diff --git a/.gitignore b/.gitignore index e7a952c1d..bb3f1cc4b 100644 --- a/.gitignore +++ b/.gitignore @@ -37,8 +37,6 @@ tags .idea .vscode/* -.hierarchy/ -.softhsm-tokens/ # ProxySQL log files test/proxysql/*.log* diff --git a/ca/ca_test.go b/ca/ca_test.go index 799bfac3b..976bb8495 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -922,7 +922,6 @@ func TestRejectValidityTooLong(t *testing.T) { testCtx.fc) test.AssertNotError(t, err, "Failed to create CA") - // This time is a few minutes before the notAfter in testdata/ca_cert.pem future, err := time.Parse(time.RFC3339, "2025-02-10T00:30:00Z") test.AssertNotError(t, err, "Failed to parse time") diff --git a/ca/testdata/ca_cert.pem b/ca/testdata/ca_cert.pem deleted file mode 100644 index 4737897ab..000000000 --- a/ca/testdata/ca_cert.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFxDCCA6ygAwIBAgIJALe2d/gZHJqAMA0GCSqGSIb3DQEBCwUAMDExCzAJBgNV -BAYTAlVTMRAwDgYDVQQKDAdUZXN0IENBMRAwDgYDVQQDDAdUZXN0IENBMB4XDTE1 -MDIxMzAwMzI0NFoXDTI1MDIxMDAwMzI0NFowMTELMAkGA1UEBhMCVVMxEDAOBgNV -BAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQCqYzR0R/8n0wKTYi3N68vR0onziVVS1/+9DsBcWLj3a8Vd -zds+snPbJu2M7TyhWSFGsUYaAu58vYl44GfmlRlCunpOrIIuhDh//Kua720J4bwK -0ODGLph70uO+VyEQeFQqEAdzy4v5puUfNbEdN66Ge5OGuwsVRwlBZvXRTbsuJend -cJadRC5kzxiPbnAqj9V44RK1Cn615dK/JTFVho2iHFER1k+MGMrso+8mn6asLZOj -RSx5wt+JEPbrE24X9fb+cF5J/e5AWL3OrcgdAf4953OJn5N/v+6F5FyaE+t0JKzn -THtLL1HCKMQmocpU2rTfYA1MWfLdY/KQZAdychoD6sQ6uuxCKRf6Zan/UH+4RcTW -ciPk8QAXRztkJGyJQozzLXfLnZFFHKtrS80h55SyvAA5UhwpVGjlKwKbwFHmNDj4 -5XE3anmiZFNdrAgAwDf+Pbukmolh2ffz++vZhHJuvorFhGziG9+O9IoBdTkKvJwY -qAkk+PP6Pe8GKgZsojvPr6vVewDEVGoBNth9/OAAVmIDXtoHEqWpk2rlCQsYcMjt -w+bVUxNpjs5kFXGwOpe6XfOxiMQxWaadqq3VUB06XXyS4JADtYm6EjrFPtEUG6Yu -9bGefjN/jyMls/8MwQR/HKNidueeKpuLfJYKvbudNf9XLVaZW9zf52WT0bqEdwID -AQABo4HeMIHbMB0GA1UdDgQWBBSaJqZ383/ySesJvVCWHAHhZcKpqzBhBgNVHSME -WjBYgBSaJqZ383/ySesJvVCWHAHhZcKpq6E1pDMwMTELMAkGA1UEBhMCVVMxEDAO -BgNVBAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0GCCQC3tnf4GRyagDAPBgNV -HRMECDAGAQH/AgEBMAsGA1UdDwQEAwIBBjA5BggrBgEFBQcBAQQtMCswKQYIKwYB -BQUHMAGGHWh0dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjgwODAvMA0GCSqGSIb3DQEB -CwUAA4ICAQCWJo5AaOIW9n17sZIMRO4m3S2gF2Bs03X4i29/NyMCtOGlGk+VFmu/ -1rP3XYE4KJpSq+9/LV1xXFd2FTvuSz18MAvlCz2b5V7aBl88qup1htM/0VXXTy9e -p9tapIDuclcVez1kkdxPSwXh9sejcfNoZrgkPr/skvWp4WPy+rMvskHGB1BcRIG3 -xgR0IYIS0/3N6k6mcDaDGjGHMPoKY3sgg8Q/FToTxiMux1p2eGjbTmjKzOirXOj4 -Alv82qEjIRCMdnvOkZI35cd7tiO8Z3m209fhpkmvye2IERZxSBPRC84vrFfh0aWK -U/PisgsVD5/suRfWMqtdMHf0Mm+ycpgcTjijqMZF1gc05zfDqfzNH/MCcCdH9R2F -13ig5W8zJU8M1tV04ftElPi0/a6pCDs9UWk+ADIsAScee7P5kW+4WWo3t7sIuj8i -wAGiF+tljMOkzvGnxcuy+okR3EhhQdwOl+XKBgBXrK/hfvLobSQeHKk6+oUJzg4b -wL7gg7ommDqj181eBc1tiTzXv15Jd4cy9s/hvZA0+EfZc6+21urlwEGmEmm0EsAG -ldK1FVOTRlXJrjw0K57bI+7MxhdD06I4ikFCXRTAIxVSRlXegrDyAwUZv7CqH0mr -8jcQV9i1MJFGXV7k3En0lQv2z5AD9aFtkc6UjHpAzB8xEWMO0ZAtBg== ------END CERTIFICATE----- \ No newline at end of file diff --git a/ca/testdata/ca_key.pem b/ca/testdata/ca_key.pem deleted file mode 100644 index e7dcfd5b8..000000000 --- a/ca/testdata/ca_key.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAqmM0dEf/J9MCk2ItzevL0dKJ84lVUtf/vQ7AXFi492vFXc3b -PrJz2ybtjO08oVkhRrFGGgLufL2JeOBn5pUZQrp6TqyCLoQ4f/yrmu9tCeG8CtDg -xi6Ye9LjvlchEHhUKhAHc8uL+ablHzWxHTeuhnuThrsLFUcJQWb10U27LiXp3XCW -nUQuZM8Yj25wKo/VeOEStQp+teXSvyUxVYaNohxREdZPjBjK7KPvJp+mrC2To0Us -ecLfiRD26xNuF/X2/nBeSf3uQFi9zq3IHQH+PedziZ+Tf7/uheRcmhPrdCSs50x7 -Sy9RwijEJqHKVNq032ANTFny3WPykGQHcnIaA+rEOrrsQikX+mWp/1B/uEXE1nIj -5PEAF0c7ZCRsiUKM8y13y52RRRyra0vNIeeUsrwAOVIcKVRo5SsCm8BR5jQ4+OVx -N2p5omRTXawIAMA3/j27pJqJYdn38/vr2YRybr6KxYRs4hvfjvSKAXU5CrycGKgJ -JPjz+j3vBioGbKI7z6+r1XsAxFRqATbYffzgAFZiA17aBxKlqZNq5QkLGHDI7cPm -1VMTaY7OZBVxsDqXul3zsYjEMVmmnaqt1VAdOl18kuCQA7WJuhI6xT7RFBumLvWx -nn4zf48jJbP/DMEEfxyjYnbnniqbi3yWCr27nTX/Vy1WmVvc3+dlk9G6hHcCAwEA -AQKCAgEAirFJ50Ubmu0V8aY/JplDRT4dcJFfVJnh36B8UC8gELY2545DYpub1s2v -G8GYUrXcclCmgVHVktAtcKkpqfW/pCNqn1Ooe/jAjN29SdaOaTbH+/3emTMgh9o3 -6528mk14JOz7Q/Rxsft6EZeA3gmPFITOpyLleKJkFEqc2YxuSrgtz0RwNP9kzEYO -9eGth9egqk57DcbHMYUrsM+zgqyN6WEnVF+gTKd5tnoSltvprclDnekWtN49WrLm -ap9cREDAlogdGBmMr/AMQIoQlBwlOXqG/4VXaOtwWqhyADEqvVWFMJl+2spfwK2y -TMfxjHSiOhlTeczV9gP/VC04Kp5aMXXoCg2Gwlcr4DBic1k6eI/lmUQv6kg/4Nbf -yU+BCUtBW5nfKgf4DOcqX51n92ELnKbPKe41rcZxbTMvjsEQsGB51QLOMHa5tKe8 -F2R3fuP9y5k9lrMcz2vWL+9Qt4No5e++Ej+Jy1NKhrcfwQ6fGpMcZNesl0KHGjhN -dfZZRMHNZNBbJKHrXxAHDxtvoSqWOk8XOwP12C2MbckHkSaXGTLIuGfwcW6rvdF2 -EXrSCINIT1eCmMrnXWzWCm6UWxxshLsqzU7xY5Ov8qId211gXnC2IonAezWwFDE9 -JYjwGJJzNTiEjX6WdeCzT64FMtJk4hpoa3GzroRG2LAmhhnWVaECggEBANblf0L5 -2IywbeqwGF3VsSOyT8EeiAhOD9NUj4cYfU8ueqfY0T9/0pN39kFF8StVk5kOXEmn -dFk74gUC4+PBjrBAMoKvpQ2UpUvX9hgFQYoNmJZxSqF8KzdjS4ABcWIWi8thOAGc -NLssTw3eBsWT7ahX097flpWFVqVaFx5OmB6DOIHVTA+ppf6RYCETgDJomaRbzn8p -FMTpRZBYRLj/w2WxFy1J8gWGSq2sATFCMc3KNFwVQnDVS03g8W/1APqMVU0mIeau -TltSACvdwigLgWUhYxN+1F5awBlGqMdP+TixisVrHZWZw7uFMb8L/MXW1YA4FN8h -k2/Bp8wJTD+G/dkCggEBAMr6Tobi/VlYG+05cLmHoXGH98XaGBokYXdVrHiADGQI -lhYtnqpXQc1vRqp+zFacjpBjcun+nd6HzIFzsoWykevxYKgONol+iTSyHaTtYDm0 -MYrgH8nBo26GSCdz3IGHJ/ux1LL8ZAbY2AbP81x63ke+g9yXQPBkZQp6vYW/SEIG -IKhy+ZK6tZa0/z7zJNfM8PuN+bK4xJorUwbRqIv4owj0Bf92v+Q/wETYeEBpkDGU -uJ3wDc3FVsK5+gaJECS8DNkOmZ+o5aIlMQHbwxXe8NUm4uZDT+znx0uf+Hw1wP1P -zGL/TnjrZcmKRR47apkPXOGZWpPaNV0wkch/Xh1KEs8CggEBAJaRoJRt+LPC3pEE -p13/3yjSxBzc5pVjFKWO5y3SE+LJ/zjhquNiDUo0UH+1oOArCsrADBuzT8tCMQAv -4TrwoKiPopR8uxoD37l/bLex3xT6p8IpSRBSrvkVAo6C9E203Gg5CwPdzfijeBSQ -T5BaMLe2KgZMBPdowKgEspQSn3UpngsiRzPmOx9d/svOHRG0xooppUrlnt7FT29u -2WACHIeBCGs8F26VhHehQAiih8DX/83RO4dRe3zqsmAue2wRrabro+88jDxh/Sq/ -K03hmd0hAoljYStnTJepMZLNTyLRCxl+DvGGFmWqUou4u3hnKZq4MK+Sl/pC5u4I -SbttOykCggEAEk0RSX4r46NbGT+Fl2TQPKFKyM8KP0kqdI0H+PFqrJZNmgBQ/wDR -EQnIcFTwbZq+C+y7jreDWm4aFU3uObnJCGICGgT2C92Z12N74sP4WhuSH/hnRVSt -PKjk1pHOvusFwt7c06qIBkoE6FBVm/AEHKnjz77ffw0+QvygG/AMPs+4oBeFwyIM -f2MgZHedyctTqwq5CdE5AMGJQeMjdENdx8/gvpDhal4JIuv1o7Eg7CeBodPkGrqB -QRttnKs9BmLiMavsVAXxdnYt/gHnjBBG3KEd8i79hNm9EWeCCwj5tp08S2zDkYl/ -6vUJmFk5GkXVVQ3zqcMR7q4TZuV9Ad0M5wKCAQAY89F3qpokGhDtlVrB78gY8Ol3 -w9eq7HwEYfu8ZTN0+TEQMTEbvLbCcNYQqfRSqAAtb8hejaBQYbxFwNx9VA6sV4Tj -6EUMnp9ijzBf4KH0+r1wgkxobDjFH+XCewDLfTvhFDXjFcpRsaLfYRWz82JqSag6 -v+lJi6B2hbZUt750aQhomS6Bu0GE9/cE+e17xpZaMgXcWDDnse6W0JfpGHe8p6qD -EcaaKadeO/gSnv8wM08nHL0d80JDOE/C5I0psKryMpmicJK0bI92ooGrkJsF+Sg1 -huu1W6p9RdxJHgphzmGAvTrOmrDAZeKtubsMS69VZVFjQFa1ZD/VMzWK1X2o ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/ca/testdata/dupe_name.der.csr b/ca/testdata/dupe_name.der.csr deleted file mode 100644 index 6884aa08e..000000000 Binary files a/ca/testdata/dupe_name.der.csr and /dev/null differ diff --git a/ca/testdata/no_cn.der.csr b/ca/testdata/no_cn.der.csr deleted file mode 100644 index d1f70368a..000000000 Binary files a/ca/testdata/no_cn.der.csr and /dev/null differ diff --git a/ca/testdata/no_san.der.csr b/ca/testdata/no_san.der.csr deleted file mode 100644 index db8558236..000000000 Binary files a/ca/testdata/no_san.der.csr and /dev/null differ diff --git a/ca/testdata/testcsr.go b/ca/testdata/testcsr.go index e1a1b07df..cd22487cd 100644 --- a/ca/testdata/testcsr.go +++ b/ca/testdata/testcsr.go @@ -3,53 +3,17 @@ package main import ( + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" "crypto/x509" "crypto/x509/pkix" - "encoding/pem" "log" "os" ) -// A 2048-bit RSA private key -var rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA5cpXqfCaUDD+hf93j5jxbrhK4jrJAzfAEjeZj/Lx5Rv/7eEO -uhS2DdCU2is82vR6yJ7EidUYVz/nUAjSTP7JIEsbyvfsfACABbqRyGltHlJnULVH -y/EMjt9xKZf17T8tOLHVUEAJTxsvjKn4TMIQJTNrAqm/lNrUXmCIR41Go+3RBGC6 -YdAKEwcZMCzrjQGF06mC6/6xMmYMSMd6+VQRFIPpuPK/6BBp1Tgju2LleRC5uatj -QcFOoilGkfh1RnZp3GJ7q58KaqHiPmjl31rkY5vS3LP7yfU5TRBcxCSG8l8LKuRt -MArkbTEtj3PkDjbipL/SkLrZ28e5w9Egl4g1MwIDAQABAoIBABZqY5zPPK5f6SQ3 -JHmciMitL5jb9SncMV9VjyRMpa4cyh1xW9dpF81HMI4Ls7cELEoPuspbQDGaqTzU -b3dVT1dYHFDzWF1MSzDD3162cg+IKE3mMSfCzt/NCiPtj+7hv86NAmr+pCnUVBIb -rn4GXD7UwjaTSn4Bzr+aGREpxd9Nr0JdNQwxVHZ75A92vTihCfaXyMCjhW3JEpF9 -N89XehgidoGgtUxxeeb+WsO3nvVBpLv/HDxMTx/IDzvSA5nLlYMcqVzb7IJoeAQu -og0WJKlniYzvIdoQ6/hGydAW5sKd0qWh0JPYs7uLKAWrdAWvrFAp7//fYKVamalU -8pUu/WkCgYEA+tcTQ3qTnVh41O9YeM/7NULpIkuCAlR+PBRky294zho9nGQIPdaW -VNvyqqjLaHaXJVokYHbU4hDk6RbrhoWVd4Po/5g9cUkT1f6nrdZGRkg4XOCzHWvV -Yrqh3eYYX4bdiH5EhB78m0rrbjHfd7SF3cdYNzOUS2kJvCInYC6zPx8CgYEA6oRr -UhZFuoqRsEb28ELM8sHvdIMA/C3aWCu+nUGQ4gHSEb4uvuOD/7tQNuCaBioiXVPM -/4hjk9jHJcjYf5l33ANqIP7JiYAt4rzTWXF3iS6kQOhQhjksSlSnWqw0Uu1DtlpG -rzeG1ZkBuwH7Bx0yj4sGSz5sAvyF44aRsE6AC20CgYEArafWO0ISDb1hMbFdo44B -ELd45Pg3UluiZP+NZFWQ4cbC3pFWL1FvE+KNll5zK6fmLcLBKlM6QCOIBmKKvb+f -YXVeCg0ghFweMmkxNqUAU8nN02bwOa8ctFQWmaOhPgkFN2iLEJjPMsdkRA6c8ad1 -gbtvNBAuWyKlzawrbGgISesCgYBkGEjGLINubx5noqJbQee/5U6S6CdPezKqV2Fw -NT/ldul2cTn6d5krWYOPKKYU437vXokst8XooKm/Us41CAfEfCCcHKNgcLklAXsj -ve5LOwEYQw+7ekORJjiX1tAuZN51wmpQ9t4x5LB8ZQgDrU6bPbdd/jKTw7xRtGoS -Wi8EsQKBgG8iGy3+kVBIjKHxrN5jVs3vj/l/fQL0WRMLCMmVuDBfsKyy3f9n8R1B -/KdwoyQFwsLOyr5vAjiDgpFurXQbVyH4GDFiJGS1gb6MNcinwSTpsbOLLV7zgibX -A2NgiQ+UeWMia16dZVd6gGDlY3lQpeyLdsdDd+YppNfy9vedjbvT ------END RSA PRIVATE KEY-----` - -// NISTP256 ECDSA private key -var ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY----- -MHcCAQEEIKwK8ik0Zgw26bWaGuNYa/QAtCDRwpOPS5FIhbwuFqWuoAoGCCqGSM49 -AwEHoUQDQgAEfkxXCNEy4/zfwQ4arciDYQql7/+ftYvf51JTLCJAFu8kWKvNBENT -X8ays994FANu2VsJTF5Ud5JPYWHT87hjAA== ------END EC PRIVATE KEY-----` - func main() { - block, _ := pem.Decode([]byte(rsaPrivateKey)) - rsaPriv, err := x509.ParsePKCS1PrivateKey(block.Bytes) + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatalf("Failed to parse private key: %s", err) } @@ -65,7 +29,7 @@ func main() { "Capitalizedletters.COM", }, } - csr, err := x509.CreateCertificateRequest(rand.Reader, req, rsaPriv) + csr, err := x509.CreateCertificateRequest(rand.Reader, req, priv) if err != nil { log.Fatalf("unable to create CSR: %s", err) } diff --git a/cmd/boulder-wfe2/main_test.go b/cmd/boulder-wfe2/main_test.go index 8b2b90e04..a1f79af8d 100644 --- a/cmd/boulder-wfe2/main_test.go +++ b/cmd/boulder-wfe2/main_test.go @@ -3,77 +3,36 @@ package notmain import ( "crypto/x509" "encoding/pem" - "os" "testing" - "github.com/letsencrypt/boulder/core" "github.com/letsencrypt/boulder/test" ) -func TestLoadChain_Valid(t *testing.T) { - issuer, chainPEM, err := loadChain([]string{ - "../../test/test-ca-cross.pem", - "../../test/test-root2.pem", +func TestLoadChain(t *testing.T) { + // Most of loadChain's logic is implemented in issuance.LoadChain, so this + // test only covers the construction of the PEM bytes. + _, chainPEM, err := loadChain([]string{ + "../../test/hierarchy/int-e1.cert.pem", + "../../test/hierarchy/root-x2-cross.cert.pem", + "../../test/hierarchy/root-x1.cert.pem", }) test.AssertNotError(t, err, "Should load valid chain") - expectedIssuer, err := core.LoadCert("../../test/test-ca-cross.pem") - test.AssertNotError(t, err, "Failed to load test issuer") - - chainIssuerPEM, rest := pem.Decode(chainPEM) - test.AssertNotNil(t, chainIssuerPEM, "Failed to decode chain PEM") - parsedIssuer, err := x509.ParseCertificate(chainIssuerPEM.Bytes) + // Parse the first certificate in the PEM blob. + certPEM, rest := pem.Decode(chainPEM) + test.AssertNotNil(t, certPEM, "Failed to decode chain PEM") + _, err = x509.ParseCertificate(certPEM.Bytes) test.AssertNotError(t, err, "Failed to parse chain PEM") - // The three versions of the intermediate (the one loaded by us, the one - // returned by loadChain, and the one parsed from the chain) should be equal. - test.AssertByteEquals(t, issuer.Raw, expectedIssuer.Raw) - test.AssertByteEquals(t, parsedIssuer.Raw, expectedIssuer.Raw) + // Parse the second certificate in the PEM blob. + certPEM, rest = pem.Decode(rest) + test.AssertNotNil(t, certPEM, "Failed to decode chain PEM") + _, err = x509.ParseCertificate(certPEM.Bytes) + test.AssertNotError(t, err, "Failed to parse chain PEM") // The chain should contain nothing else. - rootIssuerPEM, _ := pem.Decode(rest) - if rootIssuerPEM != nil { + certPEM, rest = pem.Decode(rest) + if certPEM != nil || len(rest) != 0 { t.Error("Expected chain PEM to contain one cert and nothing else") } } - -func TestLoadChain_TooShort(t *testing.T) { - _, _, err := loadChain([]string{"/path/to/one/cert.pem"}) - test.AssertError(t, err, "Should reject too-short chain") -} - -func TestLoadChain_Unloadable(t *testing.T) { - _, _, err := loadChain([]string{ - "does-not-exist.pem", - "../../test/test-root2.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") - - _, _, err = loadChain([]string{ - "../../test/test-ca-cross.pem", - "does-not-exist.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") - - invalidPEMFile, _ := os.CreateTemp("", "invalid.pem") - err = os.WriteFile(invalidPEMFile.Name(), []byte(""), 0640) - test.AssertNotError(t, err, "Error writing invalid PEM tmp file") - _, _, err = loadChain([]string{ - invalidPEMFile.Name(), - "../../test/test-root2.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") -} - -func TestLoadChain_InvalidSig(t *testing.T) { - _, _, err := loadChain([]string{ - "../../test/test-root2.pem", - "../../test/test-ca-cross.pem", - }) - test.AssertError(t, err, "Should reject invalid signature") -} - -func TestLoadChain_NoRoot(t *testing.T) { - // TODO(#5251): Implement this when we have a hierarchy which includes two - // CA certs, neither of which is a root. -} diff --git a/cmd/ceremony/cert_test.go b/cmd/ceremony/cert_test.go index c31313ed2..95a2b3375 100644 --- a/cmd/ceremony/cert_test.go +++ b/cmd/ceremony/cert_test.go @@ -15,9 +15,10 @@ import ( "testing" "time" + "github.com/miekg/pkcs11" + "github.com/letsencrypt/boulder/pkcs11helpers" "github.com/letsencrypt/boulder/test" - "github.com/miekg/pkcs11" ) // samplePubkey returns a slice of bytes containing an encoded @@ -575,9 +576,6 @@ func TestLoadCert(t *testing.T) { _, err = loadCert("../../test/hierarchy/int-e1.key.pem") test.AssertError(t, err, "should have failed when trying to parse a private key") - - _, err = loadCert("../../test/test-root.pubkey.pem") - test.AssertError(t, err, "should have failed when trying to parse a public key") } func TestGenerateSKID(t *testing.T) { diff --git a/cmd/ceremony/main_test.go b/cmd/ceremony/main_test.go index 1f0a3fb44..c4e9b52f3 100644 --- a/cmd/ceremony/main_test.go +++ b/cmd/ceremony/main_test.go @@ -18,7 +18,7 @@ import ( ) func TestLoadPubKey(t *testing.T) { - _, _, err := loadPubKey("../../test/test-root.pubkey.pem") + _, _, err := loadPubKey("../../test/test-ca.pubkey.pem") test.AssertNotError(t, err, "should not have errored") _, _, err = loadPubKey("../../test/hierarchy/int-e1.key.pem") diff --git a/cmd/config_test.go b/cmd/config_test.go index 65340d0b7..b6eeb9860 100644 --- a/cmd/config_test.go +++ b/cmd/config_test.go @@ -1,9 +1,19 @@ package cmd import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "os" + "path" "regexp" "strings" "testing" + "time" "github.com/letsencrypt/boulder/metrics" "github.com/letsencrypt/boulder/test" @@ -52,9 +62,43 @@ func TestPasswordConfig(t *testing.T) { func TestTLSConfigLoad(t *testing.T) { null := "/dev/null" nonExistent := "[nonexistent]" - cert := "../test/grpc-creds/creds-test/cert.pem" - key := "../test/grpc-creds/creds-test/key.pem" - caCert := "../test/grpc-creds/minica.pem" + tmp := t.TempDir() + cert := path.Join(tmp, "TestTLSConfigLoad.cert.pem") + key := path.Join(tmp, "TestTLSConfigLoad.key.pem") + caCert := path.Join(tmp, "TestTLSConfigLoad.cacert.pem") + + rootKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + test.AssertNotError(t, err, "creating test root key") + rootTemplate := &x509.Certificate{ + Subject: pkix.Name{CommonName: "test root"}, + SerialNumber: big.NewInt(12345), + NotBefore: time.Now().Add(-24 * time.Hour), + NotAfter: time.Now().Add(24 * time.Hour), + IsCA: true, + } + rootCert, err := x509.CreateCertificate(rand.Reader, rootTemplate, rootTemplate, rootKey.Public(), rootKey) + test.AssertNotError(t, err, "creating test root cert") + err = os.WriteFile(caCert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCert}), os.ModeAppend) + test.AssertNotError(t, err, "writing test root cert to disk") + + intKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + test.AssertNotError(t, err, "creating test intermediate key") + intKeyBytes, err := x509.MarshalECPrivateKey(intKey) + test.AssertNotError(t, err, "marshalling test intermediate key") + err = os.WriteFile(key, pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: intKeyBytes}), os.ModeAppend) + test.AssertNotError(t, err, "writing test intermediate key cert to disk") + + intTemplate := &x509.Certificate{ + Subject: pkix.Name{CommonName: "test intermediate"}, + SerialNumber: big.NewInt(67890), + NotBefore: time.Now().Add(-12 * time.Hour), + NotAfter: time.Now().Add(12 * time.Hour), + IsCA: true, + } + intCert, err := x509.CreateCertificate(rand.Reader, intTemplate, rootTemplate, intKey.Public(), rootKey) + test.AssertNotError(t, err, "creating test intermediate cert") + err = os.WriteFile(cert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: intCert}), os.ModeAppend) + test.AssertNotError(t, err, "writing test intermediate cert to disk") testCases := []struct { TLSConfig @@ -69,26 +113,20 @@ func TestTLSConfigLoad(t *testing.T) { {TLSConfig{null, key, caCert}, "loading key pair.*failed to find any PEM data"}, {TLSConfig{cert, null, caCert}, "loading key pair.*failed to find any PEM data"}, {TLSConfig{cert, key, null}, "parsing CA certs"}, + {TLSConfig{cert, key, caCert}, ""}, } for _, tc := range testCases { - var title [3]string - if tc.CertFile == "" { - title[0] = "nil" - } else { - title[0] = tc.CertFile - } - if tc.KeyFile == "" { - title[1] = "nil" - } else { - title[1] = tc.KeyFile - } - if tc.CACertFile == "" { - title[2] = "nil" - } else { - title[2] = tc.CACertFile + title := [3]string{tc.CertFile, tc.KeyFile, tc.CACertFile} + for i := range title { + if title[i] == "" { + title[i] = "nil" + } } t.Run(strings.Join(title[:], "_"), func(t *testing.T) { _, err := tc.TLSConfig.Load(metrics.NoopRegisterer) + if err == nil && tc.want == "" { + return + } if err == nil { t.Errorf("got no error") } diff --git a/cmd/ocsp-responder/testdata/test-ca.der.pem b/cmd/ocsp-responder/testdata/test-ca.der.pem deleted file mode 100644 index 760417fe9..000000000 --- a/cmd/ocsp-responder/testdata/test-ca.der.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDETCCAfmgAwIBAgIJAJzxkS6o1QkIMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV -BAMMFGhhcHB5IGhhY2tlciBmYWtlIENBMB4XDTE1MDQwNzIzNTAzOFoXDTI1MDQw -NDIzNTAzOFowHzEdMBsGA1UEAwwUaGFwcHkgaGFja2VyIGZha2UgQ0EwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCkd5mgXFErJ3F2M0E9dw+Ta/md5i -8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9r9tSQcL8VM6WUOM8 -tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHSzUYtNKNeFI6Glamj -7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p58QkP4LHLShVLXDa8 -BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aPkE/cefmP+1xOfUuD -HOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w5qxSPTarAgMBAAGj -UDBOMB0GA1UdDgQWBBT7eE8S+WAVgyyfF380GbMuNupBiTAfBgNVHSMEGDAWgBT7 -eE8S+WAVgyyfF380GbMuNupBiTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA -A4IBAQAd9Da+Zv+TjMv7NTAmliqnWHY6d3UxEZN3hFEJ58IQVHbBZVZdW7zhRktB -vR05Kweac0HJeK91TKmzvXl21IXLvh0gcNLU/uweD3no/snfdB4OoFompljThmgl -zBqiqWoKBJQrLCA8w5UB+ReomRYd/EYXF/6TAfzm6hr//Xt5mPiUHPdvYt75lMAo -vRxLSbF8TSQ6b7BYxISWjPgFASNNqJNHEItWsmQMtAjjwzb9cs01XH9pChVAWn9L -oeMKa+SlHSYrWG93+EcrIH/dGU76uNOiaDzBSKvaehG53h25MHuO1anNICJvZovW -rFo4Uv1EnkKJm3vJFe50eJGhEKlx ------END CERTIFICATE----- diff --git a/cmd/ocsp-responder/testdata/test-ca.key b/cmd/ocsp-responder/testdata/test-ca.key deleted file mode 100644 index e3b5697be..000000000 --- a/cmd/ocsp-responder/testdata/test-ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCCkd5mgXFErJ3 -F2M0E9dw+Ta/md5i8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9 -r9tSQcL8VM6WUOM8tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHS -zUYtNKNeFI6Glamj7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p5 -8QkP4LHLShVLXDa8BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aP -kE/cefmP+1xOfUuDHOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w -5qxSPTarAgMBAAECggEAZh00uhjFOo35X1TufwSGF0z/c9uMvfMB4i1ufM2qgXud -WXLSLcrksZhhTfLAS4KSTa3PtSKqLBoPg1tdhy9WZqZWxaIxw8ybzaGtn8HNHGyr -LzsVlSLT2ATN4C7VAT9+DeVext0kWHtdz3r5mGagJq2Yx9jRGpQW6rBA9h4ol699 -BM09UPCcdlGmpdrb0jDjyfohG139EBSmEeB+Jim+oLO1sXe/LvWllU0UL527CExp -ykiIjASd4s7tFErV9sVJ+bDI97GOyBUGcVMiQ+TRPKFr0kfLgbJz24l8ycPI4odp -IGY+6igicg67n5BktAH+UfCQlUIpWbF2SwRAMht0AQKBgQD8gocy2VuCPj285hBY -8g/1GFd58HkCh54bOhAOb2PK+NE4mRuHCBlBj/tQOmgYz2Pna2k5ldJSUwXsUKkx -9R7hutnwXbcQTSQIRcjhYDLeGetJYXR96ylDig+6XjdW3A5SIc2JzlbVThP39TTm -gRqE/rj9G4ARMfHxffp7YT5AqwKBgQDEuN0pYMKjaW0xvc7WYUOqGHqt2di/BwMr -Ur438MtePArELY35P6kDcrfnlacDToA3Tebk9Rw18y1kl3BFO7VdJbQJSa6RWbp5 -aK7E5lq1pCrdyhGwiaI1f5VgzeY8ywS3TqGqU9GOqpENiZqgs1ly9l8gZSaw8/yF -uDWGg7jiAQKBgQCyLtGEmkiuoYkjUR1cBoQoKeMgkwZxOI3jHJfT99ptkiLhU3lP -UfGwiA+JT43BZCdVWEBKeGSP3zIgzdJ3BEekdhvwN9FEWYsBo2zbTOzYOWYExBZV -/KmDlVr/4hge3O3mGyBVDBvOLWh94rRPq+6wxqZ3RP6cI6hdBs7IXZh2PQKBgQDB -rav4kA4xKpvaDCC2yj3/Gmi1/zO5J2NEZQtoMgdXeM+0w5Dy4204Otq7A4jR5Ziw -Wl9H7dZfe1Kmpb5gO1/dHEC7oDJhYjEIVTs0GgMWsFGP2OE/qNHtz/W2wCC8m7jB -7IWYFzvLNTzoUiDNtKYNXGjdkRjdwOlOkcUI8Wi2AQKBgQC9EJsMz/ySt58IvwWy -fQJyg742j21pXHqlMnmHygnSgNa7f3yPQK3FxjvhIPmgu7x8+sSUtXHOjKhZML3p -SdTm/yN487hOYp03jy/wVXLcCDp9XhBeIt/z/TZMPMjAHOLG9xG6cF8AOVq7mLBc -tsDWUHoXPZj/YciXZLq3fPuXyw== ------END PRIVATE KEY----- diff --git a/docker-compose.next.yml b/docker-compose.next.yml index 2b88ea2b5..b18fb5ee7 100644 --- a/docker-compose.next.yml +++ b/docker-compose.next.yml @@ -2,6 +2,6 @@ services: boulder: environment: FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: &boulder_config_dir test/config-next + BOULDER_CONFIG_DIR: test/config-next GOFLAGS: -mod=vendor GOCACHE: /boulder/.gocache/go-build-next diff --git a/docker-compose.yml b/docker-compose.yml index b7dc73ed4..f25309579 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ services: # The `letsencrypt/boulder-tools:latest` tag is automatically built in local # dev environments. In CI a specific BOULDER_TOOLS_TAG is passed, and it is # pulled with `docker compose pull`. - image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest} + image: &boulder_tools_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest} build: context: test/boulder-tools/ # Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh. @@ -20,8 +20,7 @@ services: volumes: - .:/boulder:cached - ./.gocache:/root/.cache/go-build:cached - - ./.hierarchy:/hierarchy/:cached - - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached networks: bouldernet: ipv4_address: 10.77.77.77 @@ -62,6 +61,20 @@ services: entrypoint: test/entrypoint.sh working_dir: &boulder_working_dir /boulder + bsetup: + image: *boulder_tools_image + volumes: + - .:/boulder:cached + - ./.gocache:/root/.cache/go-build:cached + - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + entrypoint: test/certs/generate.sh + working_dir: *boulder_working_dir + profiles: + # Adding a profile to this container means that it won't be started by a + # normal "docker compose up/run boulder", only when specifically invoked + # with a "docker compose up bsetup". + - setup + bmysql: image: mariadb:10.5 networks: diff --git a/grpc/creds/creds_test.go b/grpc/creds/creds_test.go index ad38c0c8e..e252f004f 100644 --- a/grpc/creds/creds_test.go +++ b/grpc/creds/creds_test.go @@ -12,59 +12,58 @@ import ( "testing" "time" - "github.com/letsencrypt/boulder/core" + "github.com/jmhodges/clock" + "github.com/letsencrypt/boulder/test" ) func TestServerTransportCredentials(t *testing.T) { + _, badCert := test.ThrowAwayCert(t, clock.New()) + goodCert := &x509.Certificate{ + DNSNames: []string{"creds-test"}, + IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)}, + } acceptedSANs := map[string]struct{}{ "creds-test": {}, } - certFile := "../../test/grpc-creds/creds-test/cert.pem" - badCertFile := "testdata/example.com/cert.pem" - goodCert, err := core.LoadCert(certFile) - test.AssertNotError(t, err, "core.LoadCert failed on "+certFile) - badCert, err := core.LoadCert(badCertFile) - test.AssertNotError(t, err, "core.LoadCert failed on "+badCertFile) servTLSConfig := &tls.Config{} // NewServerCredentials with a nil serverTLSConfig should return an error - _, err = NewServerCredentials(nil, acceptedSANs) + _, err := NewServerCredentials(nil, acceptedSANs) test.AssertEquals(t, err, ErrNilServerConfig) - // A creds with a empty acceptedSANs list should consider any peer valid + // A creds with a nil acceptedSANs list should consider any peer valid wrappedCreds, err := NewServerCredentials(servTLSConfig, nil) test.AssertNotError(t, err, "NewServerCredentials failed with nil acceptedSANs") bcreds := wrappedCreds.(*serverTransportCredentials) - emptyState := tls.ConnectionState{} - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertNotError(t, err, "validateClient() errored for emptyState") + + // A creds with a empty acceptedSANs list should consider any peer valid wrappedCreds, err = NewServerCredentials(servTLSConfig, map[string]struct{}{}) test.AssertNotError(t, err, "NewServerCredentials failed with empty acceptedSANs") bcreds = wrappedCreds.(*serverTransportCredentials) - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertNotError(t, err, "validateClient() errored for emptyState") - // A creds given an empty TLS ConnectionState to verify should return an error + // A properly-initialized creds should fail to verify an empty ConnectionState bcreds = &serverTransportCredentials{servTLSConfig, acceptedSANs} - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertEquals(t, err, ErrEmptyPeerCerts) // A creds should reject peers that don't have a leaf certificate with // a SAN on the accepted list. - wrongState := tls.ConnectionState{ + err = bcreds.validateClient(tls.ConnectionState{ PeerCertificates: []*x509.Certificate{badCert}, - } - err = bcreds.validateClient(wrongState) + }) var errSANNotAccepted ErrSANNotAccepted test.AssertErrorWraps(t, err, &errSANNotAccepted) // A creds should accept peers that have a leaf certificate with a SAN // that is on the accepted list - rightState := tls.ConnectionState{ + err = bcreds.validateClient(tls.ConnectionState{ PeerCertificates: []*x509.Certificate{goodCert}, - } - err = bcreds.validateClient(rightState) + }) test.AssertNotError(t, err, "validateClient(rightState) failed") // A creds configured with an IP SAN in the accepted list should accept a peer @@ -74,7 +73,9 @@ func TestServerTransportCredentials(t *testing.T) { "127.0.0.1": {}, } bcreds = &serverTransportCredentials{servTLSConfig, acceptedIPSans} - err = bcreds.validateClient(rightState) + err = bcreds.validateClient(tls.ConnectionState{ + PeerCertificates: []*x509.Certificate{goodCert}, + }) test.AssertNotError(t, err, "validateClient(rightState) failed with an IP accepted SAN list") } diff --git a/grpc/creds/testdata/example.com/cert.pem b/grpc/creds/testdata/example.com/cert.pem deleted file mode 100644 index e991ca1b4..000000000 --- a/grpc/creds/testdata/example.com/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDETCCAfmgAwIBAgIITp8UbMgujuEwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgNDk2YzRkMCAXDTE2MTIyNjE5MTEyOFoYDzIxMDYx -MjI2MTkxMTI4WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAL18+TWZsdGOxfObbuHQ8mOSXvc6+gtVHN9lSFOt -x7JiM2OZhQFOlYPDox/KqQX0tlyfYZ808NZcwWConQL+Atme8AKy0pahqI99WChh -li9ehbbbTGoWa8NxWbkqGDgD3waQ8YFZbWXosiK+dt4cAbNpAdX1yByQts/GUKW0 -PYyqwoOvjE5tBXBzrIL6PVxmGz5ALjq8GMl3HTyZXO5AfBuomNRYYkEV6zx/TOTq -PhO7flLnMVauv0aJbsaD+ZpPF2Zi/fw/4q2nolag+oA1f55mHxjN39ocLHa++CJA -ft4LRK/75QVaYKICn4r13DiCvGI44ltv+lmwSPZ311lvIF8CAwEAAaNXMFUwDgYD -VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV -HRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUA -A4IBAQAp/W32B/Pnm1oZXSVWTSN6ztSWjgiB3du1ryPe5VSPBmYZU1hHvORBfjuH -5JI9mHioW+0aoiDuABgpIXf5hMfXljyJXN+vO70C5PStUnFmHTtGADw62vRxhVVU -PLKtSAph8QpMTEUe+skV5RZ525aqHH54GSrSm7EdkIrgrkuGQhOViZ6QEqew29I3 -UK6cNe3w4d0XTzwPej4TNDGwumwWf/TEopp/kdOsFn93aZh/C/uTuI8gyqI9HiO0 -uQCwsePBr0G0w+vns38oC9jgyu6S3bOnq8XBzLjWgJ2lL//0g7bqvc5Wi1ClJnNS -OW48oQi9pw/ceqkYaMjCc0M5M0ix ------END CERTIFICATE----- diff --git a/grpc/creds/testdata/example.com/key.pem b/grpc/creds/testdata/example.com/key.pem deleted file mode 100644 index 295a72f3b..000000000 --- a/grpc/creds/testdata/example.com/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAvXz5NZmx0Y7F85tu4dDyY5Je9zr6C1Uc32VIU63HsmIzY5mF -AU6Vg8OjH8qpBfS2XJ9hnzTw1lzBYKidAv4C2Z7wArLSlqGoj31YKGGWL16FtttM -ahZrw3FZuSoYOAPfBpDxgVltZeiyIr523hwBs2kB1fXIHJC2z8ZQpbQ9jKrCg6+M -Tm0FcHOsgvo9XGYbPkAuOrwYyXcdPJlc7kB8G6iY1FhiQRXrPH9M5Oo+E7t+Uucx -Vq6/RoluxoP5mk8XZmL9/D/iraeiVqD6gDV/nmYfGM3f2hwsdr74IkB+3gtEr/vl -BVpgogKfivXcOIK8YjjiW2/6WbBI9nfXWW8gXwIDAQABAoIBAQCrLixgXMGEQ8vW -YBOSktV2WHPMOw5KkJBtzCzD05k1MHumPbknThvKFkHWZZm+VK0uDZn+XrA3p0HX -FVwKqPhgKrI+bdfK1q3VOvIaQNaRYn2/jGuC51BhFpRsr3eDmxOu9eAG74fh6Y6L -zq7JxllO/8z1wn0OOTm9iDWxDJwR51+tq/BSJhj681QPTOYmMxeHVxlXbZWs3JH3 -2md/s3M2ZKuyS/i6B4d2wijxMbZsbmX2gYC/N+i/DfLyfwh1+/6BvTZIsW5e1LRQ -kcIltZxlCT/PQw/rQjgDZROujlpiuYc2jaedn5JRDYNu+tnITi5oPswXezMH7QQs -PpQCcQfpAoGBAN53rCeLOyenihR35L5J/pqgMTwvGywEiNzVLqv9KUxyhZZvexIj -n5nQhRBIWD+2LpM1wmkMwb0xJT9PKbZgtaxYoledkFbWC+n7F6VqG/jb8ZUlkYdD -6QVUqAOIiuQLKJTzKStDQlAJXhGF5eItI+yAnL7utUsliLPbh1zUrLXTAoGBANoM -u5F/bqXOf2kQqXx7PfIuFRmQau97l0e7M1R7agvsgSnFvoa47Lkkx+KztZO+n8YD -wpEe3otuEYQAhG4WnLcZsBkAtKlGNv9JXwYOKFttKHSEtQ2LA10AsgILknJpZggE -/rMVyam+bjwusTfb610S8gYSjl7IKMIU+S+aAdfFAoGBAMgm3VF6l882kimWMMvv -YM0XQRTHwOeacNRWTLZaf9SS2JOfWxfXyxklHQKoRBWWQFMbs/y1iH1CASPzgjDe -07TqzayMSzeFPpTV3tFpJR+CKtkoQsVzGOw93SfIqkU/sNRJ7YlJ6xh9RQ/46vnR -6Rc4I045EA07CMHgyemAQp8XAoGAbIYtzKqp/WgbTcV3NXd5S1HYOpMARhUzJAZt -87xA+ZJKbun2e8MKPtOpkJF07AXSK5Gvgt7kUG0F1rcTMl+avB7S4H7Ta/SAZuqz -mqXtPCPGIMfz/LuVfvJbplzwFHWUzKT/x04uwob/AoESvwR7ziUhxBf0OARTFNWv -eBukkykCgYAuJ9jYMXVXae4phx0SgUNR40y7TA/TWbK2QgVGhWoGLlOOD3eqlxRS -xjV5ZcOy5XcCsL5tyN5IhTRUdCWF0l/v9EfvY0Zib7BWZk/dFcmLba2w2YW4cWD4 -WI5hndU1a8engsQ9C7PQPzU9GiRbcnwU8n1pGAE5Aa8u7b3WCFi2ag== ------END RSA PRIVATE KEY----- diff --git a/issuance/issuer_test.go b/issuance/issuer_test.go index f7f09522b..4e96145a1 100644 --- a/issuance/issuer_test.go +++ b/issuance/issuer_test.go @@ -214,12 +214,12 @@ func TestNewIssuerKeyUsage(t *testing.T) { func TestLoadChain_Valid(t *testing.T) { chain, err := LoadChain([]string{ - "../test/test-ca-cross.pem", - "../test/test-root2.pem", + "../test/hierarchy/int-e1.cert.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertNotError(t, err, "Should load valid chain") - expectedIssuer, err := core.LoadCert("../test/test-ca-cross.pem") + expectedIssuer, err := core.LoadCert("../test/hierarchy/int-e1.cert.pem") test.AssertNotError(t, err, "Failed to load test issuer") chainIssuer := chain[0] @@ -236,12 +236,12 @@ func TestLoadChain_TooShort(t *testing.T) { func TestLoadChain_Unloadable(t *testing.T) { _, err := LoadChain([]string{ "does-not-exist.pem", - "../test/test-root2.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertError(t, err, "Should reject unloadable chain") _, err = LoadChain([]string{ - "../test/test-ca-cross.pem", + "../test/hierarchy/int-e1.cert.pem", "does-not-exist.pem", }) test.AssertError(t, err, "Should reject unloadable chain") @@ -251,19 +251,19 @@ func TestLoadChain_Unloadable(t *testing.T) { test.AssertNotError(t, err, "Error writing invalid PEM tmp file") _, err = LoadChain([]string{ invalidPEMFile.Name(), - "../test/test-root2.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertError(t, err, "Should reject unloadable chain") } func TestLoadChain_InvalidSig(t *testing.T) { _, err := LoadChain([]string{ - "../test/test-root2.pem", - "../test/test-ca-cross.pem", + "../test/hierarchy/int-e1.cert.pem", + "../test/hierarchy/root-x1.cert.pem", }) test.AssertError(t, err, "Should reject invalid signature") - test.Assert(t, strings.Contains(err.Error(), "test-ca-cross.pem"), + test.Assert(t, strings.Contains(err.Error(), "root-x1.cert.pem"), fmt.Sprintf("Expected error to mention filename, got: %s", err)) - test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=happy hacker fake CA\""), + test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=(TEST) Ineffable Ice X1"), fmt.Sprintf("Expected error to mention subject, got: %s", err)) } diff --git a/start.py b/start.py index b297390e3..f224b9e6c 100755 --- a/start.py +++ b/start.py @@ -20,9 +20,6 @@ import startservers if not startservers.install(race_detection=False): raise(Exception("failed to build")) -# Setup issuance hierarchy -startservers.setupHierarchy() - if not startservers.start(fakeclock=None): sys.exit(1) try: diff --git a/t.sh b/t.sh index 10b87227d..a2d1a1ea5 100755 --- a/t.sh +++ b/t.sh @@ -7,6 +7,9 @@ if type realpath >/dev/null 2>&1 ; then cd "$(realpath -- $(dirname -- "$0"))" fi +# Generate the test keys and certs necessary for the integration tests. +docker compose up bsetup + # Use a predictable name for the container so we can grab the logs later # for use when testing logs analysis tools. docker rm boulder_tests diff --git a/test/PKI.md b/test/PKI.md deleted file mode 100644 index 9236f7bd3..000000000 --- a/test/PKI.md +++ /dev/null @@ -1,50 +0,0 @@ -Boulder's test environment contains four separate PKIs: -* WFE (simulating the public WebPKI) -* gRPC (simulating an internal PKI) -* Redis (simulating another internal PKI) -* Issuance - -In live deployment, the issuance PKI is a member of the global WebPKI, but we -simulate them as separate PKIs here. - -The PKI used by WFE is under `test/wfe-tls/`, with `test/wfe-tls/minica.pem` -serving as the root. There are no intermediates. Setting -`test/wfe-tls/minica.pem` as a trusted root is sufficient to connect to the WFE -over HTTPS. Currently there is only one end-entity certificate in this PKI, and -that's all we expect to need. To validate HTTPS connections to a test-mode WFE -in Python, set the environment variable `REQUESTS_CA_BUNDLE`. For Node, set -`NODE_EXTRA_CA_CERTS`. These variables should be set to -`/path/to/boulder/test/wfe-tls/minica.pem` (but only in testing environments!). -Note that in the Python case, setting this environment variable may break HTTPS -connections to non-WFE destinations. If causes problems for you, you may need to -create a combined bundle containing `test/wfe-tls/minica.pem` in addition to the -other relevant root certificates. - -The gRPC PKI is under `test/grpc-creds/`. Each Boulder component has two -hostnames, each resolving to a different IP address in our test environment, -plus a third hostname that resolves to both IP addresses. Certificates for these -components contain all three hostnames, both test IP addresses, and are stored -under `test/grpc-creds/SERVICE.boulder`. - -To issue new certificates in the WFE or gRPC PKI, install -https://github.com/jsha/minica, cd to the directory containing `minica.pem` for -the PKI you want to issue in, and run `minica -domains YOUR_NEW_DOMAINs`. If -you're updating the gRPC PKI, please make sure to update -`grpc-creds/generate.sh`. - -The issuance PKI consists of a RSA and ECDSA roots, several intermediates and -cross-signed intermediates, and CRLs. These certificates and their keys are -generated using the `ceremony` tool during integration testing. The private keys -are stored in SoftHSM in the boulder repository root `.softhsm-tokens/` folder, -and the public keys and certificates are written out to the boulder repository -root in the `.hierarchy/` folder. - -To regenerate the issuance PKI files, run the following commands: - - sudo rm -f .hierarchy/ .softhsm-tokens/ - docker compose run -it boulder go run test/cert-ceremonies/generate.go - -Certificate `test-example.pem`, together with `test-example.key` are self-signed -certs used in integration tests and were generated using: - - openssl req -x509 -newkey rsa:4096 -keyout test-example.key -out test-example.pem -days 36500 -nodes -subj "/CN=www.example.com" diff --git a/test/boulder-tools/Dockerfile b/test/boulder-tools/Dockerfile index 6dc912028..7470a47e5 100644 --- a/test/boulder-tools/Dockerfile +++ b/test/boulder-tools/Dockerfile @@ -15,6 +15,7 @@ RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2.0 RUN go install github.com/letsencrypt/pebble/v2/cmd/pebble-challtestsrv@66511d8 RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2 RUN go install honnef.co/go/tools/cmd/staticcheck@2023.1.7 +RUN go install github.com/jsha/minica@v1.1.0 FROM rust:bullseye as rustdeps # Provided automatically by docker build. diff --git a/test/certs/.gitignore b/test/certs/.gitignore new file mode 100644 index 000000000..ddb1034ff --- /dev/null +++ b/test/certs/.gitignore @@ -0,0 +1,3 @@ +/ipki +/webpki +/.softhsm-tokens diff --git a/test/certs/README.md b/test/certs/README.md new file mode 100644 index 000000000..e70955d02 --- /dev/null +++ b/test/certs/README.md @@ -0,0 +1,71 @@ +# Test keys and certificates + +## Dynamically-Generated PKIs + +This directory contains scripts and programs which generate PKIs (collections of +keys and certificates) for use in our integration tests. Each PKI has its own +subdirectory. The scripts do not regenerate a directory if it already exists, to +allow the generated files to be re-used across many runs on a developer's +machine. To force the scripts to regenerate a PKI, simply delete its whole +directory. + +This script is invoked automatically by the `bsetup` container in our docker +compose system. It is invoked automatically by `t.sh` and `tn.sh`. If you want +to run it manually, the expected way to do so is: + +```sh +$ docker compose up bsetup +[+] Running 0/1 +Attaching to bsetup-1 +bsetup-1 | Generating ipki/... +bsetup-1 | Generating webpki/... +bsetup-1 exited with code 0 +``` + +To add new certificates to an existing PKI, edit the script which generates that +PKI's subdirectory. To add a whole new PKI, create a new generation script, +execute that script from this directory's top-level `generate.sh`, and add the +new subdirectory to this directory's `.gitignore` file. + +### webpki + +The "webpki" PKI emulates our publicly-trusted hierarchy. It consists of RSA and +ECDSA roots, several intermediates and cross-signed intermediates, and CRLs. +These certificates and their keys are generated using the `ceremony` tool. The +private keys are stored in SoftHSM in the `.softhsm-tokens` subdirectory. + +This PKI is loaded by the CA, RA, and other components. It is used as the +issuance hierarchy for all end-entity certificates issued as part of the +integration tests. + +### ipki + +The "ipki" PKI emulates our internal PKI that the various Boulder services use +to authenticate each other when establishing gRPC connections. It includes one +certificate for each service which participates in our gRPC cluster. Some of +these certificates (for the services that we run multiple copies of) have +multiple names, so the same certificate can be loaded by each copy of that +service. + +This PKI is loaded by virtually every Boulder component. + +## Other Test PKIs + +A variety of other PKIs (collections of keys and certificates) exist in this +repository for the sake of unit and integration testing. We list them here as a +TODO-list of PKIs to remove and clean up: + +- challtestsrv DoH: Our fake DNS challenge test server (which fulfills DNS-01 + challenges during integration tests) can negotiate DoH handshakes. The key and + cert is uses for this are currently generated as part of the ipki directory, + but are fundamentally different from that PKI and should be moved. +- wfe-tls: The //test/wfe-tls/ directory holds the key and certificate which the + WFE uses to negotiate TLS handshakes with API clients. +- redis: The //test/redis-tls/ directory holds the key and certificate used by + our test redis cluster. This should probably be moved into the ipki directory. +- unit tests: the //test/hierarchy/ directory holds a variety of certificates + used by unit tests. These should be replaced by certs which the unit tests + dynamically generate in-memory, rather than loading from disk. +- misc: the top-level //test/ directory contains a variety of keys and + certificates which are used largely at random throughout the tests. These + should be removed and replaced with one of the existing PKIs. diff --git a/test/certs/generate.sh b/test/certs/generate.sh new file mode 100755 index 000000000..ad68869c2 --- /dev/null +++ b/test/certs/generate.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -e + +cd "$(realpath -- $(dirname -- "$0"))" + +ipki() ( + # Check that `minica` is installed + command -v minica >/dev/null 2>&1 || { + echo >&2 "No 'minica' command available."; + echo >&2 "Check your GOPATH and run: 'go install github.com/jsha/minica@latest'."; + exit 1; + } + + # Minica generates everything in-place, so we need to cd into the subdirectory. + # This function executes in a subshell, so this cd does not affect the parent + # script. + mkdir ipki + cd ipki + + # Used by challtestsrv to negotiate DoH handshakes. + # TODO: Move this out of the ipki directory. + # This also creates the issuer key, so the loops below can run in the + # background without competing over who gets to create it. + minica -ip-addresses 10.77.77.77,10.88.88.88 + + for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \ + wfe akamai-purger bad-key-revoker crl-updater crl-storer \ + health-checker; do + minica -domains "${SERVICE}.boulder" & + done + + for SERVICE in publisher nonce ra ca sa va rva ; do + minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" & + done + + wait + + # minica sets restrictive directory permissions, but we don't want that + chmod -R go+rX . +) + +webpki() ( + # Because it invokes the ceremony tool, webpki.go expects to be invoked with + # the root of the boulder repo as the current working directory. + # This function executes in a subshell, so this cd does not affect the parent + # script. + cd ../.. + mkdir ./test/certs/webpki + go run ./test/certs/webpki.go +) + +if ! [ -d ipki ]; then + echo "Generating ipki/..." + ipki +fi + +if ! [ -d webpki ]; then + echo "Generating webpki/..." + webpki +fi diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml b/test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml similarity index 76% rename from test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml rename to test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml index 1390e214a..1b0409045 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml +++ b/test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml @@ -5,11 +5,11 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-rsa.cert.pem - certificate-to-cross-sign-path: /hierarchy/{{ .FileName }}.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem + certificate-to-cross-sign-path: test/certs/webpki/{{ .FileName }}.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}-cross.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}-cross.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml b/test/certs/intermediate-cert-ceremony-ecdsa.yaml similarity index 75% rename from test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml rename to test/certs/intermediate-cert-ceremony-ecdsa.yaml index 16ca1926b..f5a4fc241 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml +++ b/test/certs/intermediate-cert-ceremony-ecdsa.yaml @@ -5,10 +5,10 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root ecdsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem certificate-profile: signature-algorithm: ECDSAWithSHA384 common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml b/test/certs/intermediate-cert-ceremony-rsa.yaml similarity index 75% rename from test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml rename to test/certs/intermediate-cert-ceremony-rsa.yaml index e4c380bad..6ed8ddaff 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml +++ b/test/certs/intermediate-cert-ceremony-rsa.yaml @@ -5,10 +5,10 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-rsa.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml b/test/certs/intermediate-key-ceremony-ecdsa.yaml similarity index 61% rename from test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml rename to test/certs/intermediate-key-ceremony-ecdsa.yaml index 5325f3214..13835efe7 100644 --- a/test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml +++ b/test/certs/intermediate-key-ceremony-ecdsa.yaml @@ -8,5 +8,5 @@ key: type: ecdsa ecdsa-curve: P-384 outputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json diff --git a/test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml b/test/certs/intermediate-key-ceremony-rsa.yaml similarity index 61% rename from test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml rename to test/certs/intermediate-key-ceremony-rsa.yaml index 76e8488f7..439abf15c 100644 --- a/test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml +++ b/test/certs/intermediate-key-ceremony-rsa.yaml @@ -8,5 +8,5 @@ key: type: rsa rsa-mod-length: 2048 outputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json diff --git a/test/cert-ceremonies/root-ceremony-ecdsa.yaml b/test/certs/root-ceremony-ecdsa.yaml similarity index 83% rename from test/cert-ceremonies/root-ceremony-ecdsa.yaml rename to test/certs/root-ceremony-ecdsa.yaml index ef73ab4f1..573533d48 100644 --- a/test/cert-ceremonies/root-ceremony-ecdsa.yaml +++ b/test/certs/root-ceremony-ecdsa.yaml @@ -8,8 +8,8 @@ key: type: ecdsa ecdsa-curve: P-384 outputs: - public-key-path: /hierarchy/root-ecdsa.pubkey.pem - certificate-path: /hierarchy/root-ecdsa.cert.pem + public-key-path: test/certs/webpki/root-ecdsa.pubkey.pem + certificate-path: test/certs/webpki/root-ecdsa.cert.pem certificate-profile: signature-algorithm: ECDSAWithSHA384 common-name: root ecdsa diff --git a/test/cert-ceremonies/root-ceremony-rsa.yaml b/test/certs/root-ceremony-rsa.yaml similarity index 83% rename from test/cert-ceremonies/root-ceremony-rsa.yaml rename to test/certs/root-ceremony-rsa.yaml index 79c39f549..1bc5a3230 100644 --- a/test/cert-ceremonies/root-ceremony-rsa.yaml +++ b/test/certs/root-ceremony-rsa.yaml @@ -8,8 +8,8 @@ key: type: rsa rsa-mod-length: 4096 outputs: - public-key-path: /hierarchy/root-rsa.pubkey.pem - certificate-path: /hierarchy/root-rsa.cert.pem + public-key-path: test/certs/webpki/root-rsa.pubkey.pem + certificate-path: test/certs/webpki/root-rsa.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: root rsa diff --git a/test/cert-ceremonies/root-crl-ecdsa.yaml b/test/certs/root-crl-ecdsa.yaml similarity index 69% rename from test/cert-ceremonies/root-crl-ecdsa.yaml rename to test/certs/root-crl-ecdsa.yaml index 372805428..b68f36316 100644 --- a/test/cert-ceremonies/root-crl-ecdsa.yaml +++ b/test/certs/root-crl-ecdsa.yaml @@ -5,9 +5,9 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root ecdsa inputs: - issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem + issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem outputs: - crl-path: /hierarchy/root-ecdsa.crl.pem + crl-path: test/certs/webpki/root-ecdsa.crl.pem crl-profile: this-update: 2023-01-01 12:00:00 next-update: 2023-12-15 12:00:00 diff --git a/test/cert-ceremonies/root-crl-rsa.yaml b/test/certs/root-crl-rsa.yaml similarity index 70% rename from test/cert-ceremonies/root-crl-rsa.yaml rename to test/certs/root-crl-rsa.yaml index 56e631134..ee23302e7 100644 --- a/test/cert-ceremonies/root-crl-rsa.yaml +++ b/test/certs/root-crl-rsa.yaml @@ -5,9 +5,9 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - issuer-certificate-path: /hierarchy/root-rsa.cert.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem outputs: - crl-path: /hierarchy/root-rsa.crl.pem + crl-path: test/certs/webpki/root-rsa.crl.pem crl-profile: this-update: 2023-01-01 12:00:00 next-update: 2023-12-15 12:00:00 diff --git a/test/cert-ceremonies/generate.go b/test/certs/webpki.go similarity index 79% rename from test/cert-ceremonies/generate.go rename to test/certs/webpki.go index b72c00f86..759c11694 100644 --- a/test/cert-ceremonies/generate.go +++ b/test/certs/webpki.go @@ -38,7 +38,7 @@ func genKey(path string, inSlot string) error { if err != nil { return err } - output, err := exec.Command("bin/ceremony", "-config", tmpPath).CombinedOutput() + output, err := exec.Command("./bin/ceremony", "-config", tmpPath).CombinedOutput() if err != nil { return fmt.Errorf("error running ceremony for %s: %s:\n%s", tmpPath, err, string(output)) } @@ -70,7 +70,7 @@ func rewriteConfig(path string, rewrites map[string]string) (string, error) { // runCeremony is used to run a ceremony with a given config. func runCeremony(path string) error { - output, err := exec.Command("bin/ceremony", "-config", path).CombinedOutput() + output, err := exec.Command("./bin/ceremony", "-config", path).CombinedOutput() if err != nil { return fmt.Errorf("error running ceremony for %s: %s:\n%s", path, err, string(output)) } @@ -81,17 +81,9 @@ func main() { _ = blog.Set(blog.StdoutLogger(6)) defer cmd.AuditPanic() - // If one of the output files already exists, assume this ran once - // already for the container and don't re-run. - outputFile := "/hierarchy/root-rsa.pubkey.pem" - if loc, err := os.Stat(outputFile); err == nil && loc.Mode().IsRegular() { - fmt.Println("skipping certificate generation: already exists") - return - } else if err == nil && !loc.Mode().IsRegular() { - cmd.Fail(fmt.Sprintf("statting %q: not a regular file", outputFile)) - } else if err != nil && !os.IsNotExist(err) { - cmd.Fail(fmt.Sprintf("statting %q: %s", outputFile, err)) - } + // Compile the ceremony binary for easy re-use. + _, err := exec.Command("make", "build").CombinedOutput() + cmd.FailOnError(err, "compiling ceremony tool") // Create SoftHSM slots for the root signing keys rsaRootKeySlot, err := createSlot("Root RSA") @@ -100,9 +92,9 @@ func main() { cmd.FailOnError(err, "failed creating softhsm2 slot for ECDSA root key") // Generate the root signing keys and certificates - err = genKey("test/cert-ceremonies/root-ceremony-rsa.yaml", rsaRootKeySlot) + err = genKey("test/certs/root-ceremony-rsa.yaml", rsaRootKeySlot) cmd.FailOnError(err, "failed to generate RSA root key + root cert") - err = genKey("test/cert-ceremonies/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot) + err = genKey("test/certs/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot) cmd.FailOnError(err, "failed to generate ECDSA root key + root cert") // Do everything for all of the intermediates @@ -126,7 +118,7 @@ func main() { cmd.FailOnError(err, "failed to create softhsm2 slot for intermediate key") // Generate key - keyConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-key-ceremony-%s.yaml", alg) + keyConfigTemplate := fmt.Sprintf("test/certs/intermediate-key-ceremony-%s.yaml", alg) keyConfig, err := rewriteConfig(keyConfigTemplate, map[string]string{ "SlotID": keySlot, "Label": name, @@ -138,7 +130,7 @@ func main() { cmd.FailOnError(err, "failed to generate intermediate key") // Generate cert - certConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s.yaml", alg) + certConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s.yaml", alg) certConfig, err := rewriteConfig(certConfigTemplate, map[string]string{ "SlotID": rootKeySlot, "CommonName": name, @@ -154,7 +146,7 @@ func main() { continue } - crossConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s-cross.yaml", alg) + crossConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s-cross.yaml", alg) crossConfig, err := rewriteConfig(crossConfigTemplate, map[string]string{ "SlotID": rsaRootKeySlot, "CommonName": name, @@ -168,14 +160,14 @@ func main() { } // Create CRLs stating that the intermediates are not revoked. - rsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-rsa.yaml", map[string]string{ + rsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-rsa.yaml", map[string]string{ "SlotID": rsaRootKeySlot, }) cmd.FailOnError(err, "failed to rewrite RSA root CRL config with key ID") err = runCeremony(rsaTmpCRLConfig) cmd.FailOnError(err, "failed to generate RSA root CRL") - ecdsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-ecdsa.yaml", map[string]string{ + ecdsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-ecdsa.yaml", map[string]string{ "SlotID": ecdsaRootKeySlot, }) cmd.FailOnError(err, "failed to rewrite ECDSA root CRL config with key ID") diff --git a/test/config-next/admin-revoker.json b/test/config-next/admin-revoker.json index 2f8a16344..389fc0080 100644 --- a/test/config-next/admin-revoker.json +++ b/test/config-next/admin-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 1 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/admin.json b/test/config-next/admin.json index bd85f80ff..09dfe167d 100644 --- a/test/config-next/admin.json +++ b/test/config-next/admin.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8014", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/akamai-purger.json b/test/config-next/akamai-purger.json index 0f6303ebc..d9c6ee75e 100644 --- a/test/config-next/akamai-purger.json +++ b/test/config-next/akamai-purger.json @@ -12,9 +12,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9099", diff --git a/test/config-next/bad-key-revoker.json b/test/config-next/bad-key-revoker.json index be9afdd27..c66693c40 100644 --- a/test/config-next/bad-key-revoker.json +++ b/test/config-next/bad-key-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 10 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/ca.json b/test/config-next/ca.json index e2f682bb8..58c335d9f 100644 --- a/test/config-next/ca.json +++ b/test/config-next/ca.json @@ -1,9 +1,9 @@ { "ca": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ca.boulder/cert.pem", - "keyFile": "test/grpc-creds/ca.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ca.boulder/cert.pem", + "keyFile": "test/certs/ipki/ca.boulder/key.pem" }, "hostnamePolicyFile": "test/hostname-policy.yaml", "grpcCA": { @@ -69,8 +69,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-a/", "location": { - "configFile": "/hierarchy/int-ecdsa-a.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-a.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", "numSessions": 2 } }, @@ -80,8 +80,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-b/", "location": { - "configFile": "/hierarchy/int-ecdsa-b.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-b.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-b.cert.pem", "numSessions": 2 } }, @@ -91,8 +91,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-c/", "location": { - "configFile": "/hierarchy/int-ecdsa-c.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-c.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-c.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-c.cert.pem", "numSessions": 2 } }, @@ -102,8 +102,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-a/", "location": { - "configFile": "/hierarchy/int-rsa-a.pkcs11.json", - "certFile": "/hierarchy/int-rsa-a.cert.pem", + "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-a.cert.pem", "numSessions": 2 } }, @@ -113,8 +113,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-b/", "location": { - "configFile": "/hierarchy/int-rsa-b.pkcs11.json", - "certFile": "/hierarchy/int-rsa-b.cert.pem", + "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-b.cert.pem", "numSessions": 2 } }, @@ -124,8 +124,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-c/", "location": { - "configFile": "/hierarchy/int-rsa-c.pkcs11.json", - "certFile": "/hierarchy/int-rsa-c.cert.pem", + "configFile": "test/certs/webpki/int-rsa-c.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-c.cert.pem", "numSessions": 2 } } diff --git a/test/config-next/crl-storer.json b/test/config-next/crl-storer.json index 61352d23d..0934bcef0 100644 --- a/test/config-next/crl-storer.json +++ b/test/config-next/crl-storer.json @@ -1,9 +1,9 @@ { "crlStorer": { "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-storer.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-storer.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-storer.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-storer.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", @@ -21,12 +21,12 @@ } }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", diff --git a/test/config-next/crl-updater.json b/test/config-next/crl-updater.json index d31ea4af1..86f7e601d 100644 --- a/test/config-next/crl-updater.json +++ b/test/config-next/crl-updater.json @@ -1,9 +1,9 @@ { "crlUpdater": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-updater.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-updater.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-updater.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-updater.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", @@ -36,12 +36,12 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "numShards": 10, "shardWidth": "240h", diff --git a/test/config-next/expiration-mailer.json b/test/config-next/expiration-mailer.json index 0b7847149..52eefb891 100644 --- a/test/config-next/expiration-mailer.json +++ b/test/config-next/expiration-mailer.json @@ -19,9 +19,9 @@ "emailTemplate": "test/config-next/expiration-mailer.gotmpl", "parallelSends": 10, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem", - "keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem", + "keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/health-checker.json b/test/config-next/health-checker.json index 599916264..e2663f510 100644 --- a/test/config-next/health-checker.json +++ b/test/config-next/health-checker.json @@ -3,8 +3,8 @@ "timeout": "1s" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/health-checker.boulder/cert.pem", - "keyFile": "test/grpc-creds/health-checker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/health-checker.boulder/cert.pem", + "keyFile": "test/certs/ipki/health-checker.boulder/key.pem" } } diff --git a/test/config-next/nonce-a.json b/test/config-next/nonce-a.json index d1a86a2b0..5e3a00c07 100644 --- a/test/config-next/nonce-a.json +++ b/test/config-next/nonce-a.json @@ -29,9 +29,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config-next/nonce-b.json b/test/config-next/nonce-b.json index d1a86a2b0..5e3a00c07 100644 --- a/test/config-next/nonce-b.json +++ b/test/config-next/nonce-b.json @@ -29,9 +29,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config-next/ocsp-responder.json b/test/config-next/ocsp-responder.json index d66404cac..df989d3a7 100644 --- a/test/config-next/ocsp-responder.json +++ b/test/config-next/ocsp-responder.json @@ -17,9 +17,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", - "keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem", + "keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -44,12 +44,12 @@ "logSampleRate": 1, "path": "/", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "liveSigningPeriod": "60h", "timeout": "4.9s", diff --git a/test/config-next/publisher.json b/test/config-next/publisher.json index af519b2df..3d0a0fb7e 100644 --- a/test/config-next/publisher.json +++ b/test/config-next/publisher.json @@ -4,20 +4,20 @@ "blockProfileRate": 1000000000, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ] ], "grpc": { @@ -36,9 +36,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/publisher.boulder/cert.pem", - "keyFile": "test/grpc-creds/publisher.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/publisher.boulder/cert.pem", + "keyFile": "test/certs/ipki/publisher.boulder/key.pem" }, "features": {} }, diff --git a/test/config-next/ra.json b/test/config-next/ra.json index a453eeb51..6ead49561 100644 --- a/test/config-next/ra.json +++ b/test/config-next/ra.json @@ -14,17 +14,17 @@ "orderLifetime": "168h", "finalizeTimeout": "30s", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ra.boulder/cert.pem", - "keyFile": "test/grpc-creds/ra.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ra.boulder/cert.pem", + "keyFile": "test/certs/ipki/ra.boulder/key.pem" }, "vaService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/remoteva-a.json b/test/config-next/remoteva-a.json index 1a2d3d5f0..4085a6e14 100644 --- a/test/config-next/remoteva-a.json +++ b/test/config-next/remoteva-a.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "skipGRPCClientCertVerification": true, "grpc": { diff --git a/test/config-next/remoteva-b.json b/test/config-next/remoteva-b.json index 6ab73ee7d..8e9a44e84 100644 --- a/test/config-next/remoteva-b.json +++ b/test/config-next/remoteva-b.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "skipGRPCClientCertVerification": true, "grpc": { diff --git a/test/config-next/sa.json b/test/config-next/sa.json index 45ec38100..c11cc9b43 100644 --- a/test/config-next/sa.json +++ b/test/config-next/sa.json @@ -15,9 +15,9 @@ "ParallelismPerRPC": 20, "lagFactor": "200ms", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/sa.boulder/cert.pem", - "keyFile": "test/grpc-creds/sa.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/sa.boulder/cert.pem", + "keyFile": "test/certs/ipki/sa.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va-remote-a.json b/test/config-next/va-remote-a.json index 682e393f0..15cac91de 100644 --- a/test/config-next/va-remote-a.json +++ b/test/config-next/va-remote-a.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va-remote-b.json b/test/config-next/va-remote-b.json index e10964f72..e7fd187a5 100644 --- a/test/config-next/va-remote-b.json +++ b/test/config-next/va-remote-b.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va.json b/test/config-next/va.json index bd3ad7677..abc38e538 100644 --- a/test/config-next/va.json +++ b/test/config-next/va.json @@ -13,9 +13,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/va.boulder/cert.pem", - "keyFile": "test/grpc-creds/va.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/va.boulder/cert.pem", + "keyFile": "test/certs/ipki/va.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/wfe2.json b/test/config-next/wfe2.json index 4c5fec4d4..b351c30b4 100644 --- a/test/config-next/wfe2.json +++ b/test/config-next/wfe2.json @@ -15,9 +15,9 @@ "blockedKeyFile": "test/example-blocked-keys.yaml" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -75,28 +75,28 @@ }, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-a-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-b-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ] ], "staleTimeout": "5m", diff --git a/test/config/admin-revoker.json b/test/config/admin-revoker.json index 4e364e3db..c450e0087 100644 --- a/test/config/admin-revoker.json +++ b/test/config/admin-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 1 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/admin.json b/test/config/admin.json index 4e8bdc423..44ff407af 100644 --- a/test/config/admin.json +++ b/test/config/admin.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8014", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/akamai-purger.json b/test/config/akamai-purger.json index 29e90e6ba..3b2fe51b7 100644 --- a/test/config/akamai-purger.json +++ b/test/config/akamai-purger.json @@ -9,9 +9,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9099", diff --git a/test/config/bad-key-revoker.json b/test/config/bad-key-revoker.json index 941f20443..3dda0c442 100644 --- a/test/config/bad-key-revoker.json +++ b/test/config/bad-key-revoker.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8020", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/ca.json b/test/config/ca.json index d1a034c37..cbb84f385 100644 --- a/test/config/ca.json +++ b/test/config/ca.json @@ -2,9 +2,9 @@ "ca": { "debugAddr": ":8001", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ca.boulder/cert.pem", - "keyFile": "test/grpc-creds/ca.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ca.boulder/cert.pem", + "keyFile": "test/certs/ipki/ca.boulder/key.pem" }, "hostnamePolicyFile": "test/hostname-policy.yaml", "grpcCA": { @@ -65,8 +65,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-a/", "location": { - "configFile": "/hierarchy/int-ecdsa-a.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-a.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", "numSessions": 2 } }, @@ -77,8 +77,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-a/", "location": { - "configFile": "/hierarchy/int-rsa-a.pkcs11.json", - "certFile": "/hierarchy/int-rsa-a.cert.pem", + "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-a.cert.pem", "numSessions": 2 } }, @@ -89,8 +89,8 @@ "ocspURL": "http://ca.example.org:4003/", "crlURLBase": "http://ca.example.org:4501/rsa-b/", "location": { - "configFile": "/hierarchy/int-rsa-b.pkcs11.json", - "certFile": "/hierarchy/int-rsa-b.cert.pem", + "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-b.cert.pem", "numSessions": 2 } } diff --git a/test/config/crl-storer.json b/test/config/crl-storer.json index 0630fc55d..ee3285d0a 100644 --- a/test/config/crl-storer.json +++ b/test/config/crl-storer.json @@ -2,9 +2,9 @@ "crlStorer": { "debugAddr": ":9667", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-storer.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-storer.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-storer.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-storer.boulder/key.pem" }, "grpc": { "address": ":9309", @@ -23,9 +23,9 @@ } }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json index 802eb38ce..aabfad987 100644 --- a/test/config/crl-updater.json +++ b/test/config/crl-updater.json @@ -1,9 +1,9 @@ { "crlUpdater": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-updater.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-updater.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-updater.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-updater.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", @@ -36,9 +36,9 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "numShards": 10, "shardWidth": "240h", diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer.json index 9eaa6442e..8992dc17e 100644 --- a/test/config/expiration-mailer.json +++ b/test/config/expiration-mailer.json @@ -17,9 +17,9 @@ "emailTemplate": "test/config/expiration-mailer.gotmpl", "debugAddr": ":8008", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem", - "keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem", + "keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/health-checker.json b/test/config/health-checker.json index 599916264..e2663f510 100644 --- a/test/config/health-checker.json +++ b/test/config/health-checker.json @@ -3,8 +3,8 @@ "timeout": "1s" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/health-checker.boulder/cert.pem", - "keyFile": "test/grpc-creds/health-checker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/health-checker.boulder/cert.pem", + "keyFile": "test/certs/ipki/health-checker.boulder/key.pem" } } diff --git a/test/config/nonce-a.json b/test/config/nonce-a.json index 70fdf15e0..c2dd9765c 100644 --- a/test/config/nonce-a.json +++ b/test/config/nonce-a.json @@ -27,9 +27,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config/nonce-b.json b/test/config/nonce-b.json index 70fdf15e0..c2dd9765c 100644 --- a/test/config/nonce-b.json +++ b/test/config/nonce-b.json @@ -27,9 +27,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config/ocsp-responder.json b/test/config/ocsp-responder.json index f1762213a..cb66e9db2 100644 --- a/test/config/ocsp-responder.json +++ b/test/config/ocsp-responder.json @@ -21,9 +21,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", - "keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem", + "keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -49,9 +49,9 @@ "path": "/", "listenAddress": "0.0.0.0:4002", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "liveSigningPeriod": "60h", "timeout": "4.9s", diff --git a/test/config/publisher.json b/test/config/publisher.json index 409e88fad..8b67b0bc7 100644 --- a/test/config/publisher.json +++ b/test/config/publisher.json @@ -4,20 +4,20 @@ "blockProfileRate": 1000000000, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ] ], "debugAddr": ":8009", @@ -38,9 +38,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/publisher.boulder/cert.pem", - "keyFile": "test/grpc-creds/publisher.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/publisher.boulder/cert.pem", + "keyFile": "test/certs/ipki/publisher.boulder/key.pem" }, "features": {} }, diff --git a/test/config/ra.json b/test/config/ra.json index 20e997c18..add1779ab 100644 --- a/test/config/ra.json +++ b/test/config/ra.json @@ -14,14 +14,14 @@ }, "orderLifetime": "168h", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ra.boulder/cert.pem", - "keyFile": "test/grpc-creds/ra.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ra.boulder/cert.pem", + "keyFile": "test/certs/ipki/ra.boulder/key.pem" }, "vaService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/remoteva-a.json b/test/config/remoteva-a.json index 49d7ef5a8..ca21d7c89 100644 --- a/test/config/remoteva-a.json +++ b/test/config/remoteva-a.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/remoteva-b.json b/test/config/remoteva-b.json index 5adc12af8..f49cd16c1 100644 --- a/test/config/remoteva-b.json +++ b/test/config/remoteva-b.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/sa.json b/test/config/sa.json index d5dd3d170..24f635628 100644 --- a/test/config/sa.json +++ b/test/config/sa.json @@ -11,9 +11,9 @@ "ParallelismPerRPC": 20, "debugAddr": ":8003", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/sa.boulder/cert.pem", - "keyFile": "test/grpc-creds/sa.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/sa.boulder/cert.pem", + "keyFile": "test/certs/ipki/sa.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va-remote-a.json b/test/config/va-remote-a.json index 2a841578a..c9571b5c4 100644 --- a/test/config/va-remote-a.json +++ b/test/config/va-remote-a.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va-remote-b.json b/test/config/va-remote-b.json index eab681227..c853f0cd9 100644 --- a/test/config/va-remote-b.json +++ b/test/config/va-remote-b.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va.json b/test/config/va.json index efb346be4..37388b8f9 100644 --- a/test/config/va.json +++ b/test/config/va.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/va.boulder/cert.pem", - "keyFile": "test/grpc-creds/va.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/va.boulder/cert.pem", + "keyFile": "test/certs/ipki/va.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/wfe2.json b/test/config/wfe2.json index 7abb7899d..574b9b09c 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json @@ -17,9 +17,9 @@ "blockedKeyFile": "test/example-blocked-keys.yaml" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -77,28 +77,28 @@ }, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-a-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-b-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ] ], "staleTimeout": "5m", diff --git a/test/consul/config.hcl b/test/consul/config.hcl index b8543f577..08e3c2d1d 100644 --- a/test/consul/config.hcl +++ b/test/consul/config.hcl @@ -10,10 +10,10 @@ log_level = "ERROR" enable_agent_tls_for_checks = true tls { defaults { - ca_file = "test/grpc-creds/minica.pem" - ca_path = "test/grpc-creds/minica-key.pem" - cert_file = "test/grpc-creds/consul.boulder/cert.pem" - key_file = "test/grpc-creds/consul.boulder/key.pem" + ca_file = "test/certs/ipki/minica.pem" + ca_path = "test/certs/ipki/minica-key.pem" + cert_file = "test/certs/ipki/consul.boulder/cert.pem" + key_file = "test/certs/ipki/consul.boulder/key.pem" verify_incoming = false } } diff --git a/test/example-blocked-keys.yaml b/test/example-blocked-keys.yaml index 093a1e46a..028d7423f 100644 --- a/test/example-blocked-keys.yaml +++ b/test/example-blocked-keys.yaml @@ -14,10 +14,6 @@ blocked: - F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg= # test/test-ca.pem - F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg= - # test/test-example.pem - - 6E/Drp3Lzo85pYykpzx/tZpQZXeovto8/ezq1DBiSCc= - # test/test-root.pem - - Jy5HDlBtUvKkLtEsGbdp0o9LvVJx1lYG3R+n5G/KgIo= # test/block-a-key/test/test.ecdsa.cert.pem - cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M= # test/block-a-key/test/test.rsa.cert.pem diff --git a/test/grpc-creds/10.77.77.77/cert.pem b/test/grpc-creds/10.77.77.77/cert.pem deleted file mode 100644 index 12804efa3..000000000 --- a/test/grpc-creds/10.77.77.77/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDjCCAfagAwIBAgIIQbFdR2fXsHswDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMTIwODE4MDkzMloXDTI2MDEw -NzE4MDkzMlowFjEUMBIGA1UEAxMLMTAuNzcuNzcuNzcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCrE64Z4Yh4E6aQ1zQiNgCvW5LWBI9yZZybZxLV5J1C -yMtpgY3YsCPZ/6JUI4SvabenU5Pa3T407eHjmDCRNce04j4BE6e7psPjRa7hvI2A -+IvLB7eiaCnE+sdAMFsLxraWwTu67tmeRxYxWScMpULlFren3HNNqmtAN3a4yGy5 -y2pHMgCnOSE9R53tuF2uqJ8BRW44VLDt4kZ9hwm0dW8EJY8MBCACPGtW2YwBG/5E -zrRKDWSBl9g3mYOwgRdxUMV1h0eVr/llVFb+/UZCLUb5zq/zKKEkYOT4Ihr7wtin -ahLwwVwdUsMNE9NzljMC/aIR74qhBeN2xAJ3ZZQKrqL1AgMBAAGjVjBUMA4GA1Ud -DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T -AQH/BAIwADAVBgNVHREEDjAMhwQKTU1NhwQKWFhYMA0GCSqGSIb3DQEBCwUAA4IB -AQCOa5b+zRgQBhlPWiC04K5C/Ys3dUtqKhKrWvPIiraNi792X/T5t1ZL9liV9A6n -b10hHcCDIfyRFIJRyE8G2fyzqNlGwCr8J6puWrg4wMPt8q+6a4r2ZqaXm3aQTfGs -4Tgxz10gOVimeiUshVyrpaceyiboOKxJbBRuLNTTK9Jp74fWRd+F8KAINWN+SpF4 -6ggzXNiPYZZTBPGeAOMyf0rnf7CWAbw017uHhCiykJkMy8sZJcmQF49gDZTIN9pt -eI0SeB4ku5lgAOunqrTGyPLeVaevtcU//TdATuukhnCFes6vt/6yC+sWQEhEQw7P -y2Kp8T8KcOlTeKr8Cb07B2M0 ------END CERTIFICATE----- diff --git a/test/grpc-creds/10.77.77.77/key.pem b/test/grpc-creds/10.77.77.77/key.pem deleted file mode 100644 index 30a8d2135..000000000 --- a/test/grpc-creds/10.77.77.77/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqxOuGeGIeBOmkNc0IjYAr1uS1gSPcmWcm2cS1eSdQsjLaYGN -2LAj2f+iVCOEr2m3p1OT2t0+NO3h45gwkTXHtOI+AROnu6bD40Wu4byNgPiLywe3 -omgpxPrHQDBbC8a2lsE7uu7ZnkcWMVknDKVC5Ra3p9xzTaprQDd2uMhsuctqRzIA -pzkhPUed7bhdrqifAUVuOFSw7eJGfYcJtHVvBCWPDAQgAjxrVtmMARv+RM60Sg1k -gZfYN5mDsIEXcVDFdYdHla/5ZVRW/v1GQi1G+c6v8yihJGDk+CIa+8LYp2oS8MFc -HVLDDRPTc5YzAv2iEe+KoQXjdsQCd2WUCq6i9QIDAQABAoIBACgZH8ifLT5/1J3E -Y0rVf4manCsfvIOiv3dJTIfn4thhehQLsrSkbHLPUTwJazM2Qz6r/07gZpE/ZJ/U -7yVKBromAUR9V+ZK60Uc8yWj7ULafuGiuG8PnSK3aPZpnx1+gROKzTY+f7FylggR -Dm8PWUOa9Icay8fbdvIBTgl3qMxPOCgLyXNXNJHcKIPb71L1T5EL2H9Z5vHF9tFy -TnbpeK0GlmBHIeseVaFzruin3sqxjRftVEgTL5XhTq/9uY3EUutq8SGRoidbpp/+ -cr0I1IpFcrJVmJHKdfJkdRI2u3LtMKS3bpqJU7MKn1DRzvQatdSQwn/V8wU3iG8o -04dus60CgYEA3IBOLJRfMFgj6LbMSySoP8JIzVvnBHIMXGd7mzuYUlV2GjVO5oD2 -nh4Q3eGDT2TZ1GbaGGHLhpCXIx87oSXHZz+vw+sDh+WHEApLKZMRZLMxAbNcsPQL -fhcmaQVkfxaV78rrt8TYuLDIU//bOTwGJ48Maj92RT1z5hOOiBkdQe8CgYEAxp5p -Au9kiJFEIgHVtEN+1qHfnwZJI0xOkDfsd+a1J6PZLimHAfiYETAHfJq1cMC4Mt/G -4l/WDqwcWXI/9A/gN7NRv0miQ+tDyVHntohaGoU+0hm6QfXag6VloWs/X8mlzCeu -46AXAni4lbW9nNWwImEL1uSC/Oo5vB45OpHR/VsCgYAivfyTPZV58olF43dw54ey -9BOwd6iApM+Zx5xMKymm31xKaNfTrcIty6LwstWTrto7gzEd4lrFCwclO4iTrXYr -qHczMVZPFTUgq96H4Go/KZSxJeeW4fzlkxQ0O+tHsvFQ5PIa9GMJRqFpyshpzjFS -DlHwc6tY4YPfXnl4rCxV9QKBgAsrwbA+kqLzuKdI/yICYdHkjNU+30Iy+oA2BQDB -YxL1rjNgdo1v0+2zi9hAQ1AyJqoF2APHbByrJXUKbfpmIjA/z6s4kv3K76cVCjlD -9f1j3SKn+8fV8hJRbSPlCk1y4/ZVjQqUaHblH0ycSivWAPAOEUJm288pxVGFSaa3 -qN3dAoGBAIGSn1PSjIVqypCQBBydedS4WDjqwkLoL0bOOZRLxgk+dtfD2l8wKqWp -Helyqym23d58QPb0ZwMU3g/0pZXDqX+w+bnUvAvjfADmFNe6T1nWYiu9Mn5YHAyO -G5s2aHfB8aSIqQSRASlWgFEmftfpuapRGAmOyZr2JYZuaELkvPmP ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/README.txt b/test/grpc-creds/README.txt deleted file mode 100644 index a3fedd517..000000000 --- a/test/grpc-creds/README.txt +++ /dev/null @@ -1 +0,0 @@ -See ../test/PKI.md diff --git a/test/grpc-creds/admin-revoker.boulder/cert.pem b/test/grpc-creds/admin-revoker.boulder/cert.pem deleted file mode 100644 index 3ac5ac403..000000000 --- a/test/grpc-creds/admin-revoker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIII+r9Aa122b8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owIDEeMBwGA1UEAxMVYWRtaW4tcmV2b2tlci5ib3VsZGVyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd -92EnovjLUaTw8VsNkzuhVayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gzi -z7vVjunWGTTbbzZyu6Kx9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+ -fCd/1ldqV1pNJoxjK3IYjOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRt -LRJ/oUmZnYZTrKSeKm/7uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5m -bKDRv8S1rw77DJN4CtWwzuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQAB -o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF -BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWRtaW4tcmV2b2tlci5ib3Vs -ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQBMy1TRdqMV5jUIOXdAkiI3TosDM2vrRMCF -TIfmhlE8lAy/PkoTX3i7aUPd1MYfJw18XGwaS0R+hlDusZPSgj4GmatDO19nrRoQ -fK7Jv1vWT40uLr2KbuQcdtJtPHcBZD7H/j3nIFYgCy4KRX0Hf+a0OCKIMuQpafv/ -z8iysucwB21EndkbG/WhPBjCP/OuFYjsF4oGtndssnNm7Hze+2wBwyLRoBdets/+ -Wc64SZ+rPf8zab2qsxk5HS4xgOxL1qQJF6s1YgCJlZnMTWA0iAyZb2P5/g+Lsh9r -5R1JRKCLCyg+skhZhPPG2Y5B0RWLiq+H3RsX7RWNwqc5cZTL1EDv ------END CERTIFICATE----- diff --git a/test/grpc-creds/admin-revoker.boulder/key.pem b/test/grpc-creds/admin-revoker.boulder/key.pem deleted file mode 100644 index e5e33fb05..000000000 --- a/test/grpc-creds/admin-revoker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd92EnovjLUaTw8VsNkzuh -VayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gziz7vVjunWGTTbbzZyu6Kx -9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+fCd/1ldqV1pNJoxjK3IY -jOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRtLRJ/oUmZnYZTrKSeKm/7 -uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5mbKDRv8S1rw77DJN4CtWw -zuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQABAoIBAQDYQGZ2fnN9OKhz -In/bbwPXzQsG70WfKiIWfe5YDBacy6cRL9Z+UJwmp5FviqIASXLSRoPZBbZHlRth -GXTDoqZIgWxDBbxsWF1nCwQGRYixrJtfL6o08fAzWYMroO79NecGRy75zFLG7QgJ -jvFeqazMa952u94vckImNSk0xjc9Qcwnb+DJyyDITTp0nSYS3MeBFcP3wXD3JpaX -eTpgk67Z3GWQpgzxcB1t7YTh8PEmcqz1ck4vQDJbSomjCfipxM+e2RS1jkCXl9NP -anQ4doK7xQAFwO90ZS9+fwffn0ath8qJEtb+wMrZeS6HbisvRw4ye+zK1CWYsi13 -oMNgm7jBAoGBAPWPWZHm2r+02pOE5ll1/ZlL0tS8vNzLF82MK6KNioDLO5qBpWkw -z/WYPUXvFrG1FFmBiI4BF0S9pGT2UN7rTYfkq01cH8d7e4zDBKaUR8zAalCfUvbH -8eDdxA0+OPuBsQftPOkX0gNeUHAQF4h6VWAk+rJ5Qp+KHRa2FI9EpymbAoGBAOIg -EYkSNJSPV/SngVKwvaBEaf5xaiFqr3rxyw/GUt0ufCEZJgxHHsvNW62f1qG7/tXn -/HYwFs/W28giOsBLf5KFJhzkcxmbzcN6noESBcFGBU8moRmFalx8tJPSZYsk9e75 -3AslH265W7BCdSDgoBeklxEVvT95kYnjXD/6sbsJAoGAZIw8/dwMSCEyuuLZO1pv -69w7SPa7UqEqbvTtTRMt2kzdbAeYBnmBPawHsuISZdOisH+0vYi+0Vvhu6GMPasV -xQYiCnwlWxY54cpc1iSzPaiwH7ENVJVMemn0BAQtavaQ2ZEPttYVHWH6B9je+fg1 -ize5G2lBmXgBLzKBOqS+2e8CgYEA16A42HqRxTBDcTrhqRZ8XH2gjU9dIux21UgI -mMxHbD7Ng0pV69NN3I3A5HnM04FPam7DYXhN6Hc8MUXivEfCKNfrFhYKY9schVFC -IFYtQrYgje+KI6oDWJpaH7O7vMnL8sw0NjR6Gr2KXzOgOW+5eZIrs9EFG6gzTkeO -SjwmivECgYAiApXx3ie+bHXObfGoYP1QSGStC3jQrvCktPMH8/dn/cTYI0DYOvqu -Xrl8KinPU6y7qe77fLXgvD20uiJom3JdT3n7MdbyhGDmrVdSN8qT8l9LCsk+VKjA -0V2M6gXDvEqSdTmu/Wp7KaEirg6gUGFGMbCuPFHtlYimsNKwzbKRQQ== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/akamai-purger.boulder/cert.pem b/test/grpc-creds/akamai-purger.boulder/cert.pem deleted file mode 100644 index acd512b6c..000000000 --- a/test/grpc-creds/akamai-purger.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIIW5j5C55IeY8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowIDEeMBwGA1UEAxMVYWthbWFpLXB1cmdlci5ib3VsZGVyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg6 -2ROwwG9QUxSqBvRatXxwikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QP -a0RhyCaJNvVXeZQTFVNiD2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoL -ygWmKII73Z9cFfCbZCyI+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm -1r9k1usS2nb2WuYD3zS7pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3 -bQTV3G4UWCQVY56gDlGPNc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQAB -o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF -BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWthbWFpLXB1cmdlci5ib3Vs -ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQAdCgi6pSIIJu7Mp0zUWEF8XDadu8ys6j8F -RUiVJwEsxPlS8yMwdcK5r0fs0A869aeFJ0+1aWR2pgSQojhhBqYYqtO41J4BW/RM -n2sksSdr+Xyg7pU7jtsrT8x7peZHlgnm/lGkj4BwTg7phMNKTlcnbubMZDfzrqGm -6nFkTDyVRrNsoQIQNEW5zWuOEwYVtYhC5g/0De3bRgNuWgBFeW6WANuZNdX6PzoM -q1a9sc0HNfH/3mFyVYFY9HTWvnwMhWH3rh3bF14yGy5atyp9QffgB++xTV2rnknk -6y6iB2ULsX0wzcaDsJRTgXFaZpIXYjrOyzQBCUfqut7wdgNKDznI ------END CERTIFICATE----- diff --git a/test/grpc-creds/akamai-purger.boulder/key.pem b/test/grpc-creds/akamai-purger.boulder/key.pem deleted file mode 100644 index f64a74989..000000000 --- a/test/grpc-creds/akamai-purger.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg62ROwwG9QUxSqBvRatXxw -ikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QPa0RhyCaJNvVXeZQTFVNi -D2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoLygWmKII73Z9cFfCbZCyI -+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm1r9k1usS2nb2WuYD3zS7 -pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3bQTV3G4UWCQVY56gDlGP -Nc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQABAoIBAHQsRrsDdJP9pRm4 -bN2aQkCQ1KKrs2d9rXU2j4K3EPSS8qkLm3nlZhEAaPcDbt00n7wZLQ4qTwlST3WS -5prdVO3fXQrAwGqUjzEtbWoJsfj/bNQKhhcoae8asr7X0ZLqvp2DoxGT2ugIhcu4 -bdTWlmcxE8wRuEqqVIhXT0E8wQiv0eqcIdph/jfKisvRp0v8GUodX78XcKTVZVSZ -A6OQX3LvDwun/iFxIDB28m0OQ5KYdhPG52pso+DAedtM7y8nHAmMAOfo9ERIZGtW -6kWElCl1HAm9+i4KO8FYRD/qu+uE3MbEzKnhJUNU4BPBEFOf2J4RfVlkkficNiry -uQMeUJkCgYEAywxeuvtfRPEA5HFYEV7hIxX0qIoj+0WvZ/3SXP7mLC1cmPRy3clO -ekMWAW8uoUXWrP3/DPiACLaUcmTLK0evdv2vJ67QHHLRej4TPGqA0JCNFQmTI2eb -jnnjc8O3hEE/cT/X+xG2tj+00uSjWeWBwZyReMISswh9wZfWx05SKYsCgYEA+NmT -WLQpH7FZfwQvE8NvHWRoQfq1mqK7jEjeW/3MGLoz6eYWYGnrmlSaxCtJtWZsodTz -uE7jCgtPcRQVq0ab+Wav/45jXdi/kp6DGVMj0fCOO2jXBS2juNjRmgjt+0qjMVS1 -oV6tPws02Pmu2cjztL4KopXg73HeDUevRSIRZsMCgYB3FuxAsspvvwKM+cVzeriF -QY1bhJoR+A8m6QIGtSH+6yQSOd1dI4K5xrsTYEhzImkE0XxT+TPu6FcsuN1IpyTM -n4Gpvqgk51rhXaMenkCrEv0MR69a5puf9vFmpnXuRe6V16IviXYmcjr2Lk94nFl8 -Wv4fW4RoKSTI9OttvgwGfQKBgBAJ9fVBp2TjiWEmY+JiNkcusYmPHyVYV74y9CH5 -ua3eUnpA2jBco1LPISqDn7yRXW8QyqSWcQu0ruoa4UqowmTQuYc/JihmT/KjRM/d -C/H8Dy7FExbCWksPrnK/IJeRt/L2Ar7j20a08jMJ5LskuJBtr0HLZzQHosg4VpOe -HoEBAoGADl98HXd9a19TOXST9bhDSIDoTQAVwbGm4Oa02vsG9jH3zJXT4eqmGe0u -o54kve3wijfZCX6CXydavhWjMw8oPWtmgolWbq/XmCL2u2IipsmOCRJIe+d5/MR6 -w8zhTO1S01HOTt4iqPdUDm3dVLglxBWsEY54UPiWy/C5crVVjco= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/bad-key-revoker.boulder/cert.pem b/test/grpc-creds/bad-key-revoker.boulder/cert.pem deleted file mode 100644 index 35d3f0f42..000000000 --- a/test/grpc-creds/bad-key-revoker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIC7tqBcllYu4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowIjEgMB4GA1UEAxMXYmFkLWtleS1yZXZva2VyLmJvdWxkZXIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl3ZqES4bxj9rIgXPNO6g4g8co -juSenavBtnJs9Rd4tCX4Fh7i3uw5yRqumeSyqFOnnIX1BYT2vJO9ZbGYNm+yDhTj -kNcmGVHkaEY47okcx/b1DPgsYeX/t0hF+/ol/iYaBWSXbBiol2E5K9uf8j0IjFCH -X9zX5eIhkGGxku9S7WXh6X2XywNW4WURevs4B92dDrv+fQg59Dno7fIaRE+T5jhO -1drWm4LO0ueCeYFHHs06i4d388pEiwUeQ3Nd7zQhovTs7SoWcDhoHU3dPwMr5p0j -e8tZtxhMgfbT2uF/rpxNCmLHlDOR/GD/xQOb8iyqPzWo+cxbI/VbE+Y5R3FRAgMB -AAGjYzBhMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwDAYDVR0TAQH/BAIwADAiBgNVHREEGzAZghdiYWQta2V5LXJldm9rZXIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAFeVYM9Uo2TIMN3lnTPlmIkoAcEvb -SO2B10ezjg8h+x9hJCw8AC0fyxY5cFvO6ZpnPlr+BS8R5lyMqA8nhyJMErDbqTla -d/6IOzLs88VCprda5anEQSOTq0I+tbOzVP8O3Vu+fJQ8kJEgFcCQKVUllqCj/w4h -hh8co3sfrj3oNSmy+/Nd0y5RGUpqBiRp0X0pls1flBus8MchXnDcVo+p9re788rl -DTCO4zk+SoDMNCMihkkSJAQKAzwhSyNDgwvL7cwOexhI0tLZGC+u2NlriIFqZqAT -qiILQnyMNTWnUfcUtu/iHr01RJcCAn2dfCuhBEUHv0XS+Y0gw2vR4YpyLw== ------END CERTIFICATE----- diff --git a/test/grpc-creds/bad-key-revoker.boulder/key.pem b/test/grpc-creds/bad-key-revoker.boulder/key.pem deleted file mode 100644 index ebd53663d..000000000 --- a/test/grpc-creds/bad-key-revoker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA5d2ahEuG8Y/ayIFzzTuoOIPHKI7knp2rwbZybPUXeLQl+BYe -4t7sOckarpnksqhTp5yF9QWE9ryTvWWxmDZvsg4U45DXJhlR5GhGOO6JHMf29Qz4 -LGHl/7dIRfv6Jf4mGgVkl2wYqJdhOSvbn/I9CIxQh1/c1+XiIZBhsZLvUu1l4el9 -l8sDVuFlEXr7OAfdnQ67/n0IOfQ56O3yGkRPk+Y4TtXa1puCztLngnmBRx7NOouH -d/PKRIsFHkNzXe80IaL07O0qFnA4aB1N3T8DK+adI3vLWbcYTIH209rhf66cTQpi -x5Qzkfxg/8UDm/Isqj81qPnMWyP1WxPmOUdxUQIDAQABAoIBAQDDF9VYKV4r0cOH -388wRkzdQoMbGkRRl1K6g6YUceRs7sE3EVc/iKKH3PaHcFgZhiISJRfQwNF8NMtT -uWcE4FbmkWsLRdhFHsJRkGrhURsQUWt5ynsr+B8kbSOrOlSyQEWIWkFo/zbiiDDd -PCsYUpmYkraaXzNqDlNh11ADTclP4E+LxOD0/f34AnmP3+NjDEzjyX3u53zsJkQH -OSlObz2Bsr6NwBUKVdj1iA3Yms3RzF+/AWlTS4IEFRywJvhGXpPmc95Eb0HgW4tB -aZSVmJzL4M+imm8nLzlM4F2ocMLk4pWiZcdjY3EEO5Xfzy1nVGKMtjh+CD/LaUkS -LPWxycZtAoGBAPGTy6I+4UhnPevkgrLPSN9NuSIRNfeBeRtOTqoO1EHybtWJyXFk -1Em42RcqpV3sDj80LsajTd2iWCIMRxTxS9XIWnE4QuEcI/L05rIULXKJYzDG/lTt -M3xPUiOF3I8hjAtg0UT+MbMaeBLKetK19WZgN7X9eUa2Gchv9l8ypqbDAoGBAPOW -z03Z8R8zG58NShSQMwskGic4F6zRVnOI39nQbE1z4gXGlAJW2sgp9Z6KvNDTvAPh -tmunuFw1CJeFO1d5ITmSHD2U+/6v9mICGuzPYdkAOsDgymzdziu4zkLRQcXuayAX -D3q0OUH7PV0JCr7q1II0iqvPfU9z7VIakhflro5bAoGBAMxiZZucJY/TQVFNoMJV -m2rJ4EMRWp5PnT3b77PzHeO5j8n8bEEStIS27nyqKQSgjaEtrhGC4oMMMhKEXrM6 -PxXdD5/QoMzBuSx5xKCPb7ACyrfe9Bi4IqIenfjN7T/vewO5YvRDN5s3XrVPN8EE -D14RM7E2hZ+su32YNFJwkQxvAoGBAMsTZp6j3MbDB/sQzDragQN/xKH/vJUiLO3D -JcRkY3Yq7zsbc5eDq4AGozPavFFoxC2ERl34BNYyjIgt1ew2GwHxEsQwaenJ7yGE -WcglmJCeBV15yqj6PgDrYGIKLMiD3SFyuD/28mlUuLLQb/n8stAeV6GnKPRNVIQH -jNaJcH5TAoGAI2yMpNV2GrV3fMIg/tzEmy76BUvue2Bwkd/6aktbcOWbbf2YpEo4 -xg8QTN6QjMyD4GPPkbpmBJe5d6I9fLsxMHqaBHuuJi3WJY1ka53K2Bcken++HaKs -JDOz2SlfEwci5WdVPzC0l/dFmaojbtZWElNcy0tisflFEC6QwyibiC4= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ca.boulder/cert.pem b/test/grpc-creds/ca.boulder/cert.pem deleted file mode 100644 index 73c7b2d91..000000000 --- a/test/grpc-creds/ca.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIUk0XH4XG6SowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKY2EuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAOu8LYhkVCZ7AHLuSBFjGgDt1Lcm/pQAaFfKtHnRJSvN -y0EWk0hIPqLov2QR3p03ZdZlzTxQhAO8u950I7Qjp9UMghfr3+Yd0VgSdcGoOGPL -WT7lV+mzmQpiGdcItSKRbG6kTqAo2BseQnYTaZVNLJXzaRvQ2KKfp3slefDY6oa9 -9WAPRISjAba9NS0ob2gKhiv/6pESwKNNzYT8TKXRs/bPYbZsXoraaKUuA0gADFTg -ioLJhdyOjGcpIpyVcD4+zJmZfAGpdTlO8BDxE/GDVBd4sq+f9DL4NpCnnNI1ZtRs -FobqNys5TAmXQYhGvAF6QG2F1QfmmQwrdlln9lwttIcCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCmNhLmJvdWxkZXKCC2NhMS5ib3VsZGVyggtjYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAUR6EEIUSvIW8+Ceh/nti0V3VIm0V -cFFmFM33Gi4ZXCUxCJTgsFQHMUboXLOITba20YZLtUMWtDjwOuDI1Kq68BxagMRN -uOM8PBXUfT69mJbCmVOmtE9NGO5Pv1lQgtQI+hdbAHOIcCnhJGEguLSLO707a21s -MaJ5vHovH6bw4ZnKw2+qvc+9SAKeLWrdOp1BDvMOiCgI7IwxhdlK0XkV75AAVkrd -aINmvNyiTfhtNO0/CNQfXQmrLDnF9xvJWj06VnLy9NN+bgSk+Wtl5gUwHX2uY4tl -JU0NOQmgzDJZBd4v1a5XURbJl6Aig5nkVR1DpbBmLCVxNdjZjhhkkwGksQ== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ca.boulder/key.pem b/test/grpc-creds/ca.boulder/key.pem deleted file mode 100644 index 794d80000..000000000 --- a/test/grpc-creds/ca.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA67wtiGRUJnsAcu5IEWMaAO3Utyb+lABoV8q0edElK83LQRaT -SEg+oui/ZBHenTdl1mXNPFCEA7y73nQjtCOn1QyCF+vf5h3RWBJ1wag4Y8tZPuVX -6bOZCmIZ1wi1IpFsbqROoCjYGx5CdhNplU0slfNpG9DYop+neyV58Njqhr31YA9E -hKMBtr01LShvaAqGK//qkRLAo03NhPxMpdGz9s9htmxeitpopS4DSAAMVOCKgsmF -3I6MZykinJVwPj7MmZl8Aal1OU7wEPET8YNUF3iyr5/0Mvg2kKec0jVm1GwWhuo3 -KzlMCZdBiEa8AXpAbYXVB+aZDCt2WWf2XC20hwIDAQABAoIBAGy+aeK5JXh61UIv -WV9r79rt22qBun5bkcat44MuT49dZ52m5Fo7uWk9JMzs0VyE6Z11aK+iFMQElEWS -HcZDjHBjTL/sN2TX7HJMUbX7+8dNTuYMtflAuCBqELF5etVvcC257etD7CzWUKJX -YiVVbHPfzWTfeo/KRmAwcYgBCG8O3zM30Vvy/e8S6AdNskjozSpDy/FqHB+u65Rr -UWBWtmBM47oeo0ZQFLSOjimziqLnCq08uLtj5mQyV5/9kfqFgLQ37BrT8gSjxDmj -KXSEsvLJOZHioe6exWRsGaq2+KrD7A0Ns+sV7GUr16QnoTHNpfdvx2GMtaFg40MO -4dUIxIECgYEA94nv+e8wGkmEE+Fs93oLwbRmZ9HMof2TsI38miThUk8polD6ppc7 -uhs4v+FjO+KvE4Epon0sC5C+q2LkbbtX2vC1cp2XAfW++GlfB2GgrUQTBilsGiBw -pkVfTSv0IwcADuUwwWXV10jMbLRBXP+eAMNoAHI3SNLwMPMSX26/5K8CgYEA88rz -9wZoL0jFOtDvEzU8BfLQzdRtF7jwr6rdgX6ijk5EXf2TEfCcWlzzATbFjwULnf1t -+puAS4XuZXT9eYjeLYefrnTwia6MB+9QuAWR+Xnw++R3BTbEF3tMqbCL44Z02K1/ -MWlyKSA9aVIHW6z9CcQUw0yOQweoBtb48ZoVU6kCgYAev87EoFa8XTd/9LfBgjKl -rFAwQ1qFIOfQvcKML1qiC91jIWYRfaXYt3r0Mv5NuRoAdUIDwkLPaPqWdaFklCoU -s2QGydaxUqKXXxeD5je8bkFiuZCJKlB0BxgQkQ4xr7PtJcFJtOm8ZXmnYzjfYY1y -ENQBgi6l6DYYDonQuwQxVwKBgEAw6Bva7APHPWdHLCv6kFtgm+oWTMM6RuV6L+iw -10xw/z9gTSEkIYcJglKHgW0u/ugSmqqp1xYLpcHBFBy0FQwX8cuVruARvX05Xh+W -F+GAYhtxBIWy7d7g8Ead3beC57FFvX/dK9n4SzM4DgftfJLdtjnWJn8vvOZQJCw5 -TfRBAoGARbZa7WnLcgnl3oQZfxfyIhWLqDG2LPKr/mBZhqU98h/jxuxl2/GvpnPn -XeE4YePge2WULztMc/g67YL69y8oxekzz95C4tLACVg7x3f2k+Ri8qPogCFjimcV -ZhboOAk8b9Z7N5hOKyRopkd1j3Afzo8t55jmT8u60Rggj2jyUWs= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/consul.boulder/cert.pem b/test/grpc-creds/consul.boulder/cert.pem deleted file mode 100644 index e781adc39..000000000 --- a/test/grpc-creds/consul.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDFTCCAf2gAwIBAgIIRC1Y1hKKzsowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMDUxOTIwNDgzM1oXDTI1MDYx -ODIwNDgzM1owGTEXMBUGA1UEAxMOY29uc3VsLmJvdWxkZXIwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzmWPETAwj/uX9k6QQJzCEnBJ6khU595Q60gIS -/KFYp5XOHHZtIXkoJDQsLAgit1Pu954x386nYslcsD9mTbYNn9JS0LQdU972fUxJ -46eOcazSBrlodkOCzXcw2F5bqxZD0UO/QmsZ2au9MBWlL8fkjiRNHvbtRKx7zSWe -kfN+tLzUqD/CZpw3OgYxk4JCNSqDPJZS8IEDCZKHK7rh40MDeipomWxWFplKus2z -ScTbMB+WDPY03K92BeWFSzM489ikhCrwRd3JnngrpUaN2A4FKhNsjs6LS81/Pc3C -oeAi8Ri07IcImo0uBoBNz96ciLLh4eI5Nx00gW4Ls+TdpPw/AgMBAAGjWjBYMA4G -A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD -VR0TAQH/BAIwADAZBgNVHREEEjAQgg5jb25zdWwuYm91bGRlcjANBgkqhkiG9w0B -AQsFAAOCAQEADYSDjhevQvxsVO2mBsyxSSnH9zk8Lrlx3a0CBSaiOcfP4yVUM8UL -Z9ZLVfIt53H3gGabLrXngCoHdE4H4OVxbvQpaHFSDsg0/hET770vhgw+5s0AnKKp -cxC8GmyMbRm0Svn50Ym79MFyqx+rzIApDja7x8+n84DBGDab+MeBkiUtPt7oeoG0 -Tcb1IkSApaWxOznJid9ARN7sVY0LBeoaHaXPZfJ6ZooBrTJOpxkz7PD39G7On9K/ -4S4we5FnBZ8moFt2Dt1fnBUvdvPX+765RUs//0RLf2l0vH0mUQselxcbipkAXQOU -Cwiel9a3p436EBvFmMaJ1msIJNPGqkPPdg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/consul.boulder/key.pem b/test/grpc-creds/consul.boulder/key.pem deleted file mode 100644 index 872d524af..000000000 --- a/test/grpc-creds/consul.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAs5ljxEwMI/7l/ZOkECcwhJwSepIVOfeUOtICEvyhWKeVzhx2 -bSF5KCQ0LCwIIrdT7veeMd/Op2LJXLA/Zk22DZ/SUtC0HVPe9n1MSeOnjnGs0ga5 -aHZDgs13MNheW6sWQ9FDv0JrGdmrvTAVpS/H5I4kTR727USse80lnpHzfrS81Kg/ -wmacNzoGMZOCQjUqgzyWUvCBAwmShyu64eNDA3oqaJlsVhaZSrrNs0nE2zAflgz2 -NNyvdgXlhUszOPPYpIQq8EXdyZ54K6VGjdgOBSoTbI7Oi0vNfz3NwqHgIvEYtOyH -CJqNLgaATc/enIiy4eHiOTcdNIFuC7Pk3aT8PwIDAQABAoIBAQCMsuhTyffg4zou -c9GdzfXWjaZ0W6lBZlG72vZBBaUpHPDhLa8hQ431ApfU2xHskI6ysU4/aEQvIdb6 -RCEG9m5fMgvFUTcpmqEbnYF8iVqk3y0yxI3P5oZxHKH5pCgXzGp+6pwWY+QftkUy -y07JwCrrROfvewibTKeLvWVxWonVglZAqquECeyz/JgVCQY26MI2ekPaKRNjVXYw -uQfIwFERoNdaSKo8Q3gOPUxQYit8EEXz9MGcop14YFtq3U166UxV/cgG1S5zRA8B -x8BBiDDlebIYRod9j+TfYIuWdxhxyRJOX1ozpwggs0pVFIP0fVZU2hpYSdOSsmBW -ySi67OdBAoGBANohyWtCEk1kDAX0oAKqeyn+qj+8DjJA3UQebSN1zxtZeFFh8H3s -83sx89/uZrZcF068Wcm4GSQMmLgMbg0hxGa86DxMdtogYyENP2cc752hWRKZodqm -oFjqIb1eQKkku7pswcNiwOlVJxygrQH0uZXKbiNPkzncep17LBosQSYPAoGBANLH -IS9lSYEQ5urwY1JwMPyF02VqiEohGHa023gHxDUjEmgsYpqPAO5H5kyMPdr/hZ+8 -RyfQOKOo3IUVQasUpgKG9OKo9+Jw4rHeLBpU0Es5gsMqQqBTFirSF+klWeP9IkVS -6z9epDgjISv4Dd1wNO/n7od8A2x9qZkaQs42dnbRAoGBAJQaVpiVnrmfES7F/hJx -T/ieaVemxnjGY7VJd06ZQYpPQAr5lYDabiKaMvw68NAmTMjvx4LXlXJNfy+PePU/ -lQswffna7OODE+swBHltQx/imgiv+R3s/ngAV/IsWXi+cRvNle2kUljasRiV24G1 -eIBElm0xLUQe972PEM2geIdvAoGAHGYUBIzDEI60bichWrQfBYcKanmmD0bSQvwv -LcbuGrK1AjAowOZPm8s4Lkwe8WjIGjOF6slVOEfCHnQ0utY3X9PLHtbhPzMyeACV -NJ8EyX3gLmd9PpizPeW8rv8HU36BpZF8fLdFrQKer4vmYlWB7Gj1bG+7Dl0IAsbV -BW+1GmECgYBelHOPAdwkAZIImqhmXeuGcELQoryNfEx6rMaHpt5oosQit6WDc94i -z3iu4NUrOlx0Gtxq28gt+10dXH7+ZZ+nPJ48mBgfjxBjAQInTUvMzV/rGIjOTlnn -vm16iQjQkQ7hxOtynDCgVGX1PSbUSZiv4ARvKcxPOe3IIcZ0qHlEag== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/creds-test/cert.pem b/test/grpc-creds/creds-test/cert.pem deleted file mode 100644 index 58c228002..000000000 --- a/test/grpc-creds/creds-test/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIIY96sx6DAQ9gwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTI0MDQyOTE3NTMzOFoXDTI2MDUy -OTE3NTMzOFowFTETMBEGA1UEAxMKY3JlZHMtdGVzdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAPQdDqPPEpNOPY9zyjq9bDASdQ6GtueKY/t7cOURLAlI -VeEO0dFw+n/zRSM4D6ZDC6p0JvYf+hwOoQQc8pfmJBcG9KO2DWWTX1mrJRsOVkG1 -TdMe00BlIkDK08so5x0kW1dnmh93zU7vkxNzUkzzW89FcqTw9gBfsnwTBp1/KVYH -31AzIugUeI6oaxw6HVPVRSgiQwGdxucHDO4HJ48uGdhSpQrlHocCJfISIHN/DfiQ -7JoDzyvdaT4OrlTHjItDYR9CjY+3NhUO2yvuVyrUa7MeZ9l9YPcTYVSQivqu0XGV -Xpe0P7E/Neitg7rX0SGV1K6I9HKB4LoItbR5lBwA/30CAwEAAaNcMFowDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMBsGA1UdEQQUMBKCCmNyZWRzLXRlc3SHBH8AAAEwDQYJKoZIhvcNAQEL -BQADggEBADeewOU9nIHcMRXcVsoTxBbvXLziWQOKMg0kzQFcIdSPRzHtOPdw4Qum -hekG5GZzkEIUmmZDuuuPE1PqblGnHQMXLqGa5i1uLBPo3/w96HJrm1UE1hID1bIj -+N8v5q4gYU4i2RSf8m5w6iXkXs3oeXd1A+0yfrvohtJ0PBrJ0IDfhosxr281v2PJ -Yjl+eXZrMqmjY/eXJTWAMvyNs7GOXg6qDA3BG+mZk5CJ9p4+jXFSGYmPOlLp4Bfc -eB9FDNLSjSd0TlxqdvCISj1Uuj9iV4xo5FRc66kmAS1b1SPsCV8TG87yyNJMhJbj -BGOoynUe/jFrGjmoDpH3fZJvn+x0DGA= ------END CERTIFICATE----- diff --git a/test/grpc-creds/creds-test/key.pem b/test/grpc-creds/creds-test/key.pem deleted file mode 100644 index 08c3dabaf..000000000 --- a/test/grpc-creds/creds-test/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA9B0Oo88Sk049j3PKOr1sMBJ1Doa254pj+3tw5REsCUhV4Q7R -0XD6f/NFIzgPpkMLqnQm9h/6HA6hBBzyl+YkFwb0o7YNZZNfWaslGw5WQbVN0x7T -QGUiQMrTyyjnHSRbV2eaH3fNTu+TE3NSTPNbz0VypPD2AF+yfBMGnX8pVgffUDMi -6BR4jqhrHDodU9VFKCJDAZ3G5wcM7gcnjy4Z2FKlCuUehwIl8hIgc38N+JDsmgPP -K91pPg6uVMeMi0NhH0KNj7c2FQ7bK+5XKtRrsx5n2X1g9xNhVJCK+q7RcZVel7Q/ -sT816K2DutfRIZXUroj0coHgugi1tHmUHAD/fQIDAQABAoIBABGqtK+IQfjlNbFX -GPCtWtIT0+LsPvp82oWNxnrdhklZsdVq5CZ7PbXa3ksROJi4y3RXmaZAZDJ5oI+S -pL/3iO8dssDSYR/TzZfIuhO+MuHohCxeU72aVCNKSo+ucyN5yR6HQfE7E2G+Fu/W -bcNh7WgPx59GTRdz1ZADNHxbgptWLFOoBQzL20//mIsB5Zl2DB7/7w8940QF+EH0 -jFn82/32Cvq3xQu2Zlovc1HIRVwewV3JXwBtTtn4+WhHwbfh9mjyYrh45xj99Nvm -b35iriTvgiTJoi09F3Dl6dOaoTgnRCF3f9EZsCGugl+YSj2+2bpXtJIv7pY/6FBU -sHMVuaUCgYEA/mTjhHSe/rBhVMQKIsDtZAXdhLrWRGq8tNGMgz5Dc/JL3uhPMBJL -RwWS2t8BQd9c6VUIdib2Qp9Nk0VXY888ZNuad8JYpuK+TuowA2omaXHymeTYzC2p -8IESdljbDHth5YXdj3iRSnTkwfXHLmMtfKFz62GjpE860rikMQSfA9MCgYEA9aeN -+Z+daUCEDIrmRWq2yQ8M/BFLLfdybpGPTCWr/Ci8ndRIVEeDiaq2kXSPjBBYXXw2 -MO1aepbGiV63rNQ5mPTde9I/VNskrMHO++Rmu/JjLYcx8Rb1W/4c8RbRnrSmbDz7 -6lHACuY6o8EknXPPaMXQD5pCbKkQWkEHRWrs7W8CgYBamzhlvtu6PrwL4t7xTeG/ -VE93rMwQBiw8Ar6XKCACNfRL6lX5+yoQm62YgwEBozqGaKDg5DOluvN4VqQvimoq -SgUUToYgunWpycNcE/ymZc1Qfq+w2TrDzFT1DeTG51MQ2sL1DK5C5KttYcqVfQGA -eEi/N0F/jjCXSOhCBTFVvQKBgGlwy+3TZxtgR82iaQhur5pJTYd8XMqUJZfz/o/u -s41+ZsdP8OPL9lfG4Ko6X8r80RD/WbtShb2MrhcUgr46MabHo7GcIvbnQSyt24wf -E0Gk3pESMIuNES+1OPL6mmsGm1BmNLL09/s1qwHSy0aSCPqtvYqU6eH+BzjWJKrV -JHEdAoGBALQ9UFgVG3e8GNvD6OZJKHbmzd7XOuHC+bDYP0JxDMhO0jza86YPMSQB -Mc76VJ+drA7+GFma+7RvVCMnInqiMwPB0R4ztHGXF8quAIC7dMkx+292+xkyrZPH -U0xUzCcBmJXYE4iWEYk8w/U5v3/b1Cjpwzq6FCtj9zJn5kPKwnaL ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/crl-storer.boulder/cert.pem b/test/grpc-creds/crl-storer.boulder/cert.pem deleted file mode 100644 index 797e90ff7..000000000 --- a/test/grpc-creds/crl-storer.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHTCCAgWgAwIBAgIIRi8x7X7lZdQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHTEbMBkGA1UEAxMSY3JsLXN0b3Jlci5ib3VsZGVyMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHM -veqwVBlJm77XRX9Jdj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74 -ZN1D/RkrSr23sXFJ+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg -4WRxAoEcMPNnbU8seWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG -9nNh2+2AZry4of8B2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7 -OGC4dG8zIA6BUtflNBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABo14w -XDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC -MAwGA1UdEwEB/wQCMAAwHQYDVR0RBBYwFIISY3JsLXN0b3Jlci5ib3VsZGVyMA0G -CSqGSIb3DQEBCwUAA4IBAQCPSvQ7FfZ3/n/yBK1njRsLS3HTbLQ0O+WnfFapkK+3 -gieFts1wiFTN8KgE05QvFGfsSPqh6p4UqRw7XzOUoq4Zz1FCE9j2dnF7sTNpCyjv -Yb2FU0Rz4PiINL5YHG1Wn8lnn+EamznphNVBOOoeDXIReEPrQExRXwVTv0I767J6 -N9HAZ93mF98yEZwIJSYXE2w1iEng+kBLj3EtBUgh5x/HXApKaW8CLibGuxkIQG8D -Pjm8KcSRyr8n318rjjZHmBHAC7KMfGZR2cM6Y4oVJs5fy8nI/OqT9MrAYkFaxEuG -SNx3VccoJKTdHJJnUloiYJO5mmt0jZHP59Zflkz13aqO ------END CERTIFICATE----- diff --git a/test/grpc-creds/crl-storer.boulder/key.pem b/test/grpc-creds/crl-storer.boulder/key.pem deleted file mode 100644 index 3868dd7e3..000000000 --- a/test/grpc-creds/crl-storer.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHMveqwVBlJm77XRX9J -dj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74ZN1D/RkrSr23sXFJ -+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg4WRxAoEcMPNnbU8s -eWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG9nNh2+2AZry4of8B -2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7OGC4dG8zIA6BUtfl -NBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABAoIBAH6A+AV4ldhyAv0y -D8Zp+E231n4/G1z7BHXWPVo2kqiZHobze64UMPoyuYul+pUSnhmdlGxDyVV68EVy -ChdGC81m5nQaFn6r5c/H/8Z6D9cJwqztLQktGctYSxTaTFo90foLXKnGzbsewg27 -OQUs2cEmiOatEonPNizn6KbOxD+xsrcwloK4zD7YXsIhR4QTBBS3TulvCsh6+UTf -CY8z5Ne/lRJJEKfUZviBFtQlheMm4ChweDcZiX051ko7McahfYNKOuNp62tYVM4n -1GLGBOEFzZKcN5WYsuL91UksNdpjxbyJkibTyTqzuLR9XnM/iCsZ1lUIQeFoOnsj -Av6p8rECgYEAxfR2sP3yU773YP8ZJOPjdhrhLU6SqQRI2KiCum2o0yM+1hUZ7UUn -rm4aeSUbcO7Z4VYjaupuHzWz2hqmCEKjozKEaQrwIHVxitPzQKWcwIIMefRSijbL -HlzKd/46hJl5tmvbKWwV5p8vqWz3LZ387bC5UoUSgnGz/xMuCx4MEIMCgYEAwhUg -1xLDqBGnJhL4I0LmOEI9U851gkF4K2ejCCGuv1NqWR0ez3usgRIb02fUx8ycpuRZ -Jr/RTNjy3lpRznjK5S6ZexMZA5XLjoX5DvyinvQIdiASXKsSD1/BrlhFoz+MGmX6 -WAIIwyIl/WJ118kpg2cJqfBnsUpepq2y6ajSzwkCgYBR1ac/siv8zQSNl8f4RTGi -gKg4R7Q/pSLMVpV8pprVdkuiyyRlv2IRLTlKfbmjbUqraiXILFQMGPJaJwwefBYU -AG1W04vDj2m5/7cfMZfkyZ6IyCVbOB2uVqPpCTN938i+TkZTEHjZV1On0gE5XYfT -Z2ylnZeyT3ke6Pnu5KQOKwKBgF+6ViFfEvxiAKTJ9HRH+g/DtEYS7mjZ6/DUxFgt -bOjXtvvPXjQOly5uhSUH8K6/4IB83vA66nxSAbDksbb6Y3EZRACtkcfv6aAZupfG -yltGmKnS9duZUWYd4AUjau2zWWJn7EvebP36aOyK1P8jLIOwndahSjPrL7ZctIOF -jr0pAoGBALeYsldPCwFLUAUWc4uo+6qjVigZIwO8ZjRAmZ99qwtC2aMODayOK1w+ -P3kygVFZXXlF0XvO7zcr6g4oHgLoaJGL4AUTQGhdXhSlSWlaFn+70m4o/afToDh8 -0atWXDRfLgGnJ+VamriqSUaOdilJz2n+R5mkpB/Aw7cIPMjNG46e ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/crl-updater.boulder/cert.pem b/test/grpc-creds/crl-updater.boulder/cert.pem deleted file mode 100644 index 0e49ec643..000000000 --- a/test/grpc-creds/crl-updater.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHzCCAgegAwIBAgIIOk8TVvubJDYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHjEcMBoGA1UEAxMTY3JsLXVwZGF0ZXIuYm91bGRlcjCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKSOlusPKKWYKIxf3UW+VVlnk6J3sGP -t6zTIPbuZsFe50mZ5aYU0hLKpXc59Re+L0pth2NqPBhEKzicALcfYuXab50spqY0 -Bb5YEale6Exo95uK+c3ciFtg0SCxDNd4sIfoyRZMUjl/7KQnet55Irgd2RKCH450 -5F6u4Ag+PFIQ/lQyuwgeGqZvdzNvQ208Kur2VFhFL4gcn3OZg4GRxySniM8hfv9D -ufKNYdpQPN5aczfhxs6eK15oPsatV9DNQNYrzKDaTM2T0AI7HQtxtAjdfNR1l0SA -Sqzwxzo/bWHFk8vSNdtsdEaZTLA+oEgex24gAXLmqaPWpwO9m6fkjBMCAwEAAaNf -MF0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWCE2NybC11cGRhdGVyLmJvdWxkZXIw -DQYJKoZIhvcNAQELBQADggEBAKy8E1kQUTQWCIVtPCgraZYpudjGk0PETM1MQXz7 -FgTEE4cVpKIWFwWdD+XyfL42V4tjdGJX5iBNFDRgR/rA44QUgrKp9AE8tmhV8B3p -FIgdWDtdsBlSQanvMzG35Zmut7Ew5bUlxREWNqt41TAvFrV0NuXvFHcVDYkQ6MH4 -oaVssPYUmMyCF4/uRXJTVrb5z+jeroIQoCmoQdRvKdVubcb0y7Nq7Of4VQvcdAfi -5uB/7a6k2/n2c+4ZTZYyw94ZUjhiWwPxZQYhs0E/0NfrLJXVqDLo7gfavvoLa8D1 -B85C5GXB0af+FSuEBNGQsfakoZ1F3J6S90VaveebUEA5kYk= ------END CERTIFICATE----- diff --git a/test/grpc-creds/crl-updater.boulder/key.pem b/test/grpc-creds/crl-updater.boulder/key.pem deleted file mode 100644 index 066f0e7e8..000000000 --- a/test/grpc-creds/crl-updater.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAwpI6W6w8opZgojF/dRb5VWWeTonewY+3rNMg9u5mwV7nSZnl -phTSEsqldzn1F74vSm2HY2o8GEQrOJwAtx9i5dpvnSympjQFvlgRqV7oTGj3m4r5 -zdyIW2DRILEM13iwh+jJFkxSOX/spCd63nkiuB3ZEoIfjnTkXq7gCD48UhD+VDK7 -CB4apm93M29DbTwq6vZUWEUviByfc5mDgZHHJKeIzyF+/0O58o1h2lA83lpzN+HG -zp4rXmg+xq1X0M1A1ivMoNpMzZPQAjsdC3G0CN181HWXRIBKrPDHOj9tYcWTy9I1 -22x0RplMsD6gSB7HbiABcuapo9anA72bp+SMEwIDAQABAoIBAQCjMjVCmPeOw6Sv -xeaLFkbxSrd6VoeBQIMlsTxwAUwsmuZRxIRrRgFhg5k/pFwfmwRdX/rz9rILBHpg -E/FBp1CzTADcCwyIURAUNBg0QIeFN3Gfg/S8p2Gzi0Q9MGN+AxvGEwk+66r30YVx -ti+HlID7fwWIUZ4YRZEanYEJSPIdPeyBYD0Xl100aDAP87haNgW1piyfMrrOATET -4EPZZ/O4zQriJd+bk6GNFL+I9MVcp4Kw0Zx35IPREIuRVP5eW4NxpYwL1/2SnYZG -Ab/vwkzUZ8Lj1IlMGTNOl1Sa+HRLOQ4j5iAAj5VdLHaNU/jDJHdK4KiPmLrQduRE -NlocoBuJAoGBAPvjA1+7R2PDjMRqWx2HDgZsgJyYIFOyXqbvaEMk1Cihq8iqfz47 -E1Nyj1TY4LcXgihnIriZNVSqwmbwv7J6U2RbLbth3nIf7lfNcMAVLCkVA5dtyml7 -0qsX5/fnZdi1GjnmVeeuyUUKDKOem4aFn98NrhNqaT718jaZTPchgbHPAoGBAMW/ -nOjklMimWFwPGauHFD6Q/JHNXTJOTC+3rjMt6e1J8YeP76bSTcgphENPQWpDzVF/ -Njn70t18C0+C9BtTWNHOMo9MwnF+SFE96ezPcGZlJxeL9Oa4ylB2ZFTnYqwzCVEz -ouUoGT+xAekes+OpWcFlBfS4PHdFd0pPcbUpFCZ9AoGAeC8bHwRWzc0yT02H6BDW -qk3/F7imRAkpjHFSyCa8bB6nvnlLeT/qurhAl3Vb00CORATh1j6T6bAITeG1Nc2U -GKBAs9XAs6d0q8REdgIkLf3u1sP1/lqsbCJd9jUcrUfMGbBDcOY+9ogS+8bj4k3D -uEPouS7exMHJLi/7PzdnkJUCgYBzg3HaTaRn7VvSMvPw0dBOmA0h8o/NUhWJDkgR -F3H9reMMKFV64oCTO0VKuGJi+8ZVI/V+O4862DoXMUz9JVvN+yBnuxQejgEajAs4 -zRhAiDgkthnSKQHtrKsBOcTXCF0Z9Qrjx9+v5+tQzSGSDJwkr6miAXk4xvhfDTdD -9wIRVQKBgBSmjPtg0RS3GE84DvUp7zDliMXqLxvd9u16FrPjMuoEb7KZ1+BZQSye -I2rPIJS+34SVeIoVITvpGCholkQ2246JT7gdAP+9x6b6f94At9aODHYhq+9T23XY -3wEXd6w1vB42OR3cK4z0MtqFIVZ6/LmIDFc+nbvKpGbJn78QZXHH ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/expiration-mailer.boulder/cert.pem b/test/grpc-creds/expiration-mailer.boulder/cert.pem deleted file mode 100644 index 7027a481e..000000000 --- a/test/grpc-creds/expiration-mailer.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDKzCCAhOgAwIBAgIIAwDeEDu+pKcwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owJDEiMCAGA1UEAxMZZXhwaXJhdGlvbi1tYWlsZXIuYm91bGRlcjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTY5ZaPHTBrrSA5WBTHIlv8 -3w1vhQ1S9cXJDehc7VoAaiCOOLRO5WCr5s67UxxKlKk59puxsvYOeJPkfqsnM/Tl -4GKCs177ywHdQkNQ9hVdVV+urs4yrRg7Mk7Fbx2NEBQytRQDAzYKP5Uyj0lkfgUw -KLXIkC9P9RICCavasfmWbDQqsjdqbMCc+QgPvpIU62tMbhPiobqOBTkoI6OxFU0G -gYrefaIS5bRU5ogsJVxNx9sG2QA6bAuRUPEzsag/OnhYjPCRsQKvEdb4l5d7RzOt -QSy0YvgrXZJdJSbXMKi01mmPh744MDTBXv5vQd69s2pVYXPIuWIE+KbOq0ITJ30C -AwEAAaNlMGMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMCQGA1UdEQQdMBuCGWV4cGlyYXRpb24tbWFp -bGVyLmJvdWxkZXIwDQYJKoZIhvcNAQELBQADggEBADkL+csPuxJNgtpI0vVeaFrS -h8buV44QiPz6pn5qrmT0gNlsUn5ecv4MnVqFL3cSPlRT3lghBOkpe0KGuUsnjB+/ -HvY7drb4DxAMW1CJuL6xCvGTHA1d5ueBNjUXSSpqWNTAOvovUJNS7whMaDAatqNK -OuZ+cnGJpFVPuFLUJ5Xj0d7oJmOoqvRTh0UY/jBsriPkufA+I59oPUsesxt7vExn -H1y4W/gvqNX0SnmHObYySO5JiwEb/ZjL4eOTUCTZ/xm4qgGAuBLGM76p5BVvTNwv -5ySWNuAE1yWmdDctiSY74kAKUl+h0dHFuwxTLQLHeGTpq+ohEAEMhoNVo7W45n4= ------END CERTIFICATE----- diff --git a/test/grpc-creds/expiration-mailer.boulder/key.pem b/test/grpc-creds/expiration-mailer.boulder/key.pem deleted file mode 100644 index 462d2755d..000000000 --- a/test/grpc-creds/expiration-mailer.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAxNjllo8dMGutIDlYFMciW/zfDW+FDVL1xckN6FztWgBqII44 -tE7lYKvmzrtTHEqUqTn2m7Gy9g54k+R+qycz9OXgYoKzXvvLAd1CQ1D2FV1VX66u -zjKtGDsyTsVvHY0QFDK1FAMDNgo/lTKPSWR+BTAotciQL0/1EgIJq9qx+ZZsNCqy -N2pswJz5CA++khTra0xuE+Khuo4FOSgjo7EVTQaBit59ohLltFTmiCwlXE3H2wbZ -ADpsC5FQ8TOxqD86eFiM8JGxAq8R1viXl3tHM61BLLRi+Ctdkl0lJtcwqLTWaY+H -vjgwNMFe/m9B3r2zalVhc8i5YgT4ps6rQhMnfQIDAQABAoIBAGOo3DPpqQGGwlP6 -NFnwp7iiwdrvhxFD2yKTs/LceV6DrzdkSdkfyIm0/lnUBTPhnno+2lfhE5X3pZxa -prbIVkm6yGuXeHCyUglTl+S07KHMaxjSO7Yxeek2rzWqR6NSc72GHp9PFyUY8y/6 -NQkXU6YUx8ehDz6k4JKJbZQQWOLfHfYB85pkguITFtZwe2wFKLyrOLK740m7iZm2 -Q5zkY4vi25RAg1vkmM2kJUhsEpxRMC6v6Lb537xbQPYPlDEu8y2n/Djo2GgKHWUQ -gB6BT/CArU1MO6D/DsDs9Kr+aDa2e4HCB5BHCsxk8wkcvVqK8zX1FtbW5w+9mlqk -dP+zWQECgYEA5TrCJYlrG5ivg9JNINVvsM64K40iwBSjrdhLngjT/FFAcWQFkSH0 -kHzL5g2DNWU0fDk5Y71MtjAtMhfnS6vX4ICBMqDZOm2z/is6mX1Vwd67nIbOFTKY -2lvSDrjVxF7cEyqh8fQZDNsTfKTDFSv0yrKHyc5tywl8wGVYvNWsdNECgYEA29YC -qWjVtIrbFoOBut3hGGcIsQcpYgV5HSm+NIl9BVpopeafdjv5wY5XsVg9BUHJTCB1 -mUFNw0PGKKcc2oPNQT42hD70S15OBdH3K7Fj19e7b4T1Q8NUW8WHbwECG6saU8VC -Iv7/ukzvaJV8Gn7Pl7LFMReXvsxKS2NjG7pDYu0CgYEAhBWGd2CmcgFZ6ShNvwSd -VhDXeGjbxDhgVDTU5ZwKolIjQvMybf1V0cfHKalRmHvXcVj746fZQwWhlULGyQic -3MTPLWAXq54439UC8ByTRKHWEwxuRTKhdvj/ofIJYxyRzQ18wVE4+fpmUSUTL+jj -JcUXj0Y+Z4bw9l+vcSfiNnECgYEAjxgv5Vvy9zEHSRFSyXMRyROQKcMyobZUTrJU -N9hiw7BEu/BxTcHeYaoo1KxOE/TtdZsPUTGbz4V3IBEfC/GNEnHPhKeB1ulMuicg -z5UJG382Z3HRQEmNyKq77Hpoh+AJJAwbb7IyfW8Eyzu6a3it4d2g08K6qJxLo+TO -p0bIBEUCgYEAyIixytnbC3n31nKDdzP6gcs429JCcFw4+/Sg62LGSTUDUdifnrgG -rm4lkOLDwm8gv7I6L8Ye7KJGyG3mdqOgEMP1S8V2URXTWehifOAW3ePk/7ib+s71 -T3LVEGGZGaFTmeRnJ8HL+iPhsqDCMofNZx30sFX3joy4qarl77VSUG4= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/generate.sh b/test/grpc-creds/generate.sh deleted file mode 100755 index 2d2815e0f..000000000 --- a/test/grpc-creds/generate.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -e -set -o xtrace - -cd "$(realpath -- $(dirname -- "$0"))" - -# Check that `minica` is installed -command -v minica >/dev/null 2>&1 || { - echo >&2 "No 'minica' command available."; - echo >&2 "Check your GOPATH and run: 'go get github.com/jsha/minica'."; - exit 1; -} - -for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \ - wfe akamai-purger bad-key-revoker crl-updater crl-storer \ - health-checker; do - minica -domains "${SERVICE}.boulder" -done - -for SERVICE in publisher nonce ra ca sa va rva ; do - minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" -done - -minica -ip-addresses 10.77.77.77,10.88.88.88 - -# grpc/creds/creds.go: -minica -domains "creds-test" -ip-addresses "127.0.0.1" - -# minica sets restrictive directory permissions, but we don't want that -chmod -R go+rX . diff --git a/test/grpc-creds/health-checker.boulder/cert.pem b/test/grpc-creds/health-checker.boulder/cert.pem deleted file mode 100644 index 9a6d8dfd6..000000000 --- a/test/grpc-creds/health-checker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIIHywaCXTL2qgwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowITEfMB0GA1UEAxMWaGVhbHRoLWNoZWNrZXIuYm91bGRlcjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1xITHFefqqfd0uZyJvFJMWzWZS -Bekou7m2YKYxl61esBNzYZxcSh83vn84+s8dkB51/Z8IpzX5xTr5Ogwlkg2EnxVB -WLsFjbBsfdK/cJmvs2mjEVyHoxjAZjUgddo++AAXIallVWKV5nEY+BmY+pw4Sdvk -gRleGMfj7yNlyNq7RvjBgGBpg/hzrVkVgcreGeEwhFSvjAHZIzgzjjIOKBd6W4SY -1w41B5bBnwN+izyd0AlKEig/sWbGXCFR9IMjBgFp7dogDbwCGETdbMeusbwBEHUS -98t90/WBOj7kN6a4MUfKWNpz3/UdeT0doRF8hfVRAeydMmQ4NTc9WVr1R6MCAwEA -AaNiMGAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMBAf8EAjAAMCEGA1UdEQQaMBiCFmhlYWx0aC1jaGVja2VyLmJv -dWxkZXIwDQYJKoZIhvcNAQELBQADggEBAIu8JfyFBvWWRGw4baAh0ArZU7nPAsqL -phJTO1O2thn9qbCnEOAXBBZlnmEMRS6vQpIjt/d003LVKqMjQ8ocym58qa8MMksQ -BHs1S33XJWkmw6/qPMfbbyP/n1SlicD920Eqsnv/jAY3AqofMaB4f0dmCdyhjIkW -jkI2Y/M9nG4KDgSelu0aL00NXdNvFG9gJrLjH22v85i7xCPpfz8zFmho5igW0OCg -a4Xmsoo0YxV8KJQ1z7rVIuX4qmYxQ7cdQ2i626EaI6+2/YTH2eA73O3YI0i/x87y -bFA5+7DKcwNTuPW2wNtPExsdtbvKkyJjWCMArEoWRaamqESszo95jUw= ------END CERTIFICATE----- diff --git a/test/grpc-creds/health-checker.boulder/key.pem b/test/grpc-creds/health-checker.boulder/key.pem deleted file mode 100644 index a4ccb5a7d..000000000 --- a/test/grpc-creds/health-checker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzXEhMcV5+qp93S5nIm8UkxbNZlIF6Si7ubZgpjGXrV6wE3Nh -nFxKHze+fzj6zx2QHnX9nwinNfnFOvk6DCWSDYSfFUFYuwWNsGx90r9wma+zaaMR -XIejGMBmNSB12j74ABchqWVVYpXmcRj4GZj6nDhJ2+SBGV4Yx+PvI2XI2rtG+MGA -YGmD+HOtWRWByt4Z4TCEVK+MAdkjODOOMg4oF3pbhJjXDjUHlsGfA36LPJ3QCUoS -KD+xZsZcIVH0gyMGAWnt2iANvAIYRN1sx66xvAEQdRL3y33T9YE6PuQ3prgxR8pY -2nPf9R15PR2hEXyF9VEB7J0yZDg1Nz1ZWvVHowIDAQABAoIBAFj20IUZGwVtpyuM -2KSUrbg0e6X/hwe81+5IB/pwJ1qwUldZ878eSArUvO2i4xmll69ZMQcZXC+Hhd1P -588yxdiMwccWkTIL6Zuon6QPutcSuwLX1sDXC83AI4KGGAL2mbaQTcdpVlxmxW/c -fDO5h2z3AyTyAuXVVa3aCsitXxk4kVn7MxBkU8h5jeG8mAuZlb5MmyLpXH8F0+3x -sTaOEfelw0ohA1Eud1XWI7KEketI8KoKgRR0+ZAYnK/AgAO9mgmAttn1nk0fYoJU -l60hVWbsWlak8ef2zWKF7VfFRw83rqh3cFOuRLHI5wZGzVONRKO/5yffvc8bmqRx -nbwMVIECgYEA8PQsHDcLfbNrIg29QXwgeNCMSZ8eoJFOELnpcNfiUk5SWyjPGwA+ -ACMUAjEY9bgd0G52Gjn9oZ3ND28vpqpUrfON+Wt+CUr7Gploj4jrEYU0rYeMfQLa -mvyMGtU08aLeVhrvTUTPNiEfrwqp6GLtj8g+oXvv3IOk3wRwinGYI1MCgYEA2kVF -7gicTM1fzfrS8vuOvzG+TbFN0B9NYcRYe5h0bUcMQ52rqlrNkQdiMBoERIPu15Aw -/sJvr9WCulhQ2gW2lgz36julJ3PBGpeC6wNK1l7VUsWykQm5APYvd9V5KVNZtoPL -Mr2+Ijt+2NFNseCUlrHPx5mRUiKXppaQUMp1kHECgYEAnHCLqw36AfTZW9S7yaaD -lq0gSDRtOCbfHnD2JXOk13dOdS07ufYgSwp7VSj3YaHWiZsORtzb1XCU0K6Jq5Xv -QLletk+aFwJ9obl0b6yfolJv7zKQfiG6OOI7PLislS3/WLxIHkzMlAJRhd5Qjjac -srt6HnJPO0alZr6FKv2xn00CgYAXSWy8iI6kYwTlpOz8n3oLS/NRtqjmm3BWDeyi -wxEo13unexrlgeqMno0LNLtf0/OXa/rOM1BXIiBgYSu/Fvzz5U5N3y8vllnzzFZb -XG6PkG6R9iWm87KZN6q4zj2u+wWHQ2hacYPngxF1cF8pqxwvN6lDUk7+xFIJo+ah -t/fzAQKBgQDmrWrejfSE8H/kYFrLJCMRM6LTcIeKlqBoAFp6Y5hkn2FhNrW4QNdm -qZAfTXnfaXcxj3gpD4t/hh6o60/p00KYJhewewL/A7wnnli1xt2TgIIDwUHRTzYD -tJA5WQCwPBGQ3BdNog2kuLQv8YcTRVKMan0tSGhgDx7A6AR9lZeeKg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/minica-key.pem b/test/grpc-creds/minica-key.pem deleted file mode 100644 index b4d642b2d..000000000 --- a/test/grpc-creds/minica-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsxASAD9JV/1ZkEgFZHH+De5bxniQpVrDvDETHRg6AmqOl1hO -9nVQSNgPFcKjpyCgvBuqf/qawoKXQePzHcm+l+Imk6UrAN4Rk1pax55FyrxRA52r -hiwz3JXKOFd3pgReemDguIotRfNwLw66q7JxQ65eVQHwJ2MgiMPanw78vz6nRrpY -W4tPsdWNZ2r1qdA20OxHPTVCtDCxNgx/5y+Db7c2DMG88LqLjZE58IWIeeP0pFRZ -DAUxX9ggQLWT8+P0NkGomb7yWClUNsigmkrbYaG3J+VM/jw8XyXAEejGtbbs7KdL -AW7Y2QHCmR1GmxRUZpR5xP/ZFhOeZwd6Hpa4ZwIDAQABAoIBAQCgWYPFNOc5JGdQ -DS7HBE29q/YDhXQCn4UowcmcBFXuU/3dCfesPOHoWZMoqWRkBZPq39uPP5vXE5rg -JoFP65oB6UMidIZOAI88pW0l1VYqdvkVg9xWCr9mibzNN4at5Lu2W4rhtttUCOwt -N8NyfhlvwnY3KcUlgF9iGgFs7r7ngnRRpDjraPZfri0lfIg3Ri8yAJKRO4DWhcNJ -X+OQoMb+kvWi/rzmsThDt8QcZ3PX7BL6inF1p9XVFkeJFU2TuoUPa64L8HlR353R -ICQmNg4WUfDrsOxPqhMt6Yaoq4XhYxKL92tADd+o4xItUR3CoXeTYdJjAlCxHi3M -woF54lwBAoGBANTQKtdM9l1+YgxRq2O5Kezt+M4SZm9YcZ4QZJhfWa3HIbo5zsfu -+4eJ/LGAy084puGbNL8m70yj/3bRxTW+0BoHp1RFYpcxT/uG3tFkTeyftl2TxIpm -5G+wqXarGjkglWyzoaCjkpQIThb9v/7Zjp6Hhose2VxhPP9PkZp7X0ppAoGBANdm -im7Xt2p8b0K+dxC8qTETChD1bMH4nJ/IidZKHphiHpuxf8yklLnNfZtVBCIWG2L9 -RRjq1ni1O6SM9rCpvF0R6i71B76Gxm8WYMh7qqDQk2EgZ0kmLlSIiFdH4Q3x6o6I -0lYYGP1jQTtO/ya6RGjeYqKxgYz0AXqcsY3bLHJPAoGBALCh8tzuURF6g3DMHF/R -4N15CugnV4QVOYBDBOt/QJS+0dyafGlvjq+JtQWy64xebgyU4KvDah0HhVKee3vH -WzwvnA+S42iwEj2nTKspAJBkY1259wgUrIeTbqRDEanWxI8LbRxCh7d8SSxGAqRI -+FnWDLLNsQU+4/zYkvZQbd/5AoGAZchWcboNOYxDJs7JhGchq8bLYugV1DKeEAK6 -3z925Zq3y+o78X9zp7iqOdQad+DqYAQ9umB9p9w7qq3Rg/kwwOnONxIh7q3Q5n00 -joehQQxOF/8vzyjzi45YnqWgeu5tX5zXh0crx9A26seRWcN6v/MVuLsX9Hr4l++j -Ft0SS5ECgYAmkCkfEzId0YgwCZ6LnJC1K0IYb59iaACuUxGyEbIceR6hF/a2nNDg -IjF4dwdzQeeMaSEcjkF1fMPyoZRhulp+jkVPS5DdMLajJCGcKIfeZ1dhjQxNiR3K -EGW5GxZ3/MMB0vVIkWz1V1r9HxrcjA7zjLH7sww8yoYcD/hiaQrPaw== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/minica.pem b/test/grpc-creds/minica.pem deleted file mode 100644 index f57f06f97..000000000 --- a/test/grpc-creds/minica.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDCTCCAfGgAwIBAgIIO4ssrd6kNBYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMCAXDTE2MTEwNDIxMTY0OVoYDzIxMTYx -MTA0MjIxNjQ5WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAzYjhiMmMwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzEBIAP0lX/VmQSAVkcf4N7lvG -eJClWsO8MRMdGDoCao6XWE72dVBI2A8VwqOnIKC8G6p/+prCgpdB4/Mdyb6X4iaT -pSsA3hGTWlrHnkXKvFEDnauGLDPclco4V3emBF56YOC4ii1F83AvDrqrsnFDrl5V -AfAnYyCIw9qfDvy/PqdGulhbi0+x1Y1navWp0DbQ7Ec9NUK0MLE2DH/nL4NvtzYM -wbzwuouNkTnwhYh54/SkVFkMBTFf2CBAtZPz4/Q2QaiZvvJYKVQ2yKCaStthobcn -5Uz+PDxfJcAR6Ma1tuzsp0sBbtjZAcKZHUabFFRmlHnE/9kWE55nB3oelrhnAgMB -AAGjRTBDMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAFwZS -o7hfeK1sUKoXJeqrw6fIuwJsM0Hpa+j5VW+pJIA1J0Ntb1e0JI8StnE3hxYoQ30m -pZ9ZMRPov8AqU97l1aBbNYu9CwQsSMmFwJNuAQKw0PZ8U+dPgt2JE++z4349QDz0 -EWAAH8sFU1bXiAWHJLNpiLf+IKYyCETYwlFkWAUyZtWTbsmW+iJD8qZ44ehydGqZ -3e4NzpJUjN0IK8c1BpSjDqbjiTxhlJKXyAR3vAvhXa7V3SkHly5SFpggZi1KgumD -jVJRk88vTo95Tqsrer0ouyyFwst8ZPmUt/vqbwhU6Z3DgX9jYcS9ON5KVGbC1KO9 -JNrFIxoQe9I3x5w6kw== ------END CERTIFICATE----- diff --git a/test/grpc-creds/nonce.boulder/cert.pem b/test/grpc-creds/nonce.boulder/cert.pem deleted file mode 100644 index 29ac591b5..000000000 --- a/test/grpc-creds/nonce.boulder/cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMzCCAhugAwIBAgIIPsEnAENFCoowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowGDEWMBQGA1UEAxMNbm9uY2UuYm91bGRlcjCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAMPsPkNpldjDPoFwtVUqA7uQyfn1rEHOJrl68Fyo -U1O0z65T33vdblQWdNDbMN8DtuR2Zpcs+M3n1cM+HzgZqo1tLlUryrVULBmtAjTQ -HyoBq8RGx9rPmiU7yZzaFwpCRvu7dfK5QtoXxA70NlGdY9ffoEb5xqPUgY7WefmU -uaI86Mb4SJYTVD7P7IfePLws+aFgBh2GljlcOcdf1KOEGf8fDFsi+feQZVqsF4SN -u3l7z/XZ3d0k1bryuh0K4RBDci3oGPddX1Vzh4E0ZDjInOQ4jGY5t5shw/QGWQib -CdqNtvW8kBGCXRy7J5o37pFmuPQD2mKqJRDKimt9sMNvKR0CAwEAAaN5MHcwDgYD -VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV -HRMBAf8EAjAAMDgGA1UdEQQxMC+CDW5vbmNlLmJvdWxkZXKCDm5vbmNlMS5ib3Vs -ZGVygg5ub25jZTIuYm91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAeaZuUfBfq5QP -hrbMmh2VtecgdgfhLEYuXuwD2G/hCX3yH1lpOu22CrBOmGoQblyeLR5FsRB41vZV -iybAVN2hfXKl6Yrh017bMwJUSlncQsUQVXDCIQ07HgdNgyc1orARtH6OGZfypNMY -bDBgitlgS4F3TSjA1W/dj7b7nJIAkbgrfCIGn11t0xBTI7FHpdDp1UHZTVEUEnJ8 -btlqJREF52L9Z+MVw9I0LeaUHx8uuBbeKERfR+9/BV2eov2MAZMpeCCLWDhk/6gk -n6RR/5u/nWwNcepVtlS+XmddgmQgP1eAR07AyUvLisuO5leRa7aLJdUUpyJ0eFre -geYixYjT/w== ------END CERTIFICATE----- diff --git a/test/grpc-creds/nonce.boulder/key.pem b/test/grpc-creds/nonce.boulder/key.pem deleted file mode 100644 index 1f35b588d..000000000 --- a/test/grpc-creds/nonce.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAw+w+Q2mV2MM+gXC1VSoDu5DJ+fWsQc4muXrwXKhTU7TPrlPf -e91uVBZ00Nsw3wO25HZmlyz4zefVwz4fOBmqjW0uVSvKtVQsGa0CNNAfKgGrxEbH -2s+aJTvJnNoXCkJG+7t18rlC2hfEDvQ2UZ1j19+gRvnGo9SBjtZ5+ZS5ojzoxvhI -lhNUPs/sh948vCz5oWAGHYaWOVw5x1/Uo4QZ/x8MWyL595BlWqwXhI27eXvP9dnd -3STVuvK6HQrhEENyLegY911fVXOHgTRkOMic5DiMZjm3myHD9AZZCJsJ2o229byQ -EYJdHLsnmjfukWa49APaYqolEMqKa32ww28pHQIDAQABAoIBAFUWTlwciNVgxc6V -UkswOfrFgNIrnanei/bVq3myKK4bwm4lQtOacQXX0te5udnA1TcXLKrO/yb9Xlqy -qgBFNUrCdfLLV/e0HIryFhk1obMukphlXPpsWrd85axXEtaDviwpV6oYRy5MT/tm -mAiN4ASqvALXCyuvaKzN/J8lthD8vFpjy8jzqY0JR/5Ee6ODUbd0/pceYEcXWafD -WgRYyjF+Lv4oXesp4jwlOMUwIuQhuGO3ybPBE8OxtXQ/wRw9IjypQXJq5smEfMUO -CAJqjRlrga5pcnrWKy2R61DamAZCNYmtzhy1EdS66+/fJIKDgAEldQRT1vbaoAqR -4l39GYkCgYEA4hwMCvjOSHtATfS9Kw13FogVGyyuMfn2pbMvIa7SHzZ63b/a0yGH -5aWKACoOW/1SGAYH/59vwwnF5AEpaYcCDgVXaU6gTQin3XZyCk12Aq/1DusgPj3T -1fjdFmfTE8CHt480VecL8eihvS1GBkt89nekniomVUATZtTv2cb9bScCgYEA3dKf -ewDzf20d65t0KR89jF4KMXlohilYgwPv7EoG/YP5bVSuYcWccejo/HlywxZN6FBh -8kjoSq9BTCJq9jtltOBhWz18UZArpoCY5S9scFOF2/ouULBjqPpgtkoqVa/ebIWt -RKqx3gKtUH8WBo0vX0DVZyBP5vX0wswNwBr56hsCgYEAsjqfd4qVt+aHUqum7SfJ -BlawJGJ80OIS/JwYe7l84aOlB+RyDdixcWCiPezosrQkoNEoPuOjSh8LAOW1ifwk -r36gX17d1rsK7vOtgtd6PTYLuf22xbkgoNpxE3c1l608jYFxJIFiFgZkb2UffFjG -oNTASvg4jRxb7sPMaGKFYyMCgYAGsCsO0mCFHw0f5XgDJWX9rXgxNa/pG6YHjT7W -qQS88BW9Lihz2jl1VchwlFjZePqwXnwVig0280HMwdznv7K5WWqWDayJ6Qbn5ki1 -4FAsstf+YfSzih33IlV4KZRNMRhLvVwUDfF++CWxn6NSXz9mZ9YHXfoKxK+0j+J6 -QFX4sQKBgAD1ceQgk4DvQ//9Jl7JAWBxsGLYUhyWZMTEPllIGNa70eHw+zp8c4yu -E7VH23hgIx+0WgUgnDSK1gPvrVigdhUN8tBsK9VQPrS2mEsLzAFpqfhW/rEqCJw0 -wooS8SJ+LDbpVSz16EdgXOf3U1a89+8fOedsHf56n+1T6wC9R6K1 ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ocsp-responder.boulder/cert.pem b/test/grpc-creds/ocsp-responder.boulder/cert.pem deleted file mode 100644 index 12d03f219..000000000 --- a/test/grpc-creds/ocsp-responder.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIIGbRbbhhHh30wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owITEfMB0GA1UEAxMWb2NzcC1yZXNwb25kZXIuYm91bGRlcjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOb+um4aNDDnoph8IGZ1S0kPcM7 -hhKZP0XGDFherOL7ZqE3c7z9FItnjXZPcH4RnwzhcmvpohSj3N3csdZrjHVmMDcQ -XgMHtWTNfISXZGzZpkUOHJ6z8RbHkmL1usX3qbSC6yhyZUgEn2PRGAeVXr8t7nwZ -jQDHS5fxxzoINsHX3p+0PKHV/ssusxC24FAgWCsK5gIoRG3Ga+mwg4SsUUMt48dY -7pzMhXzIjdPOLsQUvtU38/5iNj7Mcx78lNih38u2I74d3aKXiqEf8YkCLoiMT16e -3kep0PNgUKKyE8d9rnZtf5GbgMLfWt2k2Dv6Rjsvj6a2+rfgTUoNDs439gUCAwEA -AaNiMGAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMBAf8EAjAAMCEGA1UdEQQaMBiCFm9jc3AtcmVzcG9uZGVyLmJv -dWxkZXIwDQYJKoZIhvcNAQELBQADggEBADsewkGsg9vJuY/XnuMJyD4Y6BZ3/gba -rfmHcVe0ZGGPhTfNYNZ3RfAZKyn1HxAIt2uBCqnK58e3G+RDxBg97Gqst8+IFU0y -wGXZzVoTTSIFElUq56SD6G11+b77zMFRcP4+RjBxXPz/Qn5BdHePC8BhMK6+psMZ -1SK9n36u6SahJ+ceggO2hrLqQ+SY1sv5TNBZdH7oK6Vm7NrpnnuKzSilil2I0TU9 -PGLlBOLAJqwzZ1biizRkY+1N7x4RbLKoAKMOYksUdfLSdWW9EZdATYT3RKlQVbym -Y0Y1Vn14vF/R5ArJ3GJoC0TBOrMTEp9Z7RYQSqVJ6muAX2wZZ2hvFoo= ------END CERTIFICATE----- diff --git a/test/grpc-creds/ocsp-responder.boulder/key.pem b/test/grpc-creds/ocsp-responder.boulder/key.pem deleted file mode 100644 index 68c035e75..000000000 --- a/test/grpc-creds/ocsp-responder.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAs5v66bho0MOeimHwgZnVLSQ9wzuGEpk/RcYMWF6s4vtmoTdz -vP0Ui2eNdk9wfhGfDOFya+miFKPc3dyx1muMdWYwNxBeAwe1ZM18hJdkbNmmRQ4c -nrPxFseSYvW6xfeptILrKHJlSASfY9EYB5Vevy3ufBmNAMdLl/HHOgg2wdfen7Q8 -odX+yy6zELbgUCBYKwrmAihEbcZr6bCDhKxRQy3jx1junMyFfMiN084uxBS+1Tfz -/mI2PsxzHvyU2KHfy7Yjvh3dopeKoR/xiQIuiIxPXp7eR6nQ82BQorITx32udm1/ -kZuAwt9a3aTYO/pGOy+Pprb6t+BNSg0Ozjf2BQIDAQABAoIBAEvhklg7+Mx6WPjN -9/ZJL68qqI1bEIG7DOhFi+Gp3hDndayW6ObnZU6gKTvaxAP/HdsrRFQjGL7vm9h/ -7QJR3b2btrMMzysojpJP3lOGQn9aVMzH8X97NlgRaN82Qfpxb9k7lm44JmIO0egx -5p0NlkHe/eqgQNobWOyQ0ULLRZcPDyxXhebvwb/uXy9ihdr/AsFTEO+d2nnKzTfw -1rNDVVDTbPFkGAhM3lBQoXR+vRnz8Vw9iyCJtslejcV3XKi1+VPEM1JaKekUoMTr -DLwkwnwSSdVU1Bo851iYZM0uo8HqyKPzaksoiDg81AdRs/DhPVXMVhX+iFH67POT -TCSxegECgYEA4YU1c5mHoe9uIj6DqmCG9/kot/I/aSep8gih3Cf5pTRom1rIz6Ov -RtI+VfhOlUJLTpEd+BtYBcPMqm2UXgtZS4wegsgNwdjoG0W5n1YoXviZyiOLYsGv -M/DcBmsLnEbPV98Ns6HjtRzsuIsQXDm3Bbm61b1Xjg4uKnlCRgPfvNECgYEAy+JK -1vPWwGvD1BPw40OBuiK9i5sNhlzrE0LvAifd3Q81JEia+yHmFANiVWWX2Jgwcatx -kRifBHEJxwdPMYyvmKubaNVkih3fkgiFcijs6C+GLZVUCuFRqGyDkwX8jkeEmOCj -WEPdyIjVAf9jVxNNGylFksLw7uoEZbIX70DcovUCgYB3dHHdq6M2WXbC2M4xPzP+ -wZGZ7c08y++u7ned/+ayZVJLiAj6Qz+iidbO/tnRIe51zVRMiV9UnmQYmjaOogBI -jg3TRFhVJ6m6WHJ8PczgkVoUwkMgqms9XgWNuMHLo45Mgy/kyImu84VIMxEVaNTT -SY/3i3WHH2fAw74hDAhFIQKBgBSZ0vIRRVvAB9OACFEOWydRp1FZ4232KZKSqs/O -824IwVffNjm13Sech+0VDNjH1+1EY39Du52ZRmGj7W6WRo/olxVqqnQCPLrmvYUh -eX6kfqxQcGOBDN01yb2rVy+RLma8HAUpJlnC6bL/+SutOZdK/kqsA+hAIR2ddymn -piOZAoGAC9UHq0CtvI1FSGpPahJl/vcSPHzq6zkRL8dQtZiOs5I66F+wPg/Tqdx8 -RbTqjTq358gW63fq0smh7AR2yd1YykxppWdbjnkQGwRtl21AdR256F3CMSUQ0jNP -GaiXP00l7Z1+2qK73Wtnf2wBr0EMNOLOBY/oHuVRHhisU4TYwzQ= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ocsp-updater.boulder/cert.pem b/test/grpc-creds/ocsp-updater.boulder/cert.pem deleted file mode 100644 index 0b3c6149e..000000000 --- a/test/grpc-creds/ocsp-updater.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDITCCAgmgAwIBAgIIFteoADe2xfkwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owHzEdMBsGA1UEAxMUb2NzcC11cGRhdGVyLmJvdWxkZXIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMkzkF6Rg6d70oTgMiomXHl8tI/82S -Kg2mwyZHcEwhYhPVoBl+5PzCcqiwj+4bMSjYGlC8wcF6S6TmCu+KNvZCTMYZDhAL -eDnHJpsZw7QYyf7e9K8KwVBoEPU/5/8LU/J56PfUWEfvFKumdyZu6EjxEQwemIMu -Ary0e0p2QDqS0OUUPFlJ20xw0zqPWt36VZhW139N799GZub8xwmYqbZUiBoLYpj3 -1tfFn9DwO/PwbIpMdvf/KyIFUQzXsH4mo14GlkS5yW/s8asLQ7TdO2hSqHveDbK6 -j6E9/3nsNaMeIrDK0wZmQl66/Zq4VqnMG9R1BSlrLNVBC42+5kcGnWiDAgMBAAGj -YDBeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwDAYDVR0TAQH/BAIwADAfBgNVHREEGDAWghRvY3NwLXVwZGF0ZXIuYm91bGRl -cjANBgkqhkiG9w0BAQsFAAOCAQEAYkxNTb2ffBCOOtu3KVI2cbs32mVYWq0lA/iV -4yPaRQt/sVqiKMK4DlzJS+UWhrc2NAmBgB/eZ+oDnMUAUyFi0vgWzVDU3Hs+8BuT -6EdtEGMOJrxWk/qi3BOoBcJGKyDeHiOG+SfACwuyVDkPDzERYUk2lbJdco0PT3kZ -sSL9ZvC2sPwImoCponXlg7h0kBpE+Lr569BNX/Jlyhl7nAFyMoxyKzGmQjSpFAc9 -KiBe0R6XndotW5AkZ54rB3D6f0q1olKBf57FiECUxGHuH3Njc/ZeSGx2HUvp7+83 -kuJjDQgXecYroYZgmaaWciaGDYkWdXaSZdbO92ZiLfNqOJtcPg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ocsp-updater.boulder/key.pem b/test/grpc-creds/ocsp-updater.boulder/key.pem deleted file mode 100644 index 2c5e9f002..000000000 --- a/test/grpc-creds/ocsp-updater.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzJM5BekYOne9KE4DIqJlx5fLSP/NkioNpsMmR3BMIWIT1aAZ -fuT8wnKosI/uGzEo2BpQvMHBekuk5grvijb2QkzGGQ4QC3g5xyabGcO0GMn+3vSv -CsFQaBD1P+f/C1Pyeej31FhH7xSrpncmbuhI8REMHpiDLgK8tHtKdkA6ktDlFDxZ -SdtMcNM6j1rd+lWYVtd/Te/fRmbm/McJmKm2VIgaC2KY99bXxZ/Q8Dvz8GyKTHb3 -/ysiBVEM17B+JqNeBpZEuclv7PGrC0O03TtoUqh73g2yuo+hPf957DWjHiKwytMG -ZkJeuv2auFapzBvUdQUpayzVQQuNvuZHBp1ogwIDAQABAoIBAH2+hI9gflb54JgU -k5LHVV5ArGBbc6VDGg8F5tKEcRcX7O8jMGiyIbb3uT6FyaqHJf7m9fd/9QfR1TLd -R+2h6O5JuH4QCcazCHij/zPv+hQ+nN24cptexaihu82jMT5qRCGxFBw+g0CuaO+y -Tzpepu8eNl/cCM3QOuOI4PUcd6RjjsolFMUkdn24b3X3BKO8BBk+2hf5V6/qpJVj -g3+mu0qoObWiK6at6UW1YzNv/2woblmaziEy1MwjbiTmIkdRQRIpT1N4JEq//qWv -kBYg0dESJBkr50LZMPedNwy9ZscnHi2HiHoZ/+TUgVCncbYeyY8J3qy/o3J6uRJs -PVD8S4kCgYEA26xCn7HTe+HKU06H5OSVQKlTntjXFUlDaM29dKpd7qFNL8ULTm/g -qsClai01n5Pcr3l6qavznxbhRMDXQ/XAzwphMUd/EYk5zx1ncFfYHW4ql7Ae49dK -xbayh5AIebo9lOtDOvu/Xkp/I6XG/xz8iHxvTSEPB4yUCGUVJ8mHbcUCgYEA7mfO -AluN8+rAS74uOJyLPAgehkSPhbiq2H63XgqUsRlgsyouvOJ1zExVrEy8tRJRI9mE -fwEvrpwZbXOcfBb/XqvqVM2VgX7VVMwySnioyQWNCmjLDu3XRB1XhGyvFk8R9exZ -kSfH4k4PU8nPbKyj/5QG4v16oV13H5YxseEzaacCgYEAzFPzeJUwkJdZ2Zk/QAH6 -bjXSCPvLPAp0gCR25/CcBJ3WrOtMc/4ObOVaN2Or8C3Z5QJKvU2rAryGdqwkzxrk -5+/QrcTCBe6tbd/82ftrkxxo08VHRkh4TWV9tCieKZO5Oi6Gz3Ng8nS6w86sRZmR -r+aGpKhuUWhKPXDAd8y1gr0CgYEAutRwllpnaVJ7th/pGwZa+wWl3jUWgIXSpWzQ -iIskMZGgvWd+TxntlNfxf+B3NjOPkNeixOEKG/1K1AJ5DKn9IJT7Q9AErQHXbufD -NadPJpIKELFFCIMNYtzXu/hsUcBPY/j/zAhv1YK08kXCHvlAYEcCCpr4okKb2w4a -DbtdThsCgYB7YJFyUK4bB4CsHvOl0oi92qFblk1E34dGpVnkaUgz5z4UMjnyAAeG -Um3Z2YI+oYpZJeZiYBG9/PB9S5MzndsCZP+hijv3R59x+wi/AeXe6tYXb/sSLWxD -Xf1U8QAP+TOQmxEC00ZlRD38LswpD+/htVyDhsBp+9Gko6axCeZnIA== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/publisher.boulder/cert.pem b/test/grpc-creds/publisher.boulder/cert.pem deleted file mode 100644 index ff976141d..000000000 --- a/test/grpc-creds/publisher.boulder/cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDRTCCAi2gAwIBAgIIL/764uMwhtQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHDEaMBgGA1UEAxMRcHVibGlzaGVyLmJvdWxkZXIwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwACKJtGWmsibDlKUT1FcYkJSFIiq7gg+W -GLvLOzWzO2mFkdwqzECrOu61LVp1HaFT0hgbrsenKKg8mV0jdRDj9Lx3xZUB/F/3 -fIy6Jh3zxat2iFwJNGsd4m24lmqhaAt/n0PFAZlX7SToDAOW3ONUM+IZYWzwIWsL -RqYOji8rWq2WGgbz5pX0pj4OtiU/44ktWgnBgnCHSkcrQ+Eu/LRSmFaN4vyHog7q -+VMaX1U/bXKjl/k8kNPXZxLGgTDxe0pCZZVFwWCw176i3fDupx9n+ZwaVekf9iVy -Os5crCEZItHZRnw5+9HTPV0ojN8JEOoPcNve2kuXJZL1Yn+opEi/AgMBAAGjgYYw -gYMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMEQGA1UdEQQ9MDuCEXB1Ymxpc2hlci5ib3VsZGVyghJw -dWJsaXNoZXIxLmJvdWxkZXKCEnB1Ymxpc2hlcjIuYm91bGRlcjANBgkqhkiG9w0B -AQsFAAOCAQEAqzM2NTtZPB461lbNXKkBotr48P0Q9kzT1oBi99hD+PIHh8yiO/Le -s6Ak2IRz9IsEfZ8Bc7A23V0apQTSa1vCMEZ5HtoBw6uF5oFqdTy2DGktItMKEo/9 -2Jj9AD9W1qDUSzDBpt7tW3DBEcGrCtGN2HLitYaWKuPJUMdm97s5fPN2qvI73+j4 -NzF49DNB56+tpcKa2J6C8MpJSJB/mBuYMuTBi0liAqOzAEMmZPHcz7qNElFSO/w8 -oz6qGWZU7xCRVmAGyRjV70hfhQ2sCdR7aVKQzYasDn2D9/8S5DulswZSdpxpGFaQ -gnunuoIri1tQw9fby0jbNt8IGyBkeOYnbg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/publisher.boulder/key.pem b/test/grpc-creds/publisher.boulder/key.pem deleted file mode 100644 index 7fe377f49..000000000 --- a/test/grpc-creds/publisher.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsAAiibRlprImw5SlE9RXGJCUhSIqu4IPlhi7yzs1sztphZHc -KsxAqzrutS1adR2hU9IYG67HpyioPJldI3UQ4/S8d8WVAfxf93yMuiYd88Wrdohc -CTRrHeJtuJZqoWgLf59DxQGZV+0k6AwDltzjVDPiGWFs8CFrC0amDo4vK1qtlhoG -8+aV9KY+DrYlP+OJLVoJwYJwh0pHK0PhLvy0UphWjeL8h6IO6vlTGl9VP21yo5f5 -PJDT12cSxoEw8XtKQmWVRcFgsNe+ot3w7qcfZ/mcGlXpH/YlcjrOXKwhGSLR2UZ8 -OfvR0z1dKIzfCRDqD3Db3tpLlyWS9WJ/qKRIvwIDAQABAoIBACzS6/jsQ9NPngXD -rsM9Gi18bQb3K7Dzr+qHRBS/cK7EG9zTyCHyQSoa6T6lXVtkf3jskg1C10BgX3CH -kqv8HaAg7XsHjCqkTwCl7OVf3dL+7etTUTVa70j+KPmQ/Xk8GWmYc1cSUC6PjA25 -OZTLju4cBKJ4KJmDuVJ23MXqOmMs2YKL9fBctxzKYv74Df7WBmaRKGf/RXN5mjCv -QQpqNtegpWf8TpgmVn3KbWVot8IuXpNNqQwEryWIQu1OoFWQtbunWRHjtrUgeOzs -prhvqk7IAvPHaYyrWjX2fYno0kNK68EYMkZ4/ZbN9xPG2mi1qB1zam9eGkLtzs8H -/fUnRykCgYEA5Zo68MIU1PNQK+BcA3LfYaFNBVN3GaXGu8wxN7c7YLfBhtNb+E04 -vAYkTK5qfMG2DDdbzroECYc1gaKcUTH+bgE+MWFTAJ2Gh/1jExPr+yKJl0QLvXJw -p3M8RNg+TG5VEn8SOZpl5U3Ugj70E+9dIIDGiVQSMd06RLzNtl0NZs0CgYEAxDxE -TrVvyQy5clenzV52YqYtdO3H5J6gL1N0nLZEcZ96meojxfc/w69GQoBqQKKOLSRQ -OObM+cO10OusWFg7+kuY+Cwy+pqzFPlp8HkSEFdBRiHp8+i19foyvRtcY6SDMM3t -WUwlHWe89+eO2gvCaCGTfIowyQzJhVTd5p5Y9bsCgYABzP3dWYhUSzw7u9y84i/C -UkOKYScz+kreujFAoJ1EmuxXpFy6S9DAGMQ8HboUFGjbG6wKqQbTFE5lH+Nd96hp -MHVOadb+0D1335LhWWymYZT2rL/y0mzzw0GbwJ5sdwkPxhNchEt8Sun5w4iih2QR -lzD3bsNdxMBqPZjXb09lmQKBgQDBdzlQ8Af5ixX56PmCu7Kzp2oBcbw1ZT4/6mN5 -bSklbDmPLQt/zTeMUW1PexNGDf1l+/srXkCPrae/Bdqwbq0TIxz473qDH6mW8B7F -+lcYzS2JWz4wPinHDJihYCxCAJtmrl9mPnAJAZGIRz7LMfTEfPXPPt7CGF1Fmln7 -V/oUqQKBgQCBjll5uxw/tb2xNp7udBQ9Zaa8+mD+mVRLFI0Dc96Xs1Xr6A7+PmmX -Znn+kKDYgDCwuq9Fj0bJg55ZJ8oyTsNVjnJBgfIV1Oirp5iZ1BrLeXlna3dh03l2 -vp9TIEnhxn3yjGFpV2nGeFtdmFHY3xHz1cmNe8r6NFrIwhMqhJzjhg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ra.boulder/cert.pem b/test/grpc-creds/ra.boulder/cert.pem deleted file mode 100644 index 9594c1550..000000000 --- a/test/grpc-creds/ra.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIfxNBlyjHA3wwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowFTETMBEGA1UEAxMKcmEuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKsTrhnhiHgTppDXNCI2AK9bktYEj3JlnJtnEtXknULI -y2mBjdiwI9n/olQjhK9pt6dTk9rdPjTt4eOYMJE1x7TiPgETp7umw+NFruG8jYD4 -i8sHt6JoKcT6x0AwWwvGtpbBO7ru2Z5HFjFZJwylQuUWt6fcc02qa0A3drjIbLnL -akcyAKc5IT1Hne24Xa6onwFFbjhUsO3iRn2HCbR1bwQljwwEIAI8a1bZjAEb/kTO -tEoNZIGX2DeZg7CBF3FQxXWHR5Wv+WVUVv79RkItRvnOr/MooSRg5PgiGvvC2Kdq -EvDBXB1Sww0T03OWMwL9ohHviqEF43bEAndllAquovUCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnJhLmJvdWxkZXKCC3JhMS5ib3VsZGVyggtyYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEALFHAoEfVZbolb1oWN5Rv/IeXbyxt -9oKIJOjL8+Qiu9Y1/AG493dkahnTIiu+GLQhrRm+arQnM6N1rB2kKefcl4YGaukT -pZG9BS2G+qJJT33XZo3O0wMB7pb6K0FzreLcb9NpG0z90xZ22t9+zLeG/i71f5cg -0c/YKjnA/gweVYnIeMeup5YVgwgY0sOTWGIPlqld8xPHZz2ru0/NETFHEBGqdzhZ -JODT441NtjVTmJo1bNun4GOUzZ+yAh1EThS/982qiFa9czTaUF8zLafAeiqjyPW2 -HDhJG53CG24q9YkFhfpCUkwTwcsW3pEfV7gfP890RK/JusZ1fCKOi1rsEA== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ra.boulder/key.pem b/test/grpc-creds/ra.boulder/key.pem deleted file mode 100644 index 30a8d2135..000000000 --- a/test/grpc-creds/ra.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqxOuGeGIeBOmkNc0IjYAr1uS1gSPcmWcm2cS1eSdQsjLaYGN -2LAj2f+iVCOEr2m3p1OT2t0+NO3h45gwkTXHtOI+AROnu6bD40Wu4byNgPiLywe3 -omgpxPrHQDBbC8a2lsE7uu7ZnkcWMVknDKVC5Ra3p9xzTaprQDd2uMhsuctqRzIA -pzkhPUed7bhdrqifAUVuOFSw7eJGfYcJtHVvBCWPDAQgAjxrVtmMARv+RM60Sg1k -gZfYN5mDsIEXcVDFdYdHla/5ZVRW/v1GQi1G+c6v8yihJGDk+CIa+8LYp2oS8MFc -HVLDDRPTc5YzAv2iEe+KoQXjdsQCd2WUCq6i9QIDAQABAoIBACgZH8ifLT5/1J3E -Y0rVf4manCsfvIOiv3dJTIfn4thhehQLsrSkbHLPUTwJazM2Qz6r/07gZpE/ZJ/U -7yVKBromAUR9V+ZK60Uc8yWj7ULafuGiuG8PnSK3aPZpnx1+gROKzTY+f7FylggR -Dm8PWUOa9Icay8fbdvIBTgl3qMxPOCgLyXNXNJHcKIPb71L1T5EL2H9Z5vHF9tFy -TnbpeK0GlmBHIeseVaFzruin3sqxjRftVEgTL5XhTq/9uY3EUutq8SGRoidbpp/+ -cr0I1IpFcrJVmJHKdfJkdRI2u3LtMKS3bpqJU7MKn1DRzvQatdSQwn/V8wU3iG8o -04dus60CgYEA3IBOLJRfMFgj6LbMSySoP8JIzVvnBHIMXGd7mzuYUlV2GjVO5oD2 -nh4Q3eGDT2TZ1GbaGGHLhpCXIx87oSXHZz+vw+sDh+WHEApLKZMRZLMxAbNcsPQL -fhcmaQVkfxaV78rrt8TYuLDIU//bOTwGJ48Maj92RT1z5hOOiBkdQe8CgYEAxp5p -Au9kiJFEIgHVtEN+1qHfnwZJI0xOkDfsd+a1J6PZLimHAfiYETAHfJq1cMC4Mt/G -4l/WDqwcWXI/9A/gN7NRv0miQ+tDyVHntohaGoU+0hm6QfXag6VloWs/X8mlzCeu -46AXAni4lbW9nNWwImEL1uSC/Oo5vB45OpHR/VsCgYAivfyTPZV58olF43dw54ey -9BOwd6iApM+Zx5xMKymm31xKaNfTrcIty6LwstWTrto7gzEd4lrFCwclO4iTrXYr -qHczMVZPFTUgq96H4Go/KZSxJeeW4fzlkxQ0O+tHsvFQ5PIa9GMJRqFpyshpzjFS -DlHwc6tY4YPfXnl4rCxV9QKBgAsrwbA+kqLzuKdI/yICYdHkjNU+30Iy+oA2BQDB -YxL1rjNgdo1v0+2zi9hAQ1AyJqoF2APHbByrJXUKbfpmIjA/z6s4kv3K76cVCjlD -9f1j3SKn+8fV8hJRbSPlCk1y4/ZVjQqUaHblH0ycSivWAPAOEUJm288pxVGFSaa3 -qN3dAoGBAIGSn1PSjIVqypCQBBydedS4WDjqwkLoL0bOOZRLxgk+dtfD2l8wKqWp -Helyqym23d58QPb0ZwMU3g/0pZXDqX+w+bnUvAvjfADmFNe6T1nWYiu9Mn5YHAyO -G5s2aHfB8aSIqQSRASlWgFEmftfpuapRGAmOyZr2JYZuaELkvPmP ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/rva.boulder/cert.pem b/test/grpc-creds/rva.boulder/cert.pem deleted file mode 100644 index f68dad1d4..000000000 --- a/test/grpc-creds/rva.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDKzCCAhOgAwIBAgIIN3GC8lNGBqYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFjEUMBIGA1UEAxMLcnZhLmJvdWxkZXIwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDYOJmNC27+V5L6ODXokt9dQiVCscVhjC2aHNvw/KEt -EfzUTkfOAkZR1FbRVcZtUci2CIxVTPHQBUPfZiz98LkMCR3YJBv7QZvdBiinEExo -Lzn4LP7vRNohDWl0QLw+aZH8Y5IUh7GITPLBDF62F/6DaCva+k26dmlYdmVMM3Q3 -LjPlwJI1Li9nqE0ZgOtzIHtx0hTHlW8rd8rx93QXVZDfk2TKCZBPJ0BAzW3jpPGz -39mdullWQMOEA5svr+pRBvsXHdwIzGFdZY3ixRCqOwDdOHIubo8wSWjMuX0JspSW -oIG5w6tZcF3szvgRUDKIEyQdXEwMK+k24VL1Rj/Ojsu9AgMBAAGjczBxMA4GA1Ud -DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T -AQH/BAIwADAyBgNVHREEKzApggtydmEuYm91bGRlcoIMcnZhMS5ib3VsZGVyggxy -dmEyLmJvdWxkZXIwDQYJKoZIhvcNAQELBQADggEBADLh+7f2NMNj5ZGXQYmsfSh2 -9wUxCVs84hzIDLn3f2wybRc3nYg92mTzJmihy1J1b3NKGKhosHcZA3dQ5/z6TLCZ -8WZvEw/9zfIw63pX9r18/jTnmKPoaSumnS99hilEGtbbpsvn9nAfEM0wMoMprygk -h5c7gOena+TxiClAnWNkv8YMEUT9nd/OvdMx/9o9yH2VxQ2Vh1/aP9gBOAUPpmP3 -jjuNBH3uD0rm4/WQTH4Ok4Q0okuGB7xH3lKns4LcnNuL5d9k0YWpQkamcS4AKn1G -bZ+uXinfsQneSMJI1CZ/OtZJB1fOKLK1ifd4dAVwuLJ9hlIHWfwuixm+bnnD38A= ------END CERTIFICATE----- diff --git a/test/grpc-creds/rva.boulder/key.pem b/test/grpc-creds/rva.boulder/key.pem deleted file mode 100644 index ed78588b4..000000000 --- a/test/grpc-creds/rva.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2DiZjQtu/leS+jg16JLfXUIlQrHFYYwtmhzb8PyhLRH81E5H -zgJGUdRW0VXGbVHItgiMVUzx0AVD32Ys/fC5DAkd2CQb+0Gb3QYopxBMaC85+Cz+ -70TaIQ1pdEC8PmmR/GOSFIexiEzywQxethf+g2gr2vpNunZpWHZlTDN0Ny4z5cCS -NS4vZ6hNGYDrcyB7cdIUx5VvK3fK8fd0F1WQ35NkygmQTydAQM1t46Txs9/ZnbpZ -VkDDhAObL6/qUQb7Fx3cCMxhXWWN4sUQqjsA3ThyLm6PMElozLl9CbKUlqCBucOr -WXBd7M74EVAyiBMkHVxMDCvpNuFS9UY/zo7LvQIDAQABAoIBAQC9PXRu9NXVN7KE -21ObVYi3J6BS6iI1ySlUW/PHzGQIfVjKPCUuUeFX1z+RAcCkh1Lit0KTmb9+cE1C -Jjw0mU5sEUKUnK38zyRqYuyLo4EsIkFbS45ovdsn2IQ2Yj4fZeiGfGMrIsQn5ikE -+x2dxAxW2IKhqjcDfoWfDiiEc/hAHcwK7WIez8pkY3sgyzhms5IzFBqAWX5DSaXV -t2I8A1kQbw6JdWr+jIVSLqRgB3ojvhewHLkbcPrBLt7/Zx3U9Xy56pw2j9VneqV9 -yaBpZTXhYk6VxNZM7bqP7EHHVJ1NSEgwBn8YDeMS0wyeEwoucYSdt8hz8DjWUHS7 -NUH+PsdFAoGBANqBg6P8bbuXTObRAdLsQ5BDGIqNIRUM25o8id9dnQZ40F27wr90 -n7kBNSTgnimaaMA0tx2ZBgdTE0Q/r/Y2LMhoi+JXUHXIJlHvXd2HiKyS3Y8URo7B -hW+svTTDy6yhf8SP50gCq8Url5ZxR+6HFDAouti34WapUctOQQDETs2/AoGBAP1S -t+cTSxADaCBE3vC+MBpL+GDJSIIR5klSOIvDAq59vMeB8WhXR7qGyUY8uxYeRoMH -a5WkvEa4nonsRclyMbLlhek10dy5UDCQPbSLJg1ebMHw3JH528SvUuP1F0v+jAMo -QEkVnGkDmaccYXkqmRT+uFGaS+huICgzgrVECz2DAoGANVlDy8j4/cEuHHjRSi83 -O8S1/DYC6sHN6DV5sBiKGydqMEiEfvw5dxENaaiR1TSG+M6mGsrexvEIljQ6gRGv -E2s7JBMPaQJqIL0hnNHXk9Lz11gq9fXX33E8bOKVGtv/dv1viYxlZemDxE56Mom2 -ax+2pu0WUltqxgmgI1DKsL8CgYEA3IWUuCCweGkuzOCHXvWBdHLr7n1qlGg2m19r -ACer/vBQVTEGUPmh5HuPXYhiqNeENG5SNnuotrvir1gyTDIPl5d84k5KuaXMa+o0 -/SUg5ARuEsq1iJIEwYyKUQ070Zjuk5UHmVepyDUtHi9znwH5LzCqjccPC3BKqBRn -VZq9WjcCgYBTWn1sTDlAX6ZaFKEQXiZqVLCrmkobLI4wICyuYtVWpnReQo3MHW4C -AE27gK+ttH6oQfVoG9jD7TQjJOcJJW7rqBTCFVF6yNZERxUkgLVJ5kFnQTcvisKT -hlq8X7g55lrx+MTMhpZ8B7tcoL9F29ZR8yHrfni6+ofGsmjnjlLg5A== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/sa.boulder/cert.pem b/test/grpc-creds/sa.boulder/cert.pem deleted file mode 100644 index 660f87dda..000000000 --- a/test/grpc-creds/sa.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIHd2y4LvorWYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKc2EuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANVOyR1/2onOWzBLOfgGSHVqsna8UkOpbc5iy5S6jsKT -yqcQdRag9SSVDhFjmUMlreX99OH1d5el4Q26JVb1duI0kWXdznyNN85LezpxHp5Q -TG2P7Z8RuyYvTJEqTYYkWnjGzojvUP+kSeFyjaSKNBwobem67sn9Os0yEx+2avYN -/4wcWMcKYkVVmaq0rkGhvmMShrdOdbzeWpS+ISKSX6KQBpXZj4eI3ePEH+uxLNX0 -Bcw+vocISZNWoNzVye+mq+fAANtyAEOnIIgnGUvB8j2z/DPJN7PZQRXQdU+JzFNb -xBjiP+RDBW1nTKcPN148z3tjdo/MsqB/yV+Tbx/mdbsCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnNhLmJvdWxkZXKCC3NhMS5ib3VsZGVyggtzYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAXT4c/CQmq7vGWzGJjxJPEUvvE241 -Bld6rX3ZuqB7opBuVi7dfNY1YjLy0zCwAAUyYwGoQQ5nNUkhJL8mkXmY+mqn1Ya9 -UgfzpY2KxE87fRflxyLiElgWQB5R2BHlV9cuvDS6e2TjUsoLKHkVWWWZnxUu0sNd -3L6dtg3AJbn83IVg8BY+xLLHjGazyfRBoLUAKeJNyT9JjlSZFUtG5a+mfG7V2SU0 -7A10quBMoa9cvLnbE0OnlGsDSpJQ2DjT6muoyxGKRK1r7/mMLQ25DLw0LHI5raUe -9jI23H7akLJQLjwDZ83IRcBeIGXk7lHz6PfSPjRoTaliVfGnedcdZYUJgg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/sa.boulder/key.pem b/test/grpc-creds/sa.boulder/key.pem deleted file mode 100644 index 3884fd9fe..000000000 --- a/test/grpc-creds/sa.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA1U7JHX/aic5bMEs5+AZIdWqydrxSQ6ltzmLLlLqOwpPKpxB1 -FqD1JJUOEWOZQyWt5f304fV3l6XhDbolVvV24jSRZd3OfI03zkt7OnEenlBMbY/t -nxG7Ji9MkSpNhiRaeMbOiO9Q/6RJ4XKNpIo0HCht6bruyf06zTITH7Zq9g3/jBxY -xwpiRVWZqrSuQaG+YxKGt051vN5alL4hIpJfopAGldmPh4jd48Qf67Es1fQFzD6+ -hwhJk1ag3NXJ76ar58AA23IAQ6cgiCcZS8HyPbP8M8k3s9lBFdB1T4nMU1vEGOI/ -5EMFbWdMpw83XjzPe2N2j8yyoH/JX5NvH+Z1uwIDAQABAoIBAGZKdd+TpHVZZBlw -ucfbG3xTQmn2PWz9Hw9OCVq1bCibPx+GoN/NKEH2yNxF6wVsWExm0LxbPpKWlapD -jgx5gh1QIDm9eHv6LLzdLacFAC3jTANudgFGO31ASXOD2dFuNYSdsgWw3iL54gQf -LxWswPiP2sWvQzvSGBS24rzeecSsabBneQzxbyxGzTUDTc+1z1J8zMEruAANpajs -BG5ub74LCpPuUYm+F+pbrQebrsLGjy6+SS8vEUYhfW2Gu91mCoWDWbZZRfRXZrS/ -juCd98YX38tscUVbZgXplTWzPQ2nzoP25vm1P5kB9EO/SQ1viC9twR8dnmmVKDa4 -sLx3z2ECgYEA7FNIG3JN+PVvdpG/UFV8Yrz6EbUQKuN7Fl/uP/Ti4sb2rBS29Nsx -WPJMOlIkraDvyO+yVF5wF4DBGE408vGJCFLOkpCLKTKHPJHLC/el6a1Ys1qpcPwG -8kpN+1CaKc6y0fwtgFJt2iWvD8QufXx9k+DTOTGEJuVUZ5bMk275Zy8CgYEA5xDw -UFK6bENfCdCnaCD3EPeuT0t8F3fz83I3Wa5MKKk0NnGvDhRhaS3pe/DdJtLVwl+l -7WN4CHSBG5wNCOAPLE0dv8zIkY4yiQ5jD3HqX+q14YCg3LJPRDHrXdFh2Kmy+tBB -lACDaL6qWO0DvuTFvHFtuv+9Twle6adnsHo3NzUCgYAFAycuXdhFhX8dtq2mGIoQ -1g0/vuVe44BC0zoMZTdCtBGbSL0wqE19o3X2brOUcytiyaKwo2ghN3vg9hetZ24O -nSMAfMxWzVmM8VKrKE9+i0ysUSny2YWUMftBb041wMqOJZkZdaYa0F3MKc8Knk9T -iZsxRVmWMZr+r3YbUmk7xQKBgEtkDHS4uVivlqe2K5jfAJ3Jolb+8wsZOUBaKNMa -+oBdzMpix1IZtjrCHycwTIfpTJNx78qHpNdlY+alQN9/c5PpyWYWI+7R7Y0oY4vb -iDQpeZSNCm9XwmMmwnvG4Fz36YzKPEtU64tWgnAnTQyQyi+U9s+Ht7W9AfnMhBlh -lvhtAoGAa3JjxWAwmx/hfqnIpUWYuFFXiCBrhofQf3O7rvEIAeXidFbpvlhOpCD2 -r7Iyi3xJ8F8DK7GfZUY9nv5xr43EAAtHXMh6e1UTRofvJZth8NwTAKzLlwWuwA9G -oxrhpo4NWZNtyiDkQyzexRS82h7kTEOleKQnEcsb71d4GQLxEog= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/va.boulder/cert.pem b/test/grpc-creds/va.boulder/cert.pem deleted file mode 100644 index 48196fb10..000000000 --- a/test/grpc-creds/va.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIWBOEDIXyek8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKdmEuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMX9cDpvSMyj/gwiWbj7NXWqjkKl4UMPkZrJWrTZQcV+ -f+2GKiopgraEQnwUES35I6pI+5BdMnJWUmsd7Q508C+sgEXeSbtLZIrH7iFEfEKJ -pUv7BGfyOmz8wZys4qJyeHQPngrTlbcr7R6gPAyxearVEF3O4hEfVVdCd6p0WDsK -THFp5AQRP8oYHc2YR9PDHGrtegD34lGq4DUhRqXK8/FN81VU7wrpf4bEnzm5t8tM -HrIbugBjIF1zOdO/s/mvSLiwrqE1ypd7wf4P0+aXIl54EQ5SBR34eKuoj52m9jPh -2euDlMzLDXe5xOpg29A2WgKTj3bQNB4yFWdRz27FjFsCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnZhLmJvdWxkZXKCC3ZhMS5ib3VsZGVyggt2YTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAVlz0sP8plCkJo1V2N3SfYAdQJmG5 -plFqcHhAbG+ifhVknkDQVz+1H76AH628r4K8nhy6TgdzftsgRA45evkTZbnyVEsV -20VTWiYeo11HVBHd58CAsYbCQjiSeEjCsPpV1cLXtOGcKvINYvU/8+HoNYQ7ALXq -2DYLNyVIrNz5iR8Q2n79Poyr4QG6qYuh1W+eWJ9v1o9OVjp3QBmvQOJ7rZ6n2M2v -5ugRmL6HsO4F+B1+SJwz9km6RPXqIz2JhnMg/NwcGp5fuQRL6Iw5Bah/BU+wEaRt -gMRiFD3IjV1CaiVWA2ceSyG0kr6U6jf238+ddDUU409RO8KQlWqpy+chIA== ------END CERTIFICATE----- diff --git a/test/grpc-creds/va.boulder/key.pem b/test/grpc-creds/va.boulder/key.pem deleted file mode 100644 index d6e71ec3c..000000000 --- a/test/grpc-creds/va.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxf1wOm9IzKP+DCJZuPs1daqOQqXhQw+RmslatNlBxX5/7YYq -KimCtoRCfBQRLfkjqkj7kF0yclZSax3tDnTwL6yARd5Ju0tkisfuIUR8QomlS/sE -Z/I6bPzBnKzionJ4dA+eCtOVtyvtHqA8DLF5qtUQXc7iER9VV0J3qnRYOwpMcWnk -BBE/yhgdzZhH08Mcau16APfiUargNSFGpcrz8U3zVVTvCul/hsSfObm3y0weshu6 -AGMgXXM507+z+a9IuLCuoTXKl3vB/g/T5pciXngRDlIFHfh4q6iPnab2M+HZ64OU -zMsNd7nE6mDb0DZaApOPdtA0HjIVZ1HPbsWMWwIDAQABAoIBAF3JyZEUyFKQWLbc -ys3Syic8LPmrZIME6/975KkIxZxNaUJWLMEeOtpE2s22H9E8VMXEns5rJ4t8ErzF -R1dy05hxya3PN/QuKamIPeiqbYaDd7b/aL3ow/5+2SRjzVQQj7jC8SXFxwUnHMNG -Okv1AmKHXaJibzqXMjEMvm0Tgfws9m8IEMHnRCGK5Z9kZ1PTgEgRfaENxs8mSNHU -BMzaQU34p+t/daHYy21qby5g5OwlC9clFrYj4asaUnhJr7Lt1ZhMxn15UIhJTXx0 -fWigk7/LhgAgc5QWJZ50FXW0HL7lxieUup6/c4KPXcKKyDT42e/1tRozIsiSWeKO -PDiUunkCgYEA4fRed6Asd3vRG7nSOPiZ8tYjQJsrratCKrIhYPVhsY6iLh7DMRDm -G0puKzIL2v3g5lu3zK4VoZ50OFZCu5wtH3ZhENCCnhR9vKB0/vzu5eH0Ct0gBSff -dFWlO+Znw/HLxc9nQ4ejvjsLqwYKAQJUoqOlvNQ1g51r5KLkUDo5fVUCgYEA4FEj -Z5/NJhtO22aSjiQS/N/bI7KbUNG90TWcgHpEUMXjaFxh/OZopKCxnfzX2WFFhOBK -VRSI2iEiCevA70GqTIBxOJWJKPPh9hzEFoi/ytG0MPnNdSibePr0Lf3etH8ztu8r -nMA+DvEwJ+k7pQiRlNzKxKRu1CDph4zKUzSjYu8CgYEA0N02xZWGBRyq+toV/Ruw -Eszm4T2Oboa0Lwth12J738ldGQzOmXhpfCidFci5NMEhN07o44a38CGshLcYEJwZ -CdA/gW98jeubHtWj0GC15EGteK1Wf+2PnNXeWzRsDrBgEIXbiozDS4EBFCIM9UnW -OlDTT21J2lOV/E6mhZKMudECgYEAuZopI0qT4h3iR6M9TCMJGvbWSVk1Lc/9sScc -0SlZcUPrf6RA55J1rxHPJRvaNWFItkMm/fK5sVKM6YyJ3O2GTTpRdDI2hQ4WPx9a -GBMaLmUJJSTsHS52RcnPVGakaNB/J7QJb++Y6aAi6kMPOOQ4IOX3WHF9ykNZNvEF -T4dUUT0CgYBeCD16H6sfNL1VbrXPKUhHUszL1QZF7FH5Zs14UvbELg4hVF0kAl2c -+fN3X6oN1aAhZrZLm35daRVayK1pZJeezT093L2RvtJPNJq0B5uWCyBZKDGu9zcK -1ynpx333QpxY+HuV0WNwrIei9jaE0VjyHjo1YZO9Dn38+9n5SPxIQg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/wfe.boulder/cert.pem b/test/grpc-creds/wfe.boulder/cert.pem deleted file mode 100644 index 2d354ed2c..000000000 --- a/test/grpc-creds/wfe.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDjCCAfagAwIBAgIHUOfHgEZrxzANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQD -ExVtaW5pY2Egcm9vdCBjYSAzYjhiMmMwHhcNMjIxMDAzMTgzMjQ0WhcNMjQxMTAy -MTgzMjQ0WjAWMRQwEgYDVQQDEwt3ZmUuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBALoS6N2oOw2vkkE5Dw9lSF6LA75ejXOP7EZ8xf59I7Tf -/u887GL82NpwYHbtds8c2yn7Yb+tH3OPHt0SRYQfEx1mANrD1XLYwZGTCpqbXuGH -k+u+InfwbbViA1qwCVh3XMQWn2JS2PqYqMHmWC2qWW/ktgidAN5KvxvmS9CIfFY6 -F9tCLdxmA1Fi8pOm6G73EgC6CvpttQWsk27JApTt5YJhc2Qi1D/B9Ak87+DU+tsT -NP8ALknPbEQYNK52CF88O7ANooYuEMwSwIa8qo+iJqU73qKAe3SMLXce3H91qu6O -1i3vdW5+VgUuKNcU/lIXuP7o9fjdiOohtgTRoNoU+l8CAwEAAaNXMFUwDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMBYGA1UdEQQPMA2CC3dmZS5ib3VsZGVyMA0GCSqGSIb3DQEBCwUAA4IB -AQB7zLro1glDeLh7rh/DJ7obOcpoyIFYmv95I8eEiW1EyRoOp6AwbZucJI22Rrw2 -PU+Hto3DB1qbhUAZx4ZdUafvKT5FonBGJYF3gS6nX1kZ0Z/2Vk71x+z7wyNgrhiz -VS4uT862XEQTi3R4J8G7IAINVm+keQX1y210ERBJ+AQg88nAxKT/wusSyulwnLEU -k0JHa0jZ1Fg6fhUdutK79RTNQAF28sR3eBeK/+aIR4t1kSG9sCHHejwc1YWvHLOY -jjGBB4xRM0qCHXvmNc7cHlNECkbcipXfNwaOOGv7b+thfON1hNfaTsbLJL4EK+F9 -1QajfT6206hjLKBRChftWZ/M ------END CERTIFICATE----- diff --git a/test/grpc-creds/wfe.boulder/key.pem b/test/grpc-creds/wfe.boulder/key.pem deleted file mode 100644 index 647d1f03c..000000000 --- a/test/grpc-creds/wfe.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuhLo3ag7Da+SQTkPD2VIXosDvl6Nc4/sRnzF/n0jtN/+7zzs -YvzY2nBgdu12zxzbKfthv60fc48e3RJFhB8THWYA2sPVctjBkZMKmpte4YeT674i -d/BttWIDWrAJWHdcxBafYlLY+pioweZYLapZb+S2CJ0A3kq/G+ZL0Ih8VjoX20It -3GYDUWLyk6bobvcSALoK+m21BayTbskClO3lgmFzZCLUP8H0CTzv4NT62xM0/wAu -Sc9sRBg0rnYIXzw7sA2ihi4QzBLAhryqj6ImpTveooB7dIwtdx7cf3Wq7o7WLe91 -bn5WBS4o1xT+Uhe4/uj1+N2I6iG2BNGg2hT6XwIDAQABAoIBAHjxM4RnBUMm+/QC -x0Qle71fs+Y3hM85G8TQ8swvwFafRQ9w1OCeIcERS9HhFNkXk2gdKXKxbwDoZJIi -fyaaIA16sFGA+iq0slQRc9H77NbADagrpDG7B0Pe2flG9DwZESWu4pfA66EuOnoV -YvkDgTBWQu8kRV02zjKvJFX9cHuGF6PQrz5L0y9BWK9aOSTRHuNNUkUAVkKxxGzU -NIk0WWYFPeRqoYNs0iuROmPCgB5A1uB3PeWIFnVxXedg/fl1Nu6YtVuiAdtjcP8j -oRi/BeFp0HR1qFDtc8GQ+mGhbALlRjdirgGjlVkm7wLJz9TxC+AUxUEGnoBELd14 -y+FQfmkCgYEA8eowwd1iX5f40ofR8I4aPmBwB0rtRkX5ruFeYSZQyA+pf60c05st -EHcbu98dBaTSaVFYWJBngLeUBTrGuPhfqQ/lF3xmfbr5CFcMJUgzBF/FWpdb/5Op -xmLJ1SRyGK48UgN2P/Ljo8DATrE/Nm1AqSxYmEKFyy6s473UkqEQnRMCgYEAxOhk -2Yf3JfTZMWFdNrkFn4Afk19KhFqZ/9n1sICSXakmzz5RuHb3EVPDc0i7L5SpWPkk -5yRc2BX/dOD3xjy1KHah+kim7R2OmJPC3HSDVD8O7nOdzirUnK5LCm3LuWjHVyFj -I3anl+8TeDarbQuIMKvf+FP09GXwSUSGyU0wkwUCgYA6bsz0JttaJ8UsZS4qosho -BLdKq6iAbuqOeVVote6RRGc2tcPewP6zmXGTgaLq+BLy6Xkje03k43LXiIjzqNrC -ZVp6v8up1v3MK+p9HuFjzxZGeYT5SNubVcVWvITqvTtIvBlV/P9LUIWi/GE+bklO -E64aqQbUOyP7pqCwAkOXDQKBgQCHlp8bS4zcDiYg4rKVJALDOi6EBHIDgX/ZtfSA -fYhMBlY7Duam5wRqYguMLuD2ep/CLI1EvL1R7pPhn6f+UX9NRaNz/OM1E81FMzpT -I8frEyDtAaAAf224FiyGGeTW31ekn9DscqAk9vOpK7wPcoltOm0XSni6chdr3EwU -AZsZIQKBgQDNkpWknCwijkvzhkLmY0K628GDDMSU04cf4IjovwS/Eh0mFwp5YlhV -pR/aqz1qkq9/gih9nC4ov4LwckDrVbH4UtHwfIQz5O0uAyqb/hePN+EyBRQOvRdF -zyhMYtd2zCdkd4ksXjSOLL94kzf2ObQO6zWBuPwUnKt3TuAUMJ7HxA== ------END RSA PRIVATE KEY----- diff --git a/test/helpers.py b/test/helpers.py index b0ad43146..3a7e38615 100644 --- a/test/helpers.py +++ b/test/helpers.py @@ -86,7 +86,7 @@ def ocsp_verify(cert_file, issuer_file, ocsp_response): '-issuer', issuer_file, '-cert', cert_file, '-verify_other', issuer_file, - '-CAfile', '/hierarchy/root-rsa.cert.pem', + '-CAfile', 'test/certs/webpki/root-rsa.cert.pem', '-respin', f.name], stderr=subprocess.STDOUT).decode() # OpenSSL doesn't always return non-zero when response verify fails, so we # also look for the string "Response Verify Failure" diff --git a/test/integration-test.py b/test/integration-test.py index 8b3d22c5d..af4aa3860 100644 --- a/test/integration-test.py +++ b/test/integration-test.py @@ -68,9 +68,6 @@ def main(): if not startservers.install(race_detection=race_detection): raise(Exception("failed to build")) - # Setup issuance hierarchy - startservers.setupHierarchy() - if not args.test_case_filter: now = datetime.datetime.utcnow() diff --git a/test/integration/akamai_purger_drain_queue_test.go b/test/integration/akamai_purger_drain_queue_test.go index 670e9d865..3c885cd1a 100644 --- a/test/integration/akamai_purger_drain_queue_test.go +++ b/test/integration/akamai_purger_drain_queue_test.go @@ -38,9 +38,9 @@ func setup() (*exec.Cmd, *bytes.Buffer, akamaipb.AkamaiPurgerClient, error) { } tlsConfig, err := (&cmd.TLSConfig{ - CACertFile: "test/grpc-creds/minica.pem", - CertFile: "test/grpc-creds/ra.boulder/cert.pem", - KeyFile: "test/grpc-creds/ra.boulder/key.pem", + CACertFile: "test/certs/ipki/minica.pem", + CertFile: "test/certs/ipki/ra.boulder/cert.pem", + KeyFile: "test/certs/ipki/ra.boulder/key.pem", }).Load(metrics.NoopRegisterer) if err != nil { sigterm() diff --git a/test/integration/testdata/akamai-purger-queue-drain-config.json b/test/integration/testdata/akamai-purger-queue-drain-config.json index dea150980..0a09d857e 100644 --- a/test/integration/testdata/akamai-purger-queue-drain-config.json +++ b/test/integration/testdata/akamai-purger-queue-drain-config.json @@ -13,9 +13,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9199", diff --git a/test/integration/testdata/nonce-client.json b/test/integration/testdata/nonce-client.json index 9a4a92a5d..90e84706b 100644 --- a/test/integration/testdata/nonce-client.json +++ b/test/integration/testdata/nonce-client.json @@ -1,9 +1,9 @@ { "notwfe": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "getNonceService": { "dnsAuthority": "consul.service.consul", diff --git a/test/integration/testdata/srv-resolver-config.json b/test/integration/testdata/srv-resolver-config.json index 1de1b4b3d..fa312514d 100644 --- a/test/integration/testdata/srv-resolver-config.json +++ b/test/integration/testdata/srv-resolver-config.json @@ -1,9 +1,9 @@ { "webFooEnd": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "caseOne": { "dnsAuthority": "consul.service.consul", diff --git a/test/startservers.py b/test/startservers.py index fcfdc9423..1516e0557 100644 --- a/test/startservers.py +++ b/test/startservers.py @@ -42,7 +42,7 @@ SERVICES = ( None), Service('aia-test-srv', 4502, None, None, - ('./bin/aia-test-srv', '--addr', ':4502', '--hierarchy', '/hierarchy'), None), + ('./bin/aia-test-srv', '--addr', ':4502', '--hierarchy', 'test/certs/webpki/'), None), Service('ct-test-srv', 4600, None, None, ('./bin/ct-test-srv', '--config', 'test/ct-test-srv/ct-test-srv.json'), None), @@ -168,17 +168,6 @@ processes = [] # to run the load-generator). challSrvProcess = None -def setupHierarchy(): - """Set up the issuance hierarchy. Must have called install() before this.""" - e = os.environ.copy() - e.setdefault("GOBIN", "%s/bin" % os.getcwd()) - try: - subprocess.check_output(["go", "run", "test/cert-ceremonies/generate.go"], env=e) - except subprocess.CalledProcessError as e: - print(e.output) - raise - - def install(race_detection): # Pass empty BUILD_TIME and BUILD_ID flags to avoid constantly invalidating the # build cache with new BUILD_TIMEs, or invalidating it on merges with a new @@ -282,8 +271,8 @@ def startChallSrv(): '-defaultIPv6', '', '--dns01', ':8053,:8054', '--doh', ':8343,:8443', - '--doh-cert', 'test/grpc-creds/10.77.77.77/cert.pem', - '--doh-cert-key', 'test/grpc-creds/10.77.77.77/key.pem', + '--doh-cert', 'test/certs/ipki/10.77.77.77/cert.pem', + '--doh-cert-key', 'test/certs/ipki/10.77.77.77/key.pem', '--management', ':8055', '--http01', '10.77.77.77:80', '-https01', '10.77.77.77:443', diff --git a/test/test-ee.key b/test/test-ee.key deleted file mode 100644 index 51ffc2f6a..000000000 --- a/test/test-ee.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA7osPikqizKCDMB1EvJ66sJB8a0Cah2odQzBuRV6joENKvi/A -vRJqSSEBqq8mBWRd1EcYkxrUuoXPBaQIBeFt5+NlzbMrO4R/LaOfubJWvppVMyml -aTgc5vfI/psECyd9v6Cw29dvjnK553vTIevJeukn4ASbJT43zQeWspjQL0fJzOnd -SJgruJtRmZNr/kHVAG34/acc7U/Z03q58MGsm5gfuMIztCi+4s5sZWeo+Yd69yji -WnMIMuO3ggbznnEkzMl4K8QDhnolAoCjDBCOdBDMvyydjOSgtrGqUr8agN0Uel9u -XgOYlg3RqPw5VHpbLu6sEoUqEBXdDRjsNiIHyQIDAQABAoIBADP6CQDREngT4YHy -Xq/axkMCuJmGEiW/cXDadKyY2n5pKzgVn6GTCaW1k29liptSKz+93hTvm7qovVs1 -Sqo9XH1ShzQy/hCR5kRDiuIjgdM2PapQQMKUf3e0Ng+EJ3VmvXerw92jK6OWS/us -d2zEu7oUY6PkXQnYbMA4DxYLRhGG3zijCkqCT4NDUn1p+pg+XycSY1P5h77/dK9R -Vg6nnPaotCFyEGaTFydwCyI+apyFBcsjytncfFhB9qTUho+9XwRHFQhKt2sq05m4 -FhynoT/iK9I0G2AynufybD5UcrB6JfgNKpsQ85zNb59DBtGo+J7Vnz6F2RWBxBpR -I3lR8yECgYEA9l9iZ1nE4TMtsbYiBPEAKz1VGnWqZvpKB8W6zxq9sqAKAhIDWNOD -vsC7/7qogvKeEpeUiALtRxBR6/c/sjgHqV14DeozyxCgNBv7q1Mqpyhkojr6aJpv -hyXg0EQ86gteNEZ2Ye/w6uEN2ozW8ezo8rK83xiwFrT9sA8EeO0QzmMCgYEA991a -qXaz2LD57VIUwTix04rZlEU2As/BoZnCsHcdcJ6pmhleTVApIO4rVT+6wkyegJuk -mFcap2DXzW2bmIV2jjFlU5t9lNvsm3xTD7s7tGQitLE6/6l+cCTMeWE/e2DBvHPR -ewAmx9louVszp7JvhVDFRKe00FHdWISnotscwuMCgYA2uk2Do79GPzYhSdIYwuhE -sqUa8ZRet66GN3gd1VTaPw66EwJHUwTq9KlOT0prfDV878sAw5WtuYRZJF0z25po -Fuk6PhIvQ4wyxxyKnDjXVPO1zeAeKGAp51IfMWlOnCPa/OQDMWeU5VVMfQiqSPQe -JXIrJLLI+H96Anv92Lto/QKBgQCh4S1/FAltclgoSL1JXG+3Sy3DCli2CV3a3wMq -IQFXNihqfjr6n2ndGe+vI4ojr8qtD/m1jN3ZhwQqJHXEbRX61APrUNf5ypCDE/Vj -htL9g5CvFjkEFHyBXWc1tu+w8oZVQAcGIBkz2KfutsPLuFvhY9kSd709eNnpH+ok -EJp+JQKBgDQIODOnkv0j2K+Obr/9rKs5LyTCFhlDq7dDjeQv5CRnoQtYq0yzgbcw -EHv0uhAvHmX+2PJnZf3CAjv3kIbQ8JAAJw6AHUnCCcZZKpJy9VIB5jErDS5zXmxT -8W6q22bI/f7hrOo6LzLxIBfafMFhTtUq7YnW/aQWDFitSygyemrd ------END RSA PRIVATE KEY----- diff --git a/test/test-ee.pem b/test/test-ee.pem deleted file mode 100644 index 37f0509a3..000000000 --- a/test/test-ee.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDLTCCAhWgAwIBAgIIT2/BuP/jeiMwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UE -AwwUaDJwcHkgaDJja2VyIGZha2UgQ0EwHhcNMjEwMTE0MDE1NjU5WhcNMjMwMjEz -MDE1NjU5WjAVMRMwEQYDVQQDEwpleGFtcGxlLmVlMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA7osPikqizKCDMB1EvJ66sJB8a0Cah2odQzBuRV6joENK -vi/AvRJqSSEBqq8mBWRd1EcYkxrUuoXPBaQIBeFt5+NlzbMrO4R/LaOfubJWvppV -MymlaTgc5vfI/psECyd9v6Cw29dvjnK553vTIevJeukn4ASbJT43zQeWspjQL0fJ -zOndSJgruJtRmZNr/kHVAG34/acc7U/Z03q58MGsm5gfuMIztCi+4s5sZWeo+Yd6 -9yjiWnMIMuO3ggbznnEkzMl4K8QDhnolAoCjDBCOdBDMvyydjOSgtrGqUr8agN0U -el9uXgOYlg3RqPw5VHpbLu6sEoUqEBXdDRjsNiIHyQIDAQABo3cwdTAOBgNVHQ8B -Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB -/wQCMAAwHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwFQYDVR0RBA4w -DIIKZXhhbXBsZS5lZTANBgkqhkiG9w0BAQsFAAOCAQEAgA/UhJlg3x8jpyIMDVC3 -7Y0WKrOZjXQpkmsN2kmdh7sLE2EktmPdcyFXDiQ88jRht8OfFTm+k2CkeZdxregm -vJcKixWbAlk02Ezt0tAgICbLdw0BVlCVKOnLaFpPEyKZX+2PqQ1L5h1qpTKNTPf7 -up5RpayFC7IUd8UeYCxzKCfBSVyZ/6Lw/H8vaQAdUWcsUOG4xAquhvGkw5WyeLAg -HuxQPlNvc9XnJMtGwHZmre4g1D4asN+vBIyfofVyBUe4js5sJ07Awgm3xOTs/f62 -IY0QSlAMv1cma8D2JYxn1Fw+KG97HA5mVl7As5HwtxiMlUfXs8KtKvTj1d7Y66X8 -oA== ------END CERTIFICATE----- diff --git a/test/test-example.key b/test/test-example.key deleted file mode 100644 index 5cef3c804..000000000 --- a/test/test-example.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCe8pK/MXIjOmb2 -WJ1VkjxhT/q0Ms6X9juUZNvWotnlJfWduNTtY+xQeMs4ZK/+GVrH2BLIYNz+J8Ph -3HqYoZ0Vrjs8VtKZY1oy//Rqipfp35ZT9PM4RZpCM4AueEv6JK0NNWCG8qOa3zap -7PAjm1wWOCkZ5fphZYTo1gxIsQUc8kBlEHGSDJXG1raprAuZ2znOXbEhruK2djXW -c1avE6SdP7NgsI3uygfQQVyjaJXcy+1DvRS06zxtBE8jTLH7L9knefaorGoWHG1g -Q88jmkPMBultDII5R2MDxtJgyiOWriRqZ/Tr4X1Fxvwo15w7wVxoZdgswpHiX5yu -RtvPdv6mmWY0I3I4exlyHhDZLuRic9DMT/IZFLPqvptIyWy5HChadHFmyc4tn+0t -Sfk87v4bDrDuqcu9La3CPNP7lP+U+b5u2AmWjbvc+2tclzJf2rlhVT9DsYKgK2U3 -s/0Ar0Eyp7MZpUTSPNiddJ62PngLubwMYIQ6YHTM5JSyXoHP+isGOH8bPmP+HMHn -Q5XT0MX+qsbaxKclk+2jnS66fJOhrbcqwPAn/hJe9UFczc5evKMr65oxptwCc7qS -Z89wHaRiItcDqJW5zONG9lNc1zcNkf1Qnq3ePon2YECjJ2/+B98W9EOq/8RaCb7d -OBWeiXpdCGODGMT7ZljDZlnjwf8zQwIDAQABAoICACfBdILt0yaMjQRA1dl5YjDU -2FgJ/TJ1HCHZuELPKMDv5ac1e8yEma7nB61rQbnEjbg+izQjRiMrvwrXIrLaeXfa -xGYrMTG8b+shqficAbM1gVwugEcq4ZJ9XypAXICMe9w55ZLbTaCHBB0sbkP5r+a+ -1UjtBNsnkT7LivcDj8vVq9Wbb0ygaTX6rmVx6tToyGSdeph6LaqFlqG055GS0DGk -pTEh994qGho0vv8AQbugJhAzUuKNk+eQlFq37Cxvo1kEYHV/6mjtY04Yp8633w1B -DVGBN3EsMc/YAvbCmHQvylvy9IerNrIlOxzcEO/BRWO3VYKch/CfCYltn70cfkS4 -Rqnw2vAekc2dQ8CVIXJqD2Tc0QODGpqpDc9V7svVx2TrQ0JOI9C2mPL2S1952E+U -9qj+JO0iJoBzPz3uZGssKuQidbQn1Lz0pPBWLb2akfqKaXyrmjyKSqHYioFz4RTW -4BoZGcejDOScf2kRDwMNVsZ75pc8hxQoW89nIg6s9Ix8S84qZf/Ey3w+jcosgtiw -tmacE+zzJDsAesN6BpL5rV0dJFLNqkmLVubjhsvHWy7C8OpqVbuv6jSuxNUFOq7S -NzT5RadBsFiWyNE6X3pS4JJY6VqXH20d+LE/Kd1ea1OuO/WzIU5CTfa6mJ6/0AUW -BhKaBoRkMDNToi1ogbcBAoIBAQDTCC8HATATmUeMxjG2h9WuPXUoFkMofcEql3/e -R6N3PU5GWDIWTXMNOtmuuPV4TF5CvdCnexP6uZNH+s/7RuTLHN4rdEKXIKlanhTE -p/MyeyiskIkHFk/RxngwEhtgjTtU6tvfutZHR3ZXOtzE6npandv75+YCUrQHBGgK -g6ohObVwcDqZJR4CQlFv5zj+FNMYA7E5EwHgGjXinZ82DWtjK1176poi+rI05OAD -1WL7+w1AYXEbF6D2BTqjorlzDvRWzN/FuPsjFtXOhvt2JFob1fqS/a2GCM/LxPqn -q5ULxko9z6zyljFk9nF+nwg62nMB/ifEpB53lWb1A1EP9k7xAoIBAQDA0S3ZRenl -SMDCPxGHkofYKcio1DWPyUAikBXSj6FBKplx0AeTjD24pu7K4PxLOAZNqe9U7qhW -wSruWzahzkc5Z/aqbj5jKg6f5dDU8dCagZvKulzhycQZCiGK+JueX972ABLmFmd0 -zyC4oFunZ4WvLN9EDBnY+Xszhayb71B3kJcb4zxA+r/zV3avawBcy9NvizNAc2Ov -jz2tu6YiApK9/AQUJeoHnb8njc22JLkQYk7ssdv7Vdc4Zm89V4Io5tNrvhCjWize -p2yr1kAYePPkrfBSeImrerZs6V3pqroQ02z8LLc5rJNJAwBEp8rGVd+vg5UMhVa0 -uD/FlgaYz41zAoIBAQCkICdDEV9svrdw+uvLBFXhz5aAeN/+a9+B2pXuMFUn9Zwd -BZbe1Zl3Xp/STbNLvklJKwtOVmCxjQbI4n5C9V4XwfngXek0VIiiG3QXhm+UgUie -/UI1KtslUXBEIrD8JJtSbd5XYJ4qjZ+yM+tjkuFZ/JAMmMzAXcX59ylblA8LDDDa -o85PMRjntOBVYcVnhpauhKCevPOmcXwbJW+fwEwWsrFgIJOEROm4TZEUKi9zvksO -GTq4UWY0MNjsTzBgFe9eWrRmuHlJTwc2OrDzr04NfBwHmhgMuGm0FxzCrqWapLs0 -24GsobcEyM54JgNmkmMD18DiJKo1YxLR16SB/5RhAoIBAQCal9w7xOtIEzHBTBHA -8gIKlU211xbuprvOOlnUzaXLet02PEWmzh06bFUuwn5lzJB5OlOSdBryG8RRAT7n -Ml02sJ07flJ07WZ2Wys5YHwRNPN08kDAIyYfsVi9dKBItbMs51g/tBzUsbEZdjCm -IsEzdzW2+EDNDxHxeC6xg4mvo3UUPfe0XZcDAtA8yvyqah2m5CN+fEWjn6QjJD2K -LSf8PRAEG3XtD1QQ4Yfajsz2TuvaqKuocuWw6agstXm9U3yVePkcD5PEHNZrW8de -F7PsWG1DojM3Epcq8VyDmYe/L9TExxFMo4ofUtGnOiTBKl7C+SvKsymWkddHkwbN -BDPzAoIBAGizq8iKh3E1Hpkz4bXBfTHoYDSqIYH/yyl4ZOL9q/VRKptxmQiOnJbv -3zsHjm/NyKpRjuFh971+2Y7/QAUL3Z4IHDXIyfcUJt3SDK4ZSMf6r68KjiBGh7JM -w00bEhcNg47TVVFBrIbeDNplD/A1gaY9s9qQ8IF2G2CP4X6WfhXNMViL1z7uG6jx -SvWUNpqrykqWfFHqC+l06r00A8AAW70HGIsA0lpwbQbWm1qHx1/A26ppfce83CJI -mKh4XR7eHZ9vparNclHZ3cmB5QLUJcedeTLKx8xQstBcofrvFJzAHAXwopprbAKg -BwglSdDubVd9v6VVrjmSg6lqnbmBXY0= ------END PRIVATE KEY----- diff --git a/test/test-example.pem b/test/test-example.pem deleted file mode 100644 index 1d817daba..000000000 --- a/test/test-example.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFDDCCAvSgAwIBAgIJAMlbGcMCsKOdMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV -BAMMD3d3dy5leGFtcGxlLmNvbTAgFw0xODA1MTQxMzIzMzFaGA8yMTE4MDQyMDEz -MjMzMVowGjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAnvKSvzFyIzpm9lidVZI8YU/6tDLOl/Y7lGTb1qLZ -5SX1nbjU7WPsUHjLOGSv/hlax9gSyGDc/ifD4dx6mKGdFa47PFbSmWNaMv/0aoqX -6d+WU/TzOEWaQjOALnhL+iStDTVghvKjmt82qezwI5tcFjgpGeX6YWWE6NYMSLEF -HPJAZRBxkgyVxta2qawLmds5zl2xIa7itnY11nNWrxOknT+zYLCN7soH0EFco2iV -3MvtQ70UtOs8bQRPI0yx+y/ZJ3n2qKxqFhxtYEPPI5pDzAbpbQyCOUdjA8bSYMoj -lq4kamf06+F9Rcb8KNecO8FcaGXYLMKR4l+crkbbz3b+pplmNCNyOHsZch4Q2S7k -YnPQzE/yGRSz6r6bSMlsuRwoWnRxZsnOLZ/tLUn5PO7+Gw6w7qnLvS2twjzT+5T/ -lPm+btgJlo273PtrXJcyX9q5YVU/Q7GCoCtlN7P9AK9BMqezGaVE0jzYnXSetj54 -C7m8DGCEOmB0zOSUsl6Bz/orBjh/Gz5j/hzB50OV09DF/qrG2sSnJZPto50uunyT -oa23KsDwJ/4SXvVBXM3OXryjK+uaMabcAnO6kmfPcB2kYiLXA6iVuczjRvZTXNc3 -DZH9UJ6t3j6J9mBAoydv/gffFvRDqv/EWgm+3TgVnol6XQhjgxjE+2ZYw2ZZ48H/ -M0MCAwEAAaNTMFEwHQYDVR0OBBYEFFO1zLflE61aqAvRiN4PQu4FaKzdMB8GA1Ud -IwQYMBaAFFO1zLflE61aqAvRiN4PQu4FaKzdMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KoZIhvcNAQELBQADggIBAAsP13Ejo09QdJbrBa0qd3vmMXQJ84/LaR5vI7cWZ0W1 -fG7UJvivMpB3vhA2buTI2EGTqC2/uc8m0GD/UhW2zQvmPSt0BvbUjjWlQNd0hamw -IafJfbRT5eiYYgsHbYcU9wfjDs7fad5/29qJ5FdI96eefuJIjtrdq8sUXDg3q929 -cH6t3dxuxUMjRZXBXTTZw7WkMnc1zvd6/1RSYSixkccZUlTrOjox19tPmmkwVFKH -n7cnB9omZzRpAklYM7Tjx/tYxId3CL3lZzF9/yiVRotUIeTHTCyfY6oOS50Cf/8V -pxl+xRNs2YguwblJOtS3yxgdiwbRK0vUKkcUJs73qZexIKYAMJU1VxZRSIQuNDAq -/eL7lN+ZLzL3Q4vKjUaRZAS4qClwv6CFaBxUyK1gSFRU9OHYhW6mRYXpqGIN1GPb -YAZwVb4pxwCMmIgLXW7BF6ykmx4o6sZsBLdiuQNrzAEkKbr8jgy/uTbKg2MHyzKa -xcn0N74BiLhzYvnQAdZ7MKZmEI0PXUw/wou8SMSdCPGjXjKlB3zRzqZrgr7FofSc -zSDC4MurJv3XLOpAIpJjQs2aewFKYMHxynfO1aco3OfPc8fFYempfcJJqtG9RhQQ -tTetpbWjbW0YyNQUkYoxhG0qWpy8tVMX70SPNSZH5ASBOMxKGBpFmPwVk+em8ssd ------END CERTIFICATE----- diff --git a/test/test-root.der b/test/test-root.der deleted file mode 100644 index 8bdddbdec..000000000 Binary files a/test/test-root.der and /dev/null differ diff --git a/test/test-root.key b/test/test-root.key deleted file mode 100644 index 2946300aa..000000000 --- a/test/test-root.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD5Nu9qUddBg7oa -ElQlkjmYXaTj6dkMi+pbKuPD7aT35QBx6S4so+lJyW71oFG9SCDDdcUcBb3mpboO -/b7mC+KdSZOr1HLuRVNRgDHJm7XJ0e37AMROYUl95jr9+kEcciy4Ysi2qlQaavwP -otE4YSp8VjYH37Tw7tmz4W58NGAsdYS8tN2k+SvN4Mmz06jqDfyN9P1vj70CGz4W -+/Cqd4CRt5mAELY1YoH52sy40FM9sX9bVrxzMDMd46zqrLR0GVMc2Mvrb+j1xEo2 -Ip7cirAcl13TVXVotJSAht7Yes/0QLV2OdRdZHePHe6uxoq3s9MqwLnZQmRGqdqL -zQzNCPRbAgMBAAECggEBAPY6wPJbSkMA069OzLUSdLWGUJSfSESNOVA6YDAFbSlA -qd/idCzHBohQ7cDiVeCek0CL6+R0B90LgXmuXB8PPygIuk7b6XJiLKAp+QcpQcPW -FzwY1dxbYzFxeHfX+t0QMf88GvPf9pjje4g3ZmA+IKwYwemlrjEezRpdcbxmQ1+o -Cgm2jNieexTpn/sttNA9OccaCcxUPB4PZ3EnYa2rXCOEIb89L/bsr0R6Xw6Cwqbq -v/CrUdohGhgQS0UTa06OxRmFYwi7ARFg5NIQuqVfMLgrL3uF+aFkrIo3lQ/B06aO -UlEIv9xmaskMlRQeWwI3U0mvsD3ABUFjW6r7ZIrcKAECgYEA/qehThgYazhTp76p -dvztHCpqhocJdb7n5hM5psP3VXAn1/zyfTGJGs4LQTNLrJ7gfQ+1YxVVyfpHEHtq -BxHVoDuA8v342l9xP/NJL4HMagoUyhBlJ3EOIEIqtiiF3xlq8QQlRP1s9jVF3b06 -kPsV0Ck/I6U8I3v9U61vFrETwRsCgYEA+ofyxJAPKwgnZX8zPaML9lJiGmbbIrDn -yyPFgOntoIpAGEl+0aMklz3dMcnUCJEZmcAKmSvOL3naViKZNgK0+iNHSaiWE8ne -8IECP6KAMd1Dm0MzpxEmPahMeV+4U9GHSz+OxL5B/kj9FCq3oEodAm69IqSvAprR -WphwwCBiDcECgYAPLWp9vw3lhgvmWYS8JML1BMoojm/P5rrniYnMGK3rF64oP1ks -gQFM6a7eCfKerTFwArmq2CCu0w3dO53MIhH7ZNCAqwZj7YBQcW2ROUk3oLYwfN2q -hiBzZ74n8S5ZZ6hqCPc3r2sJGY+6cYbGEVDxgSPUOgrlioREsneGgLNOtQKBgBRV -Sk/HvWNpswDa1QbQn9zrDMlFxc1H/FgRXCs9USrxbYhLFr7e9c5MmBI9ZjcXx7Mh -0fpigsZ5pk3NWw/2IkgW6udAhoWuoah1YABYKP1jDuSgDKYnjyn76dEEAsrSu59Q -1j6Djomb1OZ5HRQmT7pt0G3qXcXhWNJ4gtYlCrBBAoGBAL+pAZQ4nDhb3KviCb9P -hlwgULkLwvlDycQEeRcZ6hW0jzvAABVL0v4fogCsIb+eCkVtCK9lfAFxEhoiSSqS -5mW0wdRU6RoRXE6WmWU/InjWEeNkw2NYKBdKOHWOO00GdYI2WhAOREAngLfa/wqf -r2J9yZi/JwN3TmIbPXEXK01A ------END PRIVATE KEY----- diff --git a/test/test-root.key.der b/test/test-root.key.der deleted file mode 100644 index 941dcb401..000000000 Binary files a/test/test-root.key.der and /dev/null differ diff --git a/test/test-root.pem b/test/test-root.pem deleted file mode 100644 index 2a5e4ab8f..000000000 --- a/test/test-root.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDGzCCAgOgAwIBAgIJAM0xz+I2Q811MA0GCSqGSIb3DQEBCwUAMCsxKTAnBgNV -BAMMIGNhY2tsaW5nIGNyeXB0b2dyYXBoZXIgZmFrZSBST09UMB4XDTE1MTAyMTIw -MTE1MloXDTIwMTAxOTIwMTE1MlowKzEpMCcGA1UEAwwgY2Fja2xpbmcgY3J5cHRv -Z3JhcGhlciBmYWtlIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQD5Nu9qUddBg7oaElQlkjmYXaTj6dkMi+pbKuPD7aT35QBx6S4so+lJyW71oFG9 -SCDDdcUcBb3mpboO/b7mC+KdSZOr1HLuRVNRgDHJm7XJ0e37AMROYUl95jr9+kEc -ciy4Ysi2qlQaavwPotE4YSp8VjYH37Tw7tmz4W58NGAsdYS8tN2k+SvN4Mmz06jq -DfyN9P1vj70CGz4W+/Cqd4CRt5mAELY1YoH52sy40FM9sX9bVrxzMDMd46zqrLR0 -GVMc2Mvrb+j1xEo2Ip7cirAcl13TVXVotJSAht7Yes/0QLV2OdRdZHePHe6uxoq3 -s9MqwLnZQmRGqdqLzQzNCPRbAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTppD/unqXm8tXXeWA8k6YuJI6XqjANBgkq -hkiG9w0BAQsFAAOCAQEAK7AgsNO9oGt2iu/bMyxidm4q9e2SdYB/8NNy8Xg3k8w4 -8E2R4e4Z+/RUN7pVekEeJTkb0TZF1TjflbujSRFKfbthyqvFpca32baQCtbp7j3X -fr4ycXHjuOOTSnhPjyzox5ovklUsnPFii67Vk5mqVWiTA0877xvGfoAu6YhVQ4PW -NIE3tj2mAtRLavM7ml7mnFLYCT947tDszbWvWwS4b+4+5aoEWiCT7hn2iYpVl1EN -vOb29hQBOARl2VN7a1y3cFUFDbNZt7RHay8i4KzxfMRHKS9+/UlrDEjrwj283QOH -2+P/EMzq52it8AuWGOBB1+2Zsei9EuknVlI4whQ0Zg== ------END CERTIFICATE----- diff --git a/test/test-root.pubkey.pem b/test/test-root.pubkey.pem deleted file mode 100644 index 9e535a731..000000000 --- a/test/test-root.pubkey.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+TbvalHXQYO6GhJUJZI5 -mF2k4+nZDIvqWyrjw+2k9+UAcekuLKPpSclu9aBRvUggw3XFHAW95qW6Dv2+5gvi -nUmTq9Ry7kVTUYAxyZu1ydHt+wDETmFJfeY6/fpBHHIsuGLItqpUGmr8D6LROGEq -fFY2B9+08O7Zs+FufDRgLHWEvLTdpPkrzeDJs9Oo6g38jfT9b4+9Ahs+FvvwqneA -kbeZgBC2NWKB+drMuNBTPbF/W1a8czAzHeOs6qy0dBlTHNjL62/o9cRKNiKe3Iqw -HJdd01V1aLSUgIbe2HrP9EC1djnUXWR3jx3ursaKt7PTKsC52UJkRqnai80MzQj0 -WwIDAQAB ------END PUBLIC KEY----- diff --git a/test/test-root2.key b/test/test-root2.key deleted file mode 100644 index 99f4d2092..000000000 --- a/test/test-root2.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC9x/+2MZam+0f9 -lwLLEMAMPwFCf491hrLXWMRClgFp4rWgZ0pnuytSYhljwzkFS0YS/CZL/m/6P9Qp -bZjxJbKbAI85oJiyMOB96CDXyFV3Wx9Xi28clgIGE5EfPNPQjQy/H7ZmyQsRoOyv -qqbMzssvrnGPDW2GrcVQ0AVuyA1xTwg3gxTKKXkiCsN+XFMtyeWJT9JcJ6wXuzjf -tQT2SYZVlSETrJdSYGX/DYfxQFh0Vv8d/AVX245bqaHIEjl5gSsUcz3cDdlEp8vm -iU2i4e7ILWhijfwEvxH2bYFXbqZQw9sBxBYgcbekSK0UjqxWeHA+mGGq5joJdtDi -SSho5l6tAgMBAAECggEBAKlhYzy9LXSDOVGAAiIzJPTJFtq+9s8yFVRWCXRUZZaX -nPs4tRO33YZ9v6NmjfHHqRcwrQ2OXWrApR8EjkhMGQh2i14nk6EWNoapMwbj6kPI -tERyUgz1ZYD+3bs/ktzDxuid6TH7pUFqm1R9vrl0p6w6yWef2G0nkr/5qZ+iNT02 -ft6FDcwsyTd7Ghus6Kw8MEi9AR6oTf0ECrB/LeA7pcMZnu7A4jLSxEM5KfxCDjqg -5N4IG0RXXfMjPy82mxhm/RQYiuGRrsN7ZM928bRZB5I5MrJdOnDNLiMglQTtZFIq -xkfCU3Dv6kJemDyNqsa+ghiBUbvPjkfQNBTwHx+WOBECgYEA2Hrc+6TgyjkR6V0L -rx39U2Cak09pjjNHwvj4vDyEeS54nVN92ZndzWRdHl7899J5KhgtaaFUWIBL3YIx -1SiDdw6GNn88Z6avku9oFf+T2NcRsPRHulmyhOERisCbWuKXuRvPSbBIsi+AQGyb -CJdA2sTlRrwnhPReXCAlUyJM34sCgYEA4G1hA/mGAMUicOKptpilG89UsFq6hms+ -VEBKmlglWMl9CZrk6UvOmLfU2yGAqE01R7asM7Q0rIYNEXvt5ZuB/p+BOihdnkV/ -vYfkugfZ8mOZN8GtMTP4Z9PxQmvjcqWwo2+/omPtB4wHLKfJK+CCWeeOeLGAQH2i -bTU+0//DAacCgYEAuVWW06p4+Sia+Ru74RTfyP4v2GZojGHC0l2tNhrpn4X1pVvR -pvZgOnPudQ4FrXX4Xd2NI54HRC2yxdWtLD0fMFKy/P05jdPbBQUKK6s/vKmEb+bz -cctRVwoJpqz3VHwiQUxZz1CpLEQWnRFeOaCk2acwU7rKar17+4tZ6S64ebkCgYEA -tyDpihnA+73glaaO/51dFO1AWMsf6vF1ob/4YCtPBj0bl4vaAHhIM5vFx6110190 -+3iW2XXRiXm1DjBG9hXHpGK5SyCHC9AAJULPI/GmKUCWVMXoMf8LUoXCFwX8SZ/k -G+jiwXqyfncHn6ul3vTKyNvHCLsmQPmDYYOSKeFIWX8CgYEAq6lUwM2vwkHc5Byi -u5wwP7Z5ySzWAycQRpe6c5xaQu4j//Ffk4OdS4YhiRSRgT4f0HvivMr/TfGQhmY3 -nqgvUFwkqpbuy8vqHe94Wk8zqepJ/60HHxbfZWAEJp8u5BtpS43xCrWaBLwZV6A4 -NzPaKLFwbLKWd3uZ4k/2Zqv1pcA= ------END PRIVATE KEY----- diff --git a/test/test-root2.pem b/test/test-root2.pem deleted file mode 100644 index 0f9a16661..000000000 --- a/test/test-root2.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIRAO/xiDmGzMbLK9FFkPi4RngwDQYJKoZIhvcNAQELBQAw -KzEpMCcGA1UEAxMgYzJja2xpbmcgY3J5cHRvZ3IycGhlciBmMmtlIFJPT1QwHhcN -MjAwMzIwMDUxMjQ4WhcNMjUwMzIwMDUxMjQ4WjArMSkwJwYDVQQDEyBjMmNrbGlu -ZyBjcnlwdG9ncjJwaGVyIGYya2UgUk9PVDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL3H/7Yxlqb7R/2XAssQwAw/AUJ/j3WGstdYxEKWAWnitaBnSme7 -K1JiGWPDOQVLRhL8Jkv+b/o/1CltmPElspsAjzmgmLIw4H3oINfIVXdbH1eLbxyW -AgYTkR8809CNDL8ftmbJCxGg7K+qpszOyy+ucY8NbYatxVDQBW7IDXFPCDeDFMop -eSIKw35cUy3J5YlP0lwnrBe7ON+1BPZJhlWVIROsl1JgZf8Nh/FAWHRW/x38BVfb -jlupocgSOXmBKxRzPdwN2USny+aJTaLh7sgtaGKN/AS/EfZtgVduplDD2wHEFiBx -t6RIrRSOrFZ4cD6YYarmOgl20OJJKGjmXq0CAwEAAaNCMEAwDgYDVR0PAQH/BAQD -AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKRrjKoDLPHlFsWK6KGp7Wn2 -IkX+MA0GCSqGSIb3DQEBCwUAA4IBAQBOIa4+jF7TwdK+IADJOCxk03HDpjWtzouB -iJvo36KB8fvpUmjpXIEP7sImREwDDxEAeCd4CFCdiRlU8PKTuA5ftjAVWLxgRglT -Nuo9+BozkWbwXY7RD6YjVqXTJCLA5XpvlhikCQNUAPq2IyilNykPOH7OxbHNqA1r -UkeAzYVP1+OlT+MDiaW91bjqSqmgJ6zrMUhVGQqEPf+zvWwHBcA3P9bAxzCs8BdZ -1lshzl4eWR6O2Yt2YIQ59Z2c4Y2YLZAZWA6lIWwyLrve/WGvmx2wK9aQGteuLG2j -hP5nvZQS4oCa4swVkwcEzh+rXAYSWn6+v95htYqzwwaP7NrTCy8F ------END CERTIFICATE----- diff --git a/test/v2_integration.py b/test/v2_integration.py index 095263c91..2889b3fcd 100644 --- a/test/v2_integration.py +++ b/test/v2_integration.py @@ -679,7 +679,7 @@ def test_revoke_by_account_unspecified(): reset_akamai_purges() client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") verify_akamai_purge() def test_revoke_by_account_with_reason(): @@ -693,7 +693,7 @@ def test_revoke_by_account_with_reason(): # Requesting revocation for keyCompromise should work, but not block the # key. client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() @@ -712,7 +712,7 @@ def test_revoke_by_authz(): # Even though we requested reason 1 ("keyCompromise"), the result should be # 5 ("cessationOfOperation") due to the authorization method. client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "cessationOfOperation") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "cessationOfOperation") verify_akamai_purge() @@ -755,7 +755,7 @@ def test_revoke_by_privkey(): # Even though we requested reason 0 ("unspecified"), the result should be # 1 ("keyCompromise") due to the authorization method. revoke_client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() @@ -797,7 +797,7 @@ def test_double_revocation(): # First revoke for any reason. sub_client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") verify_akamai_purge() # Re-revocation for anything other than keyCompromise should fail. @@ -812,7 +812,7 @@ def test_double_revocation(): # via the cert key to demonstrate said compromise. reset_akamai_purges() cert_client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() # A subsequent attempt should fail, because the cert is already revoked @@ -1229,7 +1229,7 @@ def test_auth_deactivation_v2(): def test_ocsp(): cert_file = temppath('test_ocsp.pem') chisel2.auth_and_issue([random_domain()], cert_output=cert_file.name) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "good") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "good") def test_ct_submission(): hostname = random_domain() @@ -1307,7 +1307,7 @@ def ocsp_exp_unauth_setup(): # isn't, we'll get an expired OCSP response. Just check that it exists; # don't do the full verification (which would fail). lastException = None - for issuer_file in glob.glob("/hierarchy/int-rsa-*.cert.pem"): + for issuer_file in glob.glob("test/certs/webpki/int-rsa-*.cert.pem"): try: check_ocsp_basic_oid(cert_file.name, issuer_file, "http://localhost:4002") global ocsp_exp_unauth_setup_data @@ -1326,7 +1326,7 @@ def test_ocsp_exp_unauth(): last_error = "" while tries < 5: try: - verify_ocsp(cert_file, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "XXX") + verify_ocsp(cert_file, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "XXX") raise(Exception("Unexpected return from verify_ocsp")) except subprocess.CalledProcessError as cpe: last_error = cpe.output @@ -1597,7 +1597,7 @@ def test_admin_revoker_cert(): "-reason", "keyCompromise"]) # Wait for OCSP response to indicate revocation took place - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() def test_admin_revoker_batched(): @@ -1622,7 +1622,7 @@ def test_admin_revoker_batched(): "-parallelism", "2"]) for cert_file in cert_files: - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "unspecified") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "unspecified") def test_sct_embedding(): order = chisel2.auth_and_issue([random_domain()]) @@ -1694,7 +1694,7 @@ def ocsp_resigning_setup(): client.revoke(josepy.ComparableX509(cert), 5) ocsp_response, reason = get_ocsp_response_and_reason( - cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002") + cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002") global ocsp_resigning_setup_data ocsp_resigning_setup_data = { 'cert_file': cert_file.name, @@ -1710,7 +1710,7 @@ def test_ocsp_resigning(): tries = 0 while tries < 5: resp, reason = get_ocsp_response_and_reason( - ocsp_resigning_setup_data['cert_file'], "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002") + ocsp_resigning_setup_data['cert_file'], "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002") if resp != ocsp_resigning_setup_data['response']: break tries += 1 diff --git a/tn.sh b/tn.sh index 6fdb3da70..f44939184 100755 --- a/tn.sh +++ b/tn.sh @@ -7,4 +7,10 @@ if type realpath >/dev/null 2>&1 ; then cd "$(realpath -- $(dirname -- "$0"))" fi +# Generate the test keys and certs necessary for the integration tests. +docker compose up bsetup + +# Use a predictable name for the container so we can grab the logs later +# for use when testing logs analysis tools. +docker rm boulder_tests exec docker compose -f docker-compose.yml -f docker-compose.next.yml run boulder ./test.sh "$@"