        # seems unimportant
+        expected = "None" if expected == "EOF"
+
+        found = "None" if found.nil?
+        assert_equal(expected, found, html.split("\n",2)[0])
+      }
+    end
+  end
+
+  # the HTML tokenizer test
+  class TC_TestHTMLTokenizer < Test::Unit::TestCase
+    def test_bad_link
+      toke = HTMLTokenizer.new("<p><a href=http://bad.com/link>foo</a></p>")
+      assert("http://bad.com/link" == toke.getTag("a").attr_hash['href'])
+    end
+
+    def test_namespace
+      toke = HTMLTokenizer.new("<f:table xmlns:f=\"http://www.com/foo\">")
+      assert("http://www.com/foo" == toke.getTag("f:table").attr_hash['xmlns:f'])
+    end
+
+    def test_comment
+      toke = HTMLTokenizer.new("<!-- comment on me -->")
+      t = toke.getNextToken
+      assert(HTMLComment == t.class)
+      assert("comment on me" == t.contents)
+    end
+
+    def test_full
+      page = "<HTML>
+<HEAD>
+<TITLE>This is the title</TITLE>
+</HEAD>
+<!-- Here comes the <a href=\"missing.link\">blah</a>
+comment body
+-->
+<BODY>
+<H1>This is the header</H1>
+<P>
+  This is the paragraph, it contains
+  <a href=\"link.html\">links</a>,
+  <img src=\"blah.gif\" optional alt='images
+are
+really cool'>.  Ok, here is some more text and
+  <A href=\"http://another.link.com/\" target=\"_blank\">another link</A>.
+</P>
+</body>
+</HTML>
+"
+      toke = HTMLTokenizer.new(page)
+
+      assert("<h1>" == toke.getTag("h1", "h2", "h3").to_s.downcase)
+      assert(HTMLTag.new("<a href=\"link.html\">") == toke.getTag("IMG", "A"))
+      assert("links" == toke.getTrimmedText)
+      assert(toke.getTag("IMG", "A").attr_hash['optional'])
+      assert("_blank" == toke.getTag("IMG", "A").attr_hash['target'])
+    end
+  end
+end
+
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_responses.rb b/vendor/gems/ruby-openid-2.1.4/test/test_responses.rb
new file mode 100644
index 000000000..61a0e4c19
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_responses.rb
@@ -0,0 +1,63 @@
+require "test/unit"
+require "openid/consumer/discovery"
+require "openid/consumer/responses"
+
+module OpenID
+  class Consumer
+    module TestResponses
+      class TestSuccessResponse < Test::Unit::TestCase
+        def setup
+          @endpoint = OpenIDServiceEndpoint.new
+          @endpoint.claimed_id = 'identity_url'
+        end
+
+        def test_extension_response
+          q = {
+            'ns.sreg' => 'urn:sreg',
+            'ns.unittest' => 'urn:unittest',
+            'unittest.one' => '1',
+            'unittest.two' => '2',
+            'sreg.nickname' => 'j3h',
+            'return_to' => 'return_to',
+          }
+          signed_list = q.keys.map { |k| 'openid.' + k }
+          msg = Message.from_openid_args(q)
+          resp = SuccessResponse.new(@endpoint, msg, signed_list)
+          utargs = resp.extension_response('urn:unittest', false)
+          assert_equal(utargs, {'one' => '1', 'two' => '2'})
+          sregargs = resp.extension_response('urn:sreg', false)
+          assert_equal(sregargs, {'nickname' => 'j3h'})
+        end
+
+        def test_extension_response_signed
+          args = {
+            'ns.sreg' => 'urn:sreg',
+            'ns.unittest' => 'urn:unittest',
+            'unittest.one' => '1',
+            'unittest.two' => '2',
+            'sreg.nickname' => 'j3h',
+            'sreg.dob' => 'yesterday',
+            'return_to' => 'return_to',
+            'signed' => 'sreg.nickname,unittest.one,sreg.dob',
+          }
+
+          signed_list = ['openid.sreg.nickname',
+                         'openid.unittest.one',
+                         'openid.sreg.dob',]
+
+          msg = Message.from_openid_args(args)
+          resp = SuccessResponse.new(@endpoint, msg, signed_list)
+
+          # All args in this NS are signed, so expect all.
+          sregargs = resp.extension_response('urn:sreg', true)
+          assert_equal(sregargs, {'nickname' => 'j3h', 'dob' => 'yesterday'})
+
+          # Not all args in this NS are signed, so expect nil when
+          # asking for them.
+          utargs = resp.extension_response('urn:unittest', true)
+          assert_equal(nil, utargs)
+        end
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_server.rb b/vendor/gems/ruby-openid-2.1.4/test/test_server.rb
new file mode 100644
index 000000000..11d0f567d
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_server.rb
@@ -0,0 +1,2457 @@
+require 'openid/server'
+require 'openid/cryptutil'
+require 'openid/association'
+require 'openid/util'
+require 'openid/message'
+require 'openid/store/memory'
+require 'openid/dh'
+require 'openid/consumer/associationmanager'
+require 'util'
+require "testutil"
+
+require 'test/unit'
+require 'uri'
+
+# In general, if you edit or add tests here, try to move in the
+# direction of testing smaller units.  For testing the external
+# interfaces, we'll be developing an implementation-agnostic testing
+# suite.
+
+# for more, see /etc/ssh/moduli
+
+module OpenID
+
+  ALT_MODULUS = 0xCAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7AFFE86A7
+  ALT_GEN = 5
+
+  class CatchLogs
+    def catchlogs_setup
+      @old_logger = Util.logger
+      Util.logger = self.method('got_log_message')
+      @messages = []
+    end
+
+    def got_log_message(message)
+      @messages << message
+    end
+
+    def teardown
+      Util.logger = @old_logger
+    end
+  end
+
+  class TestProtocolError < Test::Unit::TestCase
+    def test_browserWithReturnTo
+      return_to = "http://rp.unittest/consumer"
+      # will be a ProtocolError raised by Decode or
+      # CheckIDRequest.answer
+      args = Message.from_post_args({
+                                      'openid.mode' => 'monkeydance',
+                                      'openid.identity' => 'http://wagu.unittest/',
+                                      'openid.return_to' => return_to,
+                                    })
+      e = Server::ProtocolError.new(args, "plucky")
+      assert(e.has_return_to)
+      expected_args = {
+        'openid.mode' => 'error',
+        'openid.error' => 'plucky',
+      }
+
+      rt_base, result_args = e.encode_to_url.split('?', 2)
+      result_args = Util.parse_query(result_args)
+      assert_equal(result_args, expected_args)
+    end
+
+    def test_browserWithReturnTo_OpenID2_GET
+      return_to = "http://rp.unittest/consumer"
+      # will be a ProtocolError raised by Decode or
+      # CheckIDRequest.answer
+      args = Message.from_post_args({
+                                      'openid.ns' => OPENID2_NS,
+                                      'openid.mode' => 'monkeydance',
+                                      'openid.identity' => 'http://wagu.unittest/',
+                                      'openid.claimed_id' => 'http://wagu.unittest/',
+                                      'openid.return_to' => return_to,
+                                    })
+      e = Server::ProtocolError.new(args, "plucky")
+      assert(e.has_return_to)
+      expected_args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'error',
+        'openid.error' => 'plucky',
+      }
+
+      rt_base, result_args = e.encode_to_url.split('?', 2)
+      result_args = Util.parse_query(result_args)
+      assert_equal(result_args, expected_args)
+    end
+
+    def test_browserWithReturnTo_OpenID2_POST
+      return_to = "http://rp.unittest/consumer" + ('x' * OPENID1_URL_LIMIT)
+      # will be a ProtocolError raised by Decode or
+      # CheckIDRequest.answer
+      args = Message.from_post_args({
+                                      'openid.ns' => OPENID2_NS,
+                                      'openid.mode' => 'monkeydance',
+                                      'openid.identity' => 'http://wagu.unittest/',
+                                      'openid.claimed_id' => 'http://wagu.unittest/',
+                                      'openid.return_to' => return_to,
+                                    })
+      e = Server::ProtocolError.new(args, "plucky")
+      assert(e.has_return_to)
+      expected_args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'error',
+        'openid.error' => 'plucky',
+      }
+
+      assert(e.which_encoding == Server::ENCODE_HTML_FORM)
+      assert(e.to_form_markup == e.to_message.to_form_markup(
+                                                             args.get_arg(OPENID_NS, 'return_to')))
+    end
+
+    def test_browserWithReturnTo_OpenID1_exceeds_limit
+      return_to = "http://rp.unittest/consumer" + ('x' * OPENID1_URL_LIMIT)
+      # will be a ProtocolError raised by Decode or
+      # CheckIDRequest.answer
+      args = Message.from_post_args({
+                                      'openid.mode' => 'monkeydance',
+                                      'openid.identity' => 'http://wagu.unittest/',
+                                      'openid.return_to' => return_to,
+                                    })
+      e = Server::ProtocolError.new(args, "plucky")
+      assert(e.has_return_to)
+      expected_args = {
+        'openid.mode' => 'error',
+        'openid.error' => 'plucky',
+      }
+
+      assert(e.which_encoding == Server::ENCODE_URL)
+
+      rt_base, result_args = e.encode_to_url.split('?', 2)
+      result_args = Util.parse_query(result_args)
+      assert_equal(result_args, expected_args)
+    end
+
+    def test_noReturnTo
+      # will be a ProtocolError raised by Decode or
+      # CheckIDRequest.answer
+      args = Message.from_post_args({
+                                      'openid.mode' => 'zebradance',
+                                      'openid.identity' => 'http://wagu.unittest/',
+                                    })
+      e = Server::ProtocolError.new(args, "waffles")
+      assert(!e.has_return_to)
+      expected = "error:waffles\nmode:error\n"
+      assert_equal(e.encode_to_kvform, expected)
+    end
+
+    def test_no_message
+      e = Server::ProtocolError.new(nil, "no message")
+      assert(e.get_return_to.nil?)
+      assert_equal(e.which_encoding, nil)
+    end
+
+    def test_which_encoding_no_message
+      e = Server::ProtocolError.new(nil, "no message")
+      assert(e.which_encoding.nil?)
+    end
+  end
+
+  class TestDecode < Test::Unit::TestCase
+    def setup
+      @claimed_id = 'http://de.legating.de.coder.unittest/'
+      @id_url = "http://decoder.am.unittest/"
+      @rt_url = "http://rp.unittest/foobot/?qux=zam"
+      @tr_url = "http://rp.unittest/"
+      @assoc_handle = "{assoc}{handle}"
+      @op_endpoint = 'http://endpoint.unittest/encode'
+      @store = Store::Memory.new()
+      @server = Server::Server.new(@store, @op_endpoint)
+      @decode = Server::Decoder.new(@server).method('decode')
+    end
+
+    def test_none
+      args = {}
+      r = @decode.call(args)
+      assert_equal(r, nil)
+    end
+
+    def test_irrelevant
+      args = {
+        'pony' => 'spotted',
+        'sreg.mutant_power' => 'decaffinator',
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_bad
+      args = {
+        'openid.mode' => 'twos-compliment',
+        'openid.pants' => 'zippered',
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_dictOfLists
+      args = {
+        'openid.mode' => ['checkid_setup'],
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.trust_root' => @tr_url,
+      }
+      begin
+        result = @decode.call(args)
+      rescue ArgumentError => err
+        assert(!err.to_s.index('values').nil?, err)
+      else
+        flunk("Expected ArgumentError, but got result #{result}")
+      end
+    end
+
+    def test_checkidImmediate
+      args = {
+        'openid.mode' => 'checkid_immediate',
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.trust_root' => @tr_url,
+        # should be ignored
+        'openid.some.extension' => 'junk',
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::CheckIDRequest))
+      assert_equal(r.mode, "checkid_immediate")
+      assert_equal(r.immediate, true)
+      assert_equal(r.identity, @id_url)
+      assert_equal(r.trust_root, @tr_url)
+      assert_equal(r.return_to, @rt_url)
+      assert_equal(r.assoc_handle, @assoc_handle)
+    end
+
+    def test_checkidImmediate_constructor
+      r = Server::CheckIDRequest.new(@id_url, @rt_url, nil,
+                                     @rt_url, true, @assoc_handle)
+      assert(r.mode == 'checkid_immediate')
+      assert(r.immediate)
+    end
+
+    def test_checkid_missing_return_to_and_trust_root
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.claimed_id' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+      }
+      assert_raise(Server::ProtocolError) {
+        m = Message.from_post_args(args)
+        Server::CheckIDRequest.from_message(m, @op_endpoint)
+      }
+    end
+
+    def test_checkid_id_select
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => IDENTIFIER_SELECT,
+        'openid.claimed_id' => IDENTIFIER_SELECT,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.realm' => @tr_url,
+      }
+      m = Message.from_post_args(args)
+      req = Server::CheckIDRequest.from_message(m, @op_endpoint)
+      assert(req.id_select)
+    end
+
+    def test_checkid_not_id_select
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.realm' => @tr_url,
+      }
+
+      id_args = [
+                 {'openid.claimed_id' => IDENTIFIER_SELECT,
+                   'openid.identity' => 'http://bogus.com/'},
+
+                 {'openid.claimed_id' => 'http://bogus.com/',
+                   'openid.identity' => 'http://bogus.com/'},
+                ]
+
+      id_args.each { |id|
+        m = Message.from_post_args(args.merge(id))
+        req = Server::CheckIDRequest.from_message(m, @op_endpoint)
+        assert(!req.id_select)
+      }
+    end
+
+    def test_checkidSetup
+      args = {
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.trust_root' => @tr_url,
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::CheckIDRequest))
+      assert_equal(r.mode, "checkid_setup")
+      assert_equal(r.immediate, false)
+      assert_equal(r.identity, @id_url)
+      assert_equal(r.trust_root, @tr_url)
+      assert_equal(r.return_to, @rt_url)
+    end
+
+    def test_checkidSetupOpenID2
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.claimed_id' => @claimed_id,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.realm' => @tr_url,
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::CheckIDRequest))
+      assert_equal(r.mode, "checkid_setup")
+      assert_equal(r.immediate, false)
+      assert_equal(r.identity, @id_url)
+      assert_equal(r.claimed_id, @claimed_id)
+      assert_equal(r.trust_root, @tr_url)
+      assert_equal(r.return_to, @rt_url)
+    end
+
+    def test_checkidSetupNoClaimedIDOpenID2
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.realm' => @tr_url,
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_checkidSetupNoIdentityOpenID2
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.realm' => @tr_url,
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::CheckIDRequest))
+      assert_equal(r.mode, "checkid_setup")
+      assert_equal(r.immediate, false)
+      assert_equal(r.identity, nil)
+      assert_equal(r.trust_root, @tr_url)
+      assert_equal(r.return_to, @rt_url)
+    end
+
+    def test_checkidSetupNoReturnOpenID1
+      # Make sure an OpenID 1 request cannot be decoded if it lacks a
+      # return_to.
+      args = {
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.trust_root' => @tr_url,
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_checkidSetupNoReturnOpenID2
+      # Make sure an OpenID 2 request with no return_to can be decoded,
+      # and make sure a response to such a request raises
+      # NoReturnToError.
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.claimed_id' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.realm' => @tr_url,
+      }
+
+      req = @decode.call(args)
+      assert(req.is_a?(Server::CheckIDRequest))
+
+      assert_raise(Server::NoReturnToError) {
+        req.answer(false)
+      }
+
+      assert_raise(Server::NoReturnToError) {
+        req.encode_to_url('bogus')
+      }
+
+      assert_raise(Server::NoReturnToError) {
+        req.cancel_url
+      }
+    end
+
+    def test_checkidSetupRealmRequiredOpenID2
+      # Make sure that an OpenID 2 request which lacks return_to cannot
+      # be decoded if it lacks a realm.  Spec => This value
+      # (openid.realm) MUST be sent if openid.return_to is omitted.
+      args = {
+        'openid.ns' => OPENID2_NS,
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_checkidSetupBadReturn
+      args = {
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => 'not a url',
+      }
+      begin
+        result = @decode.call(args)
+      rescue Server::ProtocolError => err
+        assert(err.openid_message)
+      else
+        flunk("Expected ProtocolError, instead returned with #{result}")
+      end
+    end
+
+    def test_checkidSetupUntrustedReturn
+      args = {
+        'openid.mode' => 'checkid_setup',
+        'openid.identity' => @id_url,
+        'openid.assoc_handle' => @assoc_handle,
+        'openid.return_to' => @rt_url,
+        'openid.trust_root' => 'http://not-the-return-place.unittest/',
+      }
+      begin
+        result = @decode.call(args)
+      rescue Server::UntrustedReturnURL => err
+        assert(err.openid_message, err.to_s)
+      else
+        flunk("Expected UntrustedReturnURL, instead returned with #{result}")
+      end
+    end
+
+    def test_checkidSetupUntrustedReturn_Constructor
+      assert_raise(Server::UntrustedReturnURL) {
+        Server::CheckIDRequest.new(@id_url, @rt_url, nil,
+                                   'http://not-the-return-place.unittest/',
+                                   false, @assoc_handle)
+      }
+    end
+
+    def test_checkidSetupMalformedReturnURL_Constructor
+      assert_raise(Server::MalformedReturnURL) {
+        Server::CheckIDRequest.new(@id_url, 'bogus://return.url', nil,
+                                   'http://trustroot.com/',
+                                   false, @assoc_handle)
+      }
+    end
+
+    def test_checkAuth
+      args = {
+        'openid.mode' => 'check_authentication',
+        'openid.assoc_handle' => '{dumb}{handle}',
+        'openid.sig' => 'sigblob',
+        'openid.signed' => 'identity,return_to,response_nonce,mode',
+        'openid.identity' => 'signedval1',
+        'openid.return_to' => 'signedval2',
+        'openid.response_nonce' => 'signedval3',
+        'openid.baz' => 'unsigned',
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::CheckAuthRequest))
+      assert_equal(r.mode, 'check_authentication')
+      assert_equal(r.sig, 'sigblob')
+    end
+
+    def test_checkAuthMissingSignature
+      args = {
+        'openid.mode' => 'check_authentication',
+        'openid.assoc_handle' => '{dumb}{handle}',
+        'openid.signed' => 'foo,bar,mode',
+        'openid.foo' => 'signedval1',
+        'openid.bar' => 'signedval2',
+        'openid.baz' => 'unsigned',
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_checkAuthAndInvalidate
+      args = {
+        'openid.mode' => 'check_authentication',
+        'openid.assoc_handle' => '{dumb}{handle}',
+        'openid.invalidate_handle' => '[[SMART_handle]]',
+        'openid.sig' => 'sigblob',
+        'openid.signed' => 'identity,return_to,response_nonce,mode',
+        'openid.identity' => 'signedval1',
+        'openid.return_to' => 'signedval2',
+        'openid.response_nonce' => 'signedval3',
+        'openid.baz' => 'unsigned',
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::CheckAuthRequest))
+      assert_equal(r.invalidate_handle, '[[SMART_handle]]')
+    end
+
+    def test_associateDH
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'DH-SHA1',
+        'openid.dh_consumer_public' => "Rzup9265tw==",
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::AssociateRequest))
+      assert_equal(r.mode, "associate")
+      assert_equal(r.session.session_type, "DH-SHA1")
+      assert_equal(r.assoc_type, "HMAC-SHA1")
+      assert(r.session.consumer_pubkey)
+    end
+
+    def test_associateDHMissingKey
+      # Trying DH assoc w/o public key
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'DH-SHA1',
+      }
+      # Using DH-SHA1 without supplying dh_consumer_public is an error.
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_associateDHpubKeyNotB64
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'DH-SHA1',
+        'openid.dh_consumer_public' => "donkeydonkeydonkey",
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_associateDHModGen
+      # test dh with non-default but valid values for dh_modulus and
+      # dh_gen
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'DH-SHA1',
+        'openid.dh_consumer_public' => "Rzup9265tw==",
+        'openid.dh_modulus' => CryptUtil.num_to_base64(ALT_MODULUS),
+        'openid.dh_gen' => CryptUtil.num_to_base64(ALT_GEN) ,
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::AssociateRequest))
+      assert_equal(r.mode, "associate")
+      assert_equal(r.session.session_type, "DH-SHA1")
+      assert_equal(r.assoc_type, "HMAC-SHA1")
+      assert_equal(r.session.dh.modulus, ALT_MODULUS)
+      assert_equal(r.session.dh.generator, ALT_GEN)
+      assert(r.session.consumer_pubkey)
+    end
+
+    def test_associateDHCorruptModGen
+      # test dh with non-default but valid values for dh_modulus and
+      # dh_gen
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'DH-SHA1',
+        'openid.dh_consumer_public' => "Rzup9265tw==",
+        'openid.dh_modulus' => 'pizza',
+        'openid.dh_gen' => 'gnocchi',
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_associateDHMissingGen
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'DH-SHA1',
+        'openid.dh_consumer_public' => "Rzup9265tw==",
+        'openid.dh_modulus' => 'pizza',
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_associateDHMissingMod
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'DH-SHA1',
+        'openid.dh_consumer_public' => "Rzup9265tw==",
+        'openid.dh_gen' => 'pizza',
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    #     def test_associateDHInvalidModGen(self):
+    #         # test dh with properly encoded values that are not a valid
+    #         #   modulus/generator combination.
+    #         args = {
+    #             'openid.mode': 'associate',
+    #             'openid.session_type': 'DH-SHA1',
+    #             'openid.dh_consumer_public': "Rzup9265tw==",
+    #             'openid.dh_modulus': cryptutil.longToBase64(9),
+    #             'openid.dh_gen': cryptutil.longToBase64(27) ,
+    #             }
+    #         self.failUnlessRaises(server.ProtocolError, self.decode, args)
+    #     test_associateDHInvalidModGen.todo = "low-priority feature"
+
+    def test_associateWeirdSession
+      args = {
+        'openid.mode' => 'associate',
+        'openid.session_type' => 'FLCL6',
+        'openid.dh_consumer_public' => "YQ==\n",
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_associatePlain
+      args = {
+        'openid.mode' => 'associate',
+      }
+      r = @decode.call(args)
+      assert(r.is_a?(Server::AssociateRequest))
+      assert_equal(r.mode, "associate")
+      assert_equal(r.session.session_type, "no-encryption")
+      assert_equal(r.assoc_type, "HMAC-SHA1")
+    end
+
+    def test_nomode
+      args = {
+        'openid.session_type' => 'DH-SHA1',
+        'openid.dh_consumer_public' => "my public keeey",
+      }
+      assert_raise(Server::ProtocolError) {
+        @decode.call(args)
+      }
+    end
+
+    def test_invalidns
+      args = {'openid.ns' => 'Vegetables',
+              'openid.mode' => 'associate'}
+      begin
+        r = @decode.call(args)
+      rescue Server::ProtocolError => err
+        assert(err.openid_message)
+        assert(err.to_s.index('Vegetables'))
+      end
+    end
+  end
+
+  class BogusEncoder < Server::Encoder
+    def encode(response)
+      return "BOGUS"
+    end
+  end
+
+  class BogusDecoder < Server::Decoder
+    def decode(query)
+      return "BOGUS"
+    end
+  end
+
+  class TestEncode < Test::Unit::TestCase
+    def setup
+      @encoder = Server::Encoder.new
+      @encode = @encoder.method('encode')
+      @op_endpoint = 'http://endpoint.unittest/encode'
+      @store = Store::Memory.new
+      @server = Server::Server.new(@store, @op_endpoint)
+    end
+
+    def test_id_res_OpenID2_GET
+      # Check that when an OpenID 2 response does not exceed the OpenID
+      # 1 message size, a GET response (i.e., redirect) is issued.
+      request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false,
+                                   nil)
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'ns' => OPENID2_NS,
+                                                   'mode' => 'id_res',
+                                                   'identity' => request.identity,
+                                                   'claimed_id' => request.identity,
+                                                   'return_to' => request.return_to,
+                                                 })
+
+      assert(!response.render_as_form)
+      assert(response.which_encoding == Server::ENCODE_URL)
+      webresponse = @encode.call(response)
+      assert(webresponse.headers.member?('location'))
+    end
+
+    def test_id_res_OpenID2_POST
+      # Check that when an OpenID 2 response exceeds the OpenID 1
+      # message size, a POST response (i.e., an HTML form) is returned.
+      request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false,
+                                   nil)
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'ns' => OPENID2_NS,
+                                                   'mode' => 'id_res',
+                                                   'identity' => request.identity,
+                                                   'claimed_id' => request.identity,
+                                                   'return_to' => 'x' * OPENID1_URL_LIMIT,
+                                                 })
+
+      assert(response.render_as_form)
+      assert(response.encode_to_url.length > OPENID1_URL_LIMIT)
+      assert(response.which_encoding == Server::ENCODE_HTML_FORM)
+      webresponse = @encode.call(response)
+      assert_equal(webresponse.body, response.to_form_markup)
+    end
+
+    def test_to_form_markup
+       request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false,
+                                   nil)
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'ns' => OPENID2_NS,
+                                                   'mode' => 'id_res',
+                                                   'identity' => request.identity,
+                                                   'claimed_id' => request.identity,
+                                                   'return_to' => 'x' * OPENID1_URL_LIMIT,
+                                                 })
+      form_markup = response.to_form_markup({'foo'=>'bar'})
+      assert(/ foo="bar"/ =~ form_markup, form_markup)
+    end
+
+    def test_to_html
+       request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false,
+                                   nil)
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'ns' => OPENID2_NS,
+                                                   'mode' => 'id_res',
+                                                   'identity' => request.identity,
+                                                   'claimed_id' => request.identity,
+                                                   'return_to' => 'x' * OPENID1_URL_LIMIT,
+                                                 })
+      html = response.to_html
+      assert(html)
+    end
+
+    def test_id_res_OpenID1_exceeds_limit
+      # Check that when an OpenID 1 response exceeds the OpenID 1
+      # message size, a GET response is issued.  Technically, this
+      # shouldn't be permitted by the library, but this test is in place
+      # to preserve the status quo for OpenID 1.
+      request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false,
+                                   nil)
+      request.message = Message.new(OPENID1_NS)
+
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'mode' => 'id_res',
+                                                   'identity' => request.identity,
+                                                   'return_to' => 'x' * OPENID1_URL_LIMIT,
+                                                 })
+
+      assert(!response.render_as_form)
+      assert(response.encode_to_url.length > OPENID1_URL_LIMIT)
+      assert(response.which_encoding == Server::ENCODE_URL)
+      webresponse = @encode.call(response)
+      assert_equal(webresponse.headers['location'], response.encode_to_url)
+    end
+
+    def test_id_res
+      request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false, nil)
+      request.message = Message.new(OPENID1_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'mode' => 'id_res',
+                                                   'identity' => request.identity,
+                                                   'return_to' => request.return_to,
+                                                 })
+      webresponse = @encode.call(response)
+      assert_equal(webresponse.code, Server::HTTP_REDIRECT)
+      assert(webresponse.headers.member?('location'))
+
+      location = webresponse.headers['location']
+      assert(location.starts_with?(request.return_to),
+             sprintf("%s does not start with %s",
+                     location, request.return_to))
+      # argh.
+      q2 = Util.parse_query(URI::parse(location).query)
+      expected = response.fields.to_post_args
+      assert_equal(q2, expected)
+    end
+
+    def test_cancel
+      request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false, nil)
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'mode' => 'cancel',
+                                                 })
+      webresponse = @encode.call(response)
+      assert_equal(webresponse.code, Server::HTTP_REDIRECT)
+      assert(webresponse.headers.member?('location'))
+    end
+
+    def test_cancel_to_form
+      request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false, nil)
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'mode' => 'cancel',
+                                                 })
+      form = response.to_form_markup
+      assert(form.index(request.return_to))
+    end
+
+    def test_assocReply
+      msg = Message.new(OPENID2_NS)
+      msg.set_arg(OPENID2_NS, 'session_type', 'no-encryption')
+      request = Server::AssociateRequest.from_message(msg)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_post_args(
+                                               {'openid.assoc_handle' => "every-zig"})
+      webresponse = @encode.call(response)
+      body = "assoc_handle:every-zig\n"
+
+      assert_equal(webresponse.code, Server::HTTP_OK)
+      assert_equal(webresponse.headers, {})
+      assert_equal(webresponse.body, body)
+    end
+
+    def test_checkauthReply
+      request = Server::CheckAuthRequest.new('a_sock_monkey',
+                                     'siggggg',
+                                     [])
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'is_valid' => 'true',
+                                                   'invalidate_handle' => 'xXxX:xXXx'
+                                                 })
+      body = "invalidate_handle:xXxX:xXXx\nis_valid:true\n"
+
+      webresponse = @encode.call(response)
+      assert_equal(webresponse.code, Server::HTTP_OK)
+      assert_equal(webresponse.headers, {})
+      assert_equal(webresponse.body, body)
+    end
+
+    def test_unencodableError
+      args = Message.from_post_args({
+                                      'openid.identity' => 'http://limu.unittest/',
+                                    })
+      e = Server::ProtocolError.new(args, "wet paint")
+      assert_raise(Server::EncodingError) {
+        @encode.call(e)
+      }
+    end
+
+    def test_encodableError
+      args = Message.from_post_args({
+                                      'openid.mode' => 'associate',
+                                      'openid.identity' => 'http://limu.unittest/',
+                                    })
+      body="error:snoot\nmode:error\n"
+      webresponse = @encode.call(Server::ProtocolError.new(args, "snoot"))
+      assert_equal(webresponse.code, Server::HTTP_ERROR)
+      assert_equal(webresponse.headers, {})
+      assert_equal(webresponse.body, body)
+    end
+  end
+
+  class TestSigningEncode < Test::Unit::TestCase
+    def setup
+      @_dumb_key = Server::Signatory._dumb_key
+      @_normal_key = Server::Signatory._normal_key
+      @store = Store::Memory.new()
+      @server = Server::Server.new(@store, "http://signing.unittest/enc")
+      @request = Server::CheckIDRequest.new(
+                                    'http://bombom.unittest/',
+                                    'http://burr.unittest/999',
+                                    @server.op_endpoint,
+                                    'http://burr.unittest/',
+                                    false, nil)
+      @request.message = Message.new(OPENID2_NS)
+
+      @response = Server::OpenIDResponse.new(@request)
+      @response.fields = Message.from_openid_args({
+                                                    'mode' => 'id_res',
+                                                    'identity' => @request.identity,
+                                                    'return_to' => @request.return_to,
+                                                  })
+      @signatory = Server::Signatory.new(@store)
+      @encoder = Server::SigningEncoder.new(@signatory)
+      @encode = @encoder.method('encode')
+    end
+
+    def test_idres
+      assoc_handle = '{bicycle}{shed}'
+      @store.store_association(
+                               @_normal_key,
+                               Association.from_expires_in(60, assoc_handle,
+                                                           'sekrit', 'HMAC-SHA1'))
+      @request.assoc_handle = assoc_handle
+      webresponse = @encode.call(@response)
+      assert_equal(webresponse.code, Server::HTTP_REDIRECT)
+      assert(webresponse.headers.member?('location'))
+
+      location = webresponse.headers['location']
+      query = Util.parse_query(URI::parse(location).query)
+      assert(query.member?('openid.sig'))
+      assert(query.member?('openid.assoc_handle'))
+      assert(query.member?('openid.signed'))
+    end
+
+    def test_idresDumb
+      webresponse = @encode.call(@response)
+      assert_equal(webresponse.code, Server::HTTP_REDIRECT)
+      assert(webresponse.headers.has_key?('location'))
+
+      location = webresponse.headers['location']
+      query = Util.parse_query(URI::parse(location).query)
+      assert(query.member?('openid.sig'))
+      assert(query.member?('openid.assoc_handle'))
+      assert(query.member?('openid.signed'))
+    end
+
+    def test_forgotStore
+      @encoder.signatory = nil
+      assert_raise(ArgumentError) {
+        @encode.call(@response)
+      }
+    end
+
+    def test_cancel
+      request = Server::CheckIDRequest.new(
+                                   'http://bombom.unittest/',
+                                   'http://burr.unittest/999',
+                                   @server.op_endpoint,
+                                   'http://burr.unittest/',
+                                   false, nil)
+      request.message = Message.new(OPENID2_NS)
+      response = Server::OpenIDResponse.new(request)
+      response.fields.set_arg(OPENID_NS, 'mode', 'cancel')
+      webresponse = @encode.call(response)
+      assert_equal(webresponse.code, Server::HTTP_REDIRECT)
+      assert(webresponse.headers.has_key?('location'))
+      location = webresponse.headers['location']
+      query = Util.parse_query(URI::parse(location).query)
+      assert(!query.has_key?('openid.sig'), response.fields.to_post_args())
+    end
+
+    def test_assocReply
+      msg = Message.new(OPENID2_NS)
+      msg.set_arg(OPENID2_NS, 'session_type', 'no-encryption')
+      request = Server::AssociateRequest.from_message(msg)
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({'assoc_handle' => "every-zig"})
+      webresponse = @encode.call(response)
+      body = "assoc_handle:every-zig\n"
+      assert_equal(webresponse.code, Server::HTTP_OK)
+      assert_equal(webresponse.headers, {})
+      assert_equal(webresponse.body, body)
+    end
+
+    def test_alreadySigned
+      @response.fields.set_arg(OPENID_NS, 'sig', 'priorSig==')
+      assert_raise(Server::AlreadySigned) {
+        @encode.call(@response)
+      }
+    end
+  end
+
+  class TestCheckID < Test::Unit::TestCase
+    def setup
+      @op_endpoint = 'http://endpoint.unittest/'
+      @store = Store::Memory.new()
+      @server = Server::Server.new(@store, @op_endpoint)
+      @request = Server::CheckIDRequest.new(
+                                    'http://bambam.unittest/',
+                                    'http://bar.unittest/999',
+                                    @server.op_endpoint,
+                                    'http://bar.unittest/',
+                                    false)
+      @request.message = Message.new(OPENID2_NS)
+    end
+
+    def test_trustRootInvalid
+      @request.trust_root = "http://foo.unittest/17"
+      @request.return_to = "http://foo.unittest/39"
+      assert(!@request.trust_root_valid())
+    end
+
+    def test_trustRootInvalid_modified
+      @request.trust_root = "does://not.parse/"
+      @request.message = :sentinel
+      begin
+        result = @request.trust_root_valid
+      rescue Server::MalformedTrustRoot => why
+        assert_equal(:sentinel, why.openid_message)
+      else
+        flunk("Expected MalformedTrustRoot, got #{result.inspect}")
+      end
+    end
+
+    def test_trustRootvalid_absent_trust_root
+      @request.trust_root = nil
+      assert(@request.trust_root_valid())
+    end
+
+    def test_trustRootValid
+      @request.trust_root = "http://foo.unittest/"
+      @request.return_to = "http://foo.unittest/39"
+      assert(@request.trust_root_valid())
+    end
+
+    def test_trustRootValidNoReturnTo
+      request = Server::CheckIDRequest.new(
+                                   'http://bambam.unittest/',
+                                   nil,
+                                   @server.op_endpoint,
+                                   'http://bar.unittest/',
+                                   false)
+
+      assert(request.trust_root_valid())
+    end
+
+    def test_returnToVerified_callsVerify
+      # Make sure that verifyReturnTo is calling the trustroot
+      # function verifyReturnTo
+      # Ensure that exceptions are passed through
+      sentinel = Exception.new()
+
+      __req = @request
+      tc = self
+
+      vrfyExc = Proc.new { |trust_root, return_to|
+        tc.assert_equal(__req.trust_root, trust_root)
+        tc.assert_equal(__req.return_to, return_to)
+        raise sentinel
+      }
+
+      TrustRoot.extend(OverrideMethodMixin)
+
+      TrustRoot.with_method_overridden(:verify_return_to, vrfyExc) do
+        begin
+          @request.return_to_verified()
+          flunk("Expected sentinel to be raised, got success")
+        rescue Exception => e
+          assert(e.equal?(sentinel), [e, sentinel].inspect)
+        end
+      end
+
+      # Ensure that True and False are passed through unchanged
+      constVerify = Proc.new { |val|
+        verify = Proc.new { |trust_root, return_to|
+          tc.assert_equal(__req.trust_root, trust_root)
+          tc.assert_equal(__req.request.return_to, return_to)
+          return val
+        }
+
+        return verify
+      }
+
+      [true, false].each { |val|
+        verifier = constVerify.call(val)
+
+        TrustRoot.with_method_overridden(:verify_return_to, verifier) do
+          assert_equal(val, @request.return_to_verified())
+        end
+      }
+    end
+
+    def _expectAnswer(answer, identity=nil, claimed_id=nil)
+      expected_list = [
+                       ['mode', 'id_res'],
+                       ['return_to', @request.return_to],
+                       ['op_endpoint', @op_endpoint],
+                      ]
+      if identity
+        expected_list << ['identity', identity]
+        if claimed_id
+          expected_list << ['claimed_id', claimed_id]
+        else
+          expected_list << ['claimed_id', identity]
+        end
+      end
+
+      expected_list.each { |k, expected|
+        actual = answer.fields.get_arg(OPENID_NS, k)
+        assert_equal(expected, actual,
+                     sprintf("%s: expected %s, got %s",
+                             k, expected, actual))
+      }
+
+      assert(answer.fields.has_key?(OPENID_NS, 'response_nonce'))
+      assert(answer.fields.get_openid_namespace() == OPENID2_NS)
+
+      # One for nonce, one for ns
+      assert_equal(answer.fields.to_post_args.length,
+                   expected_list.length + 2,
+                   answer.fields.to_post_args.inspect)
+    end
+
+    def test_answerAllow
+      # Check the fields specified by "Positive Assertions"
+      #
+      # including mode=id_res, identity, claimed_id, op_endpoint,
+      # return_to
+      answer = @request.answer(true)
+      assert_equal(answer.request, @request)
+      _expectAnswer(answer, @request.identity)
+    end
+
+    def test_answerAllowDelegatedIdentity
+      @request.claimed_id = 'http://delegating.unittest/'
+      answer = @request.answer(true)
+      _expectAnswer(answer, @request.identity,
+                    @request.claimed_id)
+    end
+
+    def test_answerAllowWithoutIdentityReally
+      @request.identity = nil
+      answer = @request.answer(true)
+      assert_equal(answer.request, @request)
+      _expectAnswer(answer)
+    end
+
+    def test_answerAllowAnonymousFail
+      @request.identity = nil
+      # XXX - Check on this, I think this behavior is legal in OpenID
+      # 2.0?
+      assert_raise(ArgumentError) {
+        @request.answer(true, nil, "=V")
+      }
+    end
+
+    def test_answerAllowWithIdentity
+      @request.identity = IDENTIFIER_SELECT
+      selected_id = 'http://anon.unittest/9861'
+      answer = @request.answer(true, nil, selected_id)
+      _expectAnswer(answer, selected_id)
+    end
+
+    def test_answerAllowWithNoIdentity
+      @request.identity = IDENTIFIER_SELECT
+      selected_id = 'http://anon.unittest/9861'
+      assert_raise(ArgumentError) {
+        answer = @request.answer(true, nil, nil)
+      }
+    end
+
+    def test_immediate_openid1_no_identity
+      @request.message = Message.new(OPENID1_NS)
+      @request.immediate = true
+      @request.mode = 'checkid_immediate'
+      resp = @request.answer(false)
+      assert(resp.fields.get_arg(OPENID_NS, 'mode') == 'id_res')
+    end
+
+    def test_checkid_setup_openid1_no_identity
+      @request.message = Message.new(OPENID1_NS)
+      @request.immediate = false
+      @request.mode = 'checkid_setup'
+      resp = @request.answer(false)
+      assert(resp.fields.get_arg(OPENID_NS, 'mode') == 'cancel')
+    end
+
+    def test_immediate_openid1_no_server_url
+      @request.message = Message.new(OPENID1_NS)
+      @request.immediate = true
+      @request.mode = 'checkid_immediate'
+      @request.op_endpoint = nil
+
+      assert_raise(ArgumentError) {
+        resp = @request.answer(false)
+      }
+    end
+
+    def test_immediate_encode_to_url
+      @request.message = Message.new(OPENID1_NS)
+      @request.immediate = true
+      @request.mode = 'checkid_immediate'
+      @request.trust_root = "BOGUS"
+      @request.assoc_handle = "ASSOC"
+
+      server_url = "http://server.com/server"
+
+      url = @request.encode_to_url(server_url)
+      assert(url.starts_with?(server_url))
+
+      unused, query = url.split("?", 2)
+      args = Util.parse_query(query)
+
+      m = Message.from_post_args(args)
+      assert(m.get_arg(OPENID_NS, 'trust_root') == "BOGUS")
+      assert(m.get_arg(OPENID_NS, 'assoc_handle') == "ASSOC")
+      assert(m.get_arg(OPENID_NS, 'mode'), "checkid_immediate")
+      assert(m.get_arg(OPENID_NS, 'identity') == @request.identity)
+      assert(m.get_arg(OPENID_NS, 'claimed_id') == @request.claimed_id)
+      assert(m.get_arg(OPENID_NS, 'return_to') == @request.return_to)
+    end
+
+    def test_answerAllowWithDelegatedIdentityOpenID2
+      # Answer an IDENTIFIER_SELECT case with a delegated identifier.
+
+      # claimed_id delegates to selected_id here.
+      @request.identity = IDENTIFIER_SELECT
+      selected_id = 'http://anon.unittest/9861'
+      claimed_id = 'http://monkeyhat.unittest/'
+      answer = @request.answer(true, nil, selected_id, claimed_id)
+      _expectAnswer(answer, selected_id, claimed_id)
+    end
+
+    def test_answerAllowWithDelegatedIdentityOpenID1
+      # claimed_id parameter doesn't exist in OpenID 1.
+      @request.message = Message.new(OPENID1_NS)
+      # claimed_id delegates to selected_id here.
+      @request.identity = IDENTIFIER_SELECT
+      selected_id = 'http://anon.unittest/9861'
+      claimed_id = 'http://monkeyhat.unittest/'
+      assert_raise(Server::VersionError) {
+        @request.answer(true, nil, selected_id, claimed_id)
+      }
+    end
+
+    def test_answerAllowWithAnotherIdentity
+      # XXX - Check on this, I think this behavior is legal in OpenID
+      # 2.0?
+      assert_raise(ArgumentError){
+        @request.answer(true, nil, "http://pebbles.unittest/")
+      }
+    end
+
+    def test_answerAllowNoIdentityOpenID1
+      @request.message = Message.new(OPENID1_NS)
+      @request.identity = nil
+      assert_raise(ArgumentError) {
+        @request.answer(true, nil, nil)
+      }
+    end
+
+    def test_answerAllowForgotEndpoint
+      @request.op_endpoint = nil
+      assert_raise(RuntimeError) {
+        @request.answer(true)
+      }
+    end
+
+    def test_checkIDWithNoIdentityOpenID1
+      msg = Message.new(OPENID1_NS)
+      msg.set_arg(OPENID_NS, 'return_to', 'bogus')
+      msg.set_arg(OPENID_NS, 'trust_root', 'bogus')
+      msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+      msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
+
+      assert_raise(Server::ProtocolError) {
+        Server::CheckIDRequest.from_message(msg, @server)
+      }
+    end
+
+    def test_fromMessageClaimedIDWithoutIdentityOpenID2
+      msg = Message.new(OPENID2_NS)
+      msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+      msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
+      msg.set_arg(OPENID_NS, 'claimed_id', 'https://example.myopenid.com')
+
+      assert_raise(Server::ProtocolError) {
+        Server::CheckIDRequest.from_message(msg, @server)
+      }
+    end
+
+    def test_fromMessageIdentityWithoutClaimedIDOpenID2
+      msg = Message.new(OPENID2_NS)
+      msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+      msg.set_arg(OPENID_NS, 'return_to', 'http://invalid:8000/rt')
+      msg.set_arg(OPENID_NS, 'identity', 'https://example.myopenid.com')
+
+      assert_raise(Server::ProtocolError) {
+        Server::CheckIDRequest.from_message(msg, @server)
+      }
+    end
+
+    def test_fromMessageWithEmptyTrustRoot
+      return_to = 'http://some.url/foo?bar=baz'
+      msg = Message.from_post_args({
+              'openid.assoc_handle' => '{blah}{blah}{OZivdQ==}',
+              'openid.claimed_id' => 'http://delegated.invalid/',
+              'openid.identity' => 'http://op-local.example.com/',
+              'openid.mode' => 'checkid_setup',
+              'openid.ns' => 'http://openid.net/signon/1.0',
+              'openid.return_to' => return_to,
+              'openid.trust_root' => ''
+              });
+      result = Server::CheckIDRequest.from_message(msg, @server)
+      assert_equal(return_to, result.trust_root)
+    end
+
+    def test_trustRootOpenID1
+      # Ignore openid.realm in OpenID 1
+      msg = Message.new(OPENID1_NS)
+      msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+      msg.set_arg(OPENID_NS, 'trust_root', 'http://trustroot.com/')
+      msg.set_arg(OPENID_NS, 'realm', 'http://fake_trust_root/')
+      msg.set_arg(OPENID_NS, 'return_to', 'http://trustroot.com/foo')
+      msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
+      msg.set_arg(OPENID_NS, 'identity', 'george')
+
+      result = Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
+
+      assert(result.trust_root == 'http://trustroot.com/')
+    end
+
+    def test_trustRootOpenID2
+      # Ignore openid.trust_root in OpenID 2
+      msg = Message.new(OPENID2_NS)
+      msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+      msg.set_arg(OPENID_NS, 'realm', 'http://trustroot.com/')
+      msg.set_arg(OPENID_NS, 'trust_root', 'http://fake_trust_root/')
+      msg.set_arg(OPENID_NS, 'return_to', 'http://trustroot.com/foo')
+      msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
+      msg.set_arg(OPENID_NS, 'identity', 'george')
+      msg.set_arg(OPENID_NS, 'claimed_id', 'george')
+
+      result = Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
+
+      assert(result.trust_root == 'http://trustroot.com/')
+    end
+
+    def test_answerAllowNoTrustRoot
+      @request.trust_root = nil
+      answer = @request.answer(true)
+      assert_equal(answer.request, @request)
+      _expectAnswer(answer, @request.identity)
+    end
+
+    def test_answerImmediateDenyOpenID2
+      # Look for mode=setup_needed in checkid_immediate negative
+      # response in OpenID 2 case.
+      #
+      # See specification Responding to Authentication Requests /
+      # Negative Assertions / In Response to Immediate Requests.
+      @request.mode = 'checkid_immediate'
+      @request.immediate = true
+
+      server_url = "http://setup-url.unittest/"
+      # crappiting setup_url, you dirty my interface with your presence!
+      answer = @request.answer(false, server_url)
+      assert_equal(answer.request, @request)
+      assert_equal(answer.fields.to_post_args.length, 3, answer.fields)
+      assert_equal(answer.fields.get_openid_namespace, OPENID2_NS)
+      assert_equal(answer.fields.get_arg(OPENID_NS, 'mode'),
+                   'setup_needed')
+      # user_setup_url no longer required.
+    end
+
+    def test_answerImmediateDenyOpenID1
+      # Look for user_setup_url in checkid_immediate negative response
+      # in OpenID 1 case.
+      @request.message = Message.new(OPENID1_NS)
+      @request.mode = 'checkid_immediate'
+      @request.immediate = true
+      @request.claimed_id = 'http://claimed-id.test/'
+      server_url = "http://setup-url.unittest/"
+      # crappiting setup_url, you dirty my interface with your presence!
+      answer = @request.answer(false, server_url)
+      assert_equal(answer.request, @request)
+      assert_equal(2, answer.fields.to_post_args.length, answer.fields)
+      assert_equal(OPENID1_NS, answer.fields.get_openid_namespace)
+      assert_equal('id_res', answer.fields.get_arg(OPENID_NS, 'mode'))
+
+      usu = answer.fields.get_arg(OPENID_NS, 'user_setup_url', '')
+      assert(usu.starts_with?(server_url))
+      expected_substr = 'openid.claimed_id=http%3A%2F%2Fclaimed-id.test%2F'
+      assert(!usu.index(expected_substr).nil?, usu)
+    end
+
+    def test_answerSetupDeny
+      answer = @request.answer(false)
+      assert_equal(answer.fields.get_args(OPENID_NS), {
+                     'mode' => 'cancel',
+                   })
+    end
+
+    def test_encodeToURL
+      server_url = 'http://openid-server.unittest/'
+      result = @request.encode_to_url(server_url)
+
+      # How to check?  How about a round-trip test.
+      base, result_args = result.split('?', 2)
+      result_args = Util.parse_query(result_args)
+      message = Message.from_post_args(result_args)
+      rebuilt_request = Server::CheckIDRequest.from_message(message,
+                                                    @server.op_endpoint)
+
+      @request.message = message
+
+      @request.instance_variables.each { |var|
+        assert_equal(@request.instance_variable_get(var),
+                     rebuilt_request.instance_variable_get(var), var)
+      }
+    end
+
+    def test_getCancelURL
+      url = @request.cancel_url
+      rt, query_string = url.split('?', -1)
+      assert_equal(@request.return_to, rt)
+      query = Util.parse_query(query_string)
+      assert_equal(query, {'openid.mode' => 'cancel',
+                     'openid.ns' => OPENID2_NS})
+    end
+
+    def test_getCancelURLimmed
+      @request.mode = 'checkid_immediate'
+      @request.immediate = true
+      assert_raise(ArgumentError) {
+        @request.cancel_url
+      }
+    end
+
+    def test_fromMessageWithoutTrustRoot
+        msg = Message.new(OPENID2_NS)
+        msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+        msg.set_arg(OPENID_NS, 'return_to', 'http://real.trust.root/foo')
+        msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
+        msg.set_arg(OPENID_NS, 'identity', 'george')
+        msg.set_arg(OPENID_NS, 'claimed_id', 'george')
+
+        result = Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
+
+        assert_equal(result.trust_root, 'http://real.trust.root/foo')
+    end
+
+    def test_fromMessageWithoutTrustRootOrReturnTo
+        msg = Message.new(OPENID2_NS)
+        msg.set_arg(OPENID_NS, 'mode', 'checkid_setup')
+        msg.set_arg(OPENID_NS, 'assoc_handle', 'bogus')
+        msg.set_arg(OPENID_NS, 'identity', 'george')
+        msg.set_arg(OPENID_NS, 'claimed_id', 'george')
+
+        assert_raises(Server::ProtocolError) {
+          Server::CheckIDRequest.from_message(msg, @server.op_endpoint)
+        }
+    end
+  end
+
+  class TestCheckIDExtension < Test::Unit::TestCase
+
+    def setup
+      @op_endpoint = 'http://endpoint.unittest/ext'
+      @store = Store::Memory.new()
+      @server = Server::Server.new(@store, @op_endpoint)
+      @request = Server::CheckIDRequest.new(
+                                    'http://bambam.unittest/',
+                                    'http://bar.unittest/999',
+                                    @server.op_endpoint,
+                                    'http://bar.unittest/',
+                                    false)
+      @request.message = Message.new(OPENID2_NS)
+      @response = Server::OpenIDResponse.new(@request)
+      @response.fields.set_arg(OPENID_NS, 'mode', 'id_res')
+      @response.fields.set_arg(OPENID_NS, 'blue', 'star')
+    end
+
+    def test_addField
+      namespace = 'something:'
+      @response.fields.set_arg(namespace, 'bright', 'potato')
+      assert_equal(@response.fields.get_args(OPENID_NS),
+                   {'blue' => 'star',
+                     'mode' => 'id_res',
+                   })
+      
+      assert_equal(@response.fields.get_args(namespace),
+                   {'bright' => 'potato'})
+    end
+
+    def test_addFields
+      namespace = 'mi5:'
+      args =  {'tangy' => 'suspenders',
+        'bravo' => 'inclusion'}
+      @response.fields.update_args(namespace, args)
+      assert_equal(@response.fields.get_args(OPENID_NS),
+                   {'blue' => 'star',
+                     'mode' => 'id_res',
+                   })
+      assert_equal(@response.fields.get_args(namespace), args)
+    end
+  end
+
+  class MockSignatory
+    attr_accessor :isValid, :assocs
+
+    def initialize(assoc)
+      @isValid = true
+      @assocs = [assoc]
+    end
+
+    def verify(assoc_handle, message)
+      Util.assert(message.has_key?(OPENID_NS, "sig"))
+      if self.assocs.member?([true, assoc_handle])
+        return @isValid
+      else
+        return false
+      end
+    end
+
+    def get_association(assoc_handle, dumb)
+      if self.assocs.member?([dumb, assoc_handle])
+        # This isn't a valid implementation for many uses of this
+        # function, mind you.
+        return true
+      else
+        return nil
+      end
+    end
+
+    def invalidate(assoc_handle, dumb)
+      if self.assocs.member?([dumb, assoc_handle])
+        @assocs.delete([dumb, assoc_handle])
+      end
+    end
+  end
+
+  class TestCheckAuth < Test::Unit::TestCase
+    def setup
+      @assoc_handle = 'mooooooooo'
+      @message = Message.from_post_args({
+                                          'openid.sig' => 'signarture',
+                                          'one' => 'alpha',
+                                          'two' => 'beta',
+                                        })
+      @request = Server::CheckAuthRequest.new(
+                                      @assoc_handle, @message)
+      @request.message = Message.new(OPENID2_NS)
+
+      @signatory = MockSignatory.new([true, @assoc_handle])
+    end
+
+    def test_to_s
+      @request.to_s
+    end
+
+    def test_valid
+      r = @request.answer(@signatory)
+      assert_equal({'is_valid' => 'true'},
+                   r.fields.get_args(OPENID_NS))
+      assert_equal(r.request, @request)
+    end
+
+    def test_invalid
+      @signatory.isValid = false
+      r = @request.answer(@signatory)
+      assert_equal({'is_valid' => 'false'},
+                   r.fields.get_args(OPENID_NS))
+      
+    end
+
+    def test_replay
+      # Don't validate the same response twice.
+      #
+      # From "Checking the Nonce"::
+      #
+      #   When using "check_authentication", the OP MUST ensure that an
+      #   assertion has not yet been accepted with the same value for
+      #   "openid.response_nonce".
+      #
+      # In this implementation, the assoc_handle is only valid once.
+      # And nonces are a signed component of the message, so they can't
+      # be used with another handle without breaking the sig.
+      r = @request.answer(@signatory)
+      r = @request.answer(@signatory)
+      assert_equal({'is_valid' => 'false'},
+                   r.fields.get_args(OPENID_NS))
+    end
+
+    def test_invalidatehandle
+      @request.invalidate_handle = "bogusHandle"
+      r = @request.answer(@signatory)
+      assert_equal(r.fields.get_args(OPENID_NS),
+                   {'is_valid' => 'true',
+                     'invalidate_handle' => "bogusHandle"})
+      assert_equal(r.request, @request)
+    end
+
+    def test_invalidatehandleNo
+      assoc_handle = 'goodhandle'
+      @signatory.assocs << [false, 'goodhandle']
+      @request.invalidate_handle = assoc_handle
+      r = @request.answer(@signatory)
+      assert_equal(r.fields.get_args(OPENID_NS), {'is_valid' => 'true'})
+    end
+  end
+
+  class TestAssociate < Test::Unit::TestCase
+    # TODO: test DH with non-default values for modulus and gen.
+    # (important to do because we actually had it broken for a while.)
+
+    def setup
+      @request = Server::AssociateRequest.from_message(Message.from_post_args({}))
+      @store = Store::Memory.new()
+      @signatory = Server::Signatory.new(@store)
+    end
+
+    def test_dhSHA1
+      @assoc = @signatory.create_association(false, 'HMAC-SHA1')
+      consumer_dh = DiffieHellman.from_defaults()
+      cpub = consumer_dh.public
+      server_dh = DiffieHellman.from_defaults()
+      session = Server::DiffieHellmanSHA1ServerSession.new(server_dh, cpub)
+      @request = Server::AssociateRequest.new(session, 'HMAC-SHA1')
+      @request.message = Message.new(OPENID2_NS)
+      response = @request.answer(@assoc)
+      rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+      assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
+      assert_equal(rfg.call("assoc_handle"), @assoc.handle)
+      assert(!rfg.call("mac_key"))
+      assert_equal(rfg.call("session_type"), "DH-SHA1")
+      assert(rfg.call("enc_mac_key"))
+      assert(rfg.call("dh_server_public"))
+
+      enc_key = Util.from_base64(rfg.call("enc_mac_key"))
+      spub = CryptUtil.base64_to_num(rfg.call("dh_server_public"))
+      secret = consumer_dh.xor_secret(CryptUtil.method('sha1'),
+                                      spub, enc_key)
+      assert_equal(secret, @assoc.secret)
+    end
+
+    def test_dhSHA256
+      @assoc = @signatory.create_association(false, 'HMAC-SHA256')
+      consumer_dh = DiffieHellman.from_defaults()
+      cpub = consumer_dh.public
+      server_dh = DiffieHellman.from_defaults()
+      session = Server::DiffieHellmanSHA256ServerSession.new(server_dh, cpub)
+      @request = Server::AssociateRequest.new(session, 'HMAC-SHA256')
+      @request.message = Message.new(OPENID2_NS)
+      response = @request.answer(@assoc)
+      rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+      assert_equal(rfg.call("assoc_type"), "HMAC-SHA256")
+      assert_equal(rfg.call("assoc_handle"), @assoc.handle)
+      assert(!rfg.call("mac_key"))
+      assert_equal(rfg.call("session_type"), "DH-SHA256")
+      assert(rfg.call("enc_mac_key"))
+      assert(rfg.call("dh_server_public"))
+
+      enc_key = Util.from_base64(rfg.call("enc_mac_key"))
+      spub = CryptUtil.base64_to_num(rfg.call("dh_server_public"))
+      secret = consumer_dh.xor_secret(CryptUtil.method('sha256'),
+                                      spub, enc_key)
+      assert_equal(secret, @assoc.secret)
+    end
+
+    def test_protoError256
+      s256_session = Consumer::DiffieHellmanSHA256Session.new()
+
+      invalid_s256 = {'openid.assoc_type' => 'HMAC-SHA1',
+        'openid.session_type' => 'DH-SHA256',}
+      invalid_s256.merge!(s256_session.get_request())
+
+      invalid_s256_2 = {'openid.assoc_type' => 'MONKEY-PIRATE',
+        'openid.session_type' => 'DH-SHA256',}
+      invalid_s256_2.merge!(s256_session.get_request())
+
+      bad_request_argss = [
+                           invalid_s256,
+                           invalid_s256_2,
+                          ]
+
+      bad_request_argss.each { |request_args|
+        message = Message.from_post_args(request_args)
+        assert_raise(Server::ProtocolError) {
+          Server::AssociateRequest.from_message(message)
+        }
+      }
+    end
+
+    def test_protoError
+      s1_session = Consumer::DiffieHellmanSHA1Session.new()
+
+      invalid_s1 = {'openid.assoc_type' => 'HMAC-SHA256',
+        'openid.session_type' => 'DH-SHA1',}
+      invalid_s1.merge!(s1_session.get_request())
+
+      invalid_s1_2 = {'openid.assoc_type' => 'ROBOT-NINJA',
+        'openid.session_type' => 'DH-SHA1',}
+      invalid_s1_2.merge!(s1_session.get_request())
+
+      bad_request_argss = [
+                           {'openid.assoc_type' => 'Wha?'},
+                           invalid_s1,
+                           invalid_s1_2,
+                          ]
+            
+      bad_request_argss.each { |request_args|
+        message = Message.from_post_args(request_args)
+        assert_raise(Server::ProtocolError) {
+          Server::AssociateRequest.from_message(message)
+        }
+      }
+    end
+
+    def test_protoErrorFields
+
+      contact = 'user@example.invalid'
+      reference = 'Trac ticket number MAX_INT'
+      error = 'poltergeist'
+
+      openid1_args = {
+        'openid.identitiy' => 'invalid',
+        'openid.mode' => 'checkid_setup',
+      }
+
+      openid2_args = openid1_args.dup
+      openid2_args.merge!({'openid.ns' => OPENID2_NS})
+
+      # Check presence of optional fields in both protocol versions
+
+      openid1_msg = Message.from_post_args(openid1_args)
+      p = Server::ProtocolError.new(openid1_msg, error,
+                                    reference, contact)
+      reply = p.to_message()
+
+      assert_equal(reply.get_arg(OPENID_NS, 'reference'), reference)
+      assert_equal(reply.get_arg(OPENID_NS, 'contact'), contact)
+
+      openid2_msg = Message.from_post_args(openid2_args)
+      p = Server::ProtocolError.new(openid2_msg, error,
+                                    reference, contact)
+      reply = p.to_message()
+
+      assert_equal(reply.get_arg(OPENID_NS, 'reference'), reference)
+      assert_equal(reply.get_arg(OPENID_NS, 'contact'), contact)
+    end
+
+    def failUnlessExpiresInMatches(msg, expected_expires_in)
+      expires_in_str = msg.get_arg(OPENID_NS, 'expires_in', NO_DEFAULT)
+      expires_in = expires_in_str.to_i
+
+      # Slop is necessary because the tests can sometimes get run
+      # right on a second boundary
+      slop = 1 # second
+      difference = expected_expires_in - expires_in
+
+      error_message = sprintf('"expires_in" value not within %s of expected: ' +
+                              'expected=%s, actual=%s', slop, expected_expires_in,
+                              expires_in)
+      assert((0 <= difference and difference <= slop), error_message)
+    end
+
+    def test_plaintext
+      @assoc = @signatory.create_association(false, 'HMAC-SHA1')
+      response = @request.answer(@assoc)
+      rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+
+      assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
+      assert_equal(rfg.call("assoc_handle"), @assoc.handle)
+
+      failUnlessExpiresInMatches(response.fields,
+                                 @signatory.secret_lifetime)
+
+      assert_equal(
+                   rfg.call("mac_key"), Util.to_base64(@assoc.secret))
+      assert(!rfg.call("session_type"))
+      assert(!rfg.call("enc_mac_key"))
+      assert(!rfg.call("dh_server_public"))
+    end
+
+    def test_plaintext_v2
+        # The main difference between this and the v1 test is that
+        # session_type is always returned in v2.
+        args = {
+            'openid.ns' => OPENID2_NS,
+            'openid.mode' => 'associate',
+            'openid.assoc_type' => 'HMAC-SHA1',
+            'openid.session_type' => 'no-encryption',
+            }
+        @request = Server::AssociateRequest.from_message(
+          Message.from_post_args(args))
+
+        assert(!@request.message.is_openid1())
+
+        @assoc = @signatory.create_association(false, 'HMAC-SHA1')
+        response = @request.answer(@assoc)
+        rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+
+        assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
+        assert_equal(rfg.call("assoc_handle"), @assoc.handle)
+
+        failUnlessExpiresInMatches(
+            response.fields, @signatory.secret_lifetime)
+
+        assert_equal(
+            rfg.call("mac_key"), Util.to_base64(@assoc.secret))
+
+        assert_equal(rfg.call("session_type"), "no-encryption")
+        assert(!rfg.call("enc_mac_key"))
+        assert(!rfg.call("dh_server_public"))
+    end
+
+    def test_plaintext256
+      @assoc = @signatory.create_association(false, 'HMAC-SHA256')
+      response = @request.answer(@assoc)
+      rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+
+      assert_equal(rfg.call("assoc_type"), "HMAC-SHA1")
+      assert_equal(rfg.call("assoc_handle"), @assoc.handle)
+
+      failUnlessExpiresInMatches(
+                                 response.fields, @signatory.secret_lifetime)
+
+      assert_equal(
+                   rfg.call("mac_key"), Util.to_base64(@assoc.secret))
+      assert(!rfg.call("session_type"))
+      assert(!rfg.call("enc_mac_key"))
+      assert(!rfg.call("dh_server_public"))
+    end
+
+    def test_unsupportedPrefer
+      allowed_assoc = 'COLD-PET-RAT'
+      allowed_sess = 'FROG-BONES'
+      message = 'This is a unit test'
+
+      # Set an OpenID 2 message so answerUnsupported doesn't raise
+      # ProtocolError.
+      @request.message = Message.new(OPENID2_NS)
+
+      response = @request.answer_unsupported(message,
+                                             allowed_assoc,
+                                             allowed_sess)
+      rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+      assert_equal(rfg.call('error_code'), 'unsupported-type')
+      assert_equal(rfg.call('assoc_type'), allowed_assoc)
+      assert_equal(rfg.call('error'), message)
+      assert_equal(rfg.call('session_type'), allowed_sess)
+    end
+
+    def test_unsupported
+      message = 'This is a unit test'
+
+      # Set an OpenID 2 message so answerUnsupported doesn't raise
+      # ProtocolError.
+      @request.message = Message.new(OPENID2_NS)
+
+      response = @request.answer_unsupported(message)
+      rfg = lambda { |f| response.fields.get_arg(OPENID_NS, f) }
+      assert_equal(rfg.call('error_code'), 'unsupported-type')
+      assert_equal(rfg.call('assoc_type'), nil)
+      assert_equal(rfg.call('error'), message)
+      assert_equal(rfg.call('session_type'), nil)
+    end
+
+    def test_openid1_unsupported_explode
+      # answer_unsupported on an associate request should explode if
+      # the request was an OpenID 1 request.
+      m = Message.new(OPENID1_NS)
+
+      assert_raise(Server::ProtocolError) {
+        @request.answer_unsupported(m)
+      }
+    end
+  end
+
+  class Counter
+    def initialize
+      @count = 0
+    end
+
+    def inc
+      @count += 1
+    end
+  end
+
+  class UnhandledError < Exception
+  end
+
+  class TestServer < Test::Unit::TestCase
+    include TestUtil
+
+    def setup
+      @store = Store::Memory.new()
+      @server = Server::Server.new(@store, "http://server.unittest/endpt")
+      # catchlogs_setup()
+    end
+
+    def test_failed_dispatch
+      request = Server::OpenIDRequest.new()
+      request.mode = "monkeymode"
+      request.message = Message.new(OPENID1_NS)
+      assert_raise(RuntimeError) {
+        webresult = @server.handle_request(request)
+      }
+    end
+
+    def test_decode_request
+      @server.decoder = BogusDecoder.new(@server)
+      assert(@server.decode_request({}) == "BOGUS")
+    end
+
+    def test_encode_response
+      @server.encoder = BogusEncoder.new
+      assert(@server.encode_response(nil) == "BOGUS")
+    end
+
+    def test_dispatch
+      monkeycalled = Counter.new()
+
+      @server.extend(InstanceDefExtension)
+      @server.instance_def(:openid_monkeymode) do |request|
+        raise UnhandledError
+      end
+
+      request = Server::OpenIDRequest.new()
+      request.mode = "monkeymode"
+      request.message = Message.new(OPENID1_NS)
+      assert_raise(UnhandledError) {
+        webresult = @server.handle_request(request)
+      }
+    end
+
+    def test_associate
+      request = Server::AssociateRequest.from_message(Message.from_post_args({}))
+      response = @server.openid_associate(request)
+      assert(response.fields.has_key?(OPENID_NS, "assoc_handle"),
+             sprintf("No assoc_handle here: %s", response.fields.inspect))
+    end
+
+    def test_associate2
+      # Associate when the server has no allowed association types
+      #
+      # Gives back an error with error_code and no fallback session or
+      # assoc types.
+      @server.negotiator.allowed_types = []
+
+      # Set an OpenID 2 message so answerUnsupported doesn't raise
+      # ProtocolError.
+      msg = Message.from_post_args({
+                                     'openid.ns' => OPENID2_NS,
+                                     'openid.session_type' => 'no-encryption',
+                                   })
+
+      request = Server::AssociateRequest.from_message(msg)
+
+      response = @server.openid_associate(request)
+      assert(response.fields.has_key?(OPENID_NS, "error"))
+      assert(response.fields.has_key?(OPENID_NS, "error_code"))
+      assert(!response.fields.has_key?(OPENID_NS, "assoc_handle"))
+      assert(!response.fields.has_key?(OPENID_NS, "assoc_type"))
+      assert(!response.fields.has_key?(OPENID_NS, "session_type"))
+    end
+
+    def test_associate3
+      # Request an assoc type that is not supported when there are
+      # supported types.
+      #
+      # Should give back an error message with a fallback type.
+      @server.negotiator.allowed_types = [['HMAC-SHA256', 'DH-SHA256']]
+
+      msg = Message.from_post_args({
+                                     'openid.ns' => OPENID2_NS,
+                                     'openid.session_type' => 'no-encryption',
+                                   })
+
+      request = Server::AssociateRequest.from_message(msg)
+      response = @server.openid_associate(request)
+
+      assert(response.fields.has_key?(OPENID_NS, "error"))
+      assert(response.fields.has_key?(OPENID_NS, "error_code"))
+      assert(!response.fields.has_key?(OPENID_NS, "assoc_handle"))
+
+      assert_equal(response.fields.get_arg(OPENID_NS, "assoc_type"),
+                   'HMAC-SHA256')
+      assert_equal(response.fields.get_arg(OPENID_NS, "session_type"),
+                   'DH-SHA256')
+    end
+
+    def test_associate4
+      # DH-SHA256 association session
+      @server.negotiator.allowed_types = [['HMAC-SHA256', 'DH-SHA256']]
+
+      query = {
+        'openid.dh_consumer_public' =>
+        'ALZgnx8N5Lgd7pCj8K86T/DDMFjJXSss1SKoLmxE72kJTzOtG6I2PaYrHX' +
+        'xku4jMQWSsGfLJxwCZ6280uYjUST/9NWmuAfcrBfmDHIBc3H8xh6RBnlXJ' +
+        '1WxJY3jHd5k1/ZReyRZOxZTKdF/dnIqwF8ZXUwI6peV0TyS/K1fOfF/s',
+
+        'openid.assoc_type' => 'HMAC-SHA256',
+        'openid.session_type' => 'DH-SHA256',
+      }
+
+      message = Message.from_post_args(query)
+      request = Server::AssociateRequest.from_message(message)
+      response = @server.openid_associate(request)
+      assert(response.fields.has_key?(OPENID_NS, "assoc_handle"))
+    end
+
+    def test_no_encryption_openid1
+      # Make sure no-encryption associate requests for OpenID 1 are
+      # logged.
+      assert_log_matches(/Continuing anyway./) {
+        m = Message.from_openid_args({
+                                       'session_type' => 'no-encryption',
+                                     })
+
+        req = Server::AssociateRequest.from_message(m)
+      }
+    end
+
+    def test_missingSessionTypeOpenID2
+      # Make sure session_type is required in OpenID 2
+      msg = Message.from_post_args({
+                                     'openid.ns' => OPENID2_NS,
+                                   })
+
+      assert_raises(Server::ProtocolError) {
+        Server::AssociateRequest.from_message(msg)
+      }
+    end
+
+    def test_checkAuth
+      request = Server::CheckAuthRequest.new('arrrrrf', '0x3999', [])
+      request.message = Message.new(OPENID2_NS)
+      response = nil
+      silence_logging {
+        response = @server.openid_check_authentication(request)
+      }
+      assert(response.fields.has_key?(OPENID_NS, "is_valid"))
+    end
+  end
+
+  class TestingRequest < Server::OpenIDRequest
+    attr_accessor :assoc_handle, :namespace
+  end
+
+  class TestSignatory < Test::Unit::TestCase
+    include TestUtil
+
+    def setup
+      @store = Store::Memory.new()
+      @signatory = Server::Signatory.new(@store)
+      @_dumb_key = @signatory.class._dumb_key
+      @_normal_key = @signatory.class._normal_key
+      # CatchLogs.setUp(self)
+    end
+
+    def test_get_association_nil
+      assert_raises(ArgumentError) {
+        @signatory.get_association(nil, false)
+      }
+    end
+
+    def test_sign
+      request = TestingRequest.new()
+      assoc_handle = '{assoc}{lookatme}'
+      @store.store_association(
+                               @_normal_key,
+                               Association.from_expires_in(60, assoc_handle,
+                                                           'sekrit', 'HMAC-SHA1'))
+      request.assoc_handle = assoc_handle
+      request.namespace = OPENID1_NS
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'foo' => 'amsigned',
+                                                   'bar' => 'notsigned',
+                                                   'azu' => 'alsosigned',
+                                                 })
+      sresponse = @signatory.sign(response)
+      assert_equal(
+            sresponse.fields.get_arg(OPENID_NS, 'assoc_handle'),
+            assoc_handle)
+      assert_equal(sresponse.fields.get_arg(OPENID_NS, 'signed'),
+                   'assoc_handle,azu,bar,foo,signed')
+      assert(sresponse.fields.get_arg(OPENID_NS, 'sig'))
+      # assert(!@messages, @messages)
+    end
+
+    def test_signDumb
+      request = TestingRequest.new()
+      request.assoc_handle = nil
+      request.namespace = OPENID2_NS
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'foo' => 'amsigned',
+                                                   'bar' => 'notsigned',
+                                                   'azu' => 'alsosigned',
+                                                   'ns' => OPENID2_NS,
+                                                 })
+      sresponse = @signatory.sign(response)
+      assoc_handle = sresponse.fields.get_arg(OPENID_NS, 'assoc_handle')
+      assert(assoc_handle)
+      assoc = @signatory.get_association(assoc_handle, true)
+      assert(assoc)
+      assert_equal(sresponse.fields.get_arg(OPENID_NS, 'signed'),
+                   'assoc_handle,azu,bar,foo,ns,signed')
+      assert(sresponse.fields.get_arg(OPENID_NS, 'sig'))
+      # assert(!@messages, @messages)
+    end
+
+    def test_signExpired
+      # Sign a response to a message with an expired handle (using
+      # invalidate_handle).
+      #
+      # From "Verifying with an Association":
+      #
+      #   If an authentication request included an association handle
+      #   for an association between the OP and the Relying party, and
+      #   the OP no longer wishes to use that handle (because it has
+      #   expired or the secret has been compromised, for instance),
+      #   the OP will send a response that must be verified directly
+      #   with the OP, as specified in Section 11.3.2. In that
+      #   instance, the OP will include the field
+      #   "openid.invalidate_handle" set to the association handle
+      #   that the Relying Party included with the original request.
+      request = TestingRequest.new()
+      request.namespace = OPENID2_NS
+      assoc_handle = '{assoc}{lookatme}'
+      @store.store_association(
+                               @_normal_key,
+                               Association.from_expires_in(-10, assoc_handle,
+                                                           'sekrit', 'HMAC-SHA1'))
+      assert(@store.get_association(@_normal_key, assoc_handle))
+
+      request.assoc_handle = assoc_handle
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'foo' => 'amsigned',
+                                                   'bar' => 'notsigned',
+                                                   'azu' => 'alsosigned',
+                                                 })
+      sresponse = nil
+      silence_logging {
+        sresponse = @signatory.sign(response)
+      }
+
+      new_assoc_handle = sresponse.fields.get_arg(OPENID_NS, 'assoc_handle')
+      assert(new_assoc_handle)
+      assert(new_assoc_handle != assoc_handle)
+
+      assert_equal(
+            sresponse.fields.get_arg(OPENID_NS, 'invalidate_handle'),
+            assoc_handle)
+
+      assert_equal(sresponse.fields.get_arg(OPENID_NS, 'signed'),
+                   'assoc_handle,azu,bar,foo,invalidate_handle,signed')
+      assert(sresponse.fields.get_arg(OPENID_NS, 'sig'))
+
+      # make sure the expired association is gone
+      assert(!@store.get_association(@_normal_key, assoc_handle),
+             "expired association is still retrievable.")
+
+      # make sure the new key is a dumb mode association
+      assert(@store.get_association(@_dumb_key, new_assoc_handle))
+      assert(!@store.get_association(@_normal_key, new_assoc_handle))
+      # assert(@messages)
+    end
+
+    def test_signInvalidHandle
+      request = TestingRequest.new()
+      request.namespace = OPENID2_NS
+      assoc_handle = '{bogus-assoc}{notvalid}'
+
+      request.assoc_handle = assoc_handle
+      response = Server::OpenIDResponse.new(request)
+      response.fields = Message.from_openid_args({
+                                                   'foo' => 'amsigned',
+                                                   'bar' => 'notsigned',
+                                                   'azu' => 'alsosigned',
+                                                 })
+      sresponse = @signatory.sign(response)
+
+      new_assoc_handle = sresponse.fields.get_arg(OPENID_NS, 'assoc_handle')
+      assert(new_assoc_handle)
+      assert(new_assoc_handle != assoc_handle)
+
+      assert_equal(
+            sresponse.fields.get_arg(OPENID_NS, 'invalidate_handle'),
+            assoc_handle)
+
+      assert_equal(
+            sresponse.fields.get_arg(OPENID_NS, 'signed'),
+                   'assoc_handle,azu,bar,foo,invalidate_handle,signed')
+      assert(sresponse.fields.get_arg(OPENID_NS, 'sig'))
+
+      # make sure the new key is a dumb mode association
+      assert(@store.get_association(@_dumb_key, new_assoc_handle))
+      assert(!@store.get_association(@_normal_key, new_assoc_handle))
+      # @failIf(@messages, @messages)
+    end
+
+    def test_verify
+      assoc_handle = '{vroom}{zoom}'
+      assoc = Association.from_expires_in(
+            60, assoc_handle, 'sekrit', 'HMAC-SHA1')
+
+      @store.store_association(@_dumb_key, assoc)
+
+      signed = Message.from_post_args({
+                                        'openid.foo' => 'bar',
+                                        'openid.apple' => 'orange',
+                                        'openid.assoc_handle' => assoc_handle,
+                                        'openid.signed' => 'apple,assoc_handle,foo,signed',
+                                        'openid.sig' => 'uXoT1qm62/BB09Xbj98TQ8mlBco=',
+                                      })
+
+      verified = @signatory.verify(assoc_handle, signed)
+      assert(verified)
+      # assert(!@messages, @messages)
+    end
+
+    def test_verifyBadSig
+      assoc_handle = '{vroom}{zoom}'
+      assoc = Association.from_expires_in(
+            60, assoc_handle, 'sekrit', 'HMAC-SHA1')
+
+      @store.store_association(@_dumb_key, assoc)
+
+      signed = Message.from_post_args({
+            'openid.foo' => 'bar',
+            'openid.apple' => 'orange',
+            'openid.assoc_handle' => assoc_handle,
+            'openid.signed' => 'apple,assoc_handle,foo,signed',
+            'openid.sig' => 'uXoT1qm62/BB09Xbj98TQ8mlBco=BOGUS'
+            })
+
+      verified = @signatory.verify(assoc_handle, signed)
+      # @failIf(@messages, @messages)
+      assert(!verified)
+    end
+
+    def test_verifyBadHandle
+      assoc_handle = '{vroom}{zoom}'
+      signed = Message.from_post_args({
+            'foo' => 'bar',
+            'apple' => 'orange',
+            'openid.sig' => "Ylu0KcIR7PvNegB/K41KpnRgJl0=",
+            })
+
+      verified = nil
+      silence_logging {
+        verified = @signatory.verify(assoc_handle, signed)
+      }
+
+      assert(!verified)
+      #assert(@messages)
+    end
+
+    def test_verifyAssocMismatch
+      # Attempt to validate sign-all message with a signed-list assoc.
+      assoc_handle = '{vroom}{zoom}'
+      assoc = Association.from_expires_in(
+            60, assoc_handle, 'sekrit', 'HMAC-SHA1')
+
+      @store.store_association(@_dumb_key, assoc)
+
+      signed = Message.from_post_args({
+            'foo' => 'bar',
+            'apple' => 'orange',
+            'openid.sig' => "d71xlHtqnq98DonoSgoK/nD+QRM=",
+            })
+
+      verified = nil
+      silence_logging {
+        verified = @signatory.verify(assoc_handle, signed)
+      }
+
+      assert(!verified)
+      #assert(@messages)
+    end
+
+    def test_getAssoc
+      assoc_handle = makeAssoc(true)
+      assoc = @signatory.get_association(assoc_handle, true)
+      assert(assoc)
+      assert_equal(assoc.handle, assoc_handle)
+      # @failIf(@messages, @messages)
+    end
+
+    def test_getAssocExpired
+      assoc_handle = makeAssoc(true, -10)
+      assoc = nil
+      silence_logging {
+        assoc = @signatory.get_association(assoc_handle, true)
+      }
+      assert(!assoc, assoc)
+      # assert(@messages)
+    end
+
+    def test_getAssocInvalid
+      ah = 'no-such-handle'
+      silence_logging {
+        assert_equal(
+                     @signatory.get_association(ah, false), nil)
+      }
+      # assert(!@messages, @messages)
+    end
+
+    def test_getAssocDumbVsNormal
+      # getAssociation(dumb=False) cannot get a dumb assoc
+      assoc_handle = makeAssoc(true)
+      silence_logging {
+        assert_equal(
+                     @signatory.get_association(assoc_handle, false), nil)
+      }
+      # @failIf(@messages, @messages)
+    end
+
+    def test_getAssocNormalVsDumb
+      # getAssociation(dumb=True) cannot get a shared assoc
+      #
+      # From "Verifying Directly with the OpenID Provider"::
+      #
+      #   An OP MUST NOT verify signatures for associations that have shared
+      #   MAC keys.
+      assoc_handle = makeAssoc(false)
+      silence_logging {
+        assert_equal(
+                     @signatory.get_association(assoc_handle, true), nil)
+      }
+      # @failIf(@messages, @messages)
+    end
+
+    def test_createAssociation
+      assoc = @signatory.create_association(false)
+      silence_logging {
+        assert(@signatory.get_association(assoc.handle, false))
+      }
+      # @failIf(@messages, @messages)
+    end
+
+    def makeAssoc(dumb, lifetime=60)
+      assoc_handle = '{bling}'
+      assoc = Association.from_expires_in(lifetime, assoc_handle,
+                                          'sekrit', 'HMAC-SHA1')
+
+      silence_logging {
+        @store.store_association(((dumb and @_dumb_key) or @_normal_key), assoc)
+      }
+
+      return assoc_handle
+    end
+
+    def test_invalidate
+      assoc_handle = '-squash-'
+      assoc = Association.from_expires_in(60, assoc_handle,
+                                          'sekrit', 'HMAC-SHA1')
+
+      silence_logging {
+        @store.store_association(@_dumb_key, assoc)
+        assoc = @signatory.get_association(assoc_handle, true)
+        assert(assoc)
+        assoc = @signatory.get_association(assoc_handle, true)
+        assert(assoc)
+        @signatory.invalidate(assoc_handle, true)
+        assoc = @signatory.get_association(assoc_handle, true)
+        assert(!assoc)
+      }
+      # @failIf(@messages, @messages)
+    end
+  end
+
+  class RunthroughTestCase < Test::Unit::TestCase
+    def setup
+      @store = Store::Memory.new
+      @server = Server::Server.new(@store, "http://example.com/openid/server")
+    end
+
+    def test_openid1_assoc_checkid
+      assoc_args = {'openid.mode' => 'associate',
+                    'openid.assoc_type' => 'HMAC-SHA1'}
+      areq = @server.decode_request(assoc_args)
+      aresp = @server.handle_request(areq)
+      
+      amess = aresp.fields
+      assert(amess.is_openid1)
+      ahandle = amess.get_arg(OPENID_NS, 'assoc_handle')
+      assert(ahandle)
+      assoc = @store.get_association('http://localhost/|normal', ahandle)
+      assert(assoc.is_a?(Association))
+
+
+      checkid_args = {'openid.mode' => 'checkid_setup',
+                      'openid.return_to' => 'http://example.com/openid/consumer',
+                      'openid.assoc_handle' => ahandle,
+                      'openid.identity' => 'http://foo.com/'}
+      
+      cireq = @server.decode_request(checkid_args)
+      ciresp = cireq.answer(true)
+
+      signed_resp = @server.signatory.sign(ciresp)
+
+      assert_equal(assoc.get_message_signature(signed_resp.fields),
+                   signed_resp.fields.get_arg(OPENID_NS, 'sig'))
+                   
+      assert(assoc.check_message_signature(signed_resp.fields))
+    end
+
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_sreg.rb b/vendor/gems/ruby-openid-2.1.4/test/test_sreg.rb
new file mode 100644
index 000000000..7438d5923
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_sreg.rb
@@ -0,0 +1,479 @@
+require 'openid/extensions/sreg'
+require 'openid/message'
+require 'openid/server'
+require 'test/unit'
+
+module OpenID
+  module SReg
+    module SRegTest
+      SOME_DATA = {
+        'nickname'=>'linusaur',
+        'postcode'=>'12345',
+        'country'=>'US',
+        'gender'=>'M',
+        'fullname'=>'Leonhard Euler',
+        'email'=>'president@whitehouse.gov',
+        'dob'=>'0000-00-00',
+        'language'=>'en-us',
+      }
+
+      class SRegTest < Test::Unit::TestCase
+
+        def test_is11
+          assert_equal(NS_URI, NS_URI_1_1)
+        end
+
+        def test_check_field_name
+          DATA_FIELDS.keys.each{|field_name|
+            OpenID::check_sreg_field_name(field_name)
+          }
+          assert_raises(ArgumentError) { OpenID::check_sreg_field_name('invalid') }
+          assert_raises(ArgumentError) { OpenID::check_sreg_field_name(nil) }
+        end
+
+        def test_unsupported
+          endpoint = FakeEndpoint.new([])
+          assert(!OpenID::supports_sreg?(endpoint))
+          assert_equal([NS_URI_1_1,NS_URI_1_0], endpoint.checked_uris)
+        end
+
+        def test_supported_1_1
+          endpoint = FakeEndpoint.new([NS_URI_1_1])
+          assert(OpenID::supports_sreg?(endpoint))
+          assert_equal([NS_URI_1_1], endpoint.checked_uris)
+        end
+
+        def test_supported_1_0
+          endpoint = FakeEndpoint.new([NS_URI_1_0])
+          assert(OpenID::supports_sreg?(endpoint))
+          assert_equal([NS_URI_1_1,NS_URI_1_0], endpoint.checked_uris)
+        end
+
+      end
+
+      class FakeEndpoint < Object
+        attr_accessor :checked_uris
+        def initialize(supported)
+          @supported = supported
+          @checked_uris = []
+        end
+
+        def uses_extension(namespace_uri)
+          @checked_uris << namespace_uri
+          return @supported.member?(namespace_uri)
+        end
+      end
+
+      class FakeMessage < Object
+        attr_accessor :namespaces
+        attr_accessor :openid1
+        def initialize
+          @openid1 = false
+          @namespaces = NamespaceMap.new
+        end
+        
+        def is_openid1
+          return @openid1
+        end
+
+      end
+
+      class GetNSTest < Test::Unit::TestCase
+        def setup
+          @msg = FakeMessage.new
+        end
+
+        def test_openid2_empty
+          ns_uri = OpenID::get_sreg_ns(@msg)
+          assert_equal('sreg', @msg.namespaces.get_alias(ns_uri))
+          assert_equal(NS_URI, ns_uri)
+        end
+
+        def test_openid1_empty
+          @msg.openid1 = true
+          ns_uri = OpenID::get_sreg_ns(@msg)
+          assert_equal('sreg', @msg.namespaces.get_alias(ns_uri))
+          assert_equal(NS_URI, ns_uri)
+        end
+        
+        def test_openid1defined_1_0
+          @msg.openid1 = true
+          @msg.namespaces.add(NS_URI_1_0)
+          ns_uri = OpenID::get_sreg_ns(@msg)
+          assert_equal(NS_URI_1_0, ns_uri)
+        end
+
+        def test_openid1_defined_1_0_override_alias
+          [true, false].each{|openid_version|
+            [NS_URI_1_0, NS_URI_1_1].each{|sreg_version|
+              ['sreg', 'bogus'].each{|name|
+                setup
+                @msg.openid1 = openid_version
+                @msg.namespaces.add_alias(sreg_version, name)
+                ns_uri = OpenID::get_sreg_ns(@msg)
+                assert_equal(name, @msg.namespaces.get_alias(ns_uri))
+                assert_equal(sreg_version, ns_uri)
+              }
+            }
+          }
+        end
+        
+        def test_openid1_defined_badly
+          @msg.openid1 = true
+          @msg.namespaces.add_alias('http://invalid/', 'sreg')
+          assert_raises(NamespaceError) { OpenID::get_sreg_ns(@msg) }
+        end
+
+        def test_openid2_defined_badly
+          @msg.namespaces.add_alias('http://invalid/', 'sreg')
+          assert_raises(NamespaceError) { OpenID::get_sreg_ns(@msg) }
+        end
+
+        def test_openid2_defined_1_0
+          @msg.namespaces.add(NS_URI_1_0)
+          ns_uri = OpenID::get_sreg_ns(@msg)
+          assert_equal(NS_URI_1_0, ns_uri)
+        end
+
+        def test_openid1_sreg_ns_from_args
+          args = {
+            'sreg.optional'=> 'nickname',
+            'sreg.required'=> 'dob',
+          }
+
+          m = Message.from_openid_args(args)
+
+          assert_equal('nickname', m.get_arg(NS_URI_1_1, 'optional'))
+          assert_equal('dob', m.get_arg(NS_URI_1_1, 'required'))
+        end
+
+      end
+
+      class SRegRequestTest < Test::Unit::TestCase
+        def test_construct_empty
+          req = Request.new
+          assert_equal([], req.optional)
+          assert_equal([], req.required)
+          assert_equal(nil, req.policy_url)
+          assert_equal(NS_URI, req.ns_uri)
+        end
+
+        def test_construct_fields
+          req = Request.new(['nickname'],['gender'],'http://policy', 'http://sreg.ns_uri')
+          assert_equal(['gender'], req.optional)
+          assert_equal(['nickname'], req.required)
+          assert_equal('http://policy', req.policy_url)
+          assert_equal('http://sreg.ns_uri', req.ns_uri)
+        end
+
+        def test_construct_bad_fields
+          assert_raises(ArgumentError) {Request.new(['elvis'])}
+        end
+
+        def test_from_openid_request_message_copied
+          message = Message.from_openid_args({"sreg.required" => "nickname"})
+          openid_req = Server::OpenIDRequest.new
+          openid_req.message = message
+          sreg_req = Request.from_openid_request(openid_req)
+          # check that the message is copied by looking at sreg namespace
+          assert_equal(NS_URI_1_1, message.namespaces.get_namespace_uri('sreg'))
+          assert_equal(NS_URI, sreg_req.ns_uri)
+          assert_equal(['nickname'], sreg_req.required)
+        end
+
+        def test_from_openid_request_ns_1_0
+          message = Message.from_openid_args({'ns.sreg' => NS_URI_1_0, 
+                                               "sreg.required" => "nickname"})
+          openid_req = Server::OpenIDRequest.new
+          openid_req.message = message
+          sreg_req = Request.from_openid_request(openid_req)
+          assert_equal(NS_URI_1_0, sreg_req.ns_uri)
+          assert_equal(['nickname'], sreg_req.required)
+        end
+
+        def test_from_openid_request_no_sreg
+          message = Message.new
+          openid_req = Server::OpenIDRequest.new
+          openid_req.message = message
+          sreg_req = Request.from_openid_request(openid_req)
+          assert(sreg_req.nil?)
+        end
+
+        def test_parse_extension_args_empty
+          req = Request.new
+          req.parse_extension_args({})
+        end
+
+        def test_parse_extension_args_extra_ignored
+          req = Request.new
+          req.parse_extension_args({'extra' => 'stuff'})
+        end
+
+        def test_parse_extension_args_non_strict
+          req = Request.new
+          req.parse_extension_args({'required' => 'stuff'})
+          assert_equal([], req.required)
+        end
+        
+        def test_parse_extension_args_strict
+          req = Request.new
+          assert_raises(ArgumentError) {
+            req.parse_extension_args({'required' => 'stuff'}, true)
+          }
+        end
+
+        def test_parse_extension_args_policy
+          req = Request.new
+          req.parse_extension_args({'policy_url' => 'http://policy'}, true)
+          assert_equal('http://policy', req.policy_url)
+        end
+
+        def test_parse_extension_args_required_empty
+          req = Request.new
+          req.parse_extension_args({'required' => ''}, true)
+          assert_equal([], req.required)
+        end
+
+        def test_parse_extension_args_optional_empty
+          req = Request.new
+          req.parse_extension_args({'optional' => ''},true)
+          assert_equal([], req.optional)
+        end
+
+        def test_parse_extension_args_optional_single
+          req = Request.new
+          req.parse_extension_args({'optional' => 'nickname'},true)
+          assert_equal(['nickname'], req.optional)
+        end
+
+        def test_parse_extension_args_optional_list
+          req = Request.new
+          req.parse_extension_args({'optional' => 'nickname,email'},true)
+          assert_equal(['nickname','email'], req.optional)
+        end
+
+        def test_parse_extension_args_optional_list_bad_nonstrict
+          req = Request.new
+          req.parse_extension_args({'optional' => 'nickname,email,beer'})
+          assert_equal(['nickname','email'], req.optional)
+        end
+
+        def test_parse_extension_args_optional_list_bad_strict
+          req = Request.new
+          assert_raises(ArgumentError) {
+            req.parse_extension_args({'optional' => 'nickname,email,beer'}, true)
+          }
+        end
+
+        def test_parse_extension_args_both_nonstrict
+          req = Request.new
+          req.parse_extension_args({'optional' => 'nickname', 'required' => 'nickname'})
+          assert_equal(['nickname'], req.required)
+          assert_equal([], req.optional)
+        end
+
+        def test_parse_extension_args_both_strict
+          req = Request.new
+          assert_raises(ArgumentError) {
+            req.parse_extension_args({'optional' => 'nickname', 'required' => 'nickname'},true)
+          }
+        end
+
+        def test_parse_extension_args_both_list
+          req = Request.new
+          req.parse_extension_args({'optional' => 'nickname,email', 'required' => 'country,postcode'},true)
+          assert_equal(['nickname','email'], req.optional)
+          assert_equal(['country','postcode'], req.required)
+        end
+
+        def test_all_requested_fields
+          req = Request.new
+          assert_equal([], req.all_requested_fields)
+          req.request_field('nickname')
+          assert_equal(['nickname'], req.all_requested_fields)
+          req.request_field('gender', true)
+          requested = req.all_requested_fields.sort
+          assert_equal(['gender', 'nickname'], requested)
+        end
+
+        def test_were_fields_requested
+          req = Request.new
+          assert(!req.were_fields_requested?)
+          req.request_field('nickname')
+          assert(req.were_fields_requested?)
+        end
+
+        def test_member
+          req = Request.new
+          DATA_FIELDS.keys.each {|f|
+            assert(!req.member?(f))
+          }
+          assert(!req.member?('something else'))
+          req.request_field('nickname')
+          DATA_FIELDS.keys.each {|f|
+            assert_equal(f == 'nickname',req.member?(f))
+          }
+        end
+
+        def test_request_field_bogus
+          req = Request.new
+          fields = DATA_FIELDS.keys
+          fields.each {|f| req.request_field(f) }
+          assert_equal(fields, req.optional)
+          assert_equal([], req.required)
+
+          # By default, adding the same fields over again has no effect
+          fields.each {|f| req.request_field(f) }
+          assert_equal(fields, req.optional)
+          assert_equal([], req.required)
+
+          # Requesting a field as required overrides requesting it as optional
+          expected = fields[1..-1]
+          overridden = fields[0]
+          req.request_field(overridden, true)
+          assert_equal(expected, req.optional)
+          assert_equal([overridden], req.required)
+
+          fields.each {|f| req.request_field(f, true) }
+          assert_equal(fields, req.required)
+          assert_equal([], req.optional)
+        end
+
+        def test_request_fields_type
+          req = Request.new
+          assert_raises(ArgumentError) { req.request_fields('nickname') }
+        end
+
+        def test_request_fields
+          req = Request.new
+          fields = DATA_FIELDS.keys
+
+          req.request_fields(fields)
+          assert_equal(fields, req.optional)
+          assert_equal([], req.required)
+          
+          # By default, adding the same fields over again has no effect
+          req.request_fields(fields)
+          assert_equal(fields, req.optional)
+          assert_equal([], req.required)
+
+          # required overrides optional
+          expected = fields[1..-1]
+          overridden = fields[0]
+          req.request_fields([overridden], true)
+          assert_equal(expected, req.optional)
+          assert_equal([overridden], req.required)
+
+          req.request_fields(fields, true)
+          assert_equal(fields, req.required)
+          assert_equal([], req.optional)
+
+          # optional does not override required
+          req.request_fields(fields)
+          assert_equal(fields, req.required)
+          assert_equal([], req.optional)
+        end
+
+        def test_get_extension_args
+          req = Request.new
+          assert_equal({}, req.get_extension_args)
+
+          req.request_field('nickname')
+          assert_equal({'optional' => 'nickname'}, req.get_extension_args)
+
+          req.request_field('email')
+          assert_equal({'optional' => 'nickname,email'}, req.get_extension_args)
+
+          req.request_field('gender', true)
+          assert_equal({'optional' => 'nickname,email',
+                         'required' => 'gender'}, req.get_extension_args)
+
+          req.request_field('dob', true)
+          assert_equal({'optional' => 'nickname,email',
+                         'required' => 'gender,dob'}, req.get_extension_args)
+
+          req.policy_url = 'http://policy'
+          assert_equal({'optional' => 'nickname,email',
+                         'required' => 'gender,dob',
+                         'policy_url' => 'http://policy'},
+                       req.get_extension_args)
+
+        end
+      end
+
+      class DummySuccessResponse
+        attr_accessor :message
+        def initialize(message, signed_stuff)
+          @message = message
+          @signed_stuff = signed_stuff
+        end
+        def get_signed_ns(ns_uri)
+          return @signed_stuff
+        end
+      end
+
+
+      class SRegResponseTest < Test::Unit::TestCase
+        def test_construct
+          resp = Response.new(SOME_DATA)
+          assert_equal(SOME_DATA, resp.get_extension_args)
+          assert_equal(NS_URI, resp.ns_uri)
+          resp2 = Response.new({}, "http://foo")
+          assert_equal({}, resp2.get_extension_args)
+          assert_equal('http://foo', resp2.ns_uri)
+        end
+
+        def test_from_success_response_signed
+          message = Message.from_openid_args({
+                                               'sreg.nickname'=>'The Mad Stork',
+                                             })
+          success_resp = DummySuccessResponse.new(message, {})
+          sreg_resp = Response.from_success_response(success_resp)
+          assert_equal({}, sreg_resp.get_extension_args)
+        end
+
+        def test_from_success_response_unsigned
+          message = Message.from_openid_args({
+                                               'ns.sreg' => NS_URI,
+                                               'sreg.nickname' => 'The Mad Stork',
+                                             })
+          success_resp = DummySuccessResponse.new(message, {})
+          sreg_resp = Response.from_success_response(success_resp, false)
+          assert_equal({'nickname' => 'The Mad Stork'}, 
+                       sreg_resp.get_extension_args)
+        end
+      end
+
+      class SendFieldsTest < Test::Unit::TestCase
+        # class SendFieldsTest < Object
+        def test_send_fields
+          # create a request message with simple reg fields
+          sreg_req = Request.new(['nickname', 'email'], ['fullname'])
+          req_msg = Message.new
+          req_msg.update_args(NS_URI, sreg_req.get_extension_args)
+          req = Server::OpenIDRequest.new
+          req.message = req_msg
+
+          # -> checkid_* request
+
+          # create a response
+          resp_msg = Message.new
+          resp = Server::OpenIDResponse.new(req)
+          resp.fields = resp_msg
+          sreg_resp = Response.extract_response(sreg_req, SOME_DATA)
+          resp.add_extension(sreg_resp)
+
+          # <- id_res response
+
+          # extract sent fields
+          sreg_data_resp = resp_msg.get_args(NS_URI)
+          assert_equal({'nickname' => 'linusaur',
+                         'email'=>'president@whitehouse.gov',
+                         'fullname'=>'Leonhard Euler',
+                       }, sreg_data_resp)
+        end
+      end
+    end
+  end
+end
+
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_stores.rb b/vendor/gems/ruby-openid-2.1.4/test/test_stores.rb
new file mode 100644
index 000000000..591062126
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_stores.rb
@@ -0,0 +1,269 @@
+require 'test/unit'
+require 'openid/store/interface'
+require 'openid/store/filesystem'
+require 'openid/store/memory'
+require 'openid/util'
+require 'openid/store/nonce'
+require 'openid/association'
+
+module OpenID
+  module Store
+    module StoreTestCase
+      @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
+      @@allowed_nonce = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+      
+      def _gen_nonce
+        OpenID::CryptUtil.random_string(8, @@allowed_nonce)
+      end
+
+      def _gen_handle(n)
+        OpenID::CryptUtil.random_string(n, @@allowed_handle)
+      end
+
+      def _gen_secret(n, chars=nil)
+        OpenID::CryptUtil.random_string(n, chars)
+      end
+
+      def _gen_assoc(issued, lifetime=600)
+        secret = _gen_secret(20)
+        handle = _gen_handle(128)
+        OpenID::Association.new(handle, secret, Time.now + issued, lifetime,
+                                'HMAC-SHA1') 
+      end
+      
+      def _check_retrieve(url, handle=nil, expected=nil)
+        ret_assoc = @store.get_association(url, handle)
+
+        if expected.nil?
+          assert_nil(ret_assoc)
+        else
+          assert_equal(expected, ret_assoc)
+          assert_equal(expected.handle, ret_assoc.handle)
+          assert_equal(expected.secret, ret_assoc.secret)
+        end
+      end
+
+      def _check_remove(url, handle, expected)
+        present = @store.remove_association(url, handle)
+        assert_equal(expected, present)
+      end
+
+      def test_store
+        server_url = "http://www.myopenid.com/openid"
+        assoc = _gen_assoc(issued=0)
+
+        # Make sure that a missing association returns no result
+        _check_retrieve(server_url)
+
+        # Check that after storage, getting returns the same result
+        @store.store_association(server_url, assoc)
+        _check_retrieve(server_url, nil, assoc)
+
+        # more than once
+        _check_retrieve(server_url, nil, assoc)
+
+        # Storing more than once has no ill effect
+        @store.store_association(server_url, assoc)
+        _check_retrieve(server_url, nil, assoc)
+
+        # Removing an association that does not exist returns not present
+        _check_remove(server_url, assoc.handle + 'x', false)
+
+        # Removing an association that does not exist returns not present
+        _check_remove(server_url + 'x', assoc.handle, false)
+
+        # Removing an association that is present returns present
+        _check_remove(server_url, assoc.handle, true)
+
+        # but not present on subsequent calls
+        _check_remove(server_url, assoc.handle, false)
+
+        # Put assoc back in the store
+        @store.store_association(server_url, assoc)
+
+        # More recent and expires after assoc
+        assoc2 = _gen_assoc(issued=1)
+        @store.store_association(server_url, assoc2)
+
+        # After storing an association with a different handle, but the
+        # same server_url, the handle with the later expiration is returned.
+        _check_retrieve(server_url, nil, assoc2)
+
+        # We can still retrieve the older association
+        _check_retrieve(server_url, assoc.handle, assoc)
+
+        # Plus we can retrieve the association with the later expiration
+        # explicitly
+        _check_retrieve(server_url, assoc2.handle, assoc2)
+
+        # More recent, and expires earlier than assoc2 or assoc. Make sure
+        # that we're picking the one with the latest issued date and not
+        # taking into account the expiration.
+        assoc3 = _gen_assoc(issued=2, lifetime=100)
+        @store.store_association(server_url, assoc3)
+
+        _check_retrieve(server_url, nil, assoc3)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, assoc2)
+        _check_retrieve(server_url, assoc3.handle, assoc3)
+
+        _check_remove(server_url, assoc2.handle, true)
+
+        _check_retrieve(server_url, nil, assoc3)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, assoc3)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc3.handle, true)
+
+        _check_retrieve(server_url, nil, assoc)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, nil)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc.handle, true)
+        _check_remove(server_url, assoc3.handle, false)
+
+        _check_retrieve(server_url, nil, nil)
+        _check_retrieve(server_url, assoc.handle, nil)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, nil)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc.handle, false)
+        _check_remove(server_url, assoc3.handle, false)
+
+        assocValid1 = _gen_assoc(-3600, 7200)
+        assocValid2 = _gen_assoc(-5)
+        assocExpired1 = _gen_assoc(-7200, 3600)
+        assocExpired2 = _gen_assoc(-7200, 3600)
+
+        @store.cleanup_associations
+        @store.store_association(server_url + '1', assocValid1)
+        @store.store_association(server_url + '1', assocExpired1)
+        @store.store_association(server_url + '2', assocExpired2)
+        @store.store_association(server_url + '3', assocValid2)
+
+        cleaned = @store.cleanup_associations()
+        assert_equal(2, cleaned, "cleaned up associations")
+      end
+
+      def _check_use_nonce(nonce, expected, server_url, msg='')
+        stamp, salt = Nonce::split_nonce(nonce)
+        actual = @store.use_nonce(server_url, stamp, salt)
+        assert_equal(expected, actual, msg)
+      end
+
+      def test_nonce
+        server_url = "http://www.myopenid.com/openid"
+        [server_url, ''].each{|url|
+          nonce1 = Nonce::mk_nonce
+
+          _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default") 
+          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice") 
+          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
+          
+          # old nonces shouldn't pass
+          old_nonce = Nonce::mk_nonce(3600)
+          _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
+
+        }
+
+        now = Time.now.to_i
+        old_nonce1 = Nonce::mk_nonce(now - 20000)
+        old_nonce2 = Nonce::mk_nonce(now - 10000)
+        recent_nonce = Nonce::mk_nonce(now - 600)
+
+        orig_skew = Nonce.skew
+        Nonce.skew = 0
+        count = @store.cleanup_nonces
+        Nonce.skew = 1000000
+        ts, salt = Nonce::split_nonce(old_nonce1)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce1")
+        ts, salt = Nonce::split_nonce(old_nonce2)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce2")
+        ts, salt = Nonce::split_nonce(recent_nonce)
+        assert(@store.use_nonce(server_url, ts, salt), "recent_nonce")
+
+        
+        Nonce.skew = 1000
+        cleaned = @store.cleanup_nonces
+        assert_equal(2, cleaned, "Cleaned #{cleaned} nonces")
+
+        Nonce.skew = 100000
+        ts, salt = Nonce::split_nonce(old_nonce1)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce1 after cleanup")
+        ts, salt = Nonce::split_nonce(old_nonce2)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce2 after cleanup")
+        ts, salt = Nonce::split_nonce(recent_nonce)
+        assert(!@store.use_nonce(server_url, ts, salt), "recent_nonce after cleanup")
+
+        Nonce.skew = orig_skew
+
+      end
+    end
+    
+    class FileStoreTestCase < Test::Unit::TestCase
+      include StoreTestCase
+
+      def setup
+        raise "filestoretest directory exists" if File.exists?('filestoretest')
+        @store = Filesystem.new('filestoretest')
+      end
+
+      def teardown
+        Kernel.system('rm -r filestoretest')
+      end
+    end
+
+    class MemoryStoreTestCase < Test::Unit::TestCase
+      include StoreTestCase
+      
+      def setup
+        @store = Memory.new
+      end
+    end
+
+    class AbstractStoreTestCase < Test::Unit::TestCase
+      def test_abstract_class
+        # the abstract made concrete
+        abc = Interface.new()
+        server_url = "http://server.com/"
+        association = OpenID::Association.new("foo", "bar", Time.now, Time.now + 10, "dummy")
+        
+        assert_raise(NotImplementedError) { 
+          abc.store_association(server_url, association)
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.get_association(server_url)
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.remove_association(server_url, association.handle)
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.use_nonce(server_url, Time.now.to_i, "foo")
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.cleanup_nonces()
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.cleanup_associations()
+        }
+
+        assert_raise(NotImplementedError) { 
+          abc.cleanup()
+        }
+        
+      end
+
+    end
+  end
+end
+
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_trustroot.rb b/vendor/gems/ruby-openid-2.1.4/test/test_trustroot.rb
new file mode 100644
index 000000000..2616021a0
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_trustroot.rb
@@ -0,0 +1,113 @@
+require 'test/unit'
+require 'openid/trustroot'
+
+require "testutil"
+
+class TrustRootTest < Test::Unit::TestCase
+  include OpenID::TestDataMixin
+
+  def _test_sanity(case_, sanity, desc)
+    tr = OpenID::TrustRoot::TrustRoot.parse(case_)
+    if sanity == 'sane'
+      assert(! tr.nil?)
+      assert(tr.sane?, [case_, desc])
+      assert(OpenID::TrustRoot::TrustRoot.check_sanity(case_), [case_, desc])
+    elsif sanity == 'insane'
+      assert(!tr.sane?, [case_, desc])
+      assert(!OpenID::TrustRoot::TrustRoot.check_sanity(case_), [case_, desc])
+    else
+      assert(tr.nil?, case_)
+    end
+  end
+
+  def _test_match(trust_root, url, expected_match)
+    tr = OpenID::TrustRoot::TrustRoot.parse(trust_root)
+    actual_match = tr.validate_url(url)
+    if expected_match
+      assert(actual_match, [trust_root, url])
+      assert(OpenID::TrustRoot::TrustRoot.check_url(trust_root, url))
+    else
+      assert(!actual_match, [expected_match, actual_match, trust_root, url])
+      assert(!OpenID::TrustRoot::TrustRoot.check_url(trust_root, url))
+    end
+  end
+
+  def test_trustroots
+    data = read_data_file('trustroot.txt', false)
+
+    parts = data.split('=' * 40 + "\n").collect { |i| i.strip() }
+    assert(parts[0] == '')
+    _, ph, pdat, mh, mdat = parts
+
+    getTests(['bad', 'insane', 'sane'], ph, pdat).each { |tc|
+      sanity, desc, case_ = tc
+      _test_sanity(case_, sanity, desc)
+    }
+
+    getTests([true, false], mh, mdat).each { |tc|
+      match, desc, case_ = tc
+      trust_root, url = case_.split()
+      _test_match(trust_root, url, match)
+    }
+  end
+
+  def getTests(grps, head, dat)
+    tests = []
+    top = head.strip()
+    gdat = dat.split('-' * 40 + "\n").collect { |i| i.strip() }
+    assert(gdat[0] == '')
+    assert(gdat.length == (grps.length * 2 + 1), [gdat, grps])
+    i = 1
+    grps.each { |x|
+      n, desc = gdat[i].split(': ')
+      cases = gdat[i + 1].split("\n")
+      assert(cases.length == n.to_i, "Number of cases differs from header count")
+      cases.each { |case_|
+        tests += [[x, top + ' - ' + desc, case_]]
+      }
+      i += 2
+    }
+
+    return tests
+  end
+
+  def test_return_to_matches
+    data = [
+            [[], nil, false],
+            [[], "", false],
+            [[], "http://bogus/return_to", false],
+            [["http://bogus/"], nil, false],
+            [["://broken/"], nil, false],
+            [["://broken/"], "http://broken/", false],
+            [["http://*.broken/"], "http://foo.broken/", false],
+            [["http://x.broken/"], "http://foo.broken/", false],
+            [["http://first/", "http://second/path/"], "http://second/?query=x", false],
+
+            [["http://broken/"], "http://broken/", true],
+            [["http://first/", "http://second/"], "http://second/?query=x", true],
+           ]
+
+    data.each { |case_|
+      allowed_return_urls, return_to, expected_result = case_
+      actual_result = OpenID::TrustRoot::return_to_matches(allowed_return_urls,
+                                                           return_to)
+      assert(expected_result == actual_result)
+    }
+  end
+
+  def test_build_discovery_url
+    data = [
+            ["http://foo.com/path", "http://foo.com/path"],
+            ["http://foo.com/path?foo=bar", "http://foo.com/path?foo=bar"],
+            ["http://*.bogus.com/path", "http://www.bogus.com/path"],
+            ["http://*.bogus.com:122/path", "http://www.bogus.com:122/path"],
+           ]
+
+    data.each { |case_|
+      trust_root, expected_disco_url = case_
+      tr = OpenID::TrustRoot::TrustRoot.parse(trust_root)
+      actual_disco_url = tr.build_discovery_url()
+      assert(actual_disco_url == expected_disco_url, case_ + [actual_disco_url])
+    }
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_urinorm.rb b/vendor/gems/ruby-openid-2.1.4/test/test_urinorm.rb
new file mode 100644
index 000000000..55c50e1c0
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_urinorm.rb
@@ -0,0 +1,35 @@
+require 'test/unit'
+
+require "openid/urinorm"
+require "testutil"
+
+class URINormTestCase < Test::Unit::TestCase
+  include OpenID::TestDataMixin
+
+  def test_normalize
+    lines = read_data_file('urinorm.txt')
+
+    while lines.length > 0
+
+      case_name = lines.shift.strip
+      actual = lines.shift.strip
+      expected = lines.shift.strip
+      _newline = lines.shift
+
+      if expected == 'fail'
+        begin
+          OpenID::URINorm.urinorm(actual)
+        rescue URI::InvalidURIError
+          assert true
+        else
+          raise 'Should have gotten URI error'
+        end
+      else
+        normalized = OpenID::URINorm.urinorm(actual)
+        assert_equal(expected, normalized, case_name)
+      end
+    end
+  end
+
+end
+
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_util.rb b/vendor/gems/ruby-openid-2.1.4/test/test_util.rb
new file mode 100644
index 000000000..ce1138ae3
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_util.rb
@@ -0,0 +1,145 @@
+# coding: ASCII-8BIT
+require 'test/unit'
+
+require "openid/util"
+
+module OpenID
+  class UtilTestCase < Test::Unit::TestCase
+
+    def test_base64
+      cases = [
+               "",
+               "\000",
+               "\001",
+               "\000" * 100,
+               (0...256).collect{ |i| i.chr }.join('')
+              ]
+
+      cases.each do |c|
+        encoded = Util.to_base64(c)
+        decoded = Util.from_base64(encoded)
+        assert(c == decoded)
+      end
+
+    end
+
+    def test_base64_valid
+      [["foos", "~\212,"],
+       ["++++", "\373\357\276"],
+       ["/+==", "\377"],
+       ["", ""],
+       ["FOOSBALL", "\024\343\222\004\002\313"],
+       ["FoosBL==", "\026\212,\004"],
+       ["Foos\nBall", "\026\212,\005\251e"],
+       ["Foo\r\ns\nBall", "\026\212,\005\251e"]
+      ].each do | input, expected |
+        assert_equal(expected, Util.from_base64(input))
+      end
+    end
+
+    def test_base64_invalid
+      ['!',
+       'Foos!',
+       'Balls',
+       'B===',
+       'Foos Ball',
+       '=foo',
+      ].each do |invalid_input|
+        assert_raises(ArgumentError) do
+          Util.from_base64(invalid_input)
+        end
+      end
+    end
+
+    def test_append_args()
+      simple = 'http://www.example.com/'
+
+      cases = [
+               ['empty list',
+                [simple, []],
+                simple],
+
+               ['empty dict',
+                [simple, {}],
+                simple],
+
+               ['one list',
+                [simple, [['a', 'b']]],
+                simple + '?a=b'],
+
+               ['one dict',
+                [simple, {'a' => 'b'}],
+                simple + '?a=b'],
+
+               ['two list (same)',
+                [simple, [['a', 'b'], ['a', 'c']]],
+                simple + '?a=b&a=c'],
+
+               ['two list',
+                [simple, [['a', 'b'], ['b', 'c']]],
+                simple + '?a=b&b=c'],
+
+               ['two list (order)',
+                [simple, [['b', 'c'], ['a', 'b']]],
+                simple + '?b=c&a=b'],
+
+               ['two dict [order]',
+                [simple, {'b' => 'c', 'a' => 'b'}],
+                simple + '?a=b&b=c'],
+
+               ['args exist [empty]',
+                [simple + '?stuff=bother', []],
+                simple + '?stuff=bother'],
+
+               ['escape',
+                [simple, [['=', '=']]],
+                simple + '?%3D=%3D'],
+
+               ['escape [URL]',
+                [simple, [['this_url', simple]]],
+                simple + '?this_url=http%3A%2F%2Fwww.example.com%2F'],
+
+               ['use dots',
+                [simple, [['openid.stuff', 'bother']]],
+                simple + '?openid.stuff=bother'],
+
+               ['args exist',
+                [simple + '?stuff=bother', [['ack', 'ack']]],
+                simple + '?stuff=bother&ack=ack'],
+
+               ['args exist',
+                [simple + '?stuff=bother', [['ack', 'ack']]],
+                simple + '?stuff=bother&ack=ack'],
+
+               ['args exist [dict]',
+                [simple + '?stuff=bother', {'ack' => 'ack'}],
+                simple + '?stuff=bother&ack=ack'],
+
+               ['args exist [dict 2]',
+                [simple + '?stuff=bother', {'ack' => 'ack', 'zebra' => 'lion'}],
+                simple + '?stuff=bother&ack=ack&zebra=lion'],
+
+               ['three args [dict]',
+                [simple, {'stuff' => 'bother', 'ack' => 'ack', 'zebra' => 'lion'}],
+                simple + '?ack=ack&stuff=bother&zebra=lion'],
+
+               ['three args [list]',
+                [simple, [['stuff', 'bother'], ['ack', 'ack'], ['zebra', 'lion']]],
+                simple + '?stuff=bother&ack=ack&zebra=lion'],
+              ]
+
+      cases.each { |name, args, expected|
+        url, pairs = args
+        actual = Util.append_args(url, pairs)
+        msg = "[#{name}] Expected: #{expected}, actual: #{actual}"
+        assert_equal(expected, actual, msg)
+      }
+
+    end
+
+    def test_parse_query
+      assert_equal({'foo'=>'bar'}, Util.parse_query('foo=bar'))
+    end
+
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_xrds.rb b/vendor/gems/ruby-openid-2.1.4/test/test_xrds.rb
new file mode 100644
index 000000000..ced780284
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_xrds.rb
@@ -0,0 +1,169 @@
+
+require 'test/unit'
+require 'openid/yadis/xrds'
+
+require 'testutil'
+
+module OpenID
+  module Yadis
+
+    module XRDSTestMixin
+      include TestDataMixin
+
+      XRD_FILE = 'valid-populated-xrds.xml'
+      NOXRDS_FILE = 'not-xrds.xml'
+      NOXRD_FILE = 'no-xrd.xml'
+
+      XRDS_DATA_DIR = TEST_DATA_DIR.join('test_xrds')
+
+      def read_data_file(filename)
+        super(filename, false, XRDS_DATA_DIR)
+      end
+    end
+
+    class ParseXRDSTestCase < Test::Unit::TestCase
+      include XRDSTestMixin
+
+      # Check that parsing succeeds at all.
+      def test_parse
+        result = Yadis.parseXRDS(read_data_file(XRD_FILE))
+        assert_not_nil result
+      end
+
+      def test_parse_no_xrds_xml
+        xmldoc = read_data_file(NOXRDS_FILE)
+        assert_raise(Yadis::XRDSError) {
+          Yadis.parseXRDS(xmldoc)
+        }
+      end
+
+      def test_parse_no_xrds_empty
+        assert_raise(Yadis::XRDSError) {
+          Yadis.parseXRDS('')
+        }
+      end
+
+      def test_is_xrds
+        isnt = REXML::Document.new(read_data_file(NOXRDS_FILE))
+        should_be = Yadis.parseXRDS(read_data_file(XRD_FILE))
+        assert_equal false, Yadis::is_xrds?(isnt)
+        assert Yadis::is_xrds?(should_be)
+      end
+    end
+
+    class GetYadisXRDTestCase < Test::Unit::TestCase
+      include XRDSTestMixin
+
+      # XXX: Test to make sure this really gets the _right_ XRD.
+      def test_get_xrd
+        doc = Yadis.parseXRDS(read_data_file(XRD_FILE))
+        result = Yadis::get_yadis_xrd(doc)
+        assert_not_nil result
+        assert_equal 'XRD', result.name
+        assert_equal Yadis::XRD_NS_2_0, result.namespace
+      end
+
+      def test_no_xrd
+        xmldoc = read_data_file(NOXRD_FILE)
+        doc = Yadis.parseXRDS(xmldoc)
+        assert_raise(Yadis::XRDSError) {
+          Yadis.get_yadis_xrd(doc)
+        }
+      end
+    end
+
+    class EachServiceTestCase < Test::Unit::TestCase
+      include XRDSTestMixin
+
+      def test_get_xrd
+        doc = Yadis.parseXRDS(read_data_file(XRD_FILE))
+        count = 0
+        result = Yadis::each_service(doc) { |e|
+          assert_equal 'Service', e.name
+          count += 1
+        }
+        assert_not_nil result
+        assert_equal 5, count
+      end
+
+      def test_no_xrd
+        xmldoc = read_data_file(NOXRD_FILE)
+        doc = Yadis.parseXRDS(xmldoc)
+        assert_raise(Yadis::XRDSError) {
+          Yadis.each_service(doc)
+        }
+      end
+
+      def test_equal_j3h
+        doc = Yadis.parseXRDS(read_data_file('=j3h.2007.11.14.xrds'))
+        count = 0
+        result = Yadis::each_service(doc) { |e|
+          assert_equal 'Service', e.name
+          count += 1
+        }
+        assert_not_nil result
+        assert_equal 2, count
+      end
+    end
+
+    # XXX: test prioSort!
+
+    class ExpandServiceTestCase < Test::Unit::TestCase
+      @@service_xml = <<END
+<Service>
+<Type>urn://foo</Type>
+<Type>urn://bar</Type>
+<URI priority='2'>http://2.invalid/</URI>
+<URI>http://0.invalid/</URI>
+<URI priority='1'>http://1.invalid/</URI>
+</Service>
+END
+
+      # XXX - not sorted!
+      def test_expand_service
+        service_element = REXML::Document.new(@@service_xml).root
+        result = Yadis::expand_service(service_element)
+        assert_equal 3, result.length
+        types, uri, result_element = result[0]
+        assert_same service_element, result_element
+        assert_equal 'http://0.invalid/', uri
+        assert_equal ['urn://foo', 'urn://bar'], types
+        types, uri, result_element = result[1]
+        assert_equal 'http://1.invalid/', uri
+        types, uri, result_element = result[2]
+        assert_equal 'http://2.invalid/', uri
+      end
+    end
+
+    class PrioSortTestCase < Test::Unit::TestCase
+      def new_uri(priority)
+        e = REXML::Element.new("URI")
+        e.add_attribute("priority", priority.to_s) unless e.nil?
+        return e
+      end
+
+      def test_sorting
+        l = [
+             e7 = new_uri(7),
+             e1 = new_uri(1),
+             e0 = new_uri(nil),
+             e2 = new_uri(2),
+            ]
+        sorted = Yadis::prio_sort(l)
+        assert_same e0, sorted[0]
+        assert_same e1, sorted[1]
+        assert_same e2, sorted[2]
+        assert_same e7, sorted[3]
+      end
+    end
+
+    class GetCanonicalIDTestCase < Test::Unit::TestCase
+      include XRDSTestMixin
+
+      def test_multisegment_xri
+        xmldoc = Yadis.parseXRDS(read_data_file('subsegments.xrds'))
+        result = Yadis.get_canonical_id('xri://=nishitani*masaki', xmldoc)
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_xri.rb b/vendor/gems/ruby-openid-2.1.4/test/test_xri.rb
new file mode 100644
index 000000000..ba20e9c4b
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_xri.rb
@@ -0,0 +1,48 @@
+require 'test/unit'
+require 'openid/yadis/xri'
+
+module OpenID
+
+  module Yadis
+
+    class XriDiscoveryTestCase < Test::Unit::TestCase
+
+      def test_isXRI?
+        assert_equal(:xri, XRI.identifier_scheme('=john.smith'))
+        assert_equal(:xri, XRI.identifier_scheme('@smiths/john'))
+        assert_equal(:xri, XRI.identifier_scheme('xri://=john'))
+        assert_equal(:xri, XRI.identifier_scheme('@ootao*test1'))
+        assert_equal(:uri, XRI.identifier_scheme('smoker.myopenid.com'))
+        assert_equal(:uri, XRI.identifier_scheme('http://smoker.myopenid.com'))
+        assert_equal(:uri, XRI.identifier_scheme('https://smoker.myopenid.com'))
+      end
+    end
+
+    class XriEscapingTestCase < Test::Unit::TestCase
+      def test_escaping_percents
+        assert_equal('@example/abc%252Fd/ef', 
+                     XRI.escape_for_iri('@example/abc%2Fd/ef'))
+      end
+
+      def test_escaping_xref
+        # no escapes
+        assert_equal('@example/foo/(@bar)',
+                     XRI.escape_for_iri('@example/foo/(@bar)'))
+        # escape slashes
+        assert_equal('@example/foo/(@bar%2Fbaz)',
+                     XRI.escape_for_iri('@example/foo/(@bar/baz)'))
+        # escape query ? and fragment #
+        assert_equal('@example/foo/(@baz%3Fp=q%23r)?i=j#k',
+                     XRI.escape_for_iri('@example/foo/(@baz?p=q#r)?i=j#k'))
+      end
+    end
+
+    class XriTransformationTestCase < Test::Unit::TestCase
+      def test_to_iri_normal
+        assert_equal('xri://@example', XRI.to_iri_normal('@example'))
+      end
+      # iri_to_url:
+      #   various ucschar to hex
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_xrires.rb b/vendor/gems/ruby-openid-2.1.4/test/test_xrires.rb
new file mode 100644
index 000000000..3959361bb
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_xrires.rb
@@ -0,0 +1,63 @@
+
+require 'test/unit'
+require 'openid/yadis/xrires'
+
+module OpenID
+  module Yadis
+
+    class XRDSFetcher
+      def initialize(results)
+        @results = results
+      end
+
+      def fetch(url, body=nil, headers=nil, redirect_limit=nil)
+        if !@results.empty?
+          return @results.shift
+        end
+
+        nil
+      end
+    end
+
+    class ProxyQueryTestCase < Test::Unit::TestCase
+      def setup
+        @proxy_url = 'http://xri.example.com/'
+        @proxy = XRI::ProxyResolver.new(@proxy_url)
+        @servicetype = 'xri://+i-service*(+forwarding)*($v*1.0)'
+        @servicetype_enc = 'xri%3A%2F%2F%2Bi-service%2A%28%2Bforwarding%29%2A%28%24v%2A1.0%29'
+      end
+
+      def test_proxy_url
+        st = @servicetype
+        ste = @servicetype_enc
+        args_esc = "_xrd_r=application%2Fxrds%2Bxml&_xrd_t=" + ste
+        pqu = @proxy.method('query_url')
+        h = @proxy_url
+
+        assert_equal(h + '=foo?' + args_esc, pqu.call('=foo', st))
+        assert_equal(h + '=foo/bar?baz&' + args_esc,
+                     pqu.call('=foo/bar?baz', st))
+        assert_equal(h + '=foo/bar?baz=quux&' + args_esc,
+                     pqu.call('=foo/bar?baz=quux', st))
+        assert_equal(h + '=foo/bar?mi=fa&so=la&' + args_esc,
+                     pqu.call('=foo/bar?mi=fa&so=la', st))
+
+        # With no service endpoint selection.
+        args_esc = "_xrd_r=application%2Fxrds%2Bxml%3Bsep%3Dfalse"
+        assert_equal(h + '=foo?' + args_esc, pqu.call('=foo', nil))
+      end
+
+      def test_proxy_url_qmarks
+        st = @servicetype
+        ste = @servicetype_enc
+        args_esc = "_xrd_r=application%2Fxrds%2Bxml&_xrd_t=" + ste
+        pqu = @proxy.method('query_url')
+        h = @proxy_url
+
+        assert_equal(h + '=foo/bar??' + args_esc, pqu.call('=foo/bar?', st))
+        assert_equal(h + '=foo/bar????' + args_esc,
+                     pqu.call('=foo/bar???', st))
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/test_yadis_discovery.rb b/vendor/gems/ruby-openid-2.1.4/test/test_yadis_discovery.rb
new file mode 100644
index 000000000..b0fdd178a
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/test_yadis_discovery.rb
@@ -0,0 +1,220 @@
+
+require 'test/unit'
+require 'uri'
+require 'testutil'
+
+require 'openid/yadis/discovery'
+require 'openid/fetchers'
+require 'openid/util'
+require 'discoverdata'
+
+module OpenID
+
+  module YadisDiscovery
+    include FetcherMixin
+    include DiscoverData
+
+    STATUS_HEADER_RE = /Status: (\d+) .*?$/m
+
+    four04_pat = "\nContent-Type: text/plain\n\nNo such file %s"
+
+    def self.mkResponse(data)
+      status_mo = data.scan(STATUS_HEADER_RE)
+      headers_str, body = data.split("\n\n", 2)
+      headers = {}
+      headers_str.split("\n", -1).each { |line|
+        k, v = line.split(':', 2)
+        k = k.strip().downcase
+        v = v.strip()
+        headers[k] = v
+      }
+      status = status_mo[0][0].to_i
+      return HTTPResponse._from_raw_data(status, body,
+                                         headers)
+    end
+
+    class TestFetcher
+      include DiscoverData
+
+      def initialize(base_url)
+        @base_url = base_url
+      end
+
+      def fetch(url, headers, body, redirect_limit=nil)
+        current_url = url
+        while true
+          parsed = URI::parse(current_url)
+          # parsed[2][1:]
+          path = parsed.path[1..-1]
+          begin
+            data = generateSample(path, @base_url)
+          rescue ArgumentError
+            return HTTPResponse._from_raw_data(404, '', {},
+                                               current_url)
+          end
+
+          response = YadisDiscovery.mkResponse(data)
+          if ["301", "302", "303", "307"].member?(response.code)
+            current_url = response['location']
+          else
+            response.final_url = current_url
+            return response
+          end
+        end
+      end
+    end
+
+    class MockFetcher
+      def initialize
+        @count = 0
+      end
+
+      def fetch(uri, headers=nil, body=nil, redirect_limit=nil)
+        @count += 1
+        if @count == 1
+          headers = {
+            'X-XRDS-Location'.downcase => 'http://unittest/404',
+          }
+          return HTTPResponse._from_raw_data(200, '', headers, uri)
+        else
+          return HTTPResponse._from_raw_data(404, '', {}, uri)
+        end
+      end
+    end
+
+    class TestSecondGet < Test::Unit::TestCase
+      include FetcherMixin
+
+      def test_404
+        uri = "http://something.unittest/"
+        assert_raise(DiscoveryFailure) {
+          with_fetcher(MockFetcher.new) { Yadis.discover(uri) }
+        }
+      end
+    end
+
+    class DiscoveryTestCase
+      include DiscoverData
+      include FetcherMixin
+
+      def initialize(testcase, input_name, id_name, result_name, success)
+        @base_url = 'http://invalid.unittest/'
+        @testcase = testcase
+        @input_name = input_name
+        @id_name = id_name
+        @result_name = result_name
+        @success = success
+      end
+
+      def setup
+        @input_url, @expected = generateResult(@base_url,
+                                               @input_name,
+                                               @id_name,
+                                               @result_name,
+                                               @success)
+      end
+
+      def do_discovery
+        with_fetcher(TestFetcher.new(@base_url)) do
+          Yadis.discover(@input_url)
+        end
+      end
+
+      def runCustomTest
+        setup
+
+        if @expected.respond_to?("ancestors") and @expected.ancestors.member?(DiscoveryFailure)
+          @testcase.assert_raise(DiscoveryFailure) {
+            do_discovery
+          }
+        else
+          result = do_discovery
+          @testcase.assert_equal(@input_url, result.request_uri)
+
+          msg = sprintf("Identity URL mismatch: actual = %s, expected = %s",
+                        result.normalized_uri, @expected.normalized_uri)
+          @testcase.assert_equal(@expected.normalized_uri, result.normalized_uri, msg)
+
+          msg = sprintf("Content mismatch: actual = %s, expected = %s",
+                        result.response_text, @expected.response_text)
+          @testcase.assert_equal(@expected.response_text, result.response_text, msg)
+
+          expected_keys = @expected.instance_variables
+          expected_keys.sort!
+
+          actual_keys = result.instance_variables
+          actual_keys.sort!
+
+          @testcase.assert_equal(actual_keys, expected_keys)
+
+          @expected.instance_variables.each { |k|
+            exp_v = @expected.instance_variable_get(k)
+            act_v = result.instance_variable_get(k)
+            @testcase.assert_equal(act_v, exp_v, [k, exp_v, act_v])
+          }
+        end
+      end
+    end
+
+    class NoContentTypeFetcher
+      def fetch(url, body=nil, headers=nil, redirect_limit=nil)
+        return OpenID::HTTPResponse._from_raw_data(200, "", {}, nil)
+      end
+    end
+
+    class BlankContentTypeFetcher
+      def fetch(url, body=nil, headers=nil, redirect_limit=nil)
+        return OpenID::HTTPResponse._from_raw_data(200, "", {"Content-Type" => ""}, nil)
+      end
+    end
+
+    class TestYadisDiscovery < Test::Unit::TestCase
+      include FetcherMixin
+
+      def test_yadis_discovery
+        DiscoverData::TESTLIST.each { |success, input_name, id_name, result_name|
+          test = DiscoveryTestCase.new(self, input_name, id_name, result_name, success)
+          test.runCustomTest
+        }
+      end
+
+      def test_is_xrds_yadis_location
+        result = Yadis::DiscoveryResult.new('http://request.uri/')
+        result.normalized_uri = "http://normalized/"
+        result.xrds_uri = "http://normalized/xrds"
+
+        assert(result.is_xrds)
+      end
+
+      def test_is_xrds_content_type
+        result = Yadis::DiscoveryResult.new('http://request.uri/')
+        result.normalized_uri = result.xrds_uri = "http://normalized/"
+        result.content_type = Yadis::YADIS_CONTENT_TYPE
+
+        assert(result.is_xrds)
+      end
+
+      def test_is_xrds_neither
+        result = Yadis::DiscoveryResult.new('http://request.uri/')
+        result.normalized_uri = result.xrds_uri = "http://normalized/"
+        result.content_type = "another/content-type"
+
+        assert(!result.is_xrds)
+      end
+
+      def test_no_content_type
+        with_fetcher(NoContentTypeFetcher.new) do
+          result = Yadis.discover("http://bogus")
+          assert_equal(nil, result.content_type)
+        end
+      end
+
+      def test_blank_content_type
+        with_fetcher(BlankContentTypeFetcher.new) do
+          result = Yadis.discover("http://bogus")
+          assert_equal("", result.content_type)
+        end
+      end
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/testutil.rb b/vendor/gems/ruby-openid-2.1.4/test/testutil.rb
new file mode 100644
index 000000000..7676fb953
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/testutil.rb
@@ -0,0 +1,127 @@
+require "pathname"
+
+module OpenID
+  module TestDataMixin
+    TESTS_DIR = Pathname.new(__FILE__).dirname
+    TEST_DATA_DIR = Pathname.new('data')
+
+    def read_data_file(filename, lines=true, data_dir=TEST_DATA_DIR)
+      fname = TESTS_DIR.join(data_dir, filename)
+
+      if lines
+        fname.readlines
+      else
+        fname.read
+      end
+    end
+  end
+
+  module FetcherMixin
+    def with_fetcher(fetcher)
+      original_fetcher = OpenID.fetcher
+      begin
+        OpenID.fetcher = fetcher
+        return yield
+      ensure
+        OpenID.fetcher = original_fetcher
+      end
+    end
+  end
+
+  module Const
+    def const(symbol, value)
+      (class << self;self;end).instance_eval do
+        define_method(symbol) { value }
+      end
+    end
+  end
+
+  class MockResponse
+    attr_reader :code, :body
+
+    def initialize(code, body)
+      @code = code.to_s
+      @body = body
+    end
+  end
+
+  module ProtocolErrorMixin
+    def assert_protocol_error(str_prefix)
+      begin
+        result = yield
+      rescue ProtocolError => why
+        message = "Expected prefix #{str_prefix.inspect}, got "\
+                  "#{why.message.inspect}"
+        assert(why.message.starts_with?(str_prefix), message)
+      else
+        fail("Expected ProtocolError. Got #{result.inspect}")
+      end
+    end
+  end
+
+  module OverrideMethodMixin
+    def with_method_overridden(method_name, proc)
+      original = method(method_name)
+      begin
+        # TODO: find a combination of undef calls which prevent the warning
+        verbose, $VERBOSE = $VERBOSE, false
+        define_method(method_name, proc)
+        module_function(method_name)
+        $VERBOSE = verbose
+        yield
+      ensure
+        if original.respond_to? :owner
+          original.owner.send(:undef_method, method_name)
+          original.owner.send :define_method, method_name, original
+        else
+          define_method(method_name, original)
+          module_function(method_name)
+        end
+      end
+    end
+  end
+
+  # To use:
+  # > x = Object.new
+  # > x.extend(InstanceDefExtension)
+  # > x.instance_def(:monkeys) do
+  # >   "bananas"
+  # > end
+  # > x.monkeys
+  #
+  module InstanceDefExtension
+    def instance_def(method_name, &proc)
+      (class << self;self;end).instance_eval do
+        # TODO: find a combination of undef calls which prevent the warning
+        verbose, $VERBOSE = $VERBOSE, false
+        define_method(method_name, proc)
+        $VERBOSE = verbose
+      end
+    end
+  end
+
+  GOODSIG = '[A Good Signature]'
+
+  class GoodAssoc
+    attr_accessor :handle, :expires_in
+
+    def initialize(handle='-blah-')
+      @handle = handle
+      @expires_in = 3600
+    end
+
+    def check_message_signature(msg)
+      msg.get_arg(OPENID_NS, 'sig') == GOODSIG
+    end
+  end
+
+  class HTTPResponse
+    def self._from_raw_data(status, body="", headers={}, final_url=nil)
+      resp = Net::HTTPResponse.new('1.1', status.to_s, 'NONE')
+      me = self._from_net_response(resp, final_url)
+      me.initialize_http_header headers
+      me.body = body
+      return me
+    end
+  end
+end
diff --git a/vendor/gems/ruby-openid-2.1.4/test/util.rb b/vendor/gems/ruby-openid-2.1.4/test/util.rb
new file mode 100644
index 000000000..93bd096cb
--- /dev/null
+++ b/vendor/gems/ruby-openid-2.1.4/test/util.rb
@@ -0,0 +1,53 @@
+# Utilities that are only used in the testing code
+require 'stringio'
+
+module OpenID
+  module TestUtil
+    def assert_log_matches(*regexes)
+      begin
+        old_logger = Util.logger
+        log_output = StringIO.new
+        Util.logger = Logger.new(log_output)
+        result = yield
+      ensure
+        Util.logger = old_logger
+      end
+      log_output.rewind
+      log_lines = log_output.readlines
+      assert_equal(regexes.length, log_lines.length,
+                   [regexes, log_lines].inspect)
+      log_lines.zip(regexes) do |line, regex|
+        assert_match(regex, line)
+      end
+      result
+    end
+
+    def assert_log_line_count(num_lines)
+      begin
+        old_logger = Util.logger
+        log_output = StringIO.new
+        Util.logger = Logger.new(log_output)
+        result = yield
+      ensure
+        Util.logger = old_logger
+      end
+      log_output.rewind
+      log_lines = log_output.readlines
+      assert_equal(num_lines, log_lines.length)
+      result
+    end
+
+    def silence_logging
+      begin
+        old_logger = Util.logger
+        log_output = StringIO.new
+        Util.logger = Logger.new(log_output)
+        result = yield
+      ensure
+        Util.logger = old_logger
+      end
+      result
+    end
+  end
+end
+