From 6ae6aa8e90551d6b62fce88eb2c3c92b05e4966a Mon Sep 17 00:00:00 2001 From: Aaron Gable Date: Wed, 15 May 2024 08:31:23 -0700 Subject: [PATCH] Dynamically generate grpc-creds at integration test startup (#7477) The summary here is: - Move test/cert-ceremonies to test/certs - Move .hierarchy (generated by the above) to test/certs/webpki - Remove our mapping of .hierarchy to /hierarchy inside docker - Move test/grpc-creds to test/certs/ipki - Unify the generation of both test/certs/webpki and test/certs/ipki into a single script at test/certs/generate.sh - Make that script the entrypoint of a new docker compose service - Have t.sh and tn.sh invoke that service to ensure keys and certs are created before tests run No production changes are necessary, the config changes here are just for testing purposes. Part of https://github.com/letsencrypt/boulder/issues/7476 --- .gitignore | 2 - ca/ca_test.go | 1 - ca/testdata/ca_cert.pem | 33 -------- ca/testdata/ca_key.pem | 51 ------------ ca/testdata/dupe_name.der.csr | Bin 664 -> 0 bytes ca/testdata/no_cn.der.csr | Bin 643 -> 0 bytes ca/testdata/no_san.der.csr | Bin 611 -> 0 bytes ca/testdata/testcsr.go | 44 +--------- cmd/boulder-wfe2/main_test.go | 77 ++++-------------- cmd/ceremony/cert_test.go | 6 +- cmd/ceremony/main_test.go | 2 +- cmd/config_test.go | 74 +++++++++++++---- cmd/ocsp-responder/testdata/test-ca.der.pem | 19 ----- cmd/ocsp-responder/testdata/test-ca.key | 28 ------- docker-compose.next.yml | 2 +- docker-compose.yml | 19 ++++- grpc/creds/creds_test.go | 43 +++++----- grpc/creds/testdata/example.com/cert.pem | 19 ----- grpc/creds/testdata/example.com/key.pem | 27 ------ issuance/issuer_test.go | 20 ++--- start.py | 3 - t.sh | 3 + test/PKI.md | 50 ------------ test/boulder-tools/Dockerfile | 1 + test/certs/.gitignore | 3 + test/certs/README.md | 71 ++++++++++++++++ test/certs/generate.sh | 60 ++++++++++++++ ...ntermediate-cert-ceremony-ecdsa-cross.yaml | 8 +- .../intermediate-cert-ceremony-ecdsa.yaml | 6 +- .../intermediate-cert-ceremony-rsa.yaml | 6 +- .../intermediate-key-ceremony-ecdsa.yaml | 4 +- .../intermediate-key-ceremony-rsa.yaml | 4 +- .../root-ceremony-ecdsa.yaml | 4 +- .../root-ceremony-rsa.yaml | 4 +- .../root-crl-ecdsa.yaml | 4 +- .../root-crl-rsa.yaml | 4 +- .../generate.go => certs/webpki.go} | 32 +++----- test/config-next/admin-revoker.json | 6 +- test/config-next/admin.json | 6 +- test/config-next/akamai-purger.json | 6 +- test/config-next/bad-key-revoker.json | 6 +- test/config-next/ca.json | 30 +++---- test/config-next/crl-storer.json | 18 ++-- test/config-next/crl-updater.json | 18 ++-- test/config-next/expiration-mailer.json | 6 +- test/config-next/health-checker.json | 6 +- test/config-next/nonce-a.json | 6 +- test/config-next/nonce-b.json | 6 +- test/config-next/ocsp-responder.json | 18 ++-- test/config-next/publisher.json | 22 ++--- test/config-next/ra.json | 18 ++-- test/config-next/remoteva-a.json | 6 +- test/config-next/remoteva-b.json | 6 +- test/config-next/sa.json | 6 +- test/config-next/va-remote-a.json | 6 +- test/config-next/va-remote-b.json | 6 +- test/config-next/va.json | 6 +- test/config-next/wfe2.json | 30 +++---- test/config/admin-revoker.json | 6 +- test/config/admin.json | 6 +- test/config/akamai-purger.json | 6 +- test/config/bad-key-revoker.json | 6 +- test/config/ca.json | 18 ++-- test/config/crl-storer.json | 12 +-- test/config/crl-updater.json | 12 +-- test/config/expiration-mailer.json | 6 +- test/config/health-checker.json | 6 +- test/config/nonce-a.json | 6 +- test/config/nonce-b.json | 6 +- test/config/ocsp-responder.json | 12 +-- test/config/publisher.json | 22 ++--- test/config/ra.json | 12 +-- test/config/remoteva-a.json | 6 +- test/config/remoteva-b.json | 6 +- test/config/sa.json | 6 +- test/config/va-remote-a.json | 6 +- test/config/va-remote-b.json | 6 +- test/config/va.json | 6 +- test/config/wfe2.json | 30 +++---- test/consul/config.hcl | 8 +- test/example-blocked-keys.yaml | 4 - test/grpc-creds/10.77.77.77/cert.pem | 19 ----- test/grpc-creds/10.77.77.77/key.pem | 27 ------ test/grpc-creds/README.txt | 1 - .../grpc-creds/admin-revoker.boulder/cert.pem | 19 ----- test/grpc-creds/admin-revoker.boulder/key.pem | 27 ------ .../grpc-creds/akamai-purger.boulder/cert.pem | 19 ----- test/grpc-creds/akamai-purger.boulder/key.pem | 27 ------ .../bad-key-revoker.boulder/cert.pem | 19 ----- .../bad-key-revoker.boulder/key.pem | 27 ------ test/grpc-creds/ca.boulder/cert.pem | 19 ----- test/grpc-creds/ca.boulder/key.pem | 27 ------ test/grpc-creds/consul.boulder/cert.pem | 19 ----- test/grpc-creds/consul.boulder/key.pem | 27 ------ test/grpc-creds/creds-test/cert.pem | 19 ----- test/grpc-creds/creds-test/key.pem | 27 ------ test/grpc-creds/crl-storer.boulder/cert.pem | 19 ----- test/grpc-creds/crl-storer.boulder/key.pem | 27 ------ test/grpc-creds/crl-updater.boulder/cert.pem | 19 ----- test/grpc-creds/crl-updater.boulder/key.pem | 27 ------ .../expiration-mailer.boulder/cert.pem | 19 ----- .../expiration-mailer.boulder/key.pem | 27 ------ test/grpc-creds/generate.sh | 30 ------- .../health-checker.boulder/cert.pem | 19 ----- .../grpc-creds/health-checker.boulder/key.pem | 27 ------ test/grpc-creds/minica-key.pem | 27 ------ test/grpc-creds/minica.pem | 19 ----- test/grpc-creds/nonce.boulder/cert.pem | 20 ----- test/grpc-creds/nonce.boulder/key.pem | 27 ------ .../ocsp-responder.boulder/cert.pem | 19 ----- .../grpc-creds/ocsp-responder.boulder/key.pem | 27 ------ test/grpc-creds/ocsp-updater.boulder/cert.pem | 19 ----- test/grpc-creds/ocsp-updater.boulder/key.pem | 27 ------ test/grpc-creds/publisher.boulder/cert.pem | 20 ----- test/grpc-creds/publisher.boulder/key.pem | 27 ------ test/grpc-creds/ra.boulder/cert.pem | 19 ----- test/grpc-creds/ra.boulder/key.pem | 27 ------ test/grpc-creds/rva.boulder/cert.pem | 19 ----- test/grpc-creds/rva.boulder/key.pem | 27 ------ test/grpc-creds/sa.boulder/cert.pem | 19 ----- test/grpc-creds/sa.boulder/key.pem | 27 ------ test/grpc-creds/va.boulder/cert.pem | 19 ----- test/grpc-creds/va.boulder/key.pem | 27 ------ test/grpc-creds/wfe.boulder/cert.pem | 19 ----- test/grpc-creds/wfe.boulder/key.pem | 27 ------ test/helpers.py | 2 +- test/integration-test.py | 3 - .../akamai_purger_drain_queue_test.go | 6 +- .../akamai-purger-queue-drain-config.json | 6 +- test/integration/testdata/nonce-client.json | 6 +- .../testdata/srv-resolver-config.json | 6 +- test/startservers.py | 17 +--- test/test-ee.key | 27 ------ test/test-ee.pem | 20 ----- test/test-example.key | 52 ------------ test/test-example.pem | 29 ------- test/test-root.der | Bin 799 -> 0 bytes test/test-root.key | 28 ------- test/test-root.key.der | Bin 1192 -> 0 bytes test/test-root.pem | 19 ----- test/test-root.pubkey.pem | 9 -- test/test-root2.key | 28 ------- test/test-root2.pem | 19 ----- test/v2_integration.py | 26 +++--- tn.sh | 6 ++ 145 files changed, 561 insertions(+), 1933 deletions(-) delete mode 100644 ca/testdata/ca_cert.pem delete mode 100644 ca/testdata/ca_key.pem delete mode 100644 ca/testdata/dupe_name.der.csr delete mode 100644 ca/testdata/no_cn.der.csr delete mode 100644 ca/testdata/no_san.der.csr delete mode 100644 cmd/ocsp-responder/testdata/test-ca.der.pem delete mode 100644 cmd/ocsp-responder/testdata/test-ca.key delete mode 100644 grpc/creds/testdata/example.com/cert.pem delete mode 100644 grpc/creds/testdata/example.com/key.pem delete mode 100644 test/PKI.md create mode 100644 test/certs/.gitignore create mode 100644 test/certs/README.md create mode 100755 test/certs/generate.sh rename test/{cert-ceremonies => certs}/intermediate-cert-ceremony-ecdsa-cross.yaml (76%) rename test/{cert-ceremonies => certs}/intermediate-cert-ceremony-ecdsa.yaml (75%) rename test/{cert-ceremonies => certs}/intermediate-cert-ceremony-rsa.yaml (75%) rename test/{cert-ceremonies => certs}/intermediate-key-ceremony-ecdsa.yaml (61%) rename test/{cert-ceremonies => certs}/intermediate-key-ceremony-rsa.yaml (61%) rename test/{cert-ceremonies => certs}/root-ceremony-ecdsa.yaml (83%) rename test/{cert-ceremonies => certs}/root-ceremony-rsa.yaml (83%) rename test/{cert-ceremonies => certs}/root-crl-ecdsa.yaml (69%) rename test/{cert-ceremonies => certs}/root-crl-rsa.yaml (70%) rename test/{cert-ceremonies/generate.go => certs/webpki.go} (79%) delete mode 100644 test/grpc-creds/10.77.77.77/cert.pem delete mode 100644 test/grpc-creds/10.77.77.77/key.pem delete mode 100644 test/grpc-creds/README.txt delete mode 100644 test/grpc-creds/admin-revoker.boulder/cert.pem delete mode 100644 test/grpc-creds/admin-revoker.boulder/key.pem delete mode 100644 test/grpc-creds/akamai-purger.boulder/cert.pem delete mode 100644 test/grpc-creds/akamai-purger.boulder/key.pem delete mode 100644 test/grpc-creds/bad-key-revoker.boulder/cert.pem delete mode 100644 test/grpc-creds/bad-key-revoker.boulder/key.pem delete mode 100644 test/grpc-creds/ca.boulder/cert.pem delete mode 100644 test/grpc-creds/ca.boulder/key.pem delete mode 100644 test/grpc-creds/consul.boulder/cert.pem delete mode 100644 test/grpc-creds/consul.boulder/key.pem delete mode 100644 test/grpc-creds/creds-test/cert.pem delete mode 100644 test/grpc-creds/creds-test/key.pem delete mode 100644 test/grpc-creds/crl-storer.boulder/cert.pem delete mode 100644 test/grpc-creds/crl-storer.boulder/key.pem delete mode 100644 test/grpc-creds/crl-updater.boulder/cert.pem delete mode 100644 test/grpc-creds/crl-updater.boulder/key.pem delete mode 100644 test/grpc-creds/expiration-mailer.boulder/cert.pem delete mode 100644 test/grpc-creds/expiration-mailer.boulder/key.pem delete mode 100755 test/grpc-creds/generate.sh delete mode 100644 test/grpc-creds/health-checker.boulder/cert.pem delete mode 100644 test/grpc-creds/health-checker.boulder/key.pem delete mode 100644 test/grpc-creds/minica-key.pem delete mode 100644 test/grpc-creds/minica.pem delete mode 100644 test/grpc-creds/nonce.boulder/cert.pem delete mode 100644 test/grpc-creds/nonce.boulder/key.pem delete mode 100644 test/grpc-creds/ocsp-responder.boulder/cert.pem delete mode 100644 test/grpc-creds/ocsp-responder.boulder/key.pem delete mode 100644 test/grpc-creds/ocsp-updater.boulder/cert.pem delete mode 100644 test/grpc-creds/ocsp-updater.boulder/key.pem delete mode 100644 test/grpc-creds/publisher.boulder/cert.pem delete mode 100644 test/grpc-creds/publisher.boulder/key.pem delete mode 100644 test/grpc-creds/ra.boulder/cert.pem delete mode 100644 test/grpc-creds/ra.boulder/key.pem delete mode 100644 test/grpc-creds/rva.boulder/cert.pem delete mode 100644 test/grpc-creds/rva.boulder/key.pem delete mode 100644 test/grpc-creds/sa.boulder/cert.pem delete mode 100644 test/grpc-creds/sa.boulder/key.pem delete mode 100644 test/grpc-creds/va.boulder/cert.pem delete mode 100644 test/grpc-creds/va.boulder/key.pem delete mode 100644 test/grpc-creds/wfe.boulder/cert.pem delete mode 100644 test/grpc-creds/wfe.boulder/key.pem delete mode 100644 test/test-ee.key delete mode 100644 test/test-ee.pem delete mode 100644 test/test-example.key delete mode 100644 test/test-example.pem delete mode 100644 test/test-root.der delete mode 100644 test/test-root.key delete mode 100644 test/test-root.key.der delete mode 100644 test/test-root.pem delete mode 100644 test/test-root.pubkey.pem delete mode 100644 test/test-root2.key delete mode 100644 test/test-root2.pem diff --git a/.gitignore b/.gitignore index e7a952c1d..bb3f1cc4b 100644 --- a/.gitignore +++ b/.gitignore @@ -37,8 +37,6 @@ tags .idea .vscode/* -.hierarchy/ -.softhsm-tokens/ # ProxySQL log files test/proxysql/*.log* diff --git a/ca/ca_test.go b/ca/ca_test.go index 799bfac3b..976bb8495 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -922,7 +922,6 @@ func TestRejectValidityTooLong(t *testing.T) { testCtx.fc) test.AssertNotError(t, err, "Failed to create CA") - // This time is a few minutes before the notAfter in testdata/ca_cert.pem future, err := time.Parse(time.RFC3339, "2025-02-10T00:30:00Z") test.AssertNotError(t, err, "Failed to parse time") diff --git a/ca/testdata/ca_cert.pem b/ca/testdata/ca_cert.pem deleted file mode 100644 index 4737897ab..000000000 --- a/ca/testdata/ca_cert.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFxDCCA6ygAwIBAgIJALe2d/gZHJqAMA0GCSqGSIb3DQEBCwUAMDExCzAJBgNV -BAYTAlVTMRAwDgYDVQQKDAdUZXN0IENBMRAwDgYDVQQDDAdUZXN0IENBMB4XDTE1 -MDIxMzAwMzI0NFoXDTI1MDIxMDAwMzI0NFowMTELMAkGA1UEBhMCVVMxEDAOBgNV -BAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQCqYzR0R/8n0wKTYi3N68vR0onziVVS1/+9DsBcWLj3a8Vd -zds+snPbJu2M7TyhWSFGsUYaAu58vYl44GfmlRlCunpOrIIuhDh//Kua720J4bwK -0ODGLph70uO+VyEQeFQqEAdzy4v5puUfNbEdN66Ge5OGuwsVRwlBZvXRTbsuJend -cJadRC5kzxiPbnAqj9V44RK1Cn615dK/JTFVho2iHFER1k+MGMrso+8mn6asLZOj -RSx5wt+JEPbrE24X9fb+cF5J/e5AWL3OrcgdAf4953OJn5N/v+6F5FyaE+t0JKzn -THtLL1HCKMQmocpU2rTfYA1MWfLdY/KQZAdychoD6sQ6uuxCKRf6Zan/UH+4RcTW -ciPk8QAXRztkJGyJQozzLXfLnZFFHKtrS80h55SyvAA5UhwpVGjlKwKbwFHmNDj4 -5XE3anmiZFNdrAgAwDf+Pbukmolh2ffz++vZhHJuvorFhGziG9+O9IoBdTkKvJwY -qAkk+PP6Pe8GKgZsojvPr6vVewDEVGoBNth9/OAAVmIDXtoHEqWpk2rlCQsYcMjt -w+bVUxNpjs5kFXGwOpe6XfOxiMQxWaadqq3VUB06XXyS4JADtYm6EjrFPtEUG6Yu -9bGefjN/jyMls/8MwQR/HKNidueeKpuLfJYKvbudNf9XLVaZW9zf52WT0bqEdwID -AQABo4HeMIHbMB0GA1UdDgQWBBSaJqZ383/ySesJvVCWHAHhZcKpqzBhBgNVHSME -WjBYgBSaJqZ383/ySesJvVCWHAHhZcKpq6E1pDMwMTELMAkGA1UEBhMCVVMxEDAO -BgNVBAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0GCCQC3tnf4GRyagDAPBgNV -HRMECDAGAQH/AgEBMAsGA1UdDwQEAwIBBjA5BggrBgEFBQcBAQQtMCswKQYIKwYB -BQUHMAGGHWh0dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjgwODAvMA0GCSqGSIb3DQEB -CwUAA4ICAQCWJo5AaOIW9n17sZIMRO4m3S2gF2Bs03X4i29/NyMCtOGlGk+VFmu/ -1rP3XYE4KJpSq+9/LV1xXFd2FTvuSz18MAvlCz2b5V7aBl88qup1htM/0VXXTy9e -p9tapIDuclcVez1kkdxPSwXh9sejcfNoZrgkPr/skvWp4WPy+rMvskHGB1BcRIG3 -xgR0IYIS0/3N6k6mcDaDGjGHMPoKY3sgg8Q/FToTxiMux1p2eGjbTmjKzOirXOj4 -Alv82qEjIRCMdnvOkZI35cd7tiO8Z3m209fhpkmvye2IERZxSBPRC84vrFfh0aWK -U/PisgsVD5/suRfWMqtdMHf0Mm+ycpgcTjijqMZF1gc05zfDqfzNH/MCcCdH9R2F -13ig5W8zJU8M1tV04ftElPi0/a6pCDs9UWk+ADIsAScee7P5kW+4WWo3t7sIuj8i -wAGiF+tljMOkzvGnxcuy+okR3EhhQdwOl+XKBgBXrK/hfvLobSQeHKk6+oUJzg4b -wL7gg7ommDqj181eBc1tiTzXv15Jd4cy9s/hvZA0+EfZc6+21urlwEGmEmm0EsAG -ldK1FVOTRlXJrjw0K57bI+7MxhdD06I4ikFCXRTAIxVSRlXegrDyAwUZv7CqH0mr -8jcQV9i1MJFGXV7k3En0lQv2z5AD9aFtkc6UjHpAzB8xEWMO0ZAtBg== ------END CERTIFICATE----- \ No newline at end of file diff --git a/ca/testdata/ca_key.pem b/ca/testdata/ca_key.pem deleted file mode 100644 index e7dcfd5b8..000000000 --- a/ca/testdata/ca_key.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAqmM0dEf/J9MCk2ItzevL0dKJ84lVUtf/vQ7AXFi492vFXc3b -PrJz2ybtjO08oVkhRrFGGgLufL2JeOBn5pUZQrp6TqyCLoQ4f/yrmu9tCeG8CtDg -xi6Ye9LjvlchEHhUKhAHc8uL+ablHzWxHTeuhnuThrsLFUcJQWb10U27LiXp3XCW -nUQuZM8Yj25wKo/VeOEStQp+teXSvyUxVYaNohxREdZPjBjK7KPvJp+mrC2To0Us -ecLfiRD26xNuF/X2/nBeSf3uQFi9zq3IHQH+PedziZ+Tf7/uheRcmhPrdCSs50x7 -Sy9RwijEJqHKVNq032ANTFny3WPykGQHcnIaA+rEOrrsQikX+mWp/1B/uEXE1nIj -5PEAF0c7ZCRsiUKM8y13y52RRRyra0vNIeeUsrwAOVIcKVRo5SsCm8BR5jQ4+OVx -N2p5omRTXawIAMA3/j27pJqJYdn38/vr2YRybr6KxYRs4hvfjvSKAXU5CrycGKgJ -JPjz+j3vBioGbKI7z6+r1XsAxFRqATbYffzgAFZiA17aBxKlqZNq5QkLGHDI7cPm -1VMTaY7OZBVxsDqXul3zsYjEMVmmnaqt1VAdOl18kuCQA7WJuhI6xT7RFBumLvWx -nn4zf48jJbP/DMEEfxyjYnbnniqbi3yWCr27nTX/Vy1WmVvc3+dlk9G6hHcCAwEA -AQKCAgEAirFJ50Ubmu0V8aY/JplDRT4dcJFfVJnh36B8UC8gELY2545DYpub1s2v -G8GYUrXcclCmgVHVktAtcKkpqfW/pCNqn1Ooe/jAjN29SdaOaTbH+/3emTMgh9o3 -6528mk14JOz7Q/Rxsft6EZeA3gmPFITOpyLleKJkFEqc2YxuSrgtz0RwNP9kzEYO -9eGth9egqk57DcbHMYUrsM+zgqyN6WEnVF+gTKd5tnoSltvprclDnekWtN49WrLm -ap9cREDAlogdGBmMr/AMQIoQlBwlOXqG/4VXaOtwWqhyADEqvVWFMJl+2spfwK2y -TMfxjHSiOhlTeczV9gP/VC04Kp5aMXXoCg2Gwlcr4DBic1k6eI/lmUQv6kg/4Nbf -yU+BCUtBW5nfKgf4DOcqX51n92ELnKbPKe41rcZxbTMvjsEQsGB51QLOMHa5tKe8 -F2R3fuP9y5k9lrMcz2vWL+9Qt4No5e++Ej+Jy1NKhrcfwQ6fGpMcZNesl0KHGjhN -dfZZRMHNZNBbJKHrXxAHDxtvoSqWOk8XOwP12C2MbckHkSaXGTLIuGfwcW6rvdF2 -EXrSCINIT1eCmMrnXWzWCm6UWxxshLsqzU7xY5Ov8qId211gXnC2IonAezWwFDE9 -JYjwGJJzNTiEjX6WdeCzT64FMtJk4hpoa3GzroRG2LAmhhnWVaECggEBANblf0L5 -2IywbeqwGF3VsSOyT8EeiAhOD9NUj4cYfU8ueqfY0T9/0pN39kFF8StVk5kOXEmn -dFk74gUC4+PBjrBAMoKvpQ2UpUvX9hgFQYoNmJZxSqF8KzdjS4ABcWIWi8thOAGc -NLssTw3eBsWT7ahX097flpWFVqVaFx5OmB6DOIHVTA+ppf6RYCETgDJomaRbzn8p -FMTpRZBYRLj/w2WxFy1J8gWGSq2sATFCMc3KNFwVQnDVS03g8W/1APqMVU0mIeau -TltSACvdwigLgWUhYxN+1F5awBlGqMdP+TixisVrHZWZw7uFMb8L/MXW1YA4FN8h -k2/Bp8wJTD+G/dkCggEBAMr6Tobi/VlYG+05cLmHoXGH98XaGBokYXdVrHiADGQI -lhYtnqpXQc1vRqp+zFacjpBjcun+nd6HzIFzsoWykevxYKgONol+iTSyHaTtYDm0 -MYrgH8nBo26GSCdz3IGHJ/ux1LL8ZAbY2AbP81x63ke+g9yXQPBkZQp6vYW/SEIG -IKhy+ZK6tZa0/z7zJNfM8PuN+bK4xJorUwbRqIv4owj0Bf92v+Q/wETYeEBpkDGU -uJ3wDc3FVsK5+gaJECS8DNkOmZ+o5aIlMQHbwxXe8NUm4uZDT+znx0uf+Hw1wP1P -zGL/TnjrZcmKRR47apkPXOGZWpPaNV0wkch/Xh1KEs8CggEBAJaRoJRt+LPC3pEE -p13/3yjSxBzc5pVjFKWO5y3SE+LJ/zjhquNiDUo0UH+1oOArCsrADBuzT8tCMQAv -4TrwoKiPopR8uxoD37l/bLex3xT6p8IpSRBSrvkVAo6C9E203Gg5CwPdzfijeBSQ -T5BaMLe2KgZMBPdowKgEspQSn3UpngsiRzPmOx9d/svOHRG0xooppUrlnt7FT29u -2WACHIeBCGs8F26VhHehQAiih8DX/83RO4dRe3zqsmAue2wRrabro+88jDxh/Sq/ -K03hmd0hAoljYStnTJepMZLNTyLRCxl+DvGGFmWqUou4u3hnKZq4MK+Sl/pC5u4I -SbttOykCggEAEk0RSX4r46NbGT+Fl2TQPKFKyM8KP0kqdI0H+PFqrJZNmgBQ/wDR -EQnIcFTwbZq+C+y7jreDWm4aFU3uObnJCGICGgT2C92Z12N74sP4WhuSH/hnRVSt -PKjk1pHOvusFwt7c06qIBkoE6FBVm/AEHKnjz77ffw0+QvygG/AMPs+4oBeFwyIM -f2MgZHedyctTqwq5CdE5AMGJQeMjdENdx8/gvpDhal4JIuv1o7Eg7CeBodPkGrqB -QRttnKs9BmLiMavsVAXxdnYt/gHnjBBG3KEd8i79hNm9EWeCCwj5tp08S2zDkYl/ -6vUJmFk5GkXVVQ3zqcMR7q4TZuV9Ad0M5wKCAQAY89F3qpokGhDtlVrB78gY8Ol3 -w9eq7HwEYfu8ZTN0+TEQMTEbvLbCcNYQqfRSqAAtb8hejaBQYbxFwNx9VA6sV4Tj -6EUMnp9ijzBf4KH0+r1wgkxobDjFH+XCewDLfTvhFDXjFcpRsaLfYRWz82JqSag6 -v+lJi6B2hbZUt750aQhomS6Bu0GE9/cE+e17xpZaMgXcWDDnse6W0JfpGHe8p6qD -EcaaKadeO/gSnv8wM08nHL0d80JDOE/C5I0psKryMpmicJK0bI92ooGrkJsF+Sg1 -huu1W6p9RdxJHgphzmGAvTrOmrDAZeKtubsMS69VZVFjQFa1ZD/VMzWK1X2o ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/ca/testdata/dupe_name.der.csr b/ca/testdata/dupe_name.der.csr deleted file mode 100644 index 6884aa08e86414b231b7dedd8260f903e572d61e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 664 zcmXqLVwz&m#8|_`$Y8*0$Zf#M#vIDRCd?EX3=~x|;AP{~YV&CO&dbQi$jZRn#K_M8 z6z5`UVq|1^SF72h)ntCR<#}A;o!|TW1XYZx1*{oAubh26TXSDZsL|Y`%4>y--U_wa z9``Db*Qvbt_u+bj^aTsyjb&-DPQogd?xP4X&wIO5#ZB|JSm4+#Cw zQT?dH!o`#Ea+ceRlvL&Y+K$Y3jvsm2d~83{iD{f$!Dr#TC;_n((WPvX`{r!V-)Wa>Z2TfEE)!CO@fJfdHE%} zsTGO21v#mD$@#fhgpfm-8yw1v48jo$!;HJvT#~+)Z`!ULf{QgMe3a}Ie%sh4H;3!U|MQv0&` zMSMFqzfncZ59OWrmkZ{->B^sdC+35U{C~IgyF;Iuox8$w_RFaa^UB3nX{8?xH=VFM z)=g%k&C%+XKtsRFiFS&mRj*s}qm4hZFOZ+STw?PIQ_C>Dl(yyig1$dyyglq^adY?W iX%}{^R#Q+CZgonmEocC~1jn^*~%JuhhrixttE4CinqG;cIidtoC~C%{zSMd$qQF z_L8p0m2D%!HX}B|K#OHYmN4ARqsjnpDC2CX$z9rnwpec|$lhaS90|38Q{#rGM+Z4f zyQJP0UnfPTTXB1z)VR1z358fYTo=>mi@$Nmj_%C0)l$|R-gq_agVyYuK@my?gZS>Q zic@T}%2$TMDzgFu0RRD@Eifwv2`Yw2hW8Bt2@WwHFdQ%%1_M&LNQUc8gGaTkWehrMA@s@-ClV2V{-;zWm+{493`)n&mW21sRwUP zYlODinwaf}^*CZqLpb^m@uURjW8G)~X-Xl|g_V+a1~7{6p{#z7RsgVGGr*^^T{@po zGRMMFWCCmhmou?>F;Y~oPbKLJ9RT{xX)!xC{l;oo82d?}*$xLq)@p*&Hz=H$XtV4} dNG8QF$5_hF%oyNfX5EQm#8Jb}BEqiIHzsoY6~q7l diff --git a/ca/testdata/no_san.der.csr b/ca/testdata/no_san.der.csr deleted file mode 100644 index db8558236360bc7d27a870a9d94885c561973fa5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 611 zcmV-p0-XIYf&yPKf&oVY0RS)>F&How1_M&LNQU9=GoXgaW46fGo`C8sd5FteX4sMhjRCOcd?NU@{Xqeg#x{M{ejYyWsC{h=p> z{U>|q#(@0aEW~GO&-LGRpY*(OF5#tM6>>An_Pa~Vk=-0!C?vEmNfYF8TpOeSAKnd+ z!gRl=8hPZP&&LNQU0#Lcf{@&__5*)MG|E%Qr;SHMGz8$gufmK8FC|J8Q|BNN6Mah4*lN z8@NLbVpJCut8BCSUlsz8-}!D=_CGpd%4Vre~4 zS=B#kmZ4c0T|c+ASkz+PW7$R2<7f>lA1s(N!@t=ok~Q8vG+IL*<)(Gu;e!ahCn-TX x&4fcOq$CjGxO(RTC*7KuYlImf0l-kk%9r~Mwjy10S#}Hoa#WrU^v}+7YzUa diff --git a/ca/testdata/testcsr.go b/ca/testdata/testcsr.go index e1a1b07df..cd22487cd 100644 --- a/ca/testdata/testcsr.go +++ b/ca/testdata/testcsr.go @@ -3,53 +3,17 @@ package main import ( + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" "crypto/x509" "crypto/x509/pkix" - "encoding/pem" "log" "os" ) -// A 2048-bit RSA private key -var rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA5cpXqfCaUDD+hf93j5jxbrhK4jrJAzfAEjeZj/Lx5Rv/7eEO -uhS2DdCU2is82vR6yJ7EidUYVz/nUAjSTP7JIEsbyvfsfACABbqRyGltHlJnULVH -y/EMjt9xKZf17T8tOLHVUEAJTxsvjKn4TMIQJTNrAqm/lNrUXmCIR41Go+3RBGC6 -YdAKEwcZMCzrjQGF06mC6/6xMmYMSMd6+VQRFIPpuPK/6BBp1Tgju2LleRC5uatj -QcFOoilGkfh1RnZp3GJ7q58KaqHiPmjl31rkY5vS3LP7yfU5TRBcxCSG8l8LKuRt -MArkbTEtj3PkDjbipL/SkLrZ28e5w9Egl4g1MwIDAQABAoIBABZqY5zPPK5f6SQ3 -JHmciMitL5jb9SncMV9VjyRMpa4cyh1xW9dpF81HMI4Ls7cELEoPuspbQDGaqTzU -b3dVT1dYHFDzWF1MSzDD3162cg+IKE3mMSfCzt/NCiPtj+7hv86NAmr+pCnUVBIb -rn4GXD7UwjaTSn4Bzr+aGREpxd9Nr0JdNQwxVHZ75A92vTihCfaXyMCjhW3JEpF9 -N89XehgidoGgtUxxeeb+WsO3nvVBpLv/HDxMTx/IDzvSA5nLlYMcqVzb7IJoeAQu -og0WJKlniYzvIdoQ6/hGydAW5sKd0qWh0JPYs7uLKAWrdAWvrFAp7//fYKVamalU -8pUu/WkCgYEA+tcTQ3qTnVh41O9YeM/7NULpIkuCAlR+PBRky294zho9nGQIPdaW -VNvyqqjLaHaXJVokYHbU4hDk6RbrhoWVd4Po/5g9cUkT1f6nrdZGRkg4XOCzHWvV -Yrqh3eYYX4bdiH5EhB78m0rrbjHfd7SF3cdYNzOUS2kJvCInYC6zPx8CgYEA6oRr -UhZFuoqRsEb28ELM8sHvdIMA/C3aWCu+nUGQ4gHSEb4uvuOD/7tQNuCaBioiXVPM -/4hjk9jHJcjYf5l33ANqIP7JiYAt4rzTWXF3iS6kQOhQhjksSlSnWqw0Uu1DtlpG -rzeG1ZkBuwH7Bx0yj4sGSz5sAvyF44aRsE6AC20CgYEArafWO0ISDb1hMbFdo44B -ELd45Pg3UluiZP+NZFWQ4cbC3pFWL1FvE+KNll5zK6fmLcLBKlM6QCOIBmKKvb+f -YXVeCg0ghFweMmkxNqUAU8nN02bwOa8ctFQWmaOhPgkFN2iLEJjPMsdkRA6c8ad1 -gbtvNBAuWyKlzawrbGgISesCgYBkGEjGLINubx5noqJbQee/5U6S6CdPezKqV2Fw -NT/ldul2cTn6d5krWYOPKKYU437vXokst8XooKm/Us41CAfEfCCcHKNgcLklAXsj -ve5LOwEYQw+7ekORJjiX1tAuZN51wmpQ9t4x5LB8ZQgDrU6bPbdd/jKTw7xRtGoS -Wi8EsQKBgG8iGy3+kVBIjKHxrN5jVs3vj/l/fQL0WRMLCMmVuDBfsKyy3f9n8R1B -/KdwoyQFwsLOyr5vAjiDgpFurXQbVyH4GDFiJGS1gb6MNcinwSTpsbOLLV7zgibX -A2NgiQ+UeWMia16dZVd6gGDlY3lQpeyLdsdDd+YppNfy9vedjbvT ------END RSA PRIVATE KEY-----` - -// NISTP256 ECDSA private key -var ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY----- -MHcCAQEEIKwK8ik0Zgw26bWaGuNYa/QAtCDRwpOPS5FIhbwuFqWuoAoGCCqGSM49 -AwEHoUQDQgAEfkxXCNEy4/zfwQ4arciDYQql7/+ftYvf51JTLCJAFu8kWKvNBENT -X8ays994FANu2VsJTF5Ud5JPYWHT87hjAA== ------END EC PRIVATE KEY-----` - func main() { - block, _ := pem.Decode([]byte(rsaPrivateKey)) - rsaPriv, err := x509.ParsePKCS1PrivateKey(block.Bytes) + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatalf("Failed to parse private key: %s", err) } @@ -65,7 +29,7 @@ func main() { "Capitalizedletters.COM", }, } - csr, err := x509.CreateCertificateRequest(rand.Reader, req, rsaPriv) + csr, err := x509.CreateCertificateRequest(rand.Reader, req, priv) if err != nil { log.Fatalf("unable to create CSR: %s", err) } diff --git a/cmd/boulder-wfe2/main_test.go b/cmd/boulder-wfe2/main_test.go index 8b2b90e04..a1f79af8d 100644 --- a/cmd/boulder-wfe2/main_test.go +++ b/cmd/boulder-wfe2/main_test.go @@ -3,77 +3,36 @@ package notmain import ( "crypto/x509" "encoding/pem" - "os" "testing" - "github.com/letsencrypt/boulder/core" "github.com/letsencrypt/boulder/test" ) -func TestLoadChain_Valid(t *testing.T) { - issuer, chainPEM, err := loadChain([]string{ - "../../test/test-ca-cross.pem", - "../../test/test-root2.pem", +func TestLoadChain(t *testing.T) { + // Most of loadChain's logic is implemented in issuance.LoadChain, so this + // test only covers the construction of the PEM bytes. + _, chainPEM, err := loadChain([]string{ + "../../test/hierarchy/int-e1.cert.pem", + "../../test/hierarchy/root-x2-cross.cert.pem", + "../../test/hierarchy/root-x1.cert.pem", }) test.AssertNotError(t, err, "Should load valid chain") - expectedIssuer, err := core.LoadCert("../../test/test-ca-cross.pem") - test.AssertNotError(t, err, "Failed to load test issuer") - - chainIssuerPEM, rest := pem.Decode(chainPEM) - test.AssertNotNil(t, chainIssuerPEM, "Failed to decode chain PEM") - parsedIssuer, err := x509.ParseCertificate(chainIssuerPEM.Bytes) + // Parse the first certificate in the PEM blob. + certPEM, rest := pem.Decode(chainPEM) + test.AssertNotNil(t, certPEM, "Failed to decode chain PEM") + _, err = x509.ParseCertificate(certPEM.Bytes) test.AssertNotError(t, err, "Failed to parse chain PEM") - // The three versions of the intermediate (the one loaded by us, the one - // returned by loadChain, and the one parsed from the chain) should be equal. - test.AssertByteEquals(t, issuer.Raw, expectedIssuer.Raw) - test.AssertByteEquals(t, parsedIssuer.Raw, expectedIssuer.Raw) + // Parse the second certificate in the PEM blob. + certPEM, rest = pem.Decode(rest) + test.AssertNotNil(t, certPEM, "Failed to decode chain PEM") + _, err = x509.ParseCertificate(certPEM.Bytes) + test.AssertNotError(t, err, "Failed to parse chain PEM") // The chain should contain nothing else. - rootIssuerPEM, _ := pem.Decode(rest) - if rootIssuerPEM != nil { + certPEM, rest = pem.Decode(rest) + if certPEM != nil || len(rest) != 0 { t.Error("Expected chain PEM to contain one cert and nothing else") } } - -func TestLoadChain_TooShort(t *testing.T) { - _, _, err := loadChain([]string{"/path/to/one/cert.pem"}) - test.AssertError(t, err, "Should reject too-short chain") -} - -func TestLoadChain_Unloadable(t *testing.T) { - _, _, err := loadChain([]string{ - "does-not-exist.pem", - "../../test/test-root2.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") - - _, _, err = loadChain([]string{ - "../../test/test-ca-cross.pem", - "does-not-exist.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") - - invalidPEMFile, _ := os.CreateTemp("", "invalid.pem") - err = os.WriteFile(invalidPEMFile.Name(), []byte(""), 0640) - test.AssertNotError(t, err, "Error writing invalid PEM tmp file") - _, _, err = loadChain([]string{ - invalidPEMFile.Name(), - "../../test/test-root2.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") -} - -func TestLoadChain_InvalidSig(t *testing.T) { - _, _, err := loadChain([]string{ - "../../test/test-root2.pem", - "../../test/test-ca-cross.pem", - }) - test.AssertError(t, err, "Should reject invalid signature") -} - -func TestLoadChain_NoRoot(t *testing.T) { - // TODO(#5251): Implement this when we have a hierarchy which includes two - // CA certs, neither of which is a root. -} diff --git a/cmd/ceremony/cert_test.go b/cmd/ceremony/cert_test.go index c31313ed2..95a2b3375 100644 --- a/cmd/ceremony/cert_test.go +++ b/cmd/ceremony/cert_test.go @@ -15,9 +15,10 @@ import ( "testing" "time" + "github.com/miekg/pkcs11" + "github.com/letsencrypt/boulder/pkcs11helpers" "github.com/letsencrypt/boulder/test" - "github.com/miekg/pkcs11" ) // samplePubkey returns a slice of bytes containing an encoded @@ -575,9 +576,6 @@ func TestLoadCert(t *testing.T) { _, err = loadCert("../../test/hierarchy/int-e1.key.pem") test.AssertError(t, err, "should have failed when trying to parse a private key") - - _, err = loadCert("../../test/test-root.pubkey.pem") - test.AssertError(t, err, "should have failed when trying to parse a public key") } func TestGenerateSKID(t *testing.T) { diff --git a/cmd/ceremony/main_test.go b/cmd/ceremony/main_test.go index 1f0a3fb44..c4e9b52f3 100644 --- a/cmd/ceremony/main_test.go +++ b/cmd/ceremony/main_test.go @@ -18,7 +18,7 @@ import ( ) func TestLoadPubKey(t *testing.T) { - _, _, err := loadPubKey("../../test/test-root.pubkey.pem") + _, _, err := loadPubKey("../../test/test-ca.pubkey.pem") test.AssertNotError(t, err, "should not have errored") _, _, err = loadPubKey("../../test/hierarchy/int-e1.key.pem") diff --git a/cmd/config_test.go b/cmd/config_test.go index 65340d0b7..b6eeb9860 100644 --- a/cmd/config_test.go +++ b/cmd/config_test.go @@ -1,9 +1,19 @@ package cmd import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "os" + "path" "regexp" "strings" "testing" + "time" "github.com/letsencrypt/boulder/metrics" "github.com/letsencrypt/boulder/test" @@ -52,9 +62,43 @@ func TestPasswordConfig(t *testing.T) { func TestTLSConfigLoad(t *testing.T) { null := "/dev/null" nonExistent := "[nonexistent]" - cert := "../test/grpc-creds/creds-test/cert.pem" - key := "../test/grpc-creds/creds-test/key.pem" - caCert := "../test/grpc-creds/minica.pem" + tmp := t.TempDir() + cert := path.Join(tmp, "TestTLSConfigLoad.cert.pem") + key := path.Join(tmp, "TestTLSConfigLoad.key.pem") + caCert := path.Join(tmp, "TestTLSConfigLoad.cacert.pem") + + rootKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + test.AssertNotError(t, err, "creating test root key") + rootTemplate := &x509.Certificate{ + Subject: pkix.Name{CommonName: "test root"}, + SerialNumber: big.NewInt(12345), + NotBefore: time.Now().Add(-24 * time.Hour), + NotAfter: time.Now().Add(24 * time.Hour), + IsCA: true, + } + rootCert, err := x509.CreateCertificate(rand.Reader, rootTemplate, rootTemplate, rootKey.Public(), rootKey) + test.AssertNotError(t, err, "creating test root cert") + err = os.WriteFile(caCert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCert}), os.ModeAppend) + test.AssertNotError(t, err, "writing test root cert to disk") + + intKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + test.AssertNotError(t, err, "creating test intermediate key") + intKeyBytes, err := x509.MarshalECPrivateKey(intKey) + test.AssertNotError(t, err, "marshalling test intermediate key") + err = os.WriteFile(key, pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: intKeyBytes}), os.ModeAppend) + test.AssertNotError(t, err, "writing test intermediate key cert to disk") + + intTemplate := &x509.Certificate{ + Subject: pkix.Name{CommonName: "test intermediate"}, + SerialNumber: big.NewInt(67890), + NotBefore: time.Now().Add(-12 * time.Hour), + NotAfter: time.Now().Add(12 * time.Hour), + IsCA: true, + } + intCert, err := x509.CreateCertificate(rand.Reader, intTemplate, rootTemplate, intKey.Public(), rootKey) + test.AssertNotError(t, err, "creating test intermediate cert") + err = os.WriteFile(cert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: intCert}), os.ModeAppend) + test.AssertNotError(t, err, "writing test intermediate cert to disk") testCases := []struct { TLSConfig @@ -69,26 +113,20 @@ func TestTLSConfigLoad(t *testing.T) { {TLSConfig{null, key, caCert}, "loading key pair.*failed to find any PEM data"}, {TLSConfig{cert, null, caCert}, "loading key pair.*failed to find any PEM data"}, {TLSConfig{cert, key, null}, "parsing CA certs"}, + {TLSConfig{cert, key, caCert}, ""}, } for _, tc := range testCases { - var title [3]string - if tc.CertFile == "" { - title[0] = "nil" - } else { - title[0] = tc.CertFile - } - if tc.KeyFile == "" { - title[1] = "nil" - } else { - title[1] = tc.KeyFile - } - if tc.CACertFile == "" { - title[2] = "nil" - } else { - title[2] = tc.CACertFile + title := [3]string{tc.CertFile, tc.KeyFile, tc.CACertFile} + for i := range title { + if title[i] == "" { + title[i] = "nil" + } } t.Run(strings.Join(title[:], "_"), func(t *testing.T) { _, err := tc.TLSConfig.Load(metrics.NoopRegisterer) + if err == nil && tc.want == "" { + return + } if err == nil { t.Errorf("got no error") } diff --git a/cmd/ocsp-responder/testdata/test-ca.der.pem b/cmd/ocsp-responder/testdata/test-ca.der.pem deleted file mode 100644 index 760417fe9..000000000 --- a/cmd/ocsp-responder/testdata/test-ca.der.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDETCCAfmgAwIBAgIJAJzxkS6o1QkIMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV -BAMMFGhhcHB5IGhhY2tlciBmYWtlIENBMB4XDTE1MDQwNzIzNTAzOFoXDTI1MDQw -NDIzNTAzOFowHzEdMBsGA1UEAwwUaGFwcHkgaGFja2VyIGZha2UgQ0EwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCkd5mgXFErJ3F2M0E9dw+Ta/md5i -8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9r9tSQcL8VM6WUOM8 -tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHSzUYtNKNeFI6Glamj -7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p58QkP4LHLShVLXDa8 -BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aPkE/cefmP+1xOfUuD -HOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w5qxSPTarAgMBAAGj -UDBOMB0GA1UdDgQWBBT7eE8S+WAVgyyfF380GbMuNupBiTAfBgNVHSMEGDAWgBT7 -eE8S+WAVgyyfF380GbMuNupBiTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA -A4IBAQAd9Da+Zv+TjMv7NTAmliqnWHY6d3UxEZN3hFEJ58IQVHbBZVZdW7zhRktB -vR05Kweac0HJeK91TKmzvXl21IXLvh0gcNLU/uweD3no/snfdB4OoFompljThmgl -zBqiqWoKBJQrLCA8w5UB+ReomRYd/EYXF/6TAfzm6hr//Xt5mPiUHPdvYt75lMAo -vRxLSbF8TSQ6b7BYxISWjPgFASNNqJNHEItWsmQMtAjjwzb9cs01XH9pChVAWn9L -oeMKa+SlHSYrWG93+EcrIH/dGU76uNOiaDzBSKvaehG53h25MHuO1anNICJvZovW -rFo4Uv1EnkKJm3vJFe50eJGhEKlx ------END CERTIFICATE----- diff --git a/cmd/ocsp-responder/testdata/test-ca.key b/cmd/ocsp-responder/testdata/test-ca.key deleted file mode 100644 index e3b5697be..000000000 --- a/cmd/ocsp-responder/testdata/test-ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCCkd5mgXFErJ3 -F2M0E9dw+Ta/md5i8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9 -r9tSQcL8VM6WUOM8tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHS -zUYtNKNeFI6Glamj7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p5 -8QkP4LHLShVLXDa8BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aP -kE/cefmP+1xOfUuDHOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w -5qxSPTarAgMBAAECggEAZh00uhjFOo35X1TufwSGF0z/c9uMvfMB4i1ufM2qgXud -WXLSLcrksZhhTfLAS4KSTa3PtSKqLBoPg1tdhy9WZqZWxaIxw8ybzaGtn8HNHGyr -LzsVlSLT2ATN4C7VAT9+DeVext0kWHtdz3r5mGagJq2Yx9jRGpQW6rBA9h4ol699 -BM09UPCcdlGmpdrb0jDjyfohG139EBSmEeB+Jim+oLO1sXe/LvWllU0UL527CExp -ykiIjASd4s7tFErV9sVJ+bDI97GOyBUGcVMiQ+TRPKFr0kfLgbJz24l8ycPI4odp -IGY+6igicg67n5BktAH+UfCQlUIpWbF2SwRAMht0AQKBgQD8gocy2VuCPj285hBY -8g/1GFd58HkCh54bOhAOb2PK+NE4mRuHCBlBj/tQOmgYz2Pna2k5ldJSUwXsUKkx -9R7hutnwXbcQTSQIRcjhYDLeGetJYXR96ylDig+6XjdW3A5SIc2JzlbVThP39TTm -gRqE/rj9G4ARMfHxffp7YT5AqwKBgQDEuN0pYMKjaW0xvc7WYUOqGHqt2di/BwMr -Ur438MtePArELY35P6kDcrfnlacDToA3Tebk9Rw18y1kl3BFO7VdJbQJSa6RWbp5 -aK7E5lq1pCrdyhGwiaI1f5VgzeY8ywS3TqGqU9GOqpENiZqgs1ly9l8gZSaw8/yF -uDWGg7jiAQKBgQCyLtGEmkiuoYkjUR1cBoQoKeMgkwZxOI3jHJfT99ptkiLhU3lP -UfGwiA+JT43BZCdVWEBKeGSP3zIgzdJ3BEekdhvwN9FEWYsBo2zbTOzYOWYExBZV -/KmDlVr/4hge3O3mGyBVDBvOLWh94rRPq+6wxqZ3RP6cI6hdBs7IXZh2PQKBgQDB -rav4kA4xKpvaDCC2yj3/Gmi1/zO5J2NEZQtoMgdXeM+0w5Dy4204Otq7A4jR5Ziw -Wl9H7dZfe1Kmpb5gO1/dHEC7oDJhYjEIVTs0GgMWsFGP2OE/qNHtz/W2wCC8m7jB -7IWYFzvLNTzoUiDNtKYNXGjdkRjdwOlOkcUI8Wi2AQKBgQC9EJsMz/ySt58IvwWy -fQJyg742j21pXHqlMnmHygnSgNa7f3yPQK3FxjvhIPmgu7x8+sSUtXHOjKhZML3p -SdTm/yN487hOYp03jy/wVXLcCDp9XhBeIt/z/TZMPMjAHOLG9xG6cF8AOVq7mLBc -tsDWUHoXPZj/YciXZLq3fPuXyw== ------END PRIVATE KEY----- diff --git a/docker-compose.next.yml b/docker-compose.next.yml index 2b88ea2b5..b18fb5ee7 100644 --- a/docker-compose.next.yml +++ b/docker-compose.next.yml @@ -2,6 +2,6 @@ services: boulder: environment: FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: &boulder_config_dir test/config-next + BOULDER_CONFIG_DIR: test/config-next GOFLAGS: -mod=vendor GOCACHE: /boulder/.gocache/go-build-next diff --git a/docker-compose.yml b/docker-compose.yml index b7dc73ed4..f25309579 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ services: # The `letsencrypt/boulder-tools:latest` tag is automatically built in local # dev environments. In CI a specific BOULDER_TOOLS_TAG is passed, and it is # pulled with `docker compose pull`. - image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest} + image: &boulder_tools_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest} build: context: test/boulder-tools/ # Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh. @@ -20,8 +20,7 @@ services: volumes: - .:/boulder:cached - ./.gocache:/root/.cache/go-build:cached - - ./.hierarchy:/hierarchy/:cached - - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached networks: bouldernet: ipv4_address: 10.77.77.77 @@ -62,6 +61,20 @@ services: entrypoint: test/entrypoint.sh working_dir: &boulder_working_dir /boulder + bsetup: + image: *boulder_tools_image + volumes: + - .:/boulder:cached + - ./.gocache:/root/.cache/go-build:cached + - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + entrypoint: test/certs/generate.sh + working_dir: *boulder_working_dir + profiles: + # Adding a profile to this container means that it won't be started by a + # normal "docker compose up/run boulder", only when specifically invoked + # with a "docker compose up bsetup". + - setup + bmysql: image: mariadb:10.5 networks: diff --git a/grpc/creds/creds_test.go b/grpc/creds/creds_test.go index ad38c0c8e..e252f004f 100644 --- a/grpc/creds/creds_test.go +++ b/grpc/creds/creds_test.go @@ -12,59 +12,58 @@ import ( "testing" "time" - "github.com/letsencrypt/boulder/core" + "github.com/jmhodges/clock" + "github.com/letsencrypt/boulder/test" ) func TestServerTransportCredentials(t *testing.T) { + _, badCert := test.ThrowAwayCert(t, clock.New()) + goodCert := &x509.Certificate{ + DNSNames: []string{"creds-test"}, + IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)}, + } acceptedSANs := map[string]struct{}{ "creds-test": {}, } - certFile := "../../test/grpc-creds/creds-test/cert.pem" - badCertFile := "testdata/example.com/cert.pem" - goodCert, err := core.LoadCert(certFile) - test.AssertNotError(t, err, "core.LoadCert failed on "+certFile) - badCert, err := core.LoadCert(badCertFile) - test.AssertNotError(t, err, "core.LoadCert failed on "+badCertFile) servTLSConfig := &tls.Config{} // NewServerCredentials with a nil serverTLSConfig should return an error - _, err = NewServerCredentials(nil, acceptedSANs) + _, err := NewServerCredentials(nil, acceptedSANs) test.AssertEquals(t, err, ErrNilServerConfig) - // A creds with a empty acceptedSANs list should consider any peer valid + // A creds with a nil acceptedSANs list should consider any peer valid wrappedCreds, err := NewServerCredentials(servTLSConfig, nil) test.AssertNotError(t, err, "NewServerCredentials failed with nil acceptedSANs") bcreds := wrappedCreds.(*serverTransportCredentials) - emptyState := tls.ConnectionState{} - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertNotError(t, err, "validateClient() errored for emptyState") + + // A creds with a empty acceptedSANs list should consider any peer valid wrappedCreds, err = NewServerCredentials(servTLSConfig, map[string]struct{}{}) test.AssertNotError(t, err, "NewServerCredentials failed with empty acceptedSANs") bcreds = wrappedCreds.(*serverTransportCredentials) - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertNotError(t, err, "validateClient() errored for emptyState") - // A creds given an empty TLS ConnectionState to verify should return an error + // A properly-initialized creds should fail to verify an empty ConnectionState bcreds = &serverTransportCredentials{servTLSConfig, acceptedSANs} - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertEquals(t, err, ErrEmptyPeerCerts) // A creds should reject peers that don't have a leaf certificate with // a SAN on the accepted list. - wrongState := tls.ConnectionState{ + err = bcreds.validateClient(tls.ConnectionState{ PeerCertificates: []*x509.Certificate{badCert}, - } - err = bcreds.validateClient(wrongState) + }) var errSANNotAccepted ErrSANNotAccepted test.AssertErrorWraps(t, err, &errSANNotAccepted) // A creds should accept peers that have a leaf certificate with a SAN // that is on the accepted list - rightState := tls.ConnectionState{ + err = bcreds.validateClient(tls.ConnectionState{ PeerCertificates: []*x509.Certificate{goodCert}, - } - err = bcreds.validateClient(rightState) + }) test.AssertNotError(t, err, "validateClient(rightState) failed") // A creds configured with an IP SAN in the accepted list should accept a peer @@ -74,7 +73,9 @@ func TestServerTransportCredentials(t *testing.T) { "127.0.0.1": {}, } bcreds = &serverTransportCredentials{servTLSConfig, acceptedIPSans} - err = bcreds.validateClient(rightState) + err = bcreds.validateClient(tls.ConnectionState{ + PeerCertificates: []*x509.Certificate{goodCert}, + }) test.AssertNotError(t, err, "validateClient(rightState) failed with an IP accepted SAN list") } diff --git a/grpc/creds/testdata/example.com/cert.pem b/grpc/creds/testdata/example.com/cert.pem deleted file mode 100644 index e991ca1b4..000000000 --- a/grpc/creds/testdata/example.com/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDETCCAfmgAwIBAgIITp8UbMgujuEwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgNDk2YzRkMCAXDTE2MTIyNjE5MTEyOFoYDzIxMDYx -MjI2MTkxMTI4WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAL18+TWZsdGOxfObbuHQ8mOSXvc6+gtVHN9lSFOt -x7JiM2OZhQFOlYPDox/KqQX0tlyfYZ808NZcwWConQL+Atme8AKy0pahqI99WChh -li9ehbbbTGoWa8NxWbkqGDgD3waQ8YFZbWXosiK+dt4cAbNpAdX1yByQts/GUKW0 -PYyqwoOvjE5tBXBzrIL6PVxmGz5ALjq8GMl3HTyZXO5AfBuomNRYYkEV6zx/TOTq -PhO7flLnMVauv0aJbsaD+ZpPF2Zi/fw/4q2nolag+oA1f55mHxjN39ocLHa++CJA -ft4LRK/75QVaYKICn4r13DiCvGI44ltv+lmwSPZ311lvIF8CAwEAAaNXMFUwDgYD -VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV -HRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUA -A4IBAQAp/W32B/Pnm1oZXSVWTSN6ztSWjgiB3du1ryPe5VSPBmYZU1hHvORBfjuH -5JI9mHioW+0aoiDuABgpIXf5hMfXljyJXN+vO70C5PStUnFmHTtGADw62vRxhVVU -PLKtSAph8QpMTEUe+skV5RZ525aqHH54GSrSm7EdkIrgrkuGQhOViZ6QEqew29I3 -UK6cNe3w4d0XTzwPej4TNDGwumwWf/TEopp/kdOsFn93aZh/C/uTuI8gyqI9HiO0 -uQCwsePBr0G0w+vns38oC9jgyu6S3bOnq8XBzLjWgJ2lL//0g7bqvc5Wi1ClJnNS -OW48oQi9pw/ceqkYaMjCc0M5M0ix ------END CERTIFICATE----- diff --git a/grpc/creds/testdata/example.com/key.pem b/grpc/creds/testdata/example.com/key.pem deleted file mode 100644 index 295a72f3b..000000000 --- a/grpc/creds/testdata/example.com/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAvXz5NZmx0Y7F85tu4dDyY5Je9zr6C1Uc32VIU63HsmIzY5mF -AU6Vg8OjH8qpBfS2XJ9hnzTw1lzBYKidAv4C2Z7wArLSlqGoj31YKGGWL16FtttM -ahZrw3FZuSoYOAPfBpDxgVltZeiyIr523hwBs2kB1fXIHJC2z8ZQpbQ9jKrCg6+M -Tm0FcHOsgvo9XGYbPkAuOrwYyXcdPJlc7kB8G6iY1FhiQRXrPH9M5Oo+E7t+Uucx -Vq6/RoluxoP5mk8XZmL9/D/iraeiVqD6gDV/nmYfGM3f2hwsdr74IkB+3gtEr/vl -BVpgogKfivXcOIK8YjjiW2/6WbBI9nfXWW8gXwIDAQABAoIBAQCrLixgXMGEQ8vW -YBOSktV2WHPMOw5KkJBtzCzD05k1MHumPbknThvKFkHWZZm+VK0uDZn+XrA3p0HX -FVwKqPhgKrI+bdfK1q3VOvIaQNaRYn2/jGuC51BhFpRsr3eDmxOu9eAG74fh6Y6L -zq7JxllO/8z1wn0OOTm9iDWxDJwR51+tq/BSJhj681QPTOYmMxeHVxlXbZWs3JH3 -2md/s3M2ZKuyS/i6B4d2wijxMbZsbmX2gYC/N+i/DfLyfwh1+/6BvTZIsW5e1LRQ -kcIltZxlCT/PQw/rQjgDZROujlpiuYc2jaedn5JRDYNu+tnITi5oPswXezMH7QQs -PpQCcQfpAoGBAN53rCeLOyenihR35L5J/pqgMTwvGywEiNzVLqv9KUxyhZZvexIj -n5nQhRBIWD+2LpM1wmkMwb0xJT9PKbZgtaxYoledkFbWC+n7F6VqG/jb8ZUlkYdD -6QVUqAOIiuQLKJTzKStDQlAJXhGF5eItI+yAnL7utUsliLPbh1zUrLXTAoGBANoM -u5F/bqXOf2kQqXx7PfIuFRmQau97l0e7M1R7agvsgSnFvoa47Lkkx+KztZO+n8YD -wpEe3otuEYQAhG4WnLcZsBkAtKlGNv9JXwYOKFttKHSEtQ2LA10AsgILknJpZggE -/rMVyam+bjwusTfb610S8gYSjl7IKMIU+S+aAdfFAoGBAMgm3VF6l882kimWMMvv -YM0XQRTHwOeacNRWTLZaf9SS2JOfWxfXyxklHQKoRBWWQFMbs/y1iH1CASPzgjDe -07TqzayMSzeFPpTV3tFpJR+CKtkoQsVzGOw93SfIqkU/sNRJ7YlJ6xh9RQ/46vnR -6Rc4I045EA07CMHgyemAQp8XAoGAbIYtzKqp/WgbTcV3NXd5S1HYOpMARhUzJAZt -87xA+ZJKbun2e8MKPtOpkJF07AXSK5Gvgt7kUG0F1rcTMl+avB7S4H7Ta/SAZuqz -mqXtPCPGIMfz/LuVfvJbplzwFHWUzKT/x04uwob/AoESvwR7ziUhxBf0OARTFNWv -eBukkykCgYAuJ9jYMXVXae4phx0SgUNR40y7TA/TWbK2QgVGhWoGLlOOD3eqlxRS -xjV5ZcOy5XcCsL5tyN5IhTRUdCWF0l/v9EfvY0Zib7BWZk/dFcmLba2w2YW4cWD4 -WI5hndU1a8engsQ9C7PQPzU9GiRbcnwU8n1pGAE5Aa8u7b3WCFi2ag== ------END RSA PRIVATE KEY----- diff --git a/issuance/issuer_test.go b/issuance/issuer_test.go index f7f09522b..4e96145a1 100644 --- a/issuance/issuer_test.go +++ b/issuance/issuer_test.go @@ -214,12 +214,12 @@ func TestNewIssuerKeyUsage(t *testing.T) { func TestLoadChain_Valid(t *testing.T) { chain, err := LoadChain([]string{ - "../test/test-ca-cross.pem", - "../test/test-root2.pem", + "../test/hierarchy/int-e1.cert.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertNotError(t, err, "Should load valid chain") - expectedIssuer, err := core.LoadCert("../test/test-ca-cross.pem") + expectedIssuer, err := core.LoadCert("../test/hierarchy/int-e1.cert.pem") test.AssertNotError(t, err, "Failed to load test issuer") chainIssuer := chain[0] @@ -236,12 +236,12 @@ func TestLoadChain_TooShort(t *testing.T) { func TestLoadChain_Unloadable(t *testing.T) { _, err := LoadChain([]string{ "does-not-exist.pem", - "../test/test-root2.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertError(t, err, "Should reject unloadable chain") _, err = LoadChain([]string{ - "../test/test-ca-cross.pem", + "../test/hierarchy/int-e1.cert.pem", "does-not-exist.pem", }) test.AssertError(t, err, "Should reject unloadable chain") @@ -251,19 +251,19 @@ func TestLoadChain_Unloadable(t *testing.T) { test.AssertNotError(t, err, "Error writing invalid PEM tmp file") _, err = LoadChain([]string{ invalidPEMFile.Name(), - "../test/test-root2.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertError(t, err, "Should reject unloadable chain") } func TestLoadChain_InvalidSig(t *testing.T) { _, err := LoadChain([]string{ - "../test/test-root2.pem", - "../test/test-ca-cross.pem", + "../test/hierarchy/int-e1.cert.pem", + "../test/hierarchy/root-x1.cert.pem", }) test.AssertError(t, err, "Should reject invalid signature") - test.Assert(t, strings.Contains(err.Error(), "test-ca-cross.pem"), + test.Assert(t, strings.Contains(err.Error(), "root-x1.cert.pem"), fmt.Sprintf("Expected error to mention filename, got: %s", err)) - test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=happy hacker fake CA\""), + test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=(TEST) Ineffable Ice X1"), fmt.Sprintf("Expected error to mention subject, got: %s", err)) } diff --git a/start.py b/start.py index b297390e3..f224b9e6c 100755 --- a/start.py +++ b/start.py @@ -20,9 +20,6 @@ import startservers if not startservers.install(race_detection=False): raise(Exception("failed to build")) -# Setup issuance hierarchy -startservers.setupHierarchy() - if not startservers.start(fakeclock=None): sys.exit(1) try: diff --git a/t.sh b/t.sh index 10b87227d..a2d1a1ea5 100755 --- a/t.sh +++ b/t.sh @@ -7,6 +7,9 @@ if type realpath >/dev/null 2>&1 ; then cd "$(realpath -- $(dirname -- "$0"))" fi +# Generate the test keys and certs necessary for the integration tests. +docker compose up bsetup + # Use a predictable name for the container so we can grab the logs later # for use when testing logs analysis tools. docker rm boulder_tests diff --git a/test/PKI.md b/test/PKI.md deleted file mode 100644 index 9236f7bd3..000000000 --- a/test/PKI.md +++ /dev/null @@ -1,50 +0,0 @@ -Boulder's test environment contains four separate PKIs: -* WFE (simulating the public WebPKI) -* gRPC (simulating an internal PKI) -* Redis (simulating another internal PKI) -* Issuance - -In live deployment, the issuance PKI is a member of the global WebPKI, but we -simulate them as separate PKIs here. - -The PKI used by WFE is under `test/wfe-tls/`, with `test/wfe-tls/minica.pem` -serving as the root. There are no intermediates. Setting -`test/wfe-tls/minica.pem` as a trusted root is sufficient to connect to the WFE -over HTTPS. Currently there is only one end-entity certificate in this PKI, and -that's all we expect to need. To validate HTTPS connections to a test-mode WFE -in Python, set the environment variable `REQUESTS_CA_BUNDLE`. For Node, set -`NODE_EXTRA_CA_CERTS`. These variables should be set to -`/path/to/boulder/test/wfe-tls/minica.pem` (but only in testing environments!). -Note that in the Python case, setting this environment variable may break HTTPS -connections to non-WFE destinations. If causes problems for you, you may need to -create a combined bundle containing `test/wfe-tls/minica.pem` in addition to the -other relevant root certificates. - -The gRPC PKI is under `test/grpc-creds/`. Each Boulder component has two -hostnames, each resolving to a different IP address in our test environment, -plus a third hostname that resolves to both IP addresses. Certificates for these -components contain all three hostnames, both test IP addresses, and are stored -under `test/grpc-creds/SERVICE.boulder`. - -To issue new certificates in the WFE or gRPC PKI, install -https://github.com/jsha/minica, cd to the directory containing `minica.pem` for -the PKI you want to issue in, and run `minica -domains YOUR_NEW_DOMAINs`. If -you're updating the gRPC PKI, please make sure to update -`grpc-creds/generate.sh`. - -The issuance PKI consists of a RSA and ECDSA roots, several intermediates and -cross-signed intermediates, and CRLs. These certificates and their keys are -generated using the `ceremony` tool during integration testing. The private keys -are stored in SoftHSM in the boulder repository root `.softhsm-tokens/` folder, -and the public keys and certificates are written out to the boulder repository -root in the `.hierarchy/` folder. - -To regenerate the issuance PKI files, run the following commands: - - sudo rm -f .hierarchy/ .softhsm-tokens/ - docker compose run -it boulder go run test/cert-ceremonies/generate.go - -Certificate `test-example.pem`, together with `test-example.key` are self-signed -certs used in integration tests and were generated using: - - openssl req -x509 -newkey rsa:4096 -keyout test-example.key -out test-example.pem -days 36500 -nodes -subj "/CN=www.example.com" diff --git a/test/boulder-tools/Dockerfile b/test/boulder-tools/Dockerfile index 6dc912028..7470a47e5 100644 --- a/test/boulder-tools/Dockerfile +++ b/test/boulder-tools/Dockerfile @@ -15,6 +15,7 @@ RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2.0 RUN go install github.com/letsencrypt/pebble/v2/cmd/pebble-challtestsrv@66511d8 RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2 RUN go install honnef.co/go/tools/cmd/staticcheck@2023.1.7 +RUN go install github.com/jsha/minica@v1.1.0 FROM rust:bullseye as rustdeps # Provided automatically by docker build. diff --git a/test/certs/.gitignore b/test/certs/.gitignore new file mode 100644 index 000000000..ddb1034ff --- /dev/null +++ b/test/certs/.gitignore @@ -0,0 +1,3 @@ +/ipki +/webpki +/.softhsm-tokens diff --git a/test/certs/README.md b/test/certs/README.md new file mode 100644 index 000000000..e70955d02 --- /dev/null +++ b/test/certs/README.md @@ -0,0 +1,71 @@ +# Test keys and certificates + +## Dynamically-Generated PKIs + +This directory contains scripts and programs which generate PKIs (collections of +keys and certificates) for use in our integration tests. Each PKI has its own +subdirectory. The scripts do not regenerate a directory if it already exists, to +allow the generated files to be re-used across many runs on a developer's +machine. To force the scripts to regenerate a PKI, simply delete its whole +directory. + +This script is invoked automatically by the `bsetup` container in our docker +compose system. It is invoked automatically by `t.sh` and `tn.sh`. If you want +to run it manually, the expected way to do so is: + +```sh +$ docker compose up bsetup +[+] Running 0/1 +Attaching to bsetup-1 +bsetup-1 | Generating ipki/... +bsetup-1 | Generating webpki/... +bsetup-1 exited with code 0 +``` + +To add new certificates to an existing PKI, edit the script which generates that +PKI's subdirectory. To add a whole new PKI, create a new generation script, +execute that script from this directory's top-level `generate.sh`, and add the +new subdirectory to this directory's `.gitignore` file. + +### webpki + +The "webpki" PKI emulates our publicly-trusted hierarchy. It consists of RSA and +ECDSA roots, several intermediates and cross-signed intermediates, and CRLs. +These certificates and their keys are generated using the `ceremony` tool. The +private keys are stored in SoftHSM in the `.softhsm-tokens` subdirectory. + +This PKI is loaded by the CA, RA, and other components. It is used as the +issuance hierarchy for all end-entity certificates issued as part of the +integration tests. + +### ipki + +The "ipki" PKI emulates our internal PKI that the various Boulder services use +to authenticate each other when establishing gRPC connections. It includes one +certificate for each service which participates in our gRPC cluster. Some of +these certificates (for the services that we run multiple copies of) have +multiple names, so the same certificate can be loaded by each copy of that +service. + +This PKI is loaded by virtually every Boulder component. + +## Other Test PKIs + +A variety of other PKIs (collections of keys and certificates) exist in this +repository for the sake of unit and integration testing. We list them here as a +TODO-list of PKIs to remove and clean up: + +- challtestsrv DoH: Our fake DNS challenge test server (which fulfills DNS-01 + challenges during integration tests) can negotiate DoH handshakes. The key and + cert is uses for this are currently generated as part of the ipki directory, + but are fundamentally different from that PKI and should be moved. +- wfe-tls: The //test/wfe-tls/ directory holds the key and certificate which the + WFE uses to negotiate TLS handshakes with API clients. +- redis: The //test/redis-tls/ directory holds the key and certificate used by + our test redis cluster. This should probably be moved into the ipki directory. +- unit tests: the //test/hierarchy/ directory holds a variety of certificates + used by unit tests. These should be replaced by certs which the unit tests + dynamically generate in-memory, rather than loading from disk. +- misc: the top-level //test/ directory contains a variety of keys and + certificates which are used largely at random throughout the tests. These + should be removed and replaced with one of the existing PKIs. diff --git a/test/certs/generate.sh b/test/certs/generate.sh new file mode 100755 index 000000000..ad68869c2 --- /dev/null +++ b/test/certs/generate.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -e + +cd "$(realpath -- $(dirname -- "$0"))" + +ipki() ( + # Check that `minica` is installed + command -v minica >/dev/null 2>&1 || { + echo >&2 "No 'minica' command available."; + echo >&2 "Check your GOPATH and run: 'go install github.com/jsha/minica@latest'."; + exit 1; + } + + # Minica generates everything in-place, so we need to cd into the subdirectory. + # This function executes in a subshell, so this cd does not affect the parent + # script. + mkdir ipki + cd ipki + + # Used by challtestsrv to negotiate DoH handshakes. + # TODO: Move this out of the ipki directory. + # This also creates the issuer key, so the loops below can run in the + # background without competing over who gets to create it. + minica -ip-addresses 10.77.77.77,10.88.88.88 + + for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \ + wfe akamai-purger bad-key-revoker crl-updater crl-storer \ + health-checker; do + minica -domains "${SERVICE}.boulder" & + done + + for SERVICE in publisher nonce ra ca sa va rva ; do + minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" & + done + + wait + + # minica sets restrictive directory permissions, but we don't want that + chmod -R go+rX . +) + +webpki() ( + # Because it invokes the ceremony tool, webpki.go expects to be invoked with + # the root of the boulder repo as the current working directory. + # This function executes in a subshell, so this cd does not affect the parent + # script. + cd ../.. + mkdir ./test/certs/webpki + go run ./test/certs/webpki.go +) + +if ! [ -d ipki ]; then + echo "Generating ipki/..." + ipki +fi + +if ! [ -d webpki ]; then + echo "Generating webpki/..." + webpki +fi diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml b/test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml similarity index 76% rename from test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml rename to test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml index 1390e214a..1b0409045 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml +++ b/test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml @@ -5,11 +5,11 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-rsa.cert.pem - certificate-to-cross-sign-path: /hierarchy/{{ .FileName }}.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem + certificate-to-cross-sign-path: test/certs/webpki/{{ .FileName }}.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}-cross.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}-cross.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml b/test/certs/intermediate-cert-ceremony-ecdsa.yaml similarity index 75% rename from test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml rename to test/certs/intermediate-cert-ceremony-ecdsa.yaml index 16ca1926b..f5a4fc241 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml +++ b/test/certs/intermediate-cert-ceremony-ecdsa.yaml @@ -5,10 +5,10 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root ecdsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem certificate-profile: signature-algorithm: ECDSAWithSHA384 common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml b/test/certs/intermediate-cert-ceremony-rsa.yaml similarity index 75% rename from test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml rename to test/certs/intermediate-cert-ceremony-rsa.yaml index e4c380bad..6ed8ddaff 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml +++ b/test/certs/intermediate-cert-ceremony-rsa.yaml @@ -5,10 +5,10 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-rsa.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml b/test/certs/intermediate-key-ceremony-ecdsa.yaml similarity index 61% rename from test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml rename to test/certs/intermediate-key-ceremony-ecdsa.yaml index 5325f3214..13835efe7 100644 --- a/test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml +++ b/test/certs/intermediate-key-ceremony-ecdsa.yaml @@ -8,5 +8,5 @@ key: type: ecdsa ecdsa-curve: P-384 outputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json diff --git a/test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml b/test/certs/intermediate-key-ceremony-rsa.yaml similarity index 61% rename from test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml rename to test/certs/intermediate-key-ceremony-rsa.yaml index 76e8488f7..439abf15c 100644 --- a/test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml +++ b/test/certs/intermediate-key-ceremony-rsa.yaml @@ -8,5 +8,5 @@ key: type: rsa rsa-mod-length: 2048 outputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json diff --git a/test/cert-ceremonies/root-ceremony-ecdsa.yaml b/test/certs/root-ceremony-ecdsa.yaml similarity index 83% rename from test/cert-ceremonies/root-ceremony-ecdsa.yaml rename to test/certs/root-ceremony-ecdsa.yaml index ef73ab4f1..573533d48 100644 --- a/test/cert-ceremonies/root-ceremony-ecdsa.yaml +++ b/test/certs/root-ceremony-ecdsa.yaml @@ -8,8 +8,8 @@ key: type: ecdsa ecdsa-curve: P-384 outputs: - public-key-path: /hierarchy/root-ecdsa.pubkey.pem - certificate-path: /hierarchy/root-ecdsa.cert.pem + public-key-path: test/certs/webpki/root-ecdsa.pubkey.pem + certificate-path: test/certs/webpki/root-ecdsa.cert.pem certificate-profile: signature-algorithm: ECDSAWithSHA384 common-name: root ecdsa diff --git a/test/cert-ceremonies/root-ceremony-rsa.yaml b/test/certs/root-ceremony-rsa.yaml similarity index 83% rename from test/cert-ceremonies/root-ceremony-rsa.yaml rename to test/certs/root-ceremony-rsa.yaml index 79c39f549..1bc5a3230 100644 --- a/test/cert-ceremonies/root-ceremony-rsa.yaml +++ b/test/certs/root-ceremony-rsa.yaml @@ -8,8 +8,8 @@ key: type: rsa rsa-mod-length: 4096 outputs: - public-key-path: /hierarchy/root-rsa.pubkey.pem - certificate-path: /hierarchy/root-rsa.cert.pem + public-key-path: test/certs/webpki/root-rsa.pubkey.pem + certificate-path: test/certs/webpki/root-rsa.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: root rsa diff --git a/test/cert-ceremonies/root-crl-ecdsa.yaml b/test/certs/root-crl-ecdsa.yaml similarity index 69% rename from test/cert-ceremonies/root-crl-ecdsa.yaml rename to test/certs/root-crl-ecdsa.yaml index 372805428..b68f36316 100644 --- a/test/cert-ceremonies/root-crl-ecdsa.yaml +++ b/test/certs/root-crl-ecdsa.yaml @@ -5,9 +5,9 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root ecdsa inputs: - issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem + issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem outputs: - crl-path: /hierarchy/root-ecdsa.crl.pem + crl-path: test/certs/webpki/root-ecdsa.crl.pem crl-profile: this-update: 2023-01-01 12:00:00 next-update: 2023-12-15 12:00:00 diff --git a/test/cert-ceremonies/root-crl-rsa.yaml b/test/certs/root-crl-rsa.yaml similarity index 70% rename from test/cert-ceremonies/root-crl-rsa.yaml rename to test/certs/root-crl-rsa.yaml index 56e631134..ee23302e7 100644 --- a/test/cert-ceremonies/root-crl-rsa.yaml +++ b/test/certs/root-crl-rsa.yaml @@ -5,9 +5,9 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - issuer-certificate-path: /hierarchy/root-rsa.cert.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem outputs: - crl-path: /hierarchy/root-rsa.crl.pem + crl-path: test/certs/webpki/root-rsa.crl.pem crl-profile: this-update: 2023-01-01 12:00:00 next-update: 2023-12-15 12:00:00 diff --git a/test/cert-ceremonies/generate.go b/test/certs/webpki.go similarity index 79% rename from test/cert-ceremonies/generate.go rename to test/certs/webpki.go index b72c00f86..759c11694 100644 --- a/test/cert-ceremonies/generate.go +++ b/test/certs/webpki.go @@ -38,7 +38,7 @@ func genKey(path string, inSlot string) error { if err != nil { return err } - output, err := exec.Command("bin/ceremony", "-config", tmpPath).CombinedOutput() + output, err := exec.Command("./bin/ceremony", "-config", tmpPath).CombinedOutput() if err != nil { return fmt.Errorf("error running ceremony for %s: %s:\n%s", tmpPath, err, string(output)) } @@ -70,7 +70,7 @@ func rewriteConfig(path string, rewrites map[string]string) (string, error) { // runCeremony is used to run a ceremony with a given config. func runCeremony(path string) error { - output, err := exec.Command("bin/ceremony", "-config", path).CombinedOutput() + output, err := exec.Command("./bin/ceremony", "-config", path).CombinedOutput() if err != nil { return fmt.Errorf("error running ceremony for %s: %s:\n%s", path, err, string(output)) } @@ -81,17 +81,9 @@ func main() { _ = blog.Set(blog.StdoutLogger(6)) defer cmd.AuditPanic() - // If one of the output files already exists, assume this ran once - // already for the container and don't re-run. - outputFile := "/hierarchy/root-rsa.pubkey.pem" - if loc, err := os.Stat(outputFile); err == nil && loc.Mode().IsRegular() { - fmt.Println("skipping certificate generation: already exists") - return - } else if err == nil && !loc.Mode().IsRegular() { - cmd.Fail(fmt.Sprintf("statting %q: not a regular file", outputFile)) - } else if err != nil && !os.IsNotExist(err) { - cmd.Fail(fmt.Sprintf("statting %q: %s", outputFile, err)) - } + // Compile the ceremony binary for easy re-use. + _, err := exec.Command("make", "build").CombinedOutput() + cmd.FailOnError(err, "compiling ceremony tool") // Create SoftHSM slots for the root signing keys rsaRootKeySlot, err := createSlot("Root RSA") @@ -100,9 +92,9 @@ func main() { cmd.FailOnError(err, "failed creating softhsm2 slot for ECDSA root key") // Generate the root signing keys and certificates - err = genKey("test/cert-ceremonies/root-ceremony-rsa.yaml", rsaRootKeySlot) + err = genKey("test/certs/root-ceremony-rsa.yaml", rsaRootKeySlot) cmd.FailOnError(err, "failed to generate RSA root key + root cert") - err = genKey("test/cert-ceremonies/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot) + err = genKey("test/certs/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot) cmd.FailOnError(err, "failed to generate ECDSA root key + root cert") // Do everything for all of the intermediates @@ -126,7 +118,7 @@ func main() { cmd.FailOnError(err, "failed to create softhsm2 slot for intermediate key") // Generate key - keyConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-key-ceremony-%s.yaml", alg) + keyConfigTemplate := fmt.Sprintf("test/certs/intermediate-key-ceremony-%s.yaml", alg) keyConfig, err := rewriteConfig(keyConfigTemplate, map[string]string{ "SlotID": keySlot, "Label": name, @@ -138,7 +130,7 @@ func main() { cmd.FailOnError(err, "failed to generate intermediate key") // Generate cert - certConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s.yaml", alg) + certConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s.yaml", alg) certConfig, err := rewriteConfig(certConfigTemplate, map[string]string{ "SlotID": rootKeySlot, "CommonName": name, @@ -154,7 +146,7 @@ func main() { continue } - crossConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s-cross.yaml", alg) + crossConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s-cross.yaml", alg) crossConfig, err := rewriteConfig(crossConfigTemplate, map[string]string{ "SlotID": rsaRootKeySlot, "CommonName": name, @@ -168,14 +160,14 @@ func main() { } // Create CRLs stating that the intermediates are not revoked. - rsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-rsa.yaml", map[string]string{ + rsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-rsa.yaml", map[string]string{ "SlotID": rsaRootKeySlot, }) cmd.FailOnError(err, "failed to rewrite RSA root CRL config with key ID") err = runCeremony(rsaTmpCRLConfig) cmd.FailOnError(err, "failed to generate RSA root CRL") - ecdsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-ecdsa.yaml", map[string]string{ + ecdsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-ecdsa.yaml", map[string]string{ "SlotID": ecdsaRootKeySlot, }) cmd.FailOnError(err, "failed to rewrite ECDSA root CRL config with key ID") diff --git a/test/config-next/admin-revoker.json b/test/config-next/admin-revoker.json index 2f8a16344..389fc0080 100644 --- a/test/config-next/admin-revoker.json +++ b/test/config-next/admin-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 1 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/admin.json b/test/config-next/admin.json index bd85f80ff..09dfe167d 100644 --- a/test/config-next/admin.json +++ b/test/config-next/admin.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8014", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/akamai-purger.json b/test/config-next/akamai-purger.json index 0f6303ebc..d9c6ee75e 100644 --- a/test/config-next/akamai-purger.json +++ b/test/config-next/akamai-purger.json @@ -12,9 +12,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9099", diff --git a/test/config-next/bad-key-revoker.json b/test/config-next/bad-key-revoker.json index be9afdd27..c66693c40 100644 --- a/test/config-next/bad-key-revoker.json +++ b/test/config-next/bad-key-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 10 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/ca.json b/test/config-next/ca.json index e2f682bb8..58c335d9f 100644 --- a/test/config-next/ca.json +++ b/test/config-next/ca.json @@ -1,9 +1,9 @@ { "ca": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ca.boulder/cert.pem", - "keyFile": "test/grpc-creds/ca.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ca.boulder/cert.pem", + "keyFile": "test/certs/ipki/ca.boulder/key.pem" }, "hostnamePolicyFile": "test/hostname-policy.yaml", "grpcCA": { @@ -69,8 +69,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-a/", "location": { - "configFile": "/hierarchy/int-ecdsa-a.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-a.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", "numSessions": 2 } }, @@ -80,8 +80,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-b/", "location": { - "configFile": "/hierarchy/int-ecdsa-b.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-b.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-b.cert.pem", "numSessions": 2 } }, @@ -91,8 +91,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-c/", "location": { - "configFile": "/hierarchy/int-ecdsa-c.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-c.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-c.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-c.cert.pem", "numSessions": 2 } }, @@ -102,8 +102,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-a/", "location": { - "configFile": "/hierarchy/int-rsa-a.pkcs11.json", - "certFile": "/hierarchy/int-rsa-a.cert.pem", + "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-a.cert.pem", "numSessions": 2 } }, @@ -113,8 +113,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-b/", "location": { - "configFile": "/hierarchy/int-rsa-b.pkcs11.json", - "certFile": "/hierarchy/int-rsa-b.cert.pem", + "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-b.cert.pem", "numSessions": 2 } }, @@ -124,8 +124,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-c/", "location": { - "configFile": "/hierarchy/int-rsa-c.pkcs11.json", - "certFile": "/hierarchy/int-rsa-c.cert.pem", + "configFile": "test/certs/webpki/int-rsa-c.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-c.cert.pem", "numSessions": 2 } } diff --git a/test/config-next/crl-storer.json b/test/config-next/crl-storer.json index 61352d23d..0934bcef0 100644 --- a/test/config-next/crl-storer.json +++ b/test/config-next/crl-storer.json @@ -1,9 +1,9 @@ { "crlStorer": { "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-storer.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-storer.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-storer.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-storer.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", @@ -21,12 +21,12 @@ } }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", diff --git a/test/config-next/crl-updater.json b/test/config-next/crl-updater.json index d31ea4af1..86f7e601d 100644 --- a/test/config-next/crl-updater.json +++ b/test/config-next/crl-updater.json @@ -1,9 +1,9 @@ { "crlUpdater": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-updater.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-updater.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-updater.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-updater.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", @@ -36,12 +36,12 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "numShards": 10, "shardWidth": "240h", diff --git a/test/config-next/expiration-mailer.json b/test/config-next/expiration-mailer.json index 0b7847149..52eefb891 100644 --- a/test/config-next/expiration-mailer.json +++ b/test/config-next/expiration-mailer.json @@ -19,9 +19,9 @@ "emailTemplate": "test/config-next/expiration-mailer.gotmpl", "parallelSends": 10, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem", - "keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem", + "keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/health-checker.json b/test/config-next/health-checker.json index 599916264..e2663f510 100644 --- a/test/config-next/health-checker.json +++ b/test/config-next/health-checker.json @@ -3,8 +3,8 @@ "timeout": "1s" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/health-checker.boulder/cert.pem", - "keyFile": "test/grpc-creds/health-checker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/health-checker.boulder/cert.pem", + "keyFile": "test/certs/ipki/health-checker.boulder/key.pem" } } diff --git a/test/config-next/nonce-a.json b/test/config-next/nonce-a.json index d1a86a2b0..5e3a00c07 100644 --- a/test/config-next/nonce-a.json +++ b/test/config-next/nonce-a.json @@ -29,9 +29,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config-next/nonce-b.json b/test/config-next/nonce-b.json index d1a86a2b0..5e3a00c07 100644 --- a/test/config-next/nonce-b.json +++ b/test/config-next/nonce-b.json @@ -29,9 +29,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config-next/ocsp-responder.json b/test/config-next/ocsp-responder.json index d66404cac..df989d3a7 100644 --- a/test/config-next/ocsp-responder.json +++ b/test/config-next/ocsp-responder.json @@ -17,9 +17,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", - "keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem", + "keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -44,12 +44,12 @@ "logSampleRate": 1, "path": "/", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "liveSigningPeriod": "60h", "timeout": "4.9s", diff --git a/test/config-next/publisher.json b/test/config-next/publisher.json index af519b2df..3d0a0fb7e 100644 --- a/test/config-next/publisher.json +++ b/test/config-next/publisher.json @@ -4,20 +4,20 @@ "blockProfileRate": 1000000000, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ] ], "grpc": { @@ -36,9 +36,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/publisher.boulder/cert.pem", - "keyFile": "test/grpc-creds/publisher.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/publisher.boulder/cert.pem", + "keyFile": "test/certs/ipki/publisher.boulder/key.pem" }, "features": {} }, diff --git a/test/config-next/ra.json b/test/config-next/ra.json index a453eeb51..6ead49561 100644 --- a/test/config-next/ra.json +++ b/test/config-next/ra.json @@ -14,17 +14,17 @@ "orderLifetime": "168h", "finalizeTimeout": "30s", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ra.boulder/cert.pem", - "keyFile": "test/grpc-creds/ra.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ra.boulder/cert.pem", + "keyFile": "test/certs/ipki/ra.boulder/key.pem" }, "vaService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/remoteva-a.json b/test/config-next/remoteva-a.json index 1a2d3d5f0..4085a6e14 100644 --- a/test/config-next/remoteva-a.json +++ b/test/config-next/remoteva-a.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "skipGRPCClientCertVerification": true, "grpc": { diff --git a/test/config-next/remoteva-b.json b/test/config-next/remoteva-b.json index 6ab73ee7d..8e9a44e84 100644 --- a/test/config-next/remoteva-b.json +++ b/test/config-next/remoteva-b.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "skipGRPCClientCertVerification": true, "grpc": { diff --git a/test/config-next/sa.json b/test/config-next/sa.json index 45ec38100..c11cc9b43 100644 --- a/test/config-next/sa.json +++ b/test/config-next/sa.json @@ -15,9 +15,9 @@ "ParallelismPerRPC": 20, "lagFactor": "200ms", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/sa.boulder/cert.pem", - "keyFile": "test/grpc-creds/sa.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/sa.boulder/cert.pem", + "keyFile": "test/certs/ipki/sa.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va-remote-a.json b/test/config-next/va-remote-a.json index 682e393f0..15cac91de 100644 --- a/test/config-next/va-remote-a.json +++ b/test/config-next/va-remote-a.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va-remote-b.json b/test/config-next/va-remote-b.json index e10964f72..e7fd187a5 100644 --- a/test/config-next/va-remote-b.json +++ b/test/config-next/va-remote-b.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va.json b/test/config-next/va.json index bd3ad7677..abc38e538 100644 --- a/test/config-next/va.json +++ b/test/config-next/va.json @@ -13,9 +13,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/va.boulder/cert.pem", - "keyFile": "test/grpc-creds/va.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/va.boulder/cert.pem", + "keyFile": "test/certs/ipki/va.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/wfe2.json b/test/config-next/wfe2.json index 4c5fec4d4..b351c30b4 100644 --- a/test/config-next/wfe2.json +++ b/test/config-next/wfe2.json @@ -15,9 +15,9 @@ "blockedKeyFile": "test/example-blocked-keys.yaml" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -75,28 +75,28 @@ }, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-a-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-b-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ] ], "staleTimeout": "5m", diff --git a/test/config/admin-revoker.json b/test/config/admin-revoker.json index 4e364e3db..c450e0087 100644 --- a/test/config/admin-revoker.json +++ b/test/config/admin-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 1 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/admin.json b/test/config/admin.json index 4e8bdc423..44ff407af 100644 --- a/test/config/admin.json +++ b/test/config/admin.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8014", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/akamai-purger.json b/test/config/akamai-purger.json index 29e90e6ba..3b2fe51b7 100644 --- a/test/config/akamai-purger.json +++ b/test/config/akamai-purger.json @@ -9,9 +9,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9099", diff --git a/test/config/bad-key-revoker.json b/test/config/bad-key-revoker.json index 941f20443..3dda0c442 100644 --- a/test/config/bad-key-revoker.json +++ b/test/config/bad-key-revoker.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8020", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/ca.json b/test/config/ca.json index d1a034c37..cbb84f385 100644 --- a/test/config/ca.json +++ b/test/config/ca.json @@ -2,9 +2,9 @@ "ca": { "debugAddr": ":8001", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ca.boulder/cert.pem", - "keyFile": "test/grpc-creds/ca.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ca.boulder/cert.pem", + "keyFile": "test/certs/ipki/ca.boulder/key.pem" }, "hostnamePolicyFile": "test/hostname-policy.yaml", "grpcCA": { @@ -65,8 +65,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-a/", "location": { - "configFile": "/hierarchy/int-ecdsa-a.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-a.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", "numSessions": 2 } }, @@ -77,8 +77,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-a/", "location": { - "configFile": "/hierarchy/int-rsa-a.pkcs11.json", - "certFile": "/hierarchy/int-rsa-a.cert.pem", + "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-a.cert.pem", "numSessions": 2 } }, @@ -89,8 +89,8 @@ "ocspURL": "http://ca.example.org:4003/", "crlURLBase": "http://ca.example.org:4501/rsa-b/", "location": { - "configFile": "/hierarchy/int-rsa-b.pkcs11.json", - "certFile": "/hierarchy/int-rsa-b.cert.pem", + "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-b.cert.pem", "numSessions": 2 } } diff --git a/test/config/crl-storer.json b/test/config/crl-storer.json index 0630fc55d..ee3285d0a 100644 --- a/test/config/crl-storer.json +++ b/test/config/crl-storer.json @@ -2,9 +2,9 @@ "crlStorer": { "debugAddr": ":9667", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-storer.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-storer.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-storer.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-storer.boulder/key.pem" }, "grpc": { "address": ":9309", @@ -23,9 +23,9 @@ } }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json index 802eb38ce..aabfad987 100644 --- a/test/config/crl-updater.json +++ b/test/config/crl-updater.json @@ -1,9 +1,9 @@ { "crlUpdater": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-updater.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-updater.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-updater.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-updater.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", @@ -36,9 +36,9 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "numShards": 10, "shardWidth": "240h", diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer.json index 9eaa6442e..8992dc17e 100644 --- a/test/config/expiration-mailer.json +++ b/test/config/expiration-mailer.json @@ -17,9 +17,9 @@ "emailTemplate": "test/config/expiration-mailer.gotmpl", "debugAddr": ":8008", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem", - "keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem", + "keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/health-checker.json b/test/config/health-checker.json index 599916264..e2663f510 100644 --- a/test/config/health-checker.json +++ b/test/config/health-checker.json @@ -3,8 +3,8 @@ "timeout": "1s" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/health-checker.boulder/cert.pem", - "keyFile": "test/grpc-creds/health-checker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/health-checker.boulder/cert.pem", + "keyFile": "test/certs/ipki/health-checker.boulder/key.pem" } } diff --git a/test/config/nonce-a.json b/test/config/nonce-a.json index 70fdf15e0..c2dd9765c 100644 --- a/test/config/nonce-a.json +++ b/test/config/nonce-a.json @@ -27,9 +27,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config/nonce-b.json b/test/config/nonce-b.json index 70fdf15e0..c2dd9765c 100644 --- a/test/config/nonce-b.json +++ b/test/config/nonce-b.json @@ -27,9 +27,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config/ocsp-responder.json b/test/config/ocsp-responder.json index f1762213a..cb66e9db2 100644 --- a/test/config/ocsp-responder.json +++ b/test/config/ocsp-responder.json @@ -21,9 +21,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", - "keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem", + "keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -49,9 +49,9 @@ "path": "/", "listenAddress": "0.0.0.0:4002", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "liveSigningPeriod": "60h", "timeout": "4.9s", diff --git a/test/config/publisher.json b/test/config/publisher.json index 409e88fad..8b67b0bc7 100644 --- a/test/config/publisher.json +++ b/test/config/publisher.json @@ -4,20 +4,20 @@ "blockProfileRate": 1000000000, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ] ], "debugAddr": ":8009", @@ -38,9 +38,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/publisher.boulder/cert.pem", - "keyFile": "test/grpc-creds/publisher.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/publisher.boulder/cert.pem", + "keyFile": "test/certs/ipki/publisher.boulder/key.pem" }, "features": {} }, diff --git a/test/config/ra.json b/test/config/ra.json index 20e997c18..add1779ab 100644 --- a/test/config/ra.json +++ b/test/config/ra.json @@ -14,14 +14,14 @@ }, "orderLifetime": "168h", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ra.boulder/cert.pem", - "keyFile": "test/grpc-creds/ra.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ra.boulder/cert.pem", + "keyFile": "test/certs/ipki/ra.boulder/key.pem" }, "vaService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/remoteva-a.json b/test/config/remoteva-a.json index 49d7ef5a8..ca21d7c89 100644 --- a/test/config/remoteva-a.json +++ b/test/config/remoteva-a.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/remoteva-b.json b/test/config/remoteva-b.json index 5adc12af8..f49cd16c1 100644 --- a/test/config/remoteva-b.json +++ b/test/config/remoteva-b.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/sa.json b/test/config/sa.json index d5dd3d170..24f635628 100644 --- a/test/config/sa.json +++ b/test/config/sa.json @@ -11,9 +11,9 @@ "ParallelismPerRPC": 20, "debugAddr": ":8003", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/sa.boulder/cert.pem", - "keyFile": "test/grpc-creds/sa.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/sa.boulder/cert.pem", + "keyFile": "test/certs/ipki/sa.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va-remote-a.json b/test/config/va-remote-a.json index 2a841578a..c9571b5c4 100644 --- a/test/config/va-remote-a.json +++ b/test/config/va-remote-a.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va-remote-b.json b/test/config/va-remote-b.json index eab681227..c853f0cd9 100644 --- a/test/config/va-remote-b.json +++ b/test/config/va-remote-b.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va.json b/test/config/va.json index efb346be4..37388b8f9 100644 --- a/test/config/va.json +++ b/test/config/va.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/va.boulder/cert.pem", - "keyFile": "test/grpc-creds/va.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/va.boulder/cert.pem", + "keyFile": "test/certs/ipki/va.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/wfe2.json b/test/config/wfe2.json index 7abb7899d..574b9b09c 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json @@ -17,9 +17,9 @@ "blockedKeyFile": "test/example-blocked-keys.yaml" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -77,28 +77,28 @@ }, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-a-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-b-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ] ], "staleTimeout": "5m", diff --git a/test/consul/config.hcl b/test/consul/config.hcl index b8543f577..08e3c2d1d 100644 --- a/test/consul/config.hcl +++ b/test/consul/config.hcl @@ -10,10 +10,10 @@ log_level = "ERROR" enable_agent_tls_for_checks = true tls { defaults { - ca_file = "test/grpc-creds/minica.pem" - ca_path = "test/grpc-creds/minica-key.pem" - cert_file = "test/grpc-creds/consul.boulder/cert.pem" - key_file = "test/grpc-creds/consul.boulder/key.pem" + ca_file = "test/certs/ipki/minica.pem" + ca_path = "test/certs/ipki/minica-key.pem" + cert_file = "test/certs/ipki/consul.boulder/cert.pem" + key_file = "test/certs/ipki/consul.boulder/key.pem" verify_incoming = false } } diff --git a/test/example-blocked-keys.yaml b/test/example-blocked-keys.yaml index 093a1e46a..028d7423f 100644 --- a/test/example-blocked-keys.yaml +++ b/test/example-blocked-keys.yaml @@ -14,10 +14,6 @@ blocked: - F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg= # test/test-ca.pem - F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg= - # test/test-example.pem - - 6E/Drp3Lzo85pYykpzx/tZpQZXeovto8/ezq1DBiSCc= - # test/test-root.pem - - Jy5HDlBtUvKkLtEsGbdp0o9LvVJx1lYG3R+n5G/KgIo= # test/block-a-key/test/test.ecdsa.cert.pem - cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M= # test/block-a-key/test/test.rsa.cert.pem diff --git a/test/grpc-creds/10.77.77.77/cert.pem b/test/grpc-creds/10.77.77.77/cert.pem deleted file mode 100644 index 12804efa3..000000000 --- a/test/grpc-creds/10.77.77.77/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDjCCAfagAwIBAgIIQbFdR2fXsHswDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMTIwODE4MDkzMloXDTI2MDEw -NzE4MDkzMlowFjEUMBIGA1UEAxMLMTAuNzcuNzcuNzcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCrE64Z4Yh4E6aQ1zQiNgCvW5LWBI9yZZybZxLV5J1C -yMtpgY3YsCPZ/6JUI4SvabenU5Pa3T407eHjmDCRNce04j4BE6e7psPjRa7hvI2A -+IvLB7eiaCnE+sdAMFsLxraWwTu67tmeRxYxWScMpULlFren3HNNqmtAN3a4yGy5 -y2pHMgCnOSE9R53tuF2uqJ8BRW44VLDt4kZ9hwm0dW8EJY8MBCACPGtW2YwBG/5E -zrRKDWSBl9g3mYOwgRdxUMV1h0eVr/llVFb+/UZCLUb5zq/zKKEkYOT4Ihr7wtin -ahLwwVwdUsMNE9NzljMC/aIR74qhBeN2xAJ3ZZQKrqL1AgMBAAGjVjBUMA4GA1Ud -DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T -AQH/BAIwADAVBgNVHREEDjAMhwQKTU1NhwQKWFhYMA0GCSqGSIb3DQEBCwUAA4IB -AQCOa5b+zRgQBhlPWiC04K5C/Ys3dUtqKhKrWvPIiraNi792X/T5t1ZL9liV9A6n -b10hHcCDIfyRFIJRyE8G2fyzqNlGwCr8J6puWrg4wMPt8q+6a4r2ZqaXm3aQTfGs -4Tgxz10gOVimeiUshVyrpaceyiboOKxJbBRuLNTTK9Jp74fWRd+F8KAINWN+SpF4 -6ggzXNiPYZZTBPGeAOMyf0rnf7CWAbw017uHhCiykJkMy8sZJcmQF49gDZTIN9pt -eI0SeB4ku5lgAOunqrTGyPLeVaevtcU//TdATuukhnCFes6vt/6yC+sWQEhEQw7P -y2Kp8T8KcOlTeKr8Cb07B2M0 ------END CERTIFICATE----- diff --git a/test/grpc-creds/10.77.77.77/key.pem b/test/grpc-creds/10.77.77.77/key.pem deleted file mode 100644 index 30a8d2135..000000000 --- a/test/grpc-creds/10.77.77.77/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqxOuGeGIeBOmkNc0IjYAr1uS1gSPcmWcm2cS1eSdQsjLaYGN -2LAj2f+iVCOEr2m3p1OT2t0+NO3h45gwkTXHtOI+AROnu6bD40Wu4byNgPiLywe3 -omgpxPrHQDBbC8a2lsE7uu7ZnkcWMVknDKVC5Ra3p9xzTaprQDd2uMhsuctqRzIA -pzkhPUed7bhdrqifAUVuOFSw7eJGfYcJtHVvBCWPDAQgAjxrVtmMARv+RM60Sg1k -gZfYN5mDsIEXcVDFdYdHla/5ZVRW/v1GQi1G+c6v8yihJGDk+CIa+8LYp2oS8MFc -HVLDDRPTc5YzAv2iEe+KoQXjdsQCd2WUCq6i9QIDAQABAoIBACgZH8ifLT5/1J3E -Y0rVf4manCsfvIOiv3dJTIfn4thhehQLsrSkbHLPUTwJazM2Qz6r/07gZpE/ZJ/U -7yVKBromAUR9V+ZK60Uc8yWj7ULafuGiuG8PnSK3aPZpnx1+gROKzTY+f7FylggR -Dm8PWUOa9Icay8fbdvIBTgl3qMxPOCgLyXNXNJHcKIPb71L1T5EL2H9Z5vHF9tFy -TnbpeK0GlmBHIeseVaFzruin3sqxjRftVEgTL5XhTq/9uY3EUutq8SGRoidbpp/+ -cr0I1IpFcrJVmJHKdfJkdRI2u3LtMKS3bpqJU7MKn1DRzvQatdSQwn/V8wU3iG8o -04dus60CgYEA3IBOLJRfMFgj6LbMSySoP8JIzVvnBHIMXGd7mzuYUlV2GjVO5oD2 -nh4Q3eGDT2TZ1GbaGGHLhpCXIx87oSXHZz+vw+sDh+WHEApLKZMRZLMxAbNcsPQL -fhcmaQVkfxaV78rrt8TYuLDIU//bOTwGJ48Maj92RT1z5hOOiBkdQe8CgYEAxp5p -Au9kiJFEIgHVtEN+1qHfnwZJI0xOkDfsd+a1J6PZLimHAfiYETAHfJq1cMC4Mt/G -4l/WDqwcWXI/9A/gN7NRv0miQ+tDyVHntohaGoU+0hm6QfXag6VloWs/X8mlzCeu -46AXAni4lbW9nNWwImEL1uSC/Oo5vB45OpHR/VsCgYAivfyTPZV58olF43dw54ey -9BOwd6iApM+Zx5xMKymm31xKaNfTrcIty6LwstWTrto7gzEd4lrFCwclO4iTrXYr -qHczMVZPFTUgq96H4Go/KZSxJeeW4fzlkxQ0O+tHsvFQ5PIa9GMJRqFpyshpzjFS -DlHwc6tY4YPfXnl4rCxV9QKBgAsrwbA+kqLzuKdI/yICYdHkjNU+30Iy+oA2BQDB -YxL1rjNgdo1v0+2zi9hAQ1AyJqoF2APHbByrJXUKbfpmIjA/z6s4kv3K76cVCjlD -9f1j3SKn+8fV8hJRbSPlCk1y4/ZVjQqUaHblH0ycSivWAPAOEUJm288pxVGFSaa3 -qN3dAoGBAIGSn1PSjIVqypCQBBydedS4WDjqwkLoL0bOOZRLxgk+dtfD2l8wKqWp -Helyqym23d58QPb0ZwMU3g/0pZXDqX+w+bnUvAvjfADmFNe6T1nWYiu9Mn5YHAyO -G5s2aHfB8aSIqQSRASlWgFEmftfpuapRGAmOyZr2JYZuaELkvPmP ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/README.txt b/test/grpc-creds/README.txt deleted file mode 100644 index a3fedd517..000000000 --- a/test/grpc-creds/README.txt +++ /dev/null @@ -1 +0,0 @@ -See ../test/PKI.md diff --git a/test/grpc-creds/admin-revoker.boulder/cert.pem b/test/grpc-creds/admin-revoker.boulder/cert.pem deleted file mode 100644 index 3ac5ac403..000000000 --- a/test/grpc-creds/admin-revoker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIII+r9Aa122b8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owIDEeMBwGA1UEAxMVYWRtaW4tcmV2b2tlci5ib3VsZGVyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd -92EnovjLUaTw8VsNkzuhVayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gzi -z7vVjunWGTTbbzZyu6Kx9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+ -fCd/1ldqV1pNJoxjK3IYjOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRt -LRJ/oUmZnYZTrKSeKm/7uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5m -bKDRv8S1rw77DJN4CtWwzuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQAB -o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF -BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWRtaW4tcmV2b2tlci5ib3Vs -ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQBMy1TRdqMV5jUIOXdAkiI3TosDM2vrRMCF -TIfmhlE8lAy/PkoTX3i7aUPd1MYfJw18XGwaS0R+hlDusZPSgj4GmatDO19nrRoQ -fK7Jv1vWT40uLr2KbuQcdtJtPHcBZD7H/j3nIFYgCy4KRX0Hf+a0OCKIMuQpafv/ -z8iysucwB21EndkbG/WhPBjCP/OuFYjsF4oGtndssnNm7Hze+2wBwyLRoBdets/+ -Wc64SZ+rPf8zab2qsxk5HS4xgOxL1qQJF6s1YgCJlZnMTWA0iAyZb2P5/g+Lsh9r -5R1JRKCLCyg+skhZhPPG2Y5B0RWLiq+H3RsX7RWNwqc5cZTL1EDv ------END CERTIFICATE----- diff --git a/test/grpc-creds/admin-revoker.boulder/key.pem b/test/grpc-creds/admin-revoker.boulder/key.pem deleted file mode 100644 index e5e33fb05..000000000 --- a/test/grpc-creds/admin-revoker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd92EnovjLUaTw8VsNkzuh -VayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gziz7vVjunWGTTbbzZyu6Kx -9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+fCd/1ldqV1pNJoxjK3IY -jOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRtLRJ/oUmZnYZTrKSeKm/7 -uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5mbKDRv8S1rw77DJN4CtWw -zuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQABAoIBAQDYQGZ2fnN9OKhz -In/bbwPXzQsG70WfKiIWfe5YDBacy6cRL9Z+UJwmp5FviqIASXLSRoPZBbZHlRth -GXTDoqZIgWxDBbxsWF1nCwQGRYixrJtfL6o08fAzWYMroO79NecGRy75zFLG7QgJ -jvFeqazMa952u94vckImNSk0xjc9Qcwnb+DJyyDITTp0nSYS3MeBFcP3wXD3JpaX -eTpgk67Z3GWQpgzxcB1t7YTh8PEmcqz1ck4vQDJbSomjCfipxM+e2RS1jkCXl9NP -anQ4doK7xQAFwO90ZS9+fwffn0ath8qJEtb+wMrZeS6HbisvRw4ye+zK1CWYsi13 -oMNgm7jBAoGBAPWPWZHm2r+02pOE5ll1/ZlL0tS8vNzLF82MK6KNioDLO5qBpWkw -z/WYPUXvFrG1FFmBiI4BF0S9pGT2UN7rTYfkq01cH8d7e4zDBKaUR8zAalCfUvbH -8eDdxA0+OPuBsQftPOkX0gNeUHAQF4h6VWAk+rJ5Qp+KHRa2FI9EpymbAoGBAOIg -EYkSNJSPV/SngVKwvaBEaf5xaiFqr3rxyw/GUt0ufCEZJgxHHsvNW62f1qG7/tXn -/HYwFs/W28giOsBLf5KFJhzkcxmbzcN6noESBcFGBU8moRmFalx8tJPSZYsk9e75 -3AslH265W7BCdSDgoBeklxEVvT95kYnjXD/6sbsJAoGAZIw8/dwMSCEyuuLZO1pv -69w7SPa7UqEqbvTtTRMt2kzdbAeYBnmBPawHsuISZdOisH+0vYi+0Vvhu6GMPasV -xQYiCnwlWxY54cpc1iSzPaiwH7ENVJVMemn0BAQtavaQ2ZEPttYVHWH6B9je+fg1 -ize5G2lBmXgBLzKBOqS+2e8CgYEA16A42HqRxTBDcTrhqRZ8XH2gjU9dIux21UgI -mMxHbD7Ng0pV69NN3I3A5HnM04FPam7DYXhN6Hc8MUXivEfCKNfrFhYKY9schVFC -IFYtQrYgje+KI6oDWJpaH7O7vMnL8sw0NjR6Gr2KXzOgOW+5eZIrs9EFG6gzTkeO -SjwmivECgYAiApXx3ie+bHXObfGoYP1QSGStC3jQrvCktPMH8/dn/cTYI0DYOvqu -Xrl8KinPU6y7qe77fLXgvD20uiJom3JdT3n7MdbyhGDmrVdSN8qT8l9LCsk+VKjA -0V2M6gXDvEqSdTmu/Wp7KaEirg6gUGFGMbCuPFHtlYimsNKwzbKRQQ== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/akamai-purger.boulder/cert.pem b/test/grpc-creds/akamai-purger.boulder/cert.pem deleted file mode 100644 index acd512b6c..000000000 --- a/test/grpc-creds/akamai-purger.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIIW5j5C55IeY8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowIDEeMBwGA1UEAxMVYWthbWFpLXB1cmdlci5ib3VsZGVyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg6 -2ROwwG9QUxSqBvRatXxwikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QP -a0RhyCaJNvVXeZQTFVNiD2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoL -ygWmKII73Z9cFfCbZCyI+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm -1r9k1usS2nb2WuYD3zS7pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3 -bQTV3G4UWCQVY56gDlGPNc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQAB -o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF -BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWthbWFpLXB1cmdlci5ib3Vs -ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQAdCgi6pSIIJu7Mp0zUWEF8XDadu8ys6j8F -RUiVJwEsxPlS8yMwdcK5r0fs0A869aeFJ0+1aWR2pgSQojhhBqYYqtO41J4BW/RM -n2sksSdr+Xyg7pU7jtsrT8x7peZHlgnm/lGkj4BwTg7phMNKTlcnbubMZDfzrqGm -6nFkTDyVRrNsoQIQNEW5zWuOEwYVtYhC5g/0De3bRgNuWgBFeW6WANuZNdX6PzoM -q1a9sc0HNfH/3mFyVYFY9HTWvnwMhWH3rh3bF14yGy5atyp9QffgB++xTV2rnknk -6y6iB2ULsX0wzcaDsJRTgXFaZpIXYjrOyzQBCUfqut7wdgNKDznI ------END CERTIFICATE----- diff --git a/test/grpc-creds/akamai-purger.boulder/key.pem b/test/grpc-creds/akamai-purger.boulder/key.pem deleted file mode 100644 index f64a74989..000000000 --- a/test/grpc-creds/akamai-purger.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg62ROwwG9QUxSqBvRatXxw -ikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QPa0RhyCaJNvVXeZQTFVNi -D2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoLygWmKII73Z9cFfCbZCyI -+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm1r9k1usS2nb2WuYD3zS7 -pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3bQTV3G4UWCQVY56gDlGP -Nc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQABAoIBAHQsRrsDdJP9pRm4 -bN2aQkCQ1KKrs2d9rXU2j4K3EPSS8qkLm3nlZhEAaPcDbt00n7wZLQ4qTwlST3WS -5prdVO3fXQrAwGqUjzEtbWoJsfj/bNQKhhcoae8asr7X0ZLqvp2DoxGT2ugIhcu4 -bdTWlmcxE8wRuEqqVIhXT0E8wQiv0eqcIdph/jfKisvRp0v8GUodX78XcKTVZVSZ -A6OQX3LvDwun/iFxIDB28m0OQ5KYdhPG52pso+DAedtM7y8nHAmMAOfo9ERIZGtW -6kWElCl1HAm9+i4KO8FYRD/qu+uE3MbEzKnhJUNU4BPBEFOf2J4RfVlkkficNiry -uQMeUJkCgYEAywxeuvtfRPEA5HFYEV7hIxX0qIoj+0WvZ/3SXP7mLC1cmPRy3clO -ekMWAW8uoUXWrP3/DPiACLaUcmTLK0evdv2vJ67QHHLRej4TPGqA0JCNFQmTI2eb -jnnjc8O3hEE/cT/X+xG2tj+00uSjWeWBwZyReMISswh9wZfWx05SKYsCgYEA+NmT -WLQpH7FZfwQvE8NvHWRoQfq1mqK7jEjeW/3MGLoz6eYWYGnrmlSaxCtJtWZsodTz -uE7jCgtPcRQVq0ab+Wav/45jXdi/kp6DGVMj0fCOO2jXBS2juNjRmgjt+0qjMVS1 -oV6tPws02Pmu2cjztL4KopXg73HeDUevRSIRZsMCgYB3FuxAsspvvwKM+cVzeriF -QY1bhJoR+A8m6QIGtSH+6yQSOd1dI4K5xrsTYEhzImkE0XxT+TPu6FcsuN1IpyTM -n4Gpvqgk51rhXaMenkCrEv0MR69a5puf9vFmpnXuRe6V16IviXYmcjr2Lk94nFl8 -Wv4fW4RoKSTI9OttvgwGfQKBgBAJ9fVBp2TjiWEmY+JiNkcusYmPHyVYV74y9CH5 -ua3eUnpA2jBco1LPISqDn7yRXW8QyqSWcQu0ruoa4UqowmTQuYc/JihmT/KjRM/d -C/H8Dy7FExbCWksPrnK/IJeRt/L2Ar7j20a08jMJ5LskuJBtr0HLZzQHosg4VpOe -HoEBAoGADl98HXd9a19TOXST9bhDSIDoTQAVwbGm4Oa02vsG9jH3zJXT4eqmGe0u -o54kve3wijfZCX6CXydavhWjMw8oPWtmgolWbq/XmCL2u2IipsmOCRJIe+d5/MR6 -w8zhTO1S01HOTt4iqPdUDm3dVLglxBWsEY54UPiWy/C5crVVjco= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/bad-key-revoker.boulder/cert.pem b/test/grpc-creds/bad-key-revoker.boulder/cert.pem deleted file mode 100644 index 35d3f0f42..000000000 --- a/test/grpc-creds/bad-key-revoker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIC7tqBcllYu4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowIjEgMB4GA1UEAxMXYmFkLWtleS1yZXZva2VyLmJvdWxkZXIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl3ZqES4bxj9rIgXPNO6g4g8co -juSenavBtnJs9Rd4tCX4Fh7i3uw5yRqumeSyqFOnnIX1BYT2vJO9ZbGYNm+yDhTj -kNcmGVHkaEY47okcx/b1DPgsYeX/t0hF+/ol/iYaBWSXbBiol2E5K9uf8j0IjFCH -X9zX5eIhkGGxku9S7WXh6X2XywNW4WURevs4B92dDrv+fQg59Dno7fIaRE+T5jhO -1drWm4LO0ueCeYFHHs06i4d388pEiwUeQ3Nd7zQhovTs7SoWcDhoHU3dPwMr5p0j -e8tZtxhMgfbT2uF/rpxNCmLHlDOR/GD/xQOb8iyqPzWo+cxbI/VbE+Y5R3FRAgMB -AAGjYzBhMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwDAYDVR0TAQH/BAIwADAiBgNVHREEGzAZghdiYWQta2V5LXJldm9rZXIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAFeVYM9Uo2TIMN3lnTPlmIkoAcEvb -SO2B10ezjg8h+x9hJCw8AC0fyxY5cFvO6ZpnPlr+BS8R5lyMqA8nhyJMErDbqTla -d/6IOzLs88VCprda5anEQSOTq0I+tbOzVP8O3Vu+fJQ8kJEgFcCQKVUllqCj/w4h -hh8co3sfrj3oNSmy+/Nd0y5RGUpqBiRp0X0pls1flBus8MchXnDcVo+p9re788rl -DTCO4zk+SoDMNCMihkkSJAQKAzwhSyNDgwvL7cwOexhI0tLZGC+u2NlriIFqZqAT -qiILQnyMNTWnUfcUtu/iHr01RJcCAn2dfCuhBEUHv0XS+Y0gw2vR4YpyLw== ------END CERTIFICATE----- diff --git a/test/grpc-creds/bad-key-revoker.boulder/key.pem b/test/grpc-creds/bad-key-revoker.boulder/key.pem deleted file mode 100644 index ebd53663d..000000000 --- a/test/grpc-creds/bad-key-revoker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA5d2ahEuG8Y/ayIFzzTuoOIPHKI7knp2rwbZybPUXeLQl+BYe -4t7sOckarpnksqhTp5yF9QWE9ryTvWWxmDZvsg4U45DXJhlR5GhGOO6JHMf29Qz4 -LGHl/7dIRfv6Jf4mGgVkl2wYqJdhOSvbn/I9CIxQh1/c1+XiIZBhsZLvUu1l4el9 -l8sDVuFlEXr7OAfdnQ67/n0IOfQ56O3yGkRPk+Y4TtXa1puCztLngnmBRx7NOouH -d/PKRIsFHkNzXe80IaL07O0qFnA4aB1N3T8DK+adI3vLWbcYTIH209rhf66cTQpi -x5Qzkfxg/8UDm/Isqj81qPnMWyP1WxPmOUdxUQIDAQABAoIBAQDDF9VYKV4r0cOH -388wRkzdQoMbGkRRl1K6g6YUceRs7sE3EVc/iKKH3PaHcFgZhiISJRfQwNF8NMtT -uWcE4FbmkWsLRdhFHsJRkGrhURsQUWt5ynsr+B8kbSOrOlSyQEWIWkFo/zbiiDDd -PCsYUpmYkraaXzNqDlNh11ADTclP4E+LxOD0/f34AnmP3+NjDEzjyX3u53zsJkQH -OSlObz2Bsr6NwBUKVdj1iA3Yms3RzF+/AWlTS4IEFRywJvhGXpPmc95Eb0HgW4tB -aZSVmJzL4M+imm8nLzlM4F2ocMLk4pWiZcdjY3EEO5Xfzy1nVGKMtjh+CD/LaUkS -LPWxycZtAoGBAPGTy6I+4UhnPevkgrLPSN9NuSIRNfeBeRtOTqoO1EHybtWJyXFk -1Em42RcqpV3sDj80LsajTd2iWCIMRxTxS9XIWnE4QuEcI/L05rIULXKJYzDG/lTt -M3xPUiOF3I8hjAtg0UT+MbMaeBLKetK19WZgN7X9eUa2Gchv9l8ypqbDAoGBAPOW -z03Z8R8zG58NShSQMwskGic4F6zRVnOI39nQbE1z4gXGlAJW2sgp9Z6KvNDTvAPh -tmunuFw1CJeFO1d5ITmSHD2U+/6v9mICGuzPYdkAOsDgymzdziu4zkLRQcXuayAX -D3q0OUH7PV0JCr7q1II0iqvPfU9z7VIakhflro5bAoGBAMxiZZucJY/TQVFNoMJV -m2rJ4EMRWp5PnT3b77PzHeO5j8n8bEEStIS27nyqKQSgjaEtrhGC4oMMMhKEXrM6 -PxXdD5/QoMzBuSx5xKCPb7ACyrfe9Bi4IqIenfjN7T/vewO5YvRDN5s3XrVPN8EE -D14RM7E2hZ+su32YNFJwkQxvAoGBAMsTZp6j3MbDB/sQzDragQN/xKH/vJUiLO3D -JcRkY3Yq7zsbc5eDq4AGozPavFFoxC2ERl34BNYyjIgt1ew2GwHxEsQwaenJ7yGE -WcglmJCeBV15yqj6PgDrYGIKLMiD3SFyuD/28mlUuLLQb/n8stAeV6GnKPRNVIQH -jNaJcH5TAoGAI2yMpNV2GrV3fMIg/tzEmy76BUvue2Bwkd/6aktbcOWbbf2YpEo4 -xg8QTN6QjMyD4GPPkbpmBJe5d6I9fLsxMHqaBHuuJi3WJY1ka53K2Bcken++HaKs -JDOz2SlfEwci5WdVPzC0l/dFmaojbtZWElNcy0tisflFEC6QwyibiC4= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ca.boulder/cert.pem b/test/grpc-creds/ca.boulder/cert.pem deleted file mode 100644 index 73c7b2d91..000000000 --- a/test/grpc-creds/ca.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIUk0XH4XG6SowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKY2EuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAOu8LYhkVCZ7AHLuSBFjGgDt1Lcm/pQAaFfKtHnRJSvN -y0EWk0hIPqLov2QR3p03ZdZlzTxQhAO8u950I7Qjp9UMghfr3+Yd0VgSdcGoOGPL -WT7lV+mzmQpiGdcItSKRbG6kTqAo2BseQnYTaZVNLJXzaRvQ2KKfp3slefDY6oa9 -9WAPRISjAba9NS0ob2gKhiv/6pESwKNNzYT8TKXRs/bPYbZsXoraaKUuA0gADFTg -ioLJhdyOjGcpIpyVcD4+zJmZfAGpdTlO8BDxE/GDVBd4sq+f9DL4NpCnnNI1ZtRs -FobqNys5TAmXQYhGvAF6QG2F1QfmmQwrdlln9lwttIcCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCmNhLmJvdWxkZXKCC2NhMS5ib3VsZGVyggtjYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAUR6EEIUSvIW8+Ceh/nti0V3VIm0V -cFFmFM33Gi4ZXCUxCJTgsFQHMUboXLOITba20YZLtUMWtDjwOuDI1Kq68BxagMRN -uOM8PBXUfT69mJbCmVOmtE9NGO5Pv1lQgtQI+hdbAHOIcCnhJGEguLSLO707a21s -MaJ5vHovH6bw4ZnKw2+qvc+9SAKeLWrdOp1BDvMOiCgI7IwxhdlK0XkV75AAVkrd -aINmvNyiTfhtNO0/CNQfXQmrLDnF9xvJWj06VnLy9NN+bgSk+Wtl5gUwHX2uY4tl -JU0NOQmgzDJZBd4v1a5XURbJl6Aig5nkVR1DpbBmLCVxNdjZjhhkkwGksQ== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ca.boulder/key.pem b/test/grpc-creds/ca.boulder/key.pem deleted file mode 100644 index 794d80000..000000000 --- a/test/grpc-creds/ca.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA67wtiGRUJnsAcu5IEWMaAO3Utyb+lABoV8q0edElK83LQRaT -SEg+oui/ZBHenTdl1mXNPFCEA7y73nQjtCOn1QyCF+vf5h3RWBJ1wag4Y8tZPuVX -6bOZCmIZ1wi1IpFsbqROoCjYGx5CdhNplU0slfNpG9DYop+neyV58Njqhr31YA9E -hKMBtr01LShvaAqGK//qkRLAo03NhPxMpdGz9s9htmxeitpopS4DSAAMVOCKgsmF -3I6MZykinJVwPj7MmZl8Aal1OU7wEPET8YNUF3iyr5/0Mvg2kKec0jVm1GwWhuo3 -KzlMCZdBiEa8AXpAbYXVB+aZDCt2WWf2XC20hwIDAQABAoIBAGy+aeK5JXh61UIv -WV9r79rt22qBun5bkcat44MuT49dZ52m5Fo7uWk9JMzs0VyE6Z11aK+iFMQElEWS -HcZDjHBjTL/sN2TX7HJMUbX7+8dNTuYMtflAuCBqELF5etVvcC257etD7CzWUKJX -YiVVbHPfzWTfeo/KRmAwcYgBCG8O3zM30Vvy/e8S6AdNskjozSpDy/FqHB+u65Rr -UWBWtmBM47oeo0ZQFLSOjimziqLnCq08uLtj5mQyV5/9kfqFgLQ37BrT8gSjxDmj -KXSEsvLJOZHioe6exWRsGaq2+KrD7A0Ns+sV7GUr16QnoTHNpfdvx2GMtaFg40MO -4dUIxIECgYEA94nv+e8wGkmEE+Fs93oLwbRmZ9HMof2TsI38miThUk8polD6ppc7 -uhs4v+FjO+KvE4Epon0sC5C+q2LkbbtX2vC1cp2XAfW++GlfB2GgrUQTBilsGiBw -pkVfTSv0IwcADuUwwWXV10jMbLRBXP+eAMNoAHI3SNLwMPMSX26/5K8CgYEA88rz -9wZoL0jFOtDvEzU8BfLQzdRtF7jwr6rdgX6ijk5EXf2TEfCcWlzzATbFjwULnf1t -+puAS4XuZXT9eYjeLYefrnTwia6MB+9QuAWR+Xnw++R3BTbEF3tMqbCL44Z02K1/ -MWlyKSA9aVIHW6z9CcQUw0yOQweoBtb48ZoVU6kCgYAev87EoFa8XTd/9LfBgjKl -rFAwQ1qFIOfQvcKML1qiC91jIWYRfaXYt3r0Mv5NuRoAdUIDwkLPaPqWdaFklCoU -s2QGydaxUqKXXxeD5je8bkFiuZCJKlB0BxgQkQ4xr7PtJcFJtOm8ZXmnYzjfYY1y -ENQBgi6l6DYYDonQuwQxVwKBgEAw6Bva7APHPWdHLCv6kFtgm+oWTMM6RuV6L+iw -10xw/z9gTSEkIYcJglKHgW0u/ugSmqqp1xYLpcHBFBy0FQwX8cuVruARvX05Xh+W -F+GAYhtxBIWy7d7g8Ead3beC57FFvX/dK9n4SzM4DgftfJLdtjnWJn8vvOZQJCw5 -TfRBAoGARbZa7WnLcgnl3oQZfxfyIhWLqDG2LPKr/mBZhqU98h/jxuxl2/GvpnPn -XeE4YePge2WULztMc/g67YL69y8oxekzz95C4tLACVg7x3f2k+Ri8qPogCFjimcV -ZhboOAk8b9Z7N5hOKyRopkd1j3Afzo8t55jmT8u60Rggj2jyUWs= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/consul.boulder/cert.pem b/test/grpc-creds/consul.boulder/cert.pem deleted file mode 100644 index e781adc39..000000000 --- a/test/grpc-creds/consul.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDFTCCAf2gAwIBAgIIRC1Y1hKKzsowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMDUxOTIwNDgzM1oXDTI1MDYx -ODIwNDgzM1owGTEXMBUGA1UEAxMOY29uc3VsLmJvdWxkZXIwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzmWPETAwj/uX9k6QQJzCEnBJ6khU595Q60gIS -/KFYp5XOHHZtIXkoJDQsLAgit1Pu954x386nYslcsD9mTbYNn9JS0LQdU972fUxJ -46eOcazSBrlodkOCzXcw2F5bqxZD0UO/QmsZ2au9MBWlL8fkjiRNHvbtRKx7zSWe -kfN+tLzUqD/CZpw3OgYxk4JCNSqDPJZS8IEDCZKHK7rh40MDeipomWxWFplKus2z -ScTbMB+WDPY03K92BeWFSzM489ikhCrwRd3JnngrpUaN2A4FKhNsjs6LS81/Pc3C -oeAi8Ri07IcImo0uBoBNz96ciLLh4eI5Nx00gW4Ls+TdpPw/AgMBAAGjWjBYMA4G -A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD -VR0TAQH/BAIwADAZBgNVHREEEjAQgg5jb25zdWwuYm91bGRlcjANBgkqhkiG9w0B -AQsFAAOCAQEADYSDjhevQvxsVO2mBsyxSSnH9zk8Lrlx3a0CBSaiOcfP4yVUM8UL -Z9ZLVfIt53H3gGabLrXngCoHdE4H4OVxbvQpaHFSDsg0/hET770vhgw+5s0AnKKp -cxC8GmyMbRm0Svn50Ym79MFyqx+rzIApDja7x8+n84DBGDab+MeBkiUtPt7oeoG0 -Tcb1IkSApaWxOznJid9ARN7sVY0LBeoaHaXPZfJ6ZooBrTJOpxkz7PD39G7On9K/ -4S4we5FnBZ8moFt2Dt1fnBUvdvPX+765RUs//0RLf2l0vH0mUQselxcbipkAXQOU -Cwiel9a3p436EBvFmMaJ1msIJNPGqkPPdg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/consul.boulder/key.pem b/test/grpc-creds/consul.boulder/key.pem deleted file mode 100644 index 872d524af..000000000 --- a/test/grpc-creds/consul.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAs5ljxEwMI/7l/ZOkECcwhJwSepIVOfeUOtICEvyhWKeVzhx2 -bSF5KCQ0LCwIIrdT7veeMd/Op2LJXLA/Zk22DZ/SUtC0HVPe9n1MSeOnjnGs0ga5 -aHZDgs13MNheW6sWQ9FDv0JrGdmrvTAVpS/H5I4kTR727USse80lnpHzfrS81Kg/ -wmacNzoGMZOCQjUqgzyWUvCBAwmShyu64eNDA3oqaJlsVhaZSrrNs0nE2zAflgz2 -NNyvdgXlhUszOPPYpIQq8EXdyZ54K6VGjdgOBSoTbI7Oi0vNfz3NwqHgIvEYtOyH -CJqNLgaATc/enIiy4eHiOTcdNIFuC7Pk3aT8PwIDAQABAoIBAQCMsuhTyffg4zou -c9GdzfXWjaZ0W6lBZlG72vZBBaUpHPDhLa8hQ431ApfU2xHskI6ysU4/aEQvIdb6 -RCEG9m5fMgvFUTcpmqEbnYF8iVqk3y0yxI3P5oZxHKH5pCgXzGp+6pwWY+QftkUy -y07JwCrrROfvewibTKeLvWVxWonVglZAqquECeyz/JgVCQY26MI2ekPaKRNjVXYw -uQfIwFERoNdaSKo8Q3gOPUxQYit8EEXz9MGcop14YFtq3U166UxV/cgG1S5zRA8B -x8BBiDDlebIYRod9j+TfYIuWdxhxyRJOX1ozpwggs0pVFIP0fVZU2hpYSdOSsmBW -ySi67OdBAoGBANohyWtCEk1kDAX0oAKqeyn+qj+8DjJA3UQebSN1zxtZeFFh8H3s -83sx89/uZrZcF068Wcm4GSQMmLgMbg0hxGa86DxMdtogYyENP2cc752hWRKZodqm -oFjqIb1eQKkku7pswcNiwOlVJxygrQH0uZXKbiNPkzncep17LBosQSYPAoGBANLH -IS9lSYEQ5urwY1JwMPyF02VqiEohGHa023gHxDUjEmgsYpqPAO5H5kyMPdr/hZ+8 -RyfQOKOo3IUVQasUpgKG9OKo9+Jw4rHeLBpU0Es5gsMqQqBTFirSF+klWeP9IkVS -6z9epDgjISv4Dd1wNO/n7od8A2x9qZkaQs42dnbRAoGBAJQaVpiVnrmfES7F/hJx -T/ieaVemxnjGY7VJd06ZQYpPQAr5lYDabiKaMvw68NAmTMjvx4LXlXJNfy+PePU/ -lQswffna7OODE+swBHltQx/imgiv+R3s/ngAV/IsWXi+cRvNle2kUljasRiV24G1 -eIBElm0xLUQe972PEM2geIdvAoGAHGYUBIzDEI60bichWrQfBYcKanmmD0bSQvwv -LcbuGrK1AjAowOZPm8s4Lkwe8WjIGjOF6slVOEfCHnQ0utY3X9PLHtbhPzMyeACV -NJ8EyX3gLmd9PpizPeW8rv8HU36BpZF8fLdFrQKer4vmYlWB7Gj1bG+7Dl0IAsbV -BW+1GmECgYBelHOPAdwkAZIImqhmXeuGcELQoryNfEx6rMaHpt5oosQit6WDc94i -z3iu4NUrOlx0Gtxq28gt+10dXH7+ZZ+nPJ48mBgfjxBjAQInTUvMzV/rGIjOTlnn -vm16iQjQkQ7hxOtynDCgVGX1PSbUSZiv4ARvKcxPOe3IIcZ0qHlEag== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/creds-test/cert.pem b/test/grpc-creds/creds-test/cert.pem deleted file mode 100644 index 58c228002..000000000 --- a/test/grpc-creds/creds-test/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIIY96sx6DAQ9gwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTI0MDQyOTE3NTMzOFoXDTI2MDUy -OTE3NTMzOFowFTETMBEGA1UEAxMKY3JlZHMtdGVzdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAPQdDqPPEpNOPY9zyjq9bDASdQ6GtueKY/t7cOURLAlI -VeEO0dFw+n/zRSM4D6ZDC6p0JvYf+hwOoQQc8pfmJBcG9KO2DWWTX1mrJRsOVkG1 -TdMe00BlIkDK08so5x0kW1dnmh93zU7vkxNzUkzzW89FcqTw9gBfsnwTBp1/KVYH -31AzIugUeI6oaxw6HVPVRSgiQwGdxucHDO4HJ48uGdhSpQrlHocCJfISIHN/DfiQ -7JoDzyvdaT4OrlTHjItDYR9CjY+3NhUO2yvuVyrUa7MeZ9l9YPcTYVSQivqu0XGV -Xpe0P7E/Neitg7rX0SGV1K6I9HKB4LoItbR5lBwA/30CAwEAAaNcMFowDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMBsGA1UdEQQUMBKCCmNyZWRzLXRlc3SHBH8AAAEwDQYJKoZIhvcNAQEL -BQADggEBADeewOU9nIHcMRXcVsoTxBbvXLziWQOKMg0kzQFcIdSPRzHtOPdw4Qum -hekG5GZzkEIUmmZDuuuPE1PqblGnHQMXLqGa5i1uLBPo3/w96HJrm1UE1hID1bIj -+N8v5q4gYU4i2RSf8m5w6iXkXs3oeXd1A+0yfrvohtJ0PBrJ0IDfhosxr281v2PJ -Yjl+eXZrMqmjY/eXJTWAMvyNs7GOXg6qDA3BG+mZk5CJ9p4+jXFSGYmPOlLp4Bfc -eB9FDNLSjSd0TlxqdvCISj1Uuj9iV4xo5FRc66kmAS1b1SPsCV8TG87yyNJMhJbj -BGOoynUe/jFrGjmoDpH3fZJvn+x0DGA= ------END CERTIFICATE----- diff --git a/test/grpc-creds/creds-test/key.pem b/test/grpc-creds/creds-test/key.pem deleted file mode 100644 index 08c3dabaf..000000000 --- a/test/grpc-creds/creds-test/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA9B0Oo88Sk049j3PKOr1sMBJ1Doa254pj+3tw5REsCUhV4Q7R -0XD6f/NFIzgPpkMLqnQm9h/6HA6hBBzyl+YkFwb0o7YNZZNfWaslGw5WQbVN0x7T -QGUiQMrTyyjnHSRbV2eaH3fNTu+TE3NSTPNbz0VypPD2AF+yfBMGnX8pVgffUDMi -6BR4jqhrHDodU9VFKCJDAZ3G5wcM7gcnjy4Z2FKlCuUehwIl8hIgc38N+JDsmgPP -K91pPg6uVMeMi0NhH0KNj7c2FQ7bK+5XKtRrsx5n2X1g9xNhVJCK+q7RcZVel7Q/ -sT816K2DutfRIZXUroj0coHgugi1tHmUHAD/fQIDAQABAoIBABGqtK+IQfjlNbFX -GPCtWtIT0+LsPvp82oWNxnrdhklZsdVq5CZ7PbXa3ksROJi4y3RXmaZAZDJ5oI+S -pL/3iO8dssDSYR/TzZfIuhO+MuHohCxeU72aVCNKSo+ucyN5yR6HQfE7E2G+Fu/W -bcNh7WgPx59GTRdz1ZADNHxbgptWLFOoBQzL20//mIsB5Zl2DB7/7w8940QF+EH0 -jFn82/32Cvq3xQu2Zlovc1HIRVwewV3JXwBtTtn4+WhHwbfh9mjyYrh45xj99Nvm -b35iriTvgiTJoi09F3Dl6dOaoTgnRCF3f9EZsCGugl+YSj2+2bpXtJIv7pY/6FBU -sHMVuaUCgYEA/mTjhHSe/rBhVMQKIsDtZAXdhLrWRGq8tNGMgz5Dc/JL3uhPMBJL -RwWS2t8BQd9c6VUIdib2Qp9Nk0VXY888ZNuad8JYpuK+TuowA2omaXHymeTYzC2p -8IESdljbDHth5YXdj3iRSnTkwfXHLmMtfKFz62GjpE860rikMQSfA9MCgYEA9aeN -+Z+daUCEDIrmRWq2yQ8M/BFLLfdybpGPTCWr/Ci8ndRIVEeDiaq2kXSPjBBYXXw2 -MO1aepbGiV63rNQ5mPTde9I/VNskrMHO++Rmu/JjLYcx8Rb1W/4c8RbRnrSmbDz7 -6lHACuY6o8EknXPPaMXQD5pCbKkQWkEHRWrs7W8CgYBamzhlvtu6PrwL4t7xTeG/ -VE93rMwQBiw8Ar6XKCACNfRL6lX5+yoQm62YgwEBozqGaKDg5DOluvN4VqQvimoq -SgUUToYgunWpycNcE/ymZc1Qfq+w2TrDzFT1DeTG51MQ2sL1DK5C5KttYcqVfQGA -eEi/N0F/jjCXSOhCBTFVvQKBgGlwy+3TZxtgR82iaQhur5pJTYd8XMqUJZfz/o/u -s41+ZsdP8OPL9lfG4Ko6X8r80RD/WbtShb2MrhcUgr46MabHo7GcIvbnQSyt24wf -E0Gk3pESMIuNES+1OPL6mmsGm1BmNLL09/s1qwHSy0aSCPqtvYqU6eH+BzjWJKrV -JHEdAoGBALQ9UFgVG3e8GNvD6OZJKHbmzd7XOuHC+bDYP0JxDMhO0jza86YPMSQB -Mc76VJ+drA7+GFma+7RvVCMnInqiMwPB0R4ztHGXF8quAIC7dMkx+292+xkyrZPH -U0xUzCcBmJXYE4iWEYk8w/U5v3/b1Cjpwzq6FCtj9zJn5kPKwnaL ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/crl-storer.boulder/cert.pem b/test/grpc-creds/crl-storer.boulder/cert.pem deleted file mode 100644 index 797e90ff7..000000000 --- a/test/grpc-creds/crl-storer.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHTCCAgWgAwIBAgIIRi8x7X7lZdQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHTEbMBkGA1UEAxMSY3JsLXN0b3Jlci5ib3VsZGVyMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHM -veqwVBlJm77XRX9Jdj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74 -ZN1D/RkrSr23sXFJ+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg -4WRxAoEcMPNnbU8seWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG -9nNh2+2AZry4of8B2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7 -OGC4dG8zIA6BUtflNBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABo14w -XDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC -MAwGA1UdEwEB/wQCMAAwHQYDVR0RBBYwFIISY3JsLXN0b3Jlci5ib3VsZGVyMA0G -CSqGSIb3DQEBCwUAA4IBAQCPSvQ7FfZ3/n/yBK1njRsLS3HTbLQ0O+WnfFapkK+3 -gieFts1wiFTN8KgE05QvFGfsSPqh6p4UqRw7XzOUoq4Zz1FCE9j2dnF7sTNpCyjv -Yb2FU0Rz4PiINL5YHG1Wn8lnn+EamznphNVBOOoeDXIReEPrQExRXwVTv0I767J6 -N9HAZ93mF98yEZwIJSYXE2w1iEng+kBLj3EtBUgh5x/HXApKaW8CLibGuxkIQG8D -Pjm8KcSRyr8n318rjjZHmBHAC7KMfGZR2cM6Y4oVJs5fy8nI/OqT9MrAYkFaxEuG -SNx3VccoJKTdHJJnUloiYJO5mmt0jZHP59Zflkz13aqO ------END CERTIFICATE----- diff --git a/test/grpc-creds/crl-storer.boulder/key.pem b/test/grpc-creds/crl-storer.boulder/key.pem deleted file mode 100644 index 3868dd7e3..000000000 --- a/test/grpc-creds/crl-storer.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHMveqwVBlJm77XRX9J -dj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74ZN1D/RkrSr23sXFJ -+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg4WRxAoEcMPNnbU8s -eWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG9nNh2+2AZry4of8B -2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7OGC4dG8zIA6BUtfl -NBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABAoIBAH6A+AV4ldhyAv0y -D8Zp+E231n4/G1z7BHXWPVo2kqiZHobze64UMPoyuYul+pUSnhmdlGxDyVV68EVy -ChdGC81m5nQaFn6r5c/H/8Z6D9cJwqztLQktGctYSxTaTFo90foLXKnGzbsewg27 -OQUs2cEmiOatEonPNizn6KbOxD+xsrcwloK4zD7YXsIhR4QTBBS3TulvCsh6+UTf -CY8z5Ne/lRJJEKfUZviBFtQlheMm4ChweDcZiX051ko7McahfYNKOuNp62tYVM4n -1GLGBOEFzZKcN5WYsuL91UksNdpjxbyJkibTyTqzuLR9XnM/iCsZ1lUIQeFoOnsj -Av6p8rECgYEAxfR2sP3yU773YP8ZJOPjdhrhLU6SqQRI2KiCum2o0yM+1hUZ7UUn -rm4aeSUbcO7Z4VYjaupuHzWz2hqmCEKjozKEaQrwIHVxitPzQKWcwIIMefRSijbL -HlzKd/46hJl5tmvbKWwV5p8vqWz3LZ387bC5UoUSgnGz/xMuCx4MEIMCgYEAwhUg -1xLDqBGnJhL4I0LmOEI9U851gkF4K2ejCCGuv1NqWR0ez3usgRIb02fUx8ycpuRZ -Jr/RTNjy3lpRznjK5S6ZexMZA5XLjoX5DvyinvQIdiASXKsSD1/BrlhFoz+MGmX6 -WAIIwyIl/WJ118kpg2cJqfBnsUpepq2y6ajSzwkCgYBR1ac/siv8zQSNl8f4RTGi -gKg4R7Q/pSLMVpV8pprVdkuiyyRlv2IRLTlKfbmjbUqraiXILFQMGPJaJwwefBYU -AG1W04vDj2m5/7cfMZfkyZ6IyCVbOB2uVqPpCTN938i+TkZTEHjZV1On0gE5XYfT -Z2ylnZeyT3ke6Pnu5KQOKwKBgF+6ViFfEvxiAKTJ9HRH+g/DtEYS7mjZ6/DUxFgt -bOjXtvvPXjQOly5uhSUH8K6/4IB83vA66nxSAbDksbb6Y3EZRACtkcfv6aAZupfG -yltGmKnS9duZUWYd4AUjau2zWWJn7EvebP36aOyK1P8jLIOwndahSjPrL7ZctIOF -jr0pAoGBALeYsldPCwFLUAUWc4uo+6qjVigZIwO8ZjRAmZ99qwtC2aMODayOK1w+ -P3kygVFZXXlF0XvO7zcr6g4oHgLoaJGL4AUTQGhdXhSlSWlaFn+70m4o/afToDh8 -0atWXDRfLgGnJ+VamriqSUaOdilJz2n+R5mkpB/Aw7cIPMjNG46e ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/crl-updater.boulder/cert.pem b/test/grpc-creds/crl-updater.boulder/cert.pem deleted file mode 100644 index 0e49ec643..000000000 --- a/test/grpc-creds/crl-updater.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHzCCAgegAwIBAgIIOk8TVvubJDYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHjEcMBoGA1UEAxMTY3JsLXVwZGF0ZXIuYm91bGRlcjCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKSOlusPKKWYKIxf3UW+VVlnk6J3sGP -t6zTIPbuZsFe50mZ5aYU0hLKpXc59Re+L0pth2NqPBhEKzicALcfYuXab50spqY0 -Bb5YEale6Exo95uK+c3ciFtg0SCxDNd4sIfoyRZMUjl/7KQnet55Irgd2RKCH450 -5F6u4Ag+PFIQ/lQyuwgeGqZvdzNvQ208Kur2VFhFL4gcn3OZg4GRxySniM8hfv9D -ufKNYdpQPN5aczfhxs6eK15oPsatV9DNQNYrzKDaTM2T0AI7HQtxtAjdfNR1l0SA -Sqzwxzo/bWHFk8vSNdtsdEaZTLA+oEgex24gAXLmqaPWpwO9m6fkjBMCAwEAAaNf -MF0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWCE2NybC11cGRhdGVyLmJvdWxkZXIw -DQYJKoZIhvcNAQELBQADggEBAKy8E1kQUTQWCIVtPCgraZYpudjGk0PETM1MQXz7 -FgTEE4cVpKIWFwWdD+XyfL42V4tjdGJX5iBNFDRgR/rA44QUgrKp9AE8tmhV8B3p -FIgdWDtdsBlSQanvMzG35Zmut7Ew5bUlxREWNqt41TAvFrV0NuXvFHcVDYkQ6MH4 -oaVssPYUmMyCF4/uRXJTVrb5z+jeroIQoCmoQdRvKdVubcb0y7Nq7Of4VQvcdAfi -5uB/7a6k2/n2c+4ZTZYyw94ZUjhiWwPxZQYhs0E/0NfrLJXVqDLo7gfavvoLa8D1 -B85C5GXB0af+FSuEBNGQsfakoZ1F3J6S90VaveebUEA5kYk= ------END CERTIFICATE----- diff --git a/test/grpc-creds/crl-updater.boulder/key.pem b/test/grpc-creds/crl-updater.boulder/key.pem deleted file mode 100644 index 066f0e7e8..000000000 --- a/test/grpc-creds/crl-updater.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAwpI6W6w8opZgojF/dRb5VWWeTonewY+3rNMg9u5mwV7nSZnl -phTSEsqldzn1F74vSm2HY2o8GEQrOJwAtx9i5dpvnSympjQFvlgRqV7oTGj3m4r5 -zdyIW2DRILEM13iwh+jJFkxSOX/spCd63nkiuB3ZEoIfjnTkXq7gCD48UhD+VDK7 -CB4apm93M29DbTwq6vZUWEUviByfc5mDgZHHJKeIzyF+/0O58o1h2lA83lpzN+HG -zp4rXmg+xq1X0M1A1ivMoNpMzZPQAjsdC3G0CN181HWXRIBKrPDHOj9tYcWTy9I1 -22x0RplMsD6gSB7HbiABcuapo9anA72bp+SMEwIDAQABAoIBAQCjMjVCmPeOw6Sv -xeaLFkbxSrd6VoeBQIMlsTxwAUwsmuZRxIRrRgFhg5k/pFwfmwRdX/rz9rILBHpg -E/FBp1CzTADcCwyIURAUNBg0QIeFN3Gfg/S8p2Gzi0Q9MGN+AxvGEwk+66r30YVx -ti+HlID7fwWIUZ4YRZEanYEJSPIdPeyBYD0Xl100aDAP87haNgW1piyfMrrOATET -4EPZZ/O4zQriJd+bk6GNFL+I9MVcp4Kw0Zx35IPREIuRVP5eW4NxpYwL1/2SnYZG -Ab/vwkzUZ8Lj1IlMGTNOl1Sa+HRLOQ4j5iAAj5VdLHaNU/jDJHdK4KiPmLrQduRE -NlocoBuJAoGBAPvjA1+7R2PDjMRqWx2HDgZsgJyYIFOyXqbvaEMk1Cihq8iqfz47 -E1Nyj1TY4LcXgihnIriZNVSqwmbwv7J6U2RbLbth3nIf7lfNcMAVLCkVA5dtyml7 -0qsX5/fnZdi1GjnmVeeuyUUKDKOem4aFn98NrhNqaT718jaZTPchgbHPAoGBAMW/ -nOjklMimWFwPGauHFD6Q/JHNXTJOTC+3rjMt6e1J8YeP76bSTcgphENPQWpDzVF/ -Njn70t18C0+C9BtTWNHOMo9MwnF+SFE96ezPcGZlJxeL9Oa4ylB2ZFTnYqwzCVEz -ouUoGT+xAekes+OpWcFlBfS4PHdFd0pPcbUpFCZ9AoGAeC8bHwRWzc0yT02H6BDW -qk3/F7imRAkpjHFSyCa8bB6nvnlLeT/qurhAl3Vb00CORATh1j6T6bAITeG1Nc2U -GKBAs9XAs6d0q8REdgIkLf3u1sP1/lqsbCJd9jUcrUfMGbBDcOY+9ogS+8bj4k3D -uEPouS7exMHJLi/7PzdnkJUCgYBzg3HaTaRn7VvSMvPw0dBOmA0h8o/NUhWJDkgR -F3H9reMMKFV64oCTO0VKuGJi+8ZVI/V+O4862DoXMUz9JVvN+yBnuxQejgEajAs4 -zRhAiDgkthnSKQHtrKsBOcTXCF0Z9Qrjx9+v5+tQzSGSDJwkr6miAXk4xvhfDTdD -9wIRVQKBgBSmjPtg0RS3GE84DvUp7zDliMXqLxvd9u16FrPjMuoEb7KZ1+BZQSye -I2rPIJS+34SVeIoVITvpGCholkQ2246JT7gdAP+9x6b6f94At9aODHYhq+9T23XY -3wEXd6w1vB42OR3cK4z0MtqFIVZ6/LmIDFc+nbvKpGbJn78QZXHH ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/expiration-mailer.boulder/cert.pem b/test/grpc-creds/expiration-mailer.boulder/cert.pem deleted file mode 100644 index 7027a481e..000000000 --- a/test/grpc-creds/expiration-mailer.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDKzCCAhOgAwIBAgIIAwDeEDu+pKcwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owJDEiMCAGA1UEAxMZZXhwaXJhdGlvbi1tYWlsZXIuYm91bGRlcjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTY5ZaPHTBrrSA5WBTHIlv8 -3w1vhQ1S9cXJDehc7VoAaiCOOLRO5WCr5s67UxxKlKk59puxsvYOeJPkfqsnM/Tl -4GKCs177ywHdQkNQ9hVdVV+urs4yrRg7Mk7Fbx2NEBQytRQDAzYKP5Uyj0lkfgUw -KLXIkC9P9RICCavasfmWbDQqsjdqbMCc+QgPvpIU62tMbhPiobqOBTkoI6OxFU0G -gYrefaIS5bRU5ogsJVxNx9sG2QA6bAuRUPEzsag/OnhYjPCRsQKvEdb4l5d7RzOt -QSy0YvgrXZJdJSbXMKi01mmPh744MDTBXv5vQd69s2pVYXPIuWIE+KbOq0ITJ30C -AwEAAaNlMGMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMCQGA1UdEQQdMBuCGWV4cGlyYXRpb24tbWFp -bGVyLmJvdWxkZXIwDQYJKoZIhvcNAQELBQADggEBADkL+csPuxJNgtpI0vVeaFrS -h8buV44QiPz6pn5qrmT0gNlsUn5ecv4MnVqFL3cSPlRT3lghBOkpe0KGuUsnjB+/ -HvY7drb4DxAMW1CJuL6xCvGTHA1d5ueBNjUXSSpqWNTAOvovUJNS7whMaDAatqNK -OuZ+cnGJpFVPuFLUJ5Xj0d7oJmOoqvRTh0UY/jBsriPkufA+I59oPUsesxt7vExn -H1y4W/gvqNX0SnmHObYySO5JiwEb/ZjL4eOTUCTZ/xm4qgGAuBLGM76p5BVvTNwv -5ySWNuAE1yWmdDctiSY74kAKUl+h0dHFuwxTLQLHeGTpq+ohEAEMhoNVo7W45n4= ------END CERTIFICATE----- diff --git a/test/grpc-creds/expiration-mailer.boulder/key.pem b/test/grpc-creds/expiration-mailer.boulder/key.pem deleted file mode 100644 index 462d2755d..000000000 --- a/test/grpc-creds/expiration-mailer.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAxNjllo8dMGutIDlYFMciW/zfDW+FDVL1xckN6FztWgBqII44 -tE7lYKvmzrtTHEqUqTn2m7Gy9g54k+R+qycz9OXgYoKzXvvLAd1CQ1D2FV1VX66u -zjKtGDsyTsVvHY0QFDK1FAMDNgo/lTKPSWR+BTAotciQL0/1EgIJq9qx+ZZsNCqy -N2pswJz5CA++khTra0xuE+Khuo4FOSgjo7EVTQaBit59ohLltFTmiCwlXE3H2wbZ -ADpsC5FQ8TOxqD86eFiM8JGxAq8R1viXl3tHM61BLLRi+Ctdkl0lJtcwqLTWaY+H -vjgwNMFe/m9B3r2zalVhc8i5YgT4ps6rQhMnfQIDAQABAoIBAGOo3DPpqQGGwlP6 -NFnwp7iiwdrvhxFD2yKTs/LceV6DrzdkSdkfyIm0/lnUBTPhnno+2lfhE5X3pZxa -prbIVkm6yGuXeHCyUglTl+S07KHMaxjSO7Yxeek2rzWqR6NSc72GHp9PFyUY8y/6 -NQkXU6YUx8ehDz6k4JKJbZQQWOLfHfYB85pkguITFtZwe2wFKLyrOLK740m7iZm2 -Q5zkY4vi25RAg1vkmM2kJUhsEpxRMC6v6Lb537xbQPYPlDEu8y2n/Djo2GgKHWUQ -gB6BT/CArU1MO6D/DsDs9Kr+aDa2e4HCB5BHCsxk8wkcvVqK8zX1FtbW5w+9mlqk -dP+zWQECgYEA5TrCJYlrG5ivg9JNINVvsM64K40iwBSjrdhLngjT/FFAcWQFkSH0 -kHzL5g2DNWU0fDk5Y71MtjAtMhfnS6vX4ICBMqDZOm2z/is6mX1Vwd67nIbOFTKY -2lvSDrjVxF7cEyqh8fQZDNsTfKTDFSv0yrKHyc5tywl8wGVYvNWsdNECgYEA29YC -qWjVtIrbFoOBut3hGGcIsQcpYgV5HSm+NIl9BVpopeafdjv5wY5XsVg9BUHJTCB1 -mUFNw0PGKKcc2oPNQT42hD70S15OBdH3K7Fj19e7b4T1Q8NUW8WHbwECG6saU8VC -Iv7/ukzvaJV8Gn7Pl7LFMReXvsxKS2NjG7pDYu0CgYEAhBWGd2CmcgFZ6ShNvwSd -VhDXeGjbxDhgVDTU5ZwKolIjQvMybf1V0cfHKalRmHvXcVj746fZQwWhlULGyQic -3MTPLWAXq54439UC8ByTRKHWEwxuRTKhdvj/ofIJYxyRzQ18wVE4+fpmUSUTL+jj -JcUXj0Y+Z4bw9l+vcSfiNnECgYEAjxgv5Vvy9zEHSRFSyXMRyROQKcMyobZUTrJU -N9hiw7BEu/BxTcHeYaoo1KxOE/TtdZsPUTGbz4V3IBEfC/GNEnHPhKeB1ulMuicg -z5UJG382Z3HRQEmNyKq77Hpoh+AJJAwbb7IyfW8Eyzu6a3it4d2g08K6qJxLo+TO -p0bIBEUCgYEAyIixytnbC3n31nKDdzP6gcs429JCcFw4+/Sg62LGSTUDUdifnrgG -rm4lkOLDwm8gv7I6L8Ye7KJGyG3mdqOgEMP1S8V2URXTWehifOAW3ePk/7ib+s71 -T3LVEGGZGaFTmeRnJ8HL+iPhsqDCMofNZx30sFX3joy4qarl77VSUG4= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/generate.sh b/test/grpc-creds/generate.sh deleted file mode 100755 index 2d2815e0f..000000000 --- a/test/grpc-creds/generate.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -e -set -o xtrace - -cd "$(realpath -- $(dirname -- "$0"))" - -# Check that `minica` is installed -command -v minica >/dev/null 2>&1 || { - echo >&2 "No 'minica' command available."; - echo >&2 "Check your GOPATH and run: 'go get github.com/jsha/minica'."; - exit 1; -} - -for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \ - wfe akamai-purger bad-key-revoker crl-updater crl-storer \ - health-checker; do - minica -domains "${SERVICE}.boulder" -done - -for SERVICE in publisher nonce ra ca sa va rva ; do - minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" -done - -minica -ip-addresses 10.77.77.77,10.88.88.88 - -# grpc/creds/creds.go: -minica -domains "creds-test" -ip-addresses "127.0.0.1" - -# minica sets restrictive directory permissions, but we don't want that -chmod -R go+rX . diff --git a/test/grpc-creds/health-checker.boulder/cert.pem b/test/grpc-creds/health-checker.boulder/cert.pem deleted file mode 100644 index 9a6d8dfd6..000000000 --- a/test/grpc-creds/health-checker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIIHywaCXTL2qgwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowITEfMB0GA1UEAxMWaGVhbHRoLWNoZWNrZXIuYm91bGRlcjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1xITHFefqqfd0uZyJvFJMWzWZS -Bekou7m2YKYxl61esBNzYZxcSh83vn84+s8dkB51/Z8IpzX5xTr5Ogwlkg2EnxVB -WLsFjbBsfdK/cJmvs2mjEVyHoxjAZjUgddo++AAXIallVWKV5nEY+BmY+pw4Sdvk -gRleGMfj7yNlyNq7RvjBgGBpg/hzrVkVgcreGeEwhFSvjAHZIzgzjjIOKBd6W4SY -1w41B5bBnwN+izyd0AlKEig/sWbGXCFR9IMjBgFp7dogDbwCGETdbMeusbwBEHUS -98t90/WBOj7kN6a4MUfKWNpz3/UdeT0doRF8hfVRAeydMmQ4NTc9WVr1R6MCAwEA -AaNiMGAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMBAf8EAjAAMCEGA1UdEQQaMBiCFmhlYWx0aC1jaGVja2VyLmJv -dWxkZXIwDQYJKoZIhvcNAQELBQADggEBAIu8JfyFBvWWRGw4baAh0ArZU7nPAsqL -phJTO1O2thn9qbCnEOAXBBZlnmEMRS6vQpIjt/d003LVKqMjQ8ocym58qa8MMksQ -BHs1S33XJWkmw6/qPMfbbyP/n1SlicD920Eqsnv/jAY3AqofMaB4f0dmCdyhjIkW -jkI2Y/M9nG4KDgSelu0aL00NXdNvFG9gJrLjH22v85i7xCPpfz8zFmho5igW0OCg -a4Xmsoo0YxV8KJQ1z7rVIuX4qmYxQ7cdQ2i626EaI6+2/YTH2eA73O3YI0i/x87y -bFA5+7DKcwNTuPW2wNtPExsdtbvKkyJjWCMArEoWRaamqESszo95jUw= ------END CERTIFICATE----- diff --git a/test/grpc-creds/health-checker.boulder/key.pem b/test/grpc-creds/health-checker.boulder/key.pem deleted file mode 100644 index a4ccb5a7d..000000000 --- a/test/grpc-creds/health-checker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzXEhMcV5+qp93S5nIm8UkxbNZlIF6Si7ubZgpjGXrV6wE3Nh -nFxKHze+fzj6zx2QHnX9nwinNfnFOvk6DCWSDYSfFUFYuwWNsGx90r9wma+zaaMR -XIejGMBmNSB12j74ABchqWVVYpXmcRj4GZj6nDhJ2+SBGV4Yx+PvI2XI2rtG+MGA -YGmD+HOtWRWByt4Z4TCEVK+MAdkjODOOMg4oF3pbhJjXDjUHlsGfA36LPJ3QCUoS -KD+xZsZcIVH0gyMGAWnt2iANvAIYRN1sx66xvAEQdRL3y33T9YE6PuQ3prgxR8pY -2nPf9R15PR2hEXyF9VEB7J0yZDg1Nz1ZWvVHowIDAQABAoIBAFj20IUZGwVtpyuM -2KSUrbg0e6X/hwe81+5IB/pwJ1qwUldZ878eSArUvO2i4xmll69ZMQcZXC+Hhd1P -588yxdiMwccWkTIL6Zuon6QPutcSuwLX1sDXC83AI4KGGAL2mbaQTcdpVlxmxW/c -fDO5h2z3AyTyAuXVVa3aCsitXxk4kVn7MxBkU8h5jeG8mAuZlb5MmyLpXH8F0+3x -sTaOEfelw0ohA1Eud1XWI7KEketI8KoKgRR0+ZAYnK/AgAO9mgmAttn1nk0fYoJU -l60hVWbsWlak8ef2zWKF7VfFRw83rqh3cFOuRLHI5wZGzVONRKO/5yffvc8bmqRx -nbwMVIECgYEA8PQsHDcLfbNrIg29QXwgeNCMSZ8eoJFOELnpcNfiUk5SWyjPGwA+ -ACMUAjEY9bgd0G52Gjn9oZ3ND28vpqpUrfON+Wt+CUr7Gploj4jrEYU0rYeMfQLa -mvyMGtU08aLeVhrvTUTPNiEfrwqp6GLtj8g+oXvv3IOk3wRwinGYI1MCgYEA2kVF -7gicTM1fzfrS8vuOvzG+TbFN0B9NYcRYe5h0bUcMQ52rqlrNkQdiMBoERIPu15Aw -/sJvr9WCulhQ2gW2lgz36julJ3PBGpeC6wNK1l7VUsWykQm5APYvd9V5KVNZtoPL -Mr2+Ijt+2NFNseCUlrHPx5mRUiKXppaQUMp1kHECgYEAnHCLqw36AfTZW9S7yaaD -lq0gSDRtOCbfHnD2JXOk13dOdS07ufYgSwp7VSj3YaHWiZsORtzb1XCU0K6Jq5Xv -QLletk+aFwJ9obl0b6yfolJv7zKQfiG6OOI7PLislS3/WLxIHkzMlAJRhd5Qjjac -srt6HnJPO0alZr6FKv2xn00CgYAXSWy8iI6kYwTlpOz8n3oLS/NRtqjmm3BWDeyi -wxEo13unexrlgeqMno0LNLtf0/OXa/rOM1BXIiBgYSu/Fvzz5U5N3y8vllnzzFZb -XG6PkG6R9iWm87KZN6q4zj2u+wWHQ2hacYPngxF1cF8pqxwvN6lDUk7+xFIJo+ah -t/fzAQKBgQDmrWrejfSE8H/kYFrLJCMRM6LTcIeKlqBoAFp6Y5hkn2FhNrW4QNdm -qZAfTXnfaXcxj3gpD4t/hh6o60/p00KYJhewewL/A7wnnli1xt2TgIIDwUHRTzYD -tJA5WQCwPBGQ3BdNog2kuLQv8YcTRVKMan0tSGhgDx7A6AR9lZeeKg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/minica-key.pem b/test/grpc-creds/minica-key.pem deleted file mode 100644 index b4d642b2d..000000000 --- a/test/grpc-creds/minica-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsxASAD9JV/1ZkEgFZHH+De5bxniQpVrDvDETHRg6AmqOl1hO -9nVQSNgPFcKjpyCgvBuqf/qawoKXQePzHcm+l+Imk6UrAN4Rk1pax55FyrxRA52r -hiwz3JXKOFd3pgReemDguIotRfNwLw66q7JxQ65eVQHwJ2MgiMPanw78vz6nRrpY -W4tPsdWNZ2r1qdA20OxHPTVCtDCxNgx/5y+Db7c2DMG88LqLjZE58IWIeeP0pFRZ -DAUxX9ggQLWT8+P0NkGomb7yWClUNsigmkrbYaG3J+VM/jw8XyXAEejGtbbs7KdL -AW7Y2QHCmR1GmxRUZpR5xP/ZFhOeZwd6Hpa4ZwIDAQABAoIBAQCgWYPFNOc5JGdQ -DS7HBE29q/YDhXQCn4UowcmcBFXuU/3dCfesPOHoWZMoqWRkBZPq39uPP5vXE5rg -JoFP65oB6UMidIZOAI88pW0l1VYqdvkVg9xWCr9mibzNN4at5Lu2W4rhtttUCOwt -N8NyfhlvwnY3KcUlgF9iGgFs7r7ngnRRpDjraPZfri0lfIg3Ri8yAJKRO4DWhcNJ -X+OQoMb+kvWi/rzmsThDt8QcZ3PX7BL6inF1p9XVFkeJFU2TuoUPa64L8HlR353R -ICQmNg4WUfDrsOxPqhMt6Yaoq4XhYxKL92tADd+o4xItUR3CoXeTYdJjAlCxHi3M -woF54lwBAoGBANTQKtdM9l1+YgxRq2O5Kezt+M4SZm9YcZ4QZJhfWa3HIbo5zsfu -+4eJ/LGAy084puGbNL8m70yj/3bRxTW+0BoHp1RFYpcxT/uG3tFkTeyftl2TxIpm -5G+wqXarGjkglWyzoaCjkpQIThb9v/7Zjp6Hhose2VxhPP9PkZp7X0ppAoGBANdm -im7Xt2p8b0K+dxC8qTETChD1bMH4nJ/IidZKHphiHpuxf8yklLnNfZtVBCIWG2L9 -RRjq1ni1O6SM9rCpvF0R6i71B76Gxm8WYMh7qqDQk2EgZ0kmLlSIiFdH4Q3x6o6I -0lYYGP1jQTtO/ya6RGjeYqKxgYz0AXqcsY3bLHJPAoGBALCh8tzuURF6g3DMHF/R -4N15CugnV4QVOYBDBOt/QJS+0dyafGlvjq+JtQWy64xebgyU4KvDah0HhVKee3vH -WzwvnA+S42iwEj2nTKspAJBkY1259wgUrIeTbqRDEanWxI8LbRxCh7d8SSxGAqRI -+FnWDLLNsQU+4/zYkvZQbd/5AoGAZchWcboNOYxDJs7JhGchq8bLYugV1DKeEAK6 -3z925Zq3y+o78X9zp7iqOdQad+DqYAQ9umB9p9w7qq3Rg/kwwOnONxIh7q3Q5n00 -joehQQxOF/8vzyjzi45YnqWgeu5tX5zXh0crx9A26seRWcN6v/MVuLsX9Hr4l++j -Ft0SS5ECgYAmkCkfEzId0YgwCZ6LnJC1K0IYb59iaACuUxGyEbIceR6hF/a2nNDg -IjF4dwdzQeeMaSEcjkF1fMPyoZRhulp+jkVPS5DdMLajJCGcKIfeZ1dhjQxNiR3K -EGW5GxZ3/MMB0vVIkWz1V1r9HxrcjA7zjLH7sww8yoYcD/hiaQrPaw== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/minica.pem b/test/grpc-creds/minica.pem deleted file mode 100644 index f57f06f97..000000000 --- a/test/grpc-creds/minica.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDCTCCAfGgAwIBAgIIO4ssrd6kNBYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMCAXDTE2MTEwNDIxMTY0OVoYDzIxMTYx -MTA0MjIxNjQ5WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAzYjhiMmMwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzEBIAP0lX/VmQSAVkcf4N7lvG -eJClWsO8MRMdGDoCao6XWE72dVBI2A8VwqOnIKC8G6p/+prCgpdB4/Mdyb6X4iaT -pSsA3hGTWlrHnkXKvFEDnauGLDPclco4V3emBF56YOC4ii1F83AvDrqrsnFDrl5V -AfAnYyCIw9qfDvy/PqdGulhbi0+x1Y1navWp0DbQ7Ec9NUK0MLE2DH/nL4NvtzYM -wbzwuouNkTnwhYh54/SkVFkMBTFf2CBAtZPz4/Q2QaiZvvJYKVQ2yKCaStthobcn -5Uz+PDxfJcAR6Ma1tuzsp0sBbtjZAcKZHUabFFRmlHnE/9kWE55nB3oelrhnAgMB -AAGjRTBDMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAFwZS -o7hfeK1sUKoXJeqrw6fIuwJsM0Hpa+j5VW+pJIA1J0Ntb1e0JI8StnE3hxYoQ30m -pZ9ZMRPov8AqU97l1aBbNYu9CwQsSMmFwJNuAQKw0PZ8U+dPgt2JE++z4349QDz0 -EWAAH8sFU1bXiAWHJLNpiLf+IKYyCETYwlFkWAUyZtWTbsmW+iJD8qZ44ehydGqZ -3e4NzpJUjN0IK8c1BpSjDqbjiTxhlJKXyAR3vAvhXa7V3SkHly5SFpggZi1KgumD -jVJRk88vTo95Tqsrer0ouyyFwst8ZPmUt/vqbwhU6Z3DgX9jYcS9ON5KVGbC1KO9 -JNrFIxoQe9I3x5w6kw== ------END CERTIFICATE----- diff --git a/test/grpc-creds/nonce.boulder/cert.pem b/test/grpc-creds/nonce.boulder/cert.pem deleted file mode 100644 index 29ac591b5..000000000 --- a/test/grpc-creds/nonce.boulder/cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMzCCAhugAwIBAgIIPsEnAENFCoowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowGDEWMBQGA1UEAxMNbm9uY2UuYm91bGRlcjCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAMPsPkNpldjDPoFwtVUqA7uQyfn1rEHOJrl68Fyo -U1O0z65T33vdblQWdNDbMN8DtuR2Zpcs+M3n1cM+HzgZqo1tLlUryrVULBmtAjTQ -HyoBq8RGx9rPmiU7yZzaFwpCRvu7dfK5QtoXxA70NlGdY9ffoEb5xqPUgY7WefmU -uaI86Mb4SJYTVD7P7IfePLws+aFgBh2GljlcOcdf1KOEGf8fDFsi+feQZVqsF4SN -u3l7z/XZ3d0k1bryuh0K4RBDci3oGPddX1Vzh4E0ZDjInOQ4jGY5t5shw/QGWQib -CdqNtvW8kBGCXRy7J5o37pFmuPQD2mKqJRDKimt9sMNvKR0CAwEAAaN5MHcwDgYD -VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV -HRMBAf8EAjAAMDgGA1UdEQQxMC+CDW5vbmNlLmJvdWxkZXKCDm5vbmNlMS5ib3Vs -ZGVygg5ub25jZTIuYm91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAeaZuUfBfq5QP -hrbMmh2VtecgdgfhLEYuXuwD2G/hCX3yH1lpOu22CrBOmGoQblyeLR5FsRB41vZV -iybAVN2hfXKl6Yrh017bMwJUSlncQsUQVXDCIQ07HgdNgyc1orARtH6OGZfypNMY -bDBgitlgS4F3TSjA1W/dj7b7nJIAkbgrfCIGn11t0xBTI7FHpdDp1UHZTVEUEnJ8 -btlqJREF52L9Z+MVw9I0LeaUHx8uuBbeKERfR+9/BV2eov2MAZMpeCCLWDhk/6gk -n6RR/5u/nWwNcepVtlS+XmddgmQgP1eAR07AyUvLisuO5leRa7aLJdUUpyJ0eFre -geYixYjT/w== ------END CERTIFICATE----- diff --git a/test/grpc-creds/nonce.boulder/key.pem b/test/grpc-creds/nonce.boulder/key.pem deleted file mode 100644 index 1f35b588d..000000000 --- a/test/grpc-creds/nonce.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAw+w+Q2mV2MM+gXC1VSoDu5DJ+fWsQc4muXrwXKhTU7TPrlPf -e91uVBZ00Nsw3wO25HZmlyz4zefVwz4fOBmqjW0uVSvKtVQsGa0CNNAfKgGrxEbH -2s+aJTvJnNoXCkJG+7t18rlC2hfEDvQ2UZ1j19+gRvnGo9SBjtZ5+ZS5ojzoxvhI -lhNUPs/sh948vCz5oWAGHYaWOVw5x1/Uo4QZ/x8MWyL595BlWqwXhI27eXvP9dnd -3STVuvK6HQrhEENyLegY911fVXOHgTRkOMic5DiMZjm3myHD9AZZCJsJ2o229byQ -EYJdHLsnmjfukWa49APaYqolEMqKa32ww28pHQIDAQABAoIBAFUWTlwciNVgxc6V -UkswOfrFgNIrnanei/bVq3myKK4bwm4lQtOacQXX0te5udnA1TcXLKrO/yb9Xlqy -qgBFNUrCdfLLV/e0HIryFhk1obMukphlXPpsWrd85axXEtaDviwpV6oYRy5MT/tm -mAiN4ASqvALXCyuvaKzN/J8lthD8vFpjy8jzqY0JR/5Ee6ODUbd0/pceYEcXWafD -WgRYyjF+Lv4oXesp4jwlOMUwIuQhuGO3ybPBE8OxtXQ/wRw9IjypQXJq5smEfMUO -CAJqjRlrga5pcnrWKy2R61DamAZCNYmtzhy1EdS66+/fJIKDgAEldQRT1vbaoAqR -4l39GYkCgYEA4hwMCvjOSHtATfS9Kw13FogVGyyuMfn2pbMvIa7SHzZ63b/a0yGH -5aWKACoOW/1SGAYH/59vwwnF5AEpaYcCDgVXaU6gTQin3XZyCk12Aq/1DusgPj3T -1fjdFmfTE8CHt480VecL8eihvS1GBkt89nekniomVUATZtTv2cb9bScCgYEA3dKf -ewDzf20d65t0KR89jF4KMXlohilYgwPv7EoG/YP5bVSuYcWccejo/HlywxZN6FBh -8kjoSq9BTCJq9jtltOBhWz18UZArpoCY5S9scFOF2/ouULBjqPpgtkoqVa/ebIWt -RKqx3gKtUH8WBo0vX0DVZyBP5vX0wswNwBr56hsCgYEAsjqfd4qVt+aHUqum7SfJ -BlawJGJ80OIS/JwYe7l84aOlB+RyDdixcWCiPezosrQkoNEoPuOjSh8LAOW1ifwk -r36gX17d1rsK7vOtgtd6PTYLuf22xbkgoNpxE3c1l608jYFxJIFiFgZkb2UffFjG -oNTASvg4jRxb7sPMaGKFYyMCgYAGsCsO0mCFHw0f5XgDJWX9rXgxNa/pG6YHjT7W -qQS88BW9Lihz2jl1VchwlFjZePqwXnwVig0280HMwdznv7K5WWqWDayJ6Qbn5ki1 -4FAsstf+YfSzih33IlV4KZRNMRhLvVwUDfF++CWxn6NSXz9mZ9YHXfoKxK+0j+J6 -QFX4sQKBgAD1ceQgk4DvQ//9Jl7JAWBxsGLYUhyWZMTEPllIGNa70eHw+zp8c4yu -E7VH23hgIx+0WgUgnDSK1gPvrVigdhUN8tBsK9VQPrS2mEsLzAFpqfhW/rEqCJw0 -wooS8SJ+LDbpVSz16EdgXOf3U1a89+8fOedsHf56n+1T6wC9R6K1 ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ocsp-responder.boulder/cert.pem b/test/grpc-creds/ocsp-responder.boulder/cert.pem deleted file mode 100644 index 12d03f219..000000000 --- a/test/grpc-creds/ocsp-responder.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIIGbRbbhhHh30wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owITEfMB0GA1UEAxMWb2NzcC1yZXNwb25kZXIuYm91bGRlcjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOb+um4aNDDnoph8IGZ1S0kPcM7 -hhKZP0XGDFherOL7ZqE3c7z9FItnjXZPcH4RnwzhcmvpohSj3N3csdZrjHVmMDcQ -XgMHtWTNfISXZGzZpkUOHJ6z8RbHkmL1usX3qbSC6yhyZUgEn2PRGAeVXr8t7nwZ -jQDHS5fxxzoINsHX3p+0PKHV/ssusxC24FAgWCsK5gIoRG3Ga+mwg4SsUUMt48dY -7pzMhXzIjdPOLsQUvtU38/5iNj7Mcx78lNih38u2I74d3aKXiqEf8YkCLoiMT16e -3kep0PNgUKKyE8d9rnZtf5GbgMLfWt2k2Dv6Rjsvj6a2+rfgTUoNDs439gUCAwEA -AaNiMGAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMBAf8EAjAAMCEGA1UdEQQaMBiCFm9jc3AtcmVzcG9uZGVyLmJv -dWxkZXIwDQYJKoZIhvcNAQELBQADggEBADsewkGsg9vJuY/XnuMJyD4Y6BZ3/gba -rfmHcVe0ZGGPhTfNYNZ3RfAZKyn1HxAIt2uBCqnK58e3G+RDxBg97Gqst8+IFU0y -wGXZzVoTTSIFElUq56SD6G11+b77zMFRcP4+RjBxXPz/Qn5BdHePC8BhMK6+psMZ -1SK9n36u6SahJ+ceggO2hrLqQ+SY1sv5TNBZdH7oK6Vm7NrpnnuKzSilil2I0TU9 -PGLlBOLAJqwzZ1biizRkY+1N7x4RbLKoAKMOYksUdfLSdWW9EZdATYT3RKlQVbym -Y0Y1Vn14vF/R5ArJ3GJoC0TBOrMTEp9Z7RYQSqVJ6muAX2wZZ2hvFoo= ------END CERTIFICATE----- diff --git a/test/grpc-creds/ocsp-responder.boulder/key.pem b/test/grpc-creds/ocsp-responder.boulder/key.pem deleted file mode 100644 index 68c035e75..000000000 --- a/test/grpc-creds/ocsp-responder.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAs5v66bho0MOeimHwgZnVLSQ9wzuGEpk/RcYMWF6s4vtmoTdz -vP0Ui2eNdk9wfhGfDOFya+miFKPc3dyx1muMdWYwNxBeAwe1ZM18hJdkbNmmRQ4c -nrPxFseSYvW6xfeptILrKHJlSASfY9EYB5Vevy3ufBmNAMdLl/HHOgg2wdfen7Q8 -odX+yy6zELbgUCBYKwrmAihEbcZr6bCDhKxRQy3jx1junMyFfMiN084uxBS+1Tfz -/mI2PsxzHvyU2KHfy7Yjvh3dopeKoR/xiQIuiIxPXp7eR6nQ82BQorITx32udm1/ -kZuAwt9a3aTYO/pGOy+Pprb6t+BNSg0Ozjf2BQIDAQABAoIBAEvhklg7+Mx6WPjN -9/ZJL68qqI1bEIG7DOhFi+Gp3hDndayW6ObnZU6gKTvaxAP/HdsrRFQjGL7vm9h/ -7QJR3b2btrMMzysojpJP3lOGQn9aVMzH8X97NlgRaN82Qfpxb9k7lm44JmIO0egx -5p0NlkHe/eqgQNobWOyQ0ULLRZcPDyxXhebvwb/uXy9ihdr/AsFTEO+d2nnKzTfw -1rNDVVDTbPFkGAhM3lBQoXR+vRnz8Vw9iyCJtslejcV3XKi1+VPEM1JaKekUoMTr -DLwkwnwSSdVU1Bo851iYZM0uo8HqyKPzaksoiDg81AdRs/DhPVXMVhX+iFH67POT -TCSxegECgYEA4YU1c5mHoe9uIj6DqmCG9/kot/I/aSep8gih3Cf5pTRom1rIz6Ov -RtI+VfhOlUJLTpEd+BtYBcPMqm2UXgtZS4wegsgNwdjoG0W5n1YoXviZyiOLYsGv -M/DcBmsLnEbPV98Ns6HjtRzsuIsQXDm3Bbm61b1Xjg4uKnlCRgPfvNECgYEAy+JK -1vPWwGvD1BPw40OBuiK9i5sNhlzrE0LvAifd3Q81JEia+yHmFANiVWWX2Jgwcatx -kRifBHEJxwdPMYyvmKubaNVkih3fkgiFcijs6C+GLZVUCuFRqGyDkwX8jkeEmOCj -WEPdyIjVAf9jVxNNGylFksLw7uoEZbIX70DcovUCgYB3dHHdq6M2WXbC2M4xPzP+ -wZGZ7c08y++u7ned/+ayZVJLiAj6Qz+iidbO/tnRIe51zVRMiV9UnmQYmjaOogBI -jg3TRFhVJ6m6WHJ8PczgkVoUwkMgqms9XgWNuMHLo45Mgy/kyImu84VIMxEVaNTT -SY/3i3WHH2fAw74hDAhFIQKBgBSZ0vIRRVvAB9OACFEOWydRp1FZ4232KZKSqs/O -824IwVffNjm13Sech+0VDNjH1+1EY39Du52ZRmGj7W6WRo/olxVqqnQCPLrmvYUh -eX6kfqxQcGOBDN01yb2rVy+RLma8HAUpJlnC6bL/+SutOZdK/kqsA+hAIR2ddymn -piOZAoGAC9UHq0CtvI1FSGpPahJl/vcSPHzq6zkRL8dQtZiOs5I66F+wPg/Tqdx8 -RbTqjTq358gW63fq0smh7AR2yd1YykxppWdbjnkQGwRtl21AdR256F3CMSUQ0jNP -GaiXP00l7Z1+2qK73Wtnf2wBr0EMNOLOBY/oHuVRHhisU4TYwzQ= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ocsp-updater.boulder/cert.pem b/test/grpc-creds/ocsp-updater.boulder/cert.pem deleted file mode 100644 index 0b3c6149e..000000000 --- a/test/grpc-creds/ocsp-updater.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDITCCAgmgAwIBAgIIFteoADe2xfkwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owHzEdMBsGA1UEAxMUb2NzcC11cGRhdGVyLmJvdWxkZXIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMkzkF6Rg6d70oTgMiomXHl8tI/82S -Kg2mwyZHcEwhYhPVoBl+5PzCcqiwj+4bMSjYGlC8wcF6S6TmCu+KNvZCTMYZDhAL -eDnHJpsZw7QYyf7e9K8KwVBoEPU/5/8LU/J56PfUWEfvFKumdyZu6EjxEQwemIMu -Ary0e0p2QDqS0OUUPFlJ20xw0zqPWt36VZhW139N799GZub8xwmYqbZUiBoLYpj3 -1tfFn9DwO/PwbIpMdvf/KyIFUQzXsH4mo14GlkS5yW/s8asLQ7TdO2hSqHveDbK6 -j6E9/3nsNaMeIrDK0wZmQl66/Zq4VqnMG9R1BSlrLNVBC42+5kcGnWiDAgMBAAGj -YDBeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwDAYDVR0TAQH/BAIwADAfBgNVHREEGDAWghRvY3NwLXVwZGF0ZXIuYm91bGRl -cjANBgkqhkiG9w0BAQsFAAOCAQEAYkxNTb2ffBCOOtu3KVI2cbs32mVYWq0lA/iV -4yPaRQt/sVqiKMK4DlzJS+UWhrc2NAmBgB/eZ+oDnMUAUyFi0vgWzVDU3Hs+8BuT -6EdtEGMOJrxWk/qi3BOoBcJGKyDeHiOG+SfACwuyVDkPDzERYUk2lbJdco0PT3kZ -sSL9ZvC2sPwImoCponXlg7h0kBpE+Lr569BNX/Jlyhl7nAFyMoxyKzGmQjSpFAc9 -KiBe0R6XndotW5AkZ54rB3D6f0q1olKBf57FiECUxGHuH3Njc/ZeSGx2HUvp7+83 -kuJjDQgXecYroYZgmaaWciaGDYkWdXaSZdbO92ZiLfNqOJtcPg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ocsp-updater.boulder/key.pem b/test/grpc-creds/ocsp-updater.boulder/key.pem deleted file mode 100644 index 2c5e9f002..000000000 --- a/test/grpc-creds/ocsp-updater.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzJM5BekYOne9KE4DIqJlx5fLSP/NkioNpsMmR3BMIWIT1aAZ -fuT8wnKosI/uGzEo2BpQvMHBekuk5grvijb2QkzGGQ4QC3g5xyabGcO0GMn+3vSv -CsFQaBD1P+f/C1Pyeej31FhH7xSrpncmbuhI8REMHpiDLgK8tHtKdkA6ktDlFDxZ -SdtMcNM6j1rd+lWYVtd/Te/fRmbm/McJmKm2VIgaC2KY99bXxZ/Q8Dvz8GyKTHb3 -/ysiBVEM17B+JqNeBpZEuclv7PGrC0O03TtoUqh73g2yuo+hPf957DWjHiKwytMG -ZkJeuv2auFapzBvUdQUpayzVQQuNvuZHBp1ogwIDAQABAoIBAH2+hI9gflb54JgU -k5LHVV5ArGBbc6VDGg8F5tKEcRcX7O8jMGiyIbb3uT6FyaqHJf7m9fd/9QfR1TLd -R+2h6O5JuH4QCcazCHij/zPv+hQ+nN24cptexaihu82jMT5qRCGxFBw+g0CuaO+y -Tzpepu8eNl/cCM3QOuOI4PUcd6RjjsolFMUkdn24b3X3BKO8BBk+2hf5V6/qpJVj -g3+mu0qoObWiK6at6UW1YzNv/2woblmaziEy1MwjbiTmIkdRQRIpT1N4JEq//qWv -kBYg0dESJBkr50LZMPedNwy9ZscnHi2HiHoZ/+TUgVCncbYeyY8J3qy/o3J6uRJs -PVD8S4kCgYEA26xCn7HTe+HKU06H5OSVQKlTntjXFUlDaM29dKpd7qFNL8ULTm/g -qsClai01n5Pcr3l6qavznxbhRMDXQ/XAzwphMUd/EYk5zx1ncFfYHW4ql7Ae49dK -xbayh5AIebo9lOtDOvu/Xkp/I6XG/xz8iHxvTSEPB4yUCGUVJ8mHbcUCgYEA7mfO -AluN8+rAS74uOJyLPAgehkSPhbiq2H63XgqUsRlgsyouvOJ1zExVrEy8tRJRI9mE -fwEvrpwZbXOcfBb/XqvqVM2VgX7VVMwySnioyQWNCmjLDu3XRB1XhGyvFk8R9exZ -kSfH4k4PU8nPbKyj/5QG4v16oV13H5YxseEzaacCgYEAzFPzeJUwkJdZ2Zk/QAH6 -bjXSCPvLPAp0gCR25/CcBJ3WrOtMc/4ObOVaN2Or8C3Z5QJKvU2rAryGdqwkzxrk -5+/QrcTCBe6tbd/82ftrkxxo08VHRkh4TWV9tCieKZO5Oi6Gz3Ng8nS6w86sRZmR -r+aGpKhuUWhKPXDAd8y1gr0CgYEAutRwllpnaVJ7th/pGwZa+wWl3jUWgIXSpWzQ -iIskMZGgvWd+TxntlNfxf+B3NjOPkNeixOEKG/1K1AJ5DKn9IJT7Q9AErQHXbufD -NadPJpIKELFFCIMNYtzXu/hsUcBPY/j/zAhv1YK08kXCHvlAYEcCCpr4okKb2w4a -DbtdThsCgYB7YJFyUK4bB4CsHvOl0oi92qFblk1E34dGpVnkaUgz5z4UMjnyAAeG -Um3Z2YI+oYpZJeZiYBG9/PB9S5MzndsCZP+hijv3R59x+wi/AeXe6tYXb/sSLWxD -Xf1U8QAP+TOQmxEC00ZlRD38LswpD+/htVyDhsBp+9Gko6axCeZnIA== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/publisher.boulder/cert.pem b/test/grpc-creds/publisher.boulder/cert.pem deleted file mode 100644 index ff976141d..000000000 --- a/test/grpc-creds/publisher.boulder/cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDRTCCAi2gAwIBAgIIL/764uMwhtQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHDEaMBgGA1UEAxMRcHVibGlzaGVyLmJvdWxkZXIwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwACKJtGWmsibDlKUT1FcYkJSFIiq7gg+W -GLvLOzWzO2mFkdwqzECrOu61LVp1HaFT0hgbrsenKKg8mV0jdRDj9Lx3xZUB/F/3 -fIy6Jh3zxat2iFwJNGsd4m24lmqhaAt/n0PFAZlX7SToDAOW3ONUM+IZYWzwIWsL -RqYOji8rWq2WGgbz5pX0pj4OtiU/44ktWgnBgnCHSkcrQ+Eu/LRSmFaN4vyHog7q -+VMaX1U/bXKjl/k8kNPXZxLGgTDxe0pCZZVFwWCw176i3fDupx9n+ZwaVekf9iVy -Os5crCEZItHZRnw5+9HTPV0ojN8JEOoPcNve2kuXJZL1Yn+opEi/AgMBAAGjgYYw -gYMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMEQGA1UdEQQ9MDuCEXB1Ymxpc2hlci5ib3VsZGVyghJw -dWJsaXNoZXIxLmJvdWxkZXKCEnB1Ymxpc2hlcjIuYm91bGRlcjANBgkqhkiG9w0B -AQsFAAOCAQEAqzM2NTtZPB461lbNXKkBotr48P0Q9kzT1oBi99hD+PIHh8yiO/Le -s6Ak2IRz9IsEfZ8Bc7A23V0apQTSa1vCMEZ5HtoBw6uF5oFqdTy2DGktItMKEo/9 -2Jj9AD9W1qDUSzDBpt7tW3DBEcGrCtGN2HLitYaWKuPJUMdm97s5fPN2qvI73+j4 -NzF49DNB56+tpcKa2J6C8MpJSJB/mBuYMuTBi0liAqOzAEMmZPHcz7qNElFSO/w8 -oz6qGWZU7xCRVmAGyRjV70hfhQ2sCdR7aVKQzYasDn2D9/8S5DulswZSdpxpGFaQ -gnunuoIri1tQw9fby0jbNt8IGyBkeOYnbg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/publisher.boulder/key.pem b/test/grpc-creds/publisher.boulder/key.pem deleted file mode 100644 index 7fe377f49..000000000 --- a/test/grpc-creds/publisher.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsAAiibRlprImw5SlE9RXGJCUhSIqu4IPlhi7yzs1sztphZHc -KsxAqzrutS1adR2hU9IYG67HpyioPJldI3UQ4/S8d8WVAfxf93yMuiYd88Wrdohc -CTRrHeJtuJZqoWgLf59DxQGZV+0k6AwDltzjVDPiGWFs8CFrC0amDo4vK1qtlhoG -8+aV9KY+DrYlP+OJLVoJwYJwh0pHK0PhLvy0UphWjeL8h6IO6vlTGl9VP21yo5f5 -PJDT12cSxoEw8XtKQmWVRcFgsNe+ot3w7qcfZ/mcGlXpH/YlcjrOXKwhGSLR2UZ8 -OfvR0z1dKIzfCRDqD3Db3tpLlyWS9WJ/qKRIvwIDAQABAoIBACzS6/jsQ9NPngXD -rsM9Gi18bQb3K7Dzr+qHRBS/cK7EG9zTyCHyQSoa6T6lXVtkf3jskg1C10BgX3CH -kqv8HaAg7XsHjCqkTwCl7OVf3dL+7etTUTVa70j+KPmQ/Xk8GWmYc1cSUC6PjA25 -OZTLju4cBKJ4KJmDuVJ23MXqOmMs2YKL9fBctxzKYv74Df7WBmaRKGf/RXN5mjCv -QQpqNtegpWf8TpgmVn3KbWVot8IuXpNNqQwEryWIQu1OoFWQtbunWRHjtrUgeOzs -prhvqk7IAvPHaYyrWjX2fYno0kNK68EYMkZ4/ZbN9xPG2mi1qB1zam9eGkLtzs8H -/fUnRykCgYEA5Zo68MIU1PNQK+BcA3LfYaFNBVN3GaXGu8wxN7c7YLfBhtNb+E04 -vAYkTK5qfMG2DDdbzroECYc1gaKcUTH+bgE+MWFTAJ2Gh/1jExPr+yKJl0QLvXJw -p3M8RNg+TG5VEn8SOZpl5U3Ugj70E+9dIIDGiVQSMd06RLzNtl0NZs0CgYEAxDxE -TrVvyQy5clenzV52YqYtdO3H5J6gL1N0nLZEcZ96meojxfc/w69GQoBqQKKOLSRQ -OObM+cO10OusWFg7+kuY+Cwy+pqzFPlp8HkSEFdBRiHp8+i19foyvRtcY6SDMM3t -WUwlHWe89+eO2gvCaCGTfIowyQzJhVTd5p5Y9bsCgYABzP3dWYhUSzw7u9y84i/C -UkOKYScz+kreujFAoJ1EmuxXpFy6S9DAGMQ8HboUFGjbG6wKqQbTFE5lH+Nd96hp -MHVOadb+0D1335LhWWymYZT2rL/y0mzzw0GbwJ5sdwkPxhNchEt8Sun5w4iih2QR -lzD3bsNdxMBqPZjXb09lmQKBgQDBdzlQ8Af5ixX56PmCu7Kzp2oBcbw1ZT4/6mN5 -bSklbDmPLQt/zTeMUW1PexNGDf1l+/srXkCPrae/Bdqwbq0TIxz473qDH6mW8B7F -+lcYzS2JWz4wPinHDJihYCxCAJtmrl9mPnAJAZGIRz7LMfTEfPXPPt7CGF1Fmln7 -V/oUqQKBgQCBjll5uxw/tb2xNp7udBQ9Zaa8+mD+mVRLFI0Dc96Xs1Xr6A7+PmmX -Znn+kKDYgDCwuq9Fj0bJg55ZJ8oyTsNVjnJBgfIV1Oirp5iZ1BrLeXlna3dh03l2 -vp9TIEnhxn3yjGFpV2nGeFtdmFHY3xHz1cmNe8r6NFrIwhMqhJzjhg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ra.boulder/cert.pem b/test/grpc-creds/ra.boulder/cert.pem deleted file mode 100644 index 9594c1550..000000000 --- a/test/grpc-creds/ra.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIfxNBlyjHA3wwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowFTETMBEGA1UEAxMKcmEuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKsTrhnhiHgTppDXNCI2AK9bktYEj3JlnJtnEtXknULI -y2mBjdiwI9n/olQjhK9pt6dTk9rdPjTt4eOYMJE1x7TiPgETp7umw+NFruG8jYD4 -i8sHt6JoKcT6x0AwWwvGtpbBO7ru2Z5HFjFZJwylQuUWt6fcc02qa0A3drjIbLnL -akcyAKc5IT1Hne24Xa6onwFFbjhUsO3iRn2HCbR1bwQljwwEIAI8a1bZjAEb/kTO -tEoNZIGX2DeZg7CBF3FQxXWHR5Wv+WVUVv79RkItRvnOr/MooSRg5PgiGvvC2Kdq -EvDBXB1Sww0T03OWMwL9ohHviqEF43bEAndllAquovUCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnJhLmJvdWxkZXKCC3JhMS5ib3VsZGVyggtyYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEALFHAoEfVZbolb1oWN5Rv/IeXbyxt -9oKIJOjL8+Qiu9Y1/AG493dkahnTIiu+GLQhrRm+arQnM6N1rB2kKefcl4YGaukT -pZG9BS2G+qJJT33XZo3O0wMB7pb6K0FzreLcb9NpG0z90xZ22t9+zLeG/i71f5cg -0c/YKjnA/gweVYnIeMeup5YVgwgY0sOTWGIPlqld8xPHZz2ru0/NETFHEBGqdzhZ -JODT441NtjVTmJo1bNun4GOUzZ+yAh1EThS/982qiFa9czTaUF8zLafAeiqjyPW2 -HDhJG53CG24q9YkFhfpCUkwTwcsW3pEfV7gfP890RK/JusZ1fCKOi1rsEA== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ra.boulder/key.pem b/test/grpc-creds/ra.boulder/key.pem deleted file mode 100644 index 30a8d2135..000000000 --- a/test/grpc-creds/ra.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqxOuGeGIeBOmkNc0IjYAr1uS1gSPcmWcm2cS1eSdQsjLaYGN -2LAj2f+iVCOEr2m3p1OT2t0+NO3h45gwkTXHtOI+AROnu6bD40Wu4byNgPiLywe3 -omgpxPrHQDBbC8a2lsE7uu7ZnkcWMVknDKVC5Ra3p9xzTaprQDd2uMhsuctqRzIA -pzkhPUed7bhdrqifAUVuOFSw7eJGfYcJtHVvBCWPDAQgAjxrVtmMARv+RM60Sg1k -gZfYN5mDsIEXcVDFdYdHla/5ZVRW/v1GQi1G+c6v8yihJGDk+CIa+8LYp2oS8MFc -HVLDDRPTc5YzAv2iEe+KoQXjdsQCd2WUCq6i9QIDAQABAoIBACgZH8ifLT5/1J3E -Y0rVf4manCsfvIOiv3dJTIfn4thhehQLsrSkbHLPUTwJazM2Qz6r/07gZpE/ZJ/U -7yVKBromAUR9V+ZK60Uc8yWj7ULafuGiuG8PnSK3aPZpnx1+gROKzTY+f7FylggR -Dm8PWUOa9Icay8fbdvIBTgl3qMxPOCgLyXNXNJHcKIPb71L1T5EL2H9Z5vHF9tFy -TnbpeK0GlmBHIeseVaFzruin3sqxjRftVEgTL5XhTq/9uY3EUutq8SGRoidbpp/+ -cr0I1IpFcrJVmJHKdfJkdRI2u3LtMKS3bpqJU7MKn1DRzvQatdSQwn/V8wU3iG8o -04dus60CgYEA3IBOLJRfMFgj6LbMSySoP8JIzVvnBHIMXGd7mzuYUlV2GjVO5oD2 -nh4Q3eGDT2TZ1GbaGGHLhpCXIx87oSXHZz+vw+sDh+WHEApLKZMRZLMxAbNcsPQL -fhcmaQVkfxaV78rrt8TYuLDIU//bOTwGJ48Maj92RT1z5hOOiBkdQe8CgYEAxp5p -Au9kiJFEIgHVtEN+1qHfnwZJI0xOkDfsd+a1J6PZLimHAfiYETAHfJq1cMC4Mt/G -4l/WDqwcWXI/9A/gN7NRv0miQ+tDyVHntohaGoU+0hm6QfXag6VloWs/X8mlzCeu -46AXAni4lbW9nNWwImEL1uSC/Oo5vB45OpHR/VsCgYAivfyTPZV58olF43dw54ey -9BOwd6iApM+Zx5xMKymm31xKaNfTrcIty6LwstWTrto7gzEd4lrFCwclO4iTrXYr -qHczMVZPFTUgq96H4Go/KZSxJeeW4fzlkxQ0O+tHsvFQ5PIa9GMJRqFpyshpzjFS -DlHwc6tY4YPfXnl4rCxV9QKBgAsrwbA+kqLzuKdI/yICYdHkjNU+30Iy+oA2BQDB -YxL1rjNgdo1v0+2zi9hAQ1AyJqoF2APHbByrJXUKbfpmIjA/z6s4kv3K76cVCjlD -9f1j3SKn+8fV8hJRbSPlCk1y4/ZVjQqUaHblH0ycSivWAPAOEUJm288pxVGFSaa3 -qN3dAoGBAIGSn1PSjIVqypCQBBydedS4WDjqwkLoL0bOOZRLxgk+dtfD2l8wKqWp -Helyqym23d58QPb0ZwMU3g/0pZXDqX+w+bnUvAvjfADmFNe6T1nWYiu9Mn5YHAyO -G5s2aHfB8aSIqQSRASlWgFEmftfpuapRGAmOyZr2JYZuaELkvPmP ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/rva.boulder/cert.pem b/test/grpc-creds/rva.boulder/cert.pem deleted file mode 100644 index f68dad1d4..000000000 --- a/test/grpc-creds/rva.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDKzCCAhOgAwIBAgIIN3GC8lNGBqYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFjEUMBIGA1UEAxMLcnZhLmJvdWxkZXIwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDYOJmNC27+V5L6ODXokt9dQiVCscVhjC2aHNvw/KEt -EfzUTkfOAkZR1FbRVcZtUci2CIxVTPHQBUPfZiz98LkMCR3YJBv7QZvdBiinEExo -Lzn4LP7vRNohDWl0QLw+aZH8Y5IUh7GITPLBDF62F/6DaCva+k26dmlYdmVMM3Q3 -LjPlwJI1Li9nqE0ZgOtzIHtx0hTHlW8rd8rx93QXVZDfk2TKCZBPJ0BAzW3jpPGz -39mdullWQMOEA5svr+pRBvsXHdwIzGFdZY3ixRCqOwDdOHIubo8wSWjMuX0JspSW -oIG5w6tZcF3szvgRUDKIEyQdXEwMK+k24VL1Rj/Ojsu9AgMBAAGjczBxMA4GA1Ud -DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T -AQH/BAIwADAyBgNVHREEKzApggtydmEuYm91bGRlcoIMcnZhMS5ib3VsZGVyggxy -dmEyLmJvdWxkZXIwDQYJKoZIhvcNAQELBQADggEBADLh+7f2NMNj5ZGXQYmsfSh2 -9wUxCVs84hzIDLn3f2wybRc3nYg92mTzJmihy1J1b3NKGKhosHcZA3dQ5/z6TLCZ -8WZvEw/9zfIw63pX9r18/jTnmKPoaSumnS99hilEGtbbpsvn9nAfEM0wMoMprygk -h5c7gOena+TxiClAnWNkv8YMEUT9nd/OvdMx/9o9yH2VxQ2Vh1/aP9gBOAUPpmP3 -jjuNBH3uD0rm4/WQTH4Ok4Q0okuGB7xH3lKns4LcnNuL5d9k0YWpQkamcS4AKn1G -bZ+uXinfsQneSMJI1CZ/OtZJB1fOKLK1ifd4dAVwuLJ9hlIHWfwuixm+bnnD38A= ------END CERTIFICATE----- diff --git a/test/grpc-creds/rva.boulder/key.pem b/test/grpc-creds/rva.boulder/key.pem deleted file mode 100644 index ed78588b4..000000000 --- a/test/grpc-creds/rva.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2DiZjQtu/leS+jg16JLfXUIlQrHFYYwtmhzb8PyhLRH81E5H -zgJGUdRW0VXGbVHItgiMVUzx0AVD32Ys/fC5DAkd2CQb+0Gb3QYopxBMaC85+Cz+ -70TaIQ1pdEC8PmmR/GOSFIexiEzywQxethf+g2gr2vpNunZpWHZlTDN0Ny4z5cCS -NS4vZ6hNGYDrcyB7cdIUx5VvK3fK8fd0F1WQ35NkygmQTydAQM1t46Txs9/ZnbpZ -VkDDhAObL6/qUQb7Fx3cCMxhXWWN4sUQqjsA3ThyLm6PMElozLl9CbKUlqCBucOr -WXBd7M74EVAyiBMkHVxMDCvpNuFS9UY/zo7LvQIDAQABAoIBAQC9PXRu9NXVN7KE -21ObVYi3J6BS6iI1ySlUW/PHzGQIfVjKPCUuUeFX1z+RAcCkh1Lit0KTmb9+cE1C -Jjw0mU5sEUKUnK38zyRqYuyLo4EsIkFbS45ovdsn2IQ2Yj4fZeiGfGMrIsQn5ikE -+x2dxAxW2IKhqjcDfoWfDiiEc/hAHcwK7WIez8pkY3sgyzhms5IzFBqAWX5DSaXV -t2I8A1kQbw6JdWr+jIVSLqRgB3ojvhewHLkbcPrBLt7/Zx3U9Xy56pw2j9VneqV9 -yaBpZTXhYk6VxNZM7bqP7EHHVJ1NSEgwBn8YDeMS0wyeEwoucYSdt8hz8DjWUHS7 -NUH+PsdFAoGBANqBg6P8bbuXTObRAdLsQ5BDGIqNIRUM25o8id9dnQZ40F27wr90 -n7kBNSTgnimaaMA0tx2ZBgdTE0Q/r/Y2LMhoi+JXUHXIJlHvXd2HiKyS3Y8URo7B -hW+svTTDy6yhf8SP50gCq8Url5ZxR+6HFDAouti34WapUctOQQDETs2/AoGBAP1S -t+cTSxADaCBE3vC+MBpL+GDJSIIR5klSOIvDAq59vMeB8WhXR7qGyUY8uxYeRoMH -a5WkvEa4nonsRclyMbLlhek10dy5UDCQPbSLJg1ebMHw3JH528SvUuP1F0v+jAMo -QEkVnGkDmaccYXkqmRT+uFGaS+huICgzgrVECz2DAoGANVlDy8j4/cEuHHjRSi83 -O8S1/DYC6sHN6DV5sBiKGydqMEiEfvw5dxENaaiR1TSG+M6mGsrexvEIljQ6gRGv -E2s7JBMPaQJqIL0hnNHXk9Lz11gq9fXX33E8bOKVGtv/dv1viYxlZemDxE56Mom2 -ax+2pu0WUltqxgmgI1DKsL8CgYEA3IWUuCCweGkuzOCHXvWBdHLr7n1qlGg2m19r -ACer/vBQVTEGUPmh5HuPXYhiqNeENG5SNnuotrvir1gyTDIPl5d84k5KuaXMa+o0 -/SUg5ARuEsq1iJIEwYyKUQ070Zjuk5UHmVepyDUtHi9znwH5LzCqjccPC3BKqBRn -VZq9WjcCgYBTWn1sTDlAX6ZaFKEQXiZqVLCrmkobLI4wICyuYtVWpnReQo3MHW4C -AE27gK+ttH6oQfVoG9jD7TQjJOcJJW7rqBTCFVF6yNZERxUkgLVJ5kFnQTcvisKT -hlq8X7g55lrx+MTMhpZ8B7tcoL9F29ZR8yHrfni6+ofGsmjnjlLg5A== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/sa.boulder/cert.pem b/test/grpc-creds/sa.boulder/cert.pem deleted file mode 100644 index 660f87dda..000000000 --- a/test/grpc-creds/sa.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIHd2y4LvorWYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKc2EuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANVOyR1/2onOWzBLOfgGSHVqsna8UkOpbc5iy5S6jsKT -yqcQdRag9SSVDhFjmUMlreX99OH1d5el4Q26JVb1duI0kWXdznyNN85LezpxHp5Q -TG2P7Z8RuyYvTJEqTYYkWnjGzojvUP+kSeFyjaSKNBwobem67sn9Os0yEx+2avYN -/4wcWMcKYkVVmaq0rkGhvmMShrdOdbzeWpS+ISKSX6KQBpXZj4eI3ePEH+uxLNX0 -Bcw+vocISZNWoNzVye+mq+fAANtyAEOnIIgnGUvB8j2z/DPJN7PZQRXQdU+JzFNb -xBjiP+RDBW1nTKcPN148z3tjdo/MsqB/yV+Tbx/mdbsCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnNhLmJvdWxkZXKCC3NhMS5ib3VsZGVyggtzYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAXT4c/CQmq7vGWzGJjxJPEUvvE241 -Bld6rX3ZuqB7opBuVi7dfNY1YjLy0zCwAAUyYwGoQQ5nNUkhJL8mkXmY+mqn1Ya9 -UgfzpY2KxE87fRflxyLiElgWQB5R2BHlV9cuvDS6e2TjUsoLKHkVWWWZnxUu0sNd -3L6dtg3AJbn83IVg8BY+xLLHjGazyfRBoLUAKeJNyT9JjlSZFUtG5a+mfG7V2SU0 -7A10quBMoa9cvLnbE0OnlGsDSpJQ2DjT6muoyxGKRK1r7/mMLQ25DLw0LHI5raUe -9jI23H7akLJQLjwDZ83IRcBeIGXk7lHz6PfSPjRoTaliVfGnedcdZYUJgg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/sa.boulder/key.pem b/test/grpc-creds/sa.boulder/key.pem deleted file mode 100644 index 3884fd9fe..000000000 --- a/test/grpc-creds/sa.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA1U7JHX/aic5bMEs5+AZIdWqydrxSQ6ltzmLLlLqOwpPKpxB1 -FqD1JJUOEWOZQyWt5f304fV3l6XhDbolVvV24jSRZd3OfI03zkt7OnEenlBMbY/t -nxG7Ji9MkSpNhiRaeMbOiO9Q/6RJ4XKNpIo0HCht6bruyf06zTITH7Zq9g3/jBxY -xwpiRVWZqrSuQaG+YxKGt051vN5alL4hIpJfopAGldmPh4jd48Qf67Es1fQFzD6+ -hwhJk1ag3NXJ76ar58AA23IAQ6cgiCcZS8HyPbP8M8k3s9lBFdB1T4nMU1vEGOI/ -5EMFbWdMpw83XjzPe2N2j8yyoH/JX5NvH+Z1uwIDAQABAoIBAGZKdd+TpHVZZBlw -ucfbG3xTQmn2PWz9Hw9OCVq1bCibPx+GoN/NKEH2yNxF6wVsWExm0LxbPpKWlapD -jgx5gh1QIDm9eHv6LLzdLacFAC3jTANudgFGO31ASXOD2dFuNYSdsgWw3iL54gQf -LxWswPiP2sWvQzvSGBS24rzeecSsabBneQzxbyxGzTUDTc+1z1J8zMEruAANpajs -BG5ub74LCpPuUYm+F+pbrQebrsLGjy6+SS8vEUYhfW2Gu91mCoWDWbZZRfRXZrS/ -juCd98YX38tscUVbZgXplTWzPQ2nzoP25vm1P5kB9EO/SQ1viC9twR8dnmmVKDa4 -sLx3z2ECgYEA7FNIG3JN+PVvdpG/UFV8Yrz6EbUQKuN7Fl/uP/Ti4sb2rBS29Nsx -WPJMOlIkraDvyO+yVF5wF4DBGE408vGJCFLOkpCLKTKHPJHLC/el6a1Ys1qpcPwG -8kpN+1CaKc6y0fwtgFJt2iWvD8QufXx9k+DTOTGEJuVUZ5bMk275Zy8CgYEA5xDw -UFK6bENfCdCnaCD3EPeuT0t8F3fz83I3Wa5MKKk0NnGvDhRhaS3pe/DdJtLVwl+l -7WN4CHSBG5wNCOAPLE0dv8zIkY4yiQ5jD3HqX+q14YCg3LJPRDHrXdFh2Kmy+tBB -lACDaL6qWO0DvuTFvHFtuv+9Twle6adnsHo3NzUCgYAFAycuXdhFhX8dtq2mGIoQ -1g0/vuVe44BC0zoMZTdCtBGbSL0wqE19o3X2brOUcytiyaKwo2ghN3vg9hetZ24O -nSMAfMxWzVmM8VKrKE9+i0ysUSny2YWUMftBb041wMqOJZkZdaYa0F3MKc8Knk9T -iZsxRVmWMZr+r3YbUmk7xQKBgEtkDHS4uVivlqe2K5jfAJ3Jolb+8wsZOUBaKNMa -+oBdzMpix1IZtjrCHycwTIfpTJNx78qHpNdlY+alQN9/c5PpyWYWI+7R7Y0oY4vb -iDQpeZSNCm9XwmMmwnvG4Fz36YzKPEtU64tWgnAnTQyQyi+U9s+Ht7W9AfnMhBlh -lvhtAoGAa3JjxWAwmx/hfqnIpUWYuFFXiCBrhofQf3O7rvEIAeXidFbpvlhOpCD2 -r7Iyi3xJ8F8DK7GfZUY9nv5xr43EAAtHXMh6e1UTRofvJZth8NwTAKzLlwWuwA9G -oxrhpo4NWZNtyiDkQyzexRS82h7kTEOleKQnEcsb71d4GQLxEog= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/va.boulder/cert.pem b/test/grpc-creds/va.boulder/cert.pem deleted file mode 100644 index 48196fb10..000000000 --- a/test/grpc-creds/va.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIWBOEDIXyek8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKdmEuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMX9cDpvSMyj/gwiWbj7NXWqjkKl4UMPkZrJWrTZQcV+ -f+2GKiopgraEQnwUES35I6pI+5BdMnJWUmsd7Q508C+sgEXeSbtLZIrH7iFEfEKJ -pUv7BGfyOmz8wZys4qJyeHQPngrTlbcr7R6gPAyxearVEF3O4hEfVVdCd6p0WDsK -THFp5AQRP8oYHc2YR9PDHGrtegD34lGq4DUhRqXK8/FN81VU7wrpf4bEnzm5t8tM -HrIbugBjIF1zOdO/s/mvSLiwrqE1ypd7wf4P0+aXIl54EQ5SBR34eKuoj52m9jPh -2euDlMzLDXe5xOpg29A2WgKTj3bQNB4yFWdRz27FjFsCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnZhLmJvdWxkZXKCC3ZhMS5ib3VsZGVyggt2YTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAVlz0sP8plCkJo1V2N3SfYAdQJmG5 -plFqcHhAbG+ifhVknkDQVz+1H76AH628r4K8nhy6TgdzftsgRA45evkTZbnyVEsV -20VTWiYeo11HVBHd58CAsYbCQjiSeEjCsPpV1cLXtOGcKvINYvU/8+HoNYQ7ALXq -2DYLNyVIrNz5iR8Q2n79Poyr4QG6qYuh1W+eWJ9v1o9OVjp3QBmvQOJ7rZ6n2M2v -5ugRmL6HsO4F+B1+SJwz9km6RPXqIz2JhnMg/NwcGp5fuQRL6Iw5Bah/BU+wEaRt -gMRiFD3IjV1CaiVWA2ceSyG0kr6U6jf238+ddDUU409RO8KQlWqpy+chIA== ------END CERTIFICATE----- diff --git a/test/grpc-creds/va.boulder/key.pem b/test/grpc-creds/va.boulder/key.pem deleted file mode 100644 index d6e71ec3c..000000000 --- a/test/grpc-creds/va.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxf1wOm9IzKP+DCJZuPs1daqOQqXhQw+RmslatNlBxX5/7YYq -KimCtoRCfBQRLfkjqkj7kF0yclZSax3tDnTwL6yARd5Ju0tkisfuIUR8QomlS/sE -Z/I6bPzBnKzionJ4dA+eCtOVtyvtHqA8DLF5qtUQXc7iER9VV0J3qnRYOwpMcWnk -BBE/yhgdzZhH08Mcau16APfiUargNSFGpcrz8U3zVVTvCul/hsSfObm3y0weshu6 -AGMgXXM507+z+a9IuLCuoTXKl3vB/g/T5pciXngRDlIFHfh4q6iPnab2M+HZ64OU -zMsNd7nE6mDb0DZaApOPdtA0HjIVZ1HPbsWMWwIDAQABAoIBAF3JyZEUyFKQWLbc -ys3Syic8LPmrZIME6/975KkIxZxNaUJWLMEeOtpE2s22H9E8VMXEns5rJ4t8ErzF -R1dy05hxya3PN/QuKamIPeiqbYaDd7b/aL3ow/5+2SRjzVQQj7jC8SXFxwUnHMNG -Okv1AmKHXaJibzqXMjEMvm0Tgfws9m8IEMHnRCGK5Z9kZ1PTgEgRfaENxs8mSNHU -BMzaQU34p+t/daHYy21qby5g5OwlC9clFrYj4asaUnhJr7Lt1ZhMxn15UIhJTXx0 -fWigk7/LhgAgc5QWJZ50FXW0HL7lxieUup6/c4KPXcKKyDT42e/1tRozIsiSWeKO -PDiUunkCgYEA4fRed6Asd3vRG7nSOPiZ8tYjQJsrratCKrIhYPVhsY6iLh7DMRDm -G0puKzIL2v3g5lu3zK4VoZ50OFZCu5wtH3ZhENCCnhR9vKB0/vzu5eH0Ct0gBSff -dFWlO+Znw/HLxc9nQ4ejvjsLqwYKAQJUoqOlvNQ1g51r5KLkUDo5fVUCgYEA4FEj -Z5/NJhtO22aSjiQS/N/bI7KbUNG90TWcgHpEUMXjaFxh/OZopKCxnfzX2WFFhOBK -VRSI2iEiCevA70GqTIBxOJWJKPPh9hzEFoi/ytG0MPnNdSibePr0Lf3etH8ztu8r -nMA+DvEwJ+k7pQiRlNzKxKRu1CDph4zKUzSjYu8CgYEA0N02xZWGBRyq+toV/Ruw -Eszm4T2Oboa0Lwth12J738ldGQzOmXhpfCidFci5NMEhN07o44a38CGshLcYEJwZ -CdA/gW98jeubHtWj0GC15EGteK1Wf+2PnNXeWzRsDrBgEIXbiozDS4EBFCIM9UnW -OlDTT21J2lOV/E6mhZKMudECgYEAuZopI0qT4h3iR6M9TCMJGvbWSVk1Lc/9sScc -0SlZcUPrf6RA55J1rxHPJRvaNWFItkMm/fK5sVKM6YyJ3O2GTTpRdDI2hQ4WPx9a -GBMaLmUJJSTsHS52RcnPVGakaNB/J7QJb++Y6aAi6kMPOOQ4IOX3WHF9ykNZNvEF -T4dUUT0CgYBeCD16H6sfNL1VbrXPKUhHUszL1QZF7FH5Zs14UvbELg4hVF0kAl2c -+fN3X6oN1aAhZrZLm35daRVayK1pZJeezT093L2RvtJPNJq0B5uWCyBZKDGu9zcK -1ynpx333QpxY+HuV0WNwrIei9jaE0VjyHjo1YZO9Dn38+9n5SPxIQg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/wfe.boulder/cert.pem b/test/grpc-creds/wfe.boulder/cert.pem deleted file mode 100644 index 2d354ed2c..000000000 --- a/test/grpc-creds/wfe.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDjCCAfagAwIBAgIHUOfHgEZrxzANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQD -ExVtaW5pY2Egcm9vdCBjYSAzYjhiMmMwHhcNMjIxMDAzMTgzMjQ0WhcNMjQxMTAy -MTgzMjQ0WjAWMRQwEgYDVQQDEwt3ZmUuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBALoS6N2oOw2vkkE5Dw9lSF6LA75ejXOP7EZ8xf59I7Tf -/u887GL82NpwYHbtds8c2yn7Yb+tH3OPHt0SRYQfEx1mANrD1XLYwZGTCpqbXuGH -k+u+InfwbbViA1qwCVh3XMQWn2JS2PqYqMHmWC2qWW/ktgidAN5KvxvmS9CIfFY6 -F9tCLdxmA1Fi8pOm6G73EgC6CvpttQWsk27JApTt5YJhc2Qi1D/B9Ak87+DU+tsT -NP8ALknPbEQYNK52CF88O7ANooYuEMwSwIa8qo+iJqU73qKAe3SMLXce3H91qu6O -1i3vdW5+VgUuKNcU/lIXuP7o9fjdiOohtgTRoNoU+l8CAwEAAaNXMFUwDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMBYGA1UdEQQPMA2CC3dmZS5ib3VsZGVyMA0GCSqGSIb3DQEBCwUAA4IB -AQB7zLro1glDeLh7rh/DJ7obOcpoyIFYmv95I8eEiW1EyRoOp6AwbZucJI22Rrw2 -PU+Hto3DB1qbhUAZx4ZdUafvKT5FonBGJYF3gS6nX1kZ0Z/2Vk71x+z7wyNgrhiz -VS4uT862XEQTi3R4J8G7IAINVm+keQX1y210ERBJ+AQg88nAxKT/wusSyulwnLEU -k0JHa0jZ1Fg6fhUdutK79RTNQAF28sR3eBeK/+aIR4t1kSG9sCHHejwc1YWvHLOY -jjGBB4xRM0qCHXvmNc7cHlNECkbcipXfNwaOOGv7b+thfON1hNfaTsbLJL4EK+F9 -1QajfT6206hjLKBRChftWZ/M ------END CERTIFICATE----- diff --git a/test/grpc-creds/wfe.boulder/key.pem b/test/grpc-creds/wfe.boulder/key.pem deleted file mode 100644 index 647d1f03c..000000000 --- a/test/grpc-creds/wfe.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuhLo3ag7Da+SQTkPD2VIXosDvl6Nc4/sRnzF/n0jtN/+7zzs -YvzY2nBgdu12zxzbKfthv60fc48e3RJFhB8THWYA2sPVctjBkZMKmpte4YeT674i -d/BttWIDWrAJWHdcxBafYlLY+pioweZYLapZb+S2CJ0A3kq/G+ZL0Ih8VjoX20It -3GYDUWLyk6bobvcSALoK+m21BayTbskClO3lgmFzZCLUP8H0CTzv4NT62xM0/wAu -Sc9sRBg0rnYIXzw7sA2ihi4QzBLAhryqj6ImpTveooB7dIwtdx7cf3Wq7o7WLe91 -bn5WBS4o1xT+Uhe4/uj1+N2I6iG2BNGg2hT6XwIDAQABAoIBAHjxM4RnBUMm+/QC -x0Qle71fs+Y3hM85G8TQ8swvwFafRQ9w1OCeIcERS9HhFNkXk2gdKXKxbwDoZJIi -fyaaIA16sFGA+iq0slQRc9H77NbADagrpDG7B0Pe2flG9DwZESWu4pfA66EuOnoV -YvkDgTBWQu8kRV02zjKvJFX9cHuGF6PQrz5L0y9BWK9aOSTRHuNNUkUAVkKxxGzU -NIk0WWYFPeRqoYNs0iuROmPCgB5A1uB3PeWIFnVxXedg/fl1Nu6YtVuiAdtjcP8j -oRi/BeFp0HR1qFDtc8GQ+mGhbALlRjdirgGjlVkm7wLJz9TxC+AUxUEGnoBELd14 -y+FQfmkCgYEA8eowwd1iX5f40ofR8I4aPmBwB0rtRkX5ruFeYSZQyA+pf60c05st -EHcbu98dBaTSaVFYWJBngLeUBTrGuPhfqQ/lF3xmfbr5CFcMJUgzBF/FWpdb/5Op -xmLJ1SRyGK48UgN2P/Ljo8DATrE/Nm1AqSxYmEKFyy6s473UkqEQnRMCgYEAxOhk -2Yf3JfTZMWFdNrkFn4Afk19KhFqZ/9n1sICSXakmzz5RuHb3EVPDc0i7L5SpWPkk -5yRc2BX/dOD3xjy1KHah+kim7R2OmJPC3HSDVD8O7nOdzirUnK5LCm3LuWjHVyFj -I3anl+8TeDarbQuIMKvf+FP09GXwSUSGyU0wkwUCgYA6bsz0JttaJ8UsZS4qosho -BLdKq6iAbuqOeVVote6RRGc2tcPewP6zmXGTgaLq+BLy6Xkje03k43LXiIjzqNrC -ZVp6v8up1v3MK+p9HuFjzxZGeYT5SNubVcVWvITqvTtIvBlV/P9LUIWi/GE+bklO -E64aqQbUOyP7pqCwAkOXDQKBgQCHlp8bS4zcDiYg4rKVJALDOi6EBHIDgX/ZtfSA -fYhMBlY7Duam5wRqYguMLuD2ep/CLI1EvL1R7pPhn6f+UX9NRaNz/OM1E81FMzpT -I8frEyDtAaAAf224FiyGGeTW31ekn9DscqAk9vOpK7wPcoltOm0XSni6chdr3EwU -AZsZIQKBgQDNkpWknCwijkvzhkLmY0K628GDDMSU04cf4IjovwS/Eh0mFwp5YlhV -pR/aqz1qkq9/gih9nC4ov4LwckDrVbH4UtHwfIQz5O0uAyqb/hePN+EyBRQOvRdF -zyhMYtd2zCdkd4ksXjSOLL94kzf2ObQO6zWBuPwUnKt3TuAUMJ7HxA== ------END RSA PRIVATE KEY----- diff --git a/test/helpers.py b/test/helpers.py index b0ad43146..3a7e38615 100644 --- a/test/helpers.py +++ b/test/helpers.py @@ -86,7 +86,7 @@ def ocsp_verify(cert_file, issuer_file, ocsp_response): '-issuer', issuer_file, '-cert', cert_file, '-verify_other', issuer_file, - '-CAfile', '/hierarchy/root-rsa.cert.pem', + '-CAfile', 'test/certs/webpki/root-rsa.cert.pem', '-respin', f.name], stderr=subprocess.STDOUT).decode() # OpenSSL doesn't always return non-zero when response verify fails, so we # also look for the string "Response Verify Failure" diff --git a/test/integration-test.py b/test/integration-test.py index 8b3d22c5d..af4aa3860 100644 --- a/test/integration-test.py +++ b/test/integration-test.py @@ -68,9 +68,6 @@ def main(): if not startservers.install(race_detection=race_detection): raise(Exception("failed to build")) - # Setup issuance hierarchy - startservers.setupHierarchy() - if not args.test_case_filter: now = datetime.datetime.utcnow() diff --git a/test/integration/akamai_purger_drain_queue_test.go b/test/integration/akamai_purger_drain_queue_test.go index 670e9d865..3c885cd1a 100644 --- a/test/integration/akamai_purger_drain_queue_test.go +++ b/test/integration/akamai_purger_drain_queue_test.go @@ -38,9 +38,9 @@ func setup() (*exec.Cmd, *bytes.Buffer, akamaipb.AkamaiPurgerClient, error) { } tlsConfig, err := (&cmd.TLSConfig{ - CACertFile: "test/grpc-creds/minica.pem", - CertFile: "test/grpc-creds/ra.boulder/cert.pem", - KeyFile: "test/grpc-creds/ra.boulder/key.pem", + CACertFile: "test/certs/ipki/minica.pem", + CertFile: "test/certs/ipki/ra.boulder/cert.pem", + KeyFile: "test/certs/ipki/ra.boulder/key.pem", }).Load(metrics.NoopRegisterer) if err != nil { sigterm() diff --git a/test/integration/testdata/akamai-purger-queue-drain-config.json b/test/integration/testdata/akamai-purger-queue-drain-config.json index dea150980..0a09d857e 100644 --- a/test/integration/testdata/akamai-purger-queue-drain-config.json +++ b/test/integration/testdata/akamai-purger-queue-drain-config.json @@ -13,9 +13,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9199", diff --git a/test/integration/testdata/nonce-client.json b/test/integration/testdata/nonce-client.json index 9a4a92a5d..90e84706b 100644 --- a/test/integration/testdata/nonce-client.json +++ b/test/integration/testdata/nonce-client.json @@ -1,9 +1,9 @@ { "notwfe": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "getNonceService": { "dnsAuthority": "consul.service.consul", diff --git a/test/integration/testdata/srv-resolver-config.json b/test/integration/testdata/srv-resolver-config.json index 1de1b4b3d..fa312514d 100644 --- a/test/integration/testdata/srv-resolver-config.json +++ b/test/integration/testdata/srv-resolver-config.json @@ -1,9 +1,9 @@ { "webFooEnd": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "caseOne": { "dnsAuthority": "consul.service.consul", diff --git a/test/startservers.py b/test/startservers.py index fcfdc9423..1516e0557 100644 --- a/test/startservers.py +++ b/test/startservers.py @@ -42,7 +42,7 @@ SERVICES = ( None), Service('aia-test-srv', 4502, None, None, - ('./bin/aia-test-srv', '--addr', ':4502', '--hierarchy', '/hierarchy'), None), + ('./bin/aia-test-srv', '--addr', ':4502', '--hierarchy', 'test/certs/webpki/'), None), Service('ct-test-srv', 4600, None, None, ('./bin/ct-test-srv', '--config', 'test/ct-test-srv/ct-test-srv.json'), None), @@ -168,17 +168,6 @@ processes = [] # to run the load-generator). challSrvProcess = None -def setupHierarchy(): - """Set up the issuance hierarchy. Must have called install() before this.""" - e = os.environ.copy() - e.setdefault("GOBIN", "%s/bin" % os.getcwd()) - try: - subprocess.check_output(["go", "run", "test/cert-ceremonies/generate.go"], env=e) - except subprocess.CalledProcessError as e: - print(e.output) - raise - - def install(race_detection): # Pass empty BUILD_TIME and BUILD_ID flags to avoid constantly invalidating the # build cache with new BUILD_TIMEs, or invalidating it on merges with a new @@ -282,8 +271,8 @@ def startChallSrv(): '-defaultIPv6', '', '--dns01', ':8053,:8054', '--doh', ':8343,:8443', - '--doh-cert', 'test/grpc-creds/10.77.77.77/cert.pem', - '--doh-cert-key', 'test/grpc-creds/10.77.77.77/key.pem', + '--doh-cert', 'test/certs/ipki/10.77.77.77/cert.pem', + '--doh-cert-key', 'test/certs/ipki/10.77.77.77/key.pem', '--management', ':8055', '--http01', '10.77.77.77:80', '-https01', '10.77.77.77:443', diff --git a/test/test-ee.key b/test/test-ee.key deleted file mode 100644 index 51ffc2f6a..000000000 --- a/test/test-ee.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA7osPikqizKCDMB1EvJ66sJB8a0Cah2odQzBuRV6joENKvi/A -vRJqSSEBqq8mBWRd1EcYkxrUuoXPBaQIBeFt5+NlzbMrO4R/LaOfubJWvppVMyml -aTgc5vfI/psECyd9v6Cw29dvjnK553vTIevJeukn4ASbJT43zQeWspjQL0fJzOnd -SJgruJtRmZNr/kHVAG34/acc7U/Z03q58MGsm5gfuMIztCi+4s5sZWeo+Yd69yji -WnMIMuO3ggbznnEkzMl4K8QDhnolAoCjDBCOdBDMvyydjOSgtrGqUr8agN0Uel9u -XgOYlg3RqPw5VHpbLu6sEoUqEBXdDRjsNiIHyQIDAQABAoIBADP6CQDREngT4YHy -Xq/axkMCuJmGEiW/cXDadKyY2n5pKzgVn6GTCaW1k29liptSKz+93hTvm7qovVs1 -Sqo9XH1ShzQy/hCR5kRDiuIjgdM2PapQQMKUf3e0Ng+EJ3VmvXerw92jK6OWS/us -d2zEu7oUY6PkXQnYbMA4DxYLRhGG3zijCkqCT4NDUn1p+pg+XycSY1P5h77/dK9R -Vg6nnPaotCFyEGaTFydwCyI+apyFBcsjytncfFhB9qTUho+9XwRHFQhKt2sq05m4 -FhynoT/iK9I0G2AynufybD5UcrB6JfgNKpsQ85zNb59DBtGo+J7Vnz6F2RWBxBpR -I3lR8yECgYEA9l9iZ1nE4TMtsbYiBPEAKz1VGnWqZvpKB8W6zxq9sqAKAhIDWNOD -vsC7/7qogvKeEpeUiALtRxBR6/c/sjgHqV14DeozyxCgNBv7q1Mqpyhkojr6aJpv -hyXg0EQ86gteNEZ2Ye/w6uEN2ozW8ezo8rK83xiwFrT9sA8EeO0QzmMCgYEA991a -qXaz2LD57VIUwTix04rZlEU2As/BoZnCsHcdcJ6pmhleTVApIO4rVT+6wkyegJuk -mFcap2DXzW2bmIV2jjFlU5t9lNvsm3xTD7s7tGQitLE6/6l+cCTMeWE/e2DBvHPR -ewAmx9louVszp7JvhVDFRKe00FHdWISnotscwuMCgYA2uk2Do79GPzYhSdIYwuhE -sqUa8ZRet66GN3gd1VTaPw66EwJHUwTq9KlOT0prfDV878sAw5WtuYRZJF0z25po -Fuk6PhIvQ4wyxxyKnDjXVPO1zeAeKGAp51IfMWlOnCPa/OQDMWeU5VVMfQiqSPQe -JXIrJLLI+H96Anv92Lto/QKBgQCh4S1/FAltclgoSL1JXG+3Sy3DCli2CV3a3wMq -IQFXNihqfjr6n2ndGe+vI4ojr8qtD/m1jN3ZhwQqJHXEbRX61APrUNf5ypCDE/Vj -htL9g5CvFjkEFHyBXWc1tu+w8oZVQAcGIBkz2KfutsPLuFvhY9kSd709eNnpH+ok -EJp+JQKBgDQIODOnkv0j2K+Obr/9rKs5LyTCFhlDq7dDjeQv5CRnoQtYq0yzgbcw -EHv0uhAvHmX+2PJnZf3CAjv3kIbQ8JAAJw6AHUnCCcZZKpJy9VIB5jErDS5zXmxT -8W6q22bI/f7hrOo6LzLxIBfafMFhTtUq7YnW/aQWDFitSygyemrd ------END RSA PRIVATE KEY----- diff --git a/test/test-ee.pem b/test/test-ee.pem deleted file mode 100644 index 37f0509a3..000000000 --- a/test/test-ee.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDLTCCAhWgAwIBAgIIT2/BuP/jeiMwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UE -AwwUaDJwcHkgaDJja2VyIGZha2UgQ0EwHhcNMjEwMTE0MDE1NjU5WhcNMjMwMjEz -MDE1NjU5WjAVMRMwEQYDVQQDEwpleGFtcGxlLmVlMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA7osPikqizKCDMB1EvJ66sJB8a0Cah2odQzBuRV6joENK -vi/AvRJqSSEBqq8mBWRd1EcYkxrUuoXPBaQIBeFt5+NlzbMrO4R/LaOfubJWvppV -MymlaTgc5vfI/psECyd9v6Cw29dvjnK553vTIevJeukn4ASbJT43zQeWspjQL0fJ -zOndSJgruJtRmZNr/kHVAG34/acc7U/Z03q58MGsm5gfuMIztCi+4s5sZWeo+Yd6 -9yjiWnMIMuO3ggbznnEkzMl4K8QDhnolAoCjDBCOdBDMvyydjOSgtrGqUr8agN0U -el9uXgOYlg3RqPw5VHpbLu6sEoUqEBXdDRjsNiIHyQIDAQABo3cwdTAOBgNVHQ8B -Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB -/wQCMAAwHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwFQYDVR0RBA4w -DIIKZXhhbXBsZS5lZTANBgkqhkiG9w0BAQsFAAOCAQEAgA/UhJlg3x8jpyIMDVC3 -7Y0WKrOZjXQpkmsN2kmdh7sLE2EktmPdcyFXDiQ88jRht8OfFTm+k2CkeZdxregm -vJcKixWbAlk02Ezt0tAgICbLdw0BVlCVKOnLaFpPEyKZX+2PqQ1L5h1qpTKNTPf7 -up5RpayFC7IUd8UeYCxzKCfBSVyZ/6Lw/H8vaQAdUWcsUOG4xAquhvGkw5WyeLAg -HuxQPlNvc9XnJMtGwHZmre4g1D4asN+vBIyfofVyBUe4js5sJ07Awgm3xOTs/f62 -IY0QSlAMv1cma8D2JYxn1Fw+KG97HA5mVl7As5HwtxiMlUfXs8KtKvTj1d7Y66X8 -oA== ------END CERTIFICATE----- diff --git a/test/test-example.key b/test/test-example.key deleted file mode 100644 index 5cef3c804..000000000 --- a/test/test-example.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCe8pK/MXIjOmb2 -WJ1VkjxhT/q0Ms6X9juUZNvWotnlJfWduNTtY+xQeMs4ZK/+GVrH2BLIYNz+J8Ph -3HqYoZ0Vrjs8VtKZY1oy//Rqipfp35ZT9PM4RZpCM4AueEv6JK0NNWCG8qOa3zap -7PAjm1wWOCkZ5fphZYTo1gxIsQUc8kBlEHGSDJXG1raprAuZ2znOXbEhruK2djXW -c1avE6SdP7NgsI3uygfQQVyjaJXcy+1DvRS06zxtBE8jTLH7L9knefaorGoWHG1g -Q88jmkPMBultDII5R2MDxtJgyiOWriRqZ/Tr4X1Fxvwo15w7wVxoZdgswpHiX5yu -RtvPdv6mmWY0I3I4exlyHhDZLuRic9DMT/IZFLPqvptIyWy5HChadHFmyc4tn+0t -Sfk87v4bDrDuqcu9La3CPNP7lP+U+b5u2AmWjbvc+2tclzJf2rlhVT9DsYKgK2U3 -s/0Ar0Eyp7MZpUTSPNiddJ62PngLubwMYIQ6YHTM5JSyXoHP+isGOH8bPmP+HMHn -Q5XT0MX+qsbaxKclk+2jnS66fJOhrbcqwPAn/hJe9UFczc5evKMr65oxptwCc7qS -Z89wHaRiItcDqJW5zONG9lNc1zcNkf1Qnq3ePon2YECjJ2/+B98W9EOq/8RaCb7d -OBWeiXpdCGODGMT7ZljDZlnjwf8zQwIDAQABAoICACfBdILt0yaMjQRA1dl5YjDU -2FgJ/TJ1HCHZuELPKMDv5ac1e8yEma7nB61rQbnEjbg+izQjRiMrvwrXIrLaeXfa -xGYrMTG8b+shqficAbM1gVwugEcq4ZJ9XypAXICMe9w55ZLbTaCHBB0sbkP5r+a+ -1UjtBNsnkT7LivcDj8vVq9Wbb0ygaTX6rmVx6tToyGSdeph6LaqFlqG055GS0DGk -pTEh994qGho0vv8AQbugJhAzUuKNk+eQlFq37Cxvo1kEYHV/6mjtY04Yp8633w1B -DVGBN3EsMc/YAvbCmHQvylvy9IerNrIlOxzcEO/BRWO3VYKch/CfCYltn70cfkS4 -Rqnw2vAekc2dQ8CVIXJqD2Tc0QODGpqpDc9V7svVx2TrQ0JOI9C2mPL2S1952E+U -9qj+JO0iJoBzPz3uZGssKuQidbQn1Lz0pPBWLb2akfqKaXyrmjyKSqHYioFz4RTW -4BoZGcejDOScf2kRDwMNVsZ75pc8hxQoW89nIg6s9Ix8S84qZf/Ey3w+jcosgtiw -tmacE+zzJDsAesN6BpL5rV0dJFLNqkmLVubjhsvHWy7C8OpqVbuv6jSuxNUFOq7S -NzT5RadBsFiWyNE6X3pS4JJY6VqXH20d+LE/Kd1ea1OuO/WzIU5CTfa6mJ6/0AUW -BhKaBoRkMDNToi1ogbcBAoIBAQDTCC8HATATmUeMxjG2h9WuPXUoFkMofcEql3/e -R6N3PU5GWDIWTXMNOtmuuPV4TF5CvdCnexP6uZNH+s/7RuTLHN4rdEKXIKlanhTE -p/MyeyiskIkHFk/RxngwEhtgjTtU6tvfutZHR3ZXOtzE6npandv75+YCUrQHBGgK -g6ohObVwcDqZJR4CQlFv5zj+FNMYA7E5EwHgGjXinZ82DWtjK1176poi+rI05OAD -1WL7+w1AYXEbF6D2BTqjorlzDvRWzN/FuPsjFtXOhvt2JFob1fqS/a2GCM/LxPqn -q5ULxko9z6zyljFk9nF+nwg62nMB/ifEpB53lWb1A1EP9k7xAoIBAQDA0S3ZRenl -SMDCPxGHkofYKcio1DWPyUAikBXSj6FBKplx0AeTjD24pu7K4PxLOAZNqe9U7qhW -wSruWzahzkc5Z/aqbj5jKg6f5dDU8dCagZvKulzhycQZCiGK+JueX972ABLmFmd0 -zyC4oFunZ4WvLN9EDBnY+Xszhayb71B3kJcb4zxA+r/zV3avawBcy9NvizNAc2Ov -jz2tu6YiApK9/AQUJeoHnb8njc22JLkQYk7ssdv7Vdc4Zm89V4Io5tNrvhCjWize -p2yr1kAYePPkrfBSeImrerZs6V3pqroQ02z8LLc5rJNJAwBEp8rGVd+vg5UMhVa0 -uD/FlgaYz41zAoIBAQCkICdDEV9svrdw+uvLBFXhz5aAeN/+a9+B2pXuMFUn9Zwd -BZbe1Zl3Xp/STbNLvklJKwtOVmCxjQbI4n5C9V4XwfngXek0VIiiG3QXhm+UgUie -/UI1KtslUXBEIrD8JJtSbd5XYJ4qjZ+yM+tjkuFZ/JAMmMzAXcX59ylblA8LDDDa -o85PMRjntOBVYcVnhpauhKCevPOmcXwbJW+fwEwWsrFgIJOEROm4TZEUKi9zvksO -GTq4UWY0MNjsTzBgFe9eWrRmuHlJTwc2OrDzr04NfBwHmhgMuGm0FxzCrqWapLs0 -24GsobcEyM54JgNmkmMD18DiJKo1YxLR16SB/5RhAoIBAQCal9w7xOtIEzHBTBHA -8gIKlU211xbuprvOOlnUzaXLet02PEWmzh06bFUuwn5lzJB5OlOSdBryG8RRAT7n -Ml02sJ07flJ07WZ2Wys5YHwRNPN08kDAIyYfsVi9dKBItbMs51g/tBzUsbEZdjCm -IsEzdzW2+EDNDxHxeC6xg4mvo3UUPfe0XZcDAtA8yvyqah2m5CN+fEWjn6QjJD2K -LSf8PRAEG3XtD1QQ4Yfajsz2TuvaqKuocuWw6agstXm9U3yVePkcD5PEHNZrW8de -F7PsWG1DojM3Epcq8VyDmYe/L9TExxFMo4ofUtGnOiTBKl7C+SvKsymWkddHkwbN -BDPzAoIBAGizq8iKh3E1Hpkz4bXBfTHoYDSqIYH/yyl4ZOL9q/VRKptxmQiOnJbv -3zsHjm/NyKpRjuFh971+2Y7/QAUL3Z4IHDXIyfcUJt3SDK4ZSMf6r68KjiBGh7JM -w00bEhcNg47TVVFBrIbeDNplD/A1gaY9s9qQ8IF2G2CP4X6WfhXNMViL1z7uG6jx -SvWUNpqrykqWfFHqC+l06r00A8AAW70HGIsA0lpwbQbWm1qHx1/A26ppfce83CJI -mKh4XR7eHZ9vparNclHZ3cmB5QLUJcedeTLKx8xQstBcofrvFJzAHAXwopprbAKg -BwglSdDubVd9v6VVrjmSg6lqnbmBXY0= ------END PRIVATE KEY----- diff --git a/test/test-example.pem b/test/test-example.pem deleted file mode 100644 index 1d817daba..000000000 --- a/test/test-example.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFDDCCAvSgAwIBAgIJAMlbGcMCsKOdMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV -BAMMD3d3dy5leGFtcGxlLmNvbTAgFw0xODA1MTQxMzIzMzFaGA8yMTE4MDQyMDEz -MjMzMVowGjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAnvKSvzFyIzpm9lidVZI8YU/6tDLOl/Y7lGTb1qLZ -5SX1nbjU7WPsUHjLOGSv/hlax9gSyGDc/ifD4dx6mKGdFa47PFbSmWNaMv/0aoqX -6d+WU/TzOEWaQjOALnhL+iStDTVghvKjmt82qezwI5tcFjgpGeX6YWWE6NYMSLEF -HPJAZRBxkgyVxta2qawLmds5zl2xIa7itnY11nNWrxOknT+zYLCN7soH0EFco2iV -3MvtQ70UtOs8bQRPI0yx+y/ZJ3n2qKxqFhxtYEPPI5pDzAbpbQyCOUdjA8bSYMoj -lq4kamf06+F9Rcb8KNecO8FcaGXYLMKR4l+crkbbz3b+pplmNCNyOHsZch4Q2S7k -YnPQzE/yGRSz6r6bSMlsuRwoWnRxZsnOLZ/tLUn5PO7+Gw6w7qnLvS2twjzT+5T/ -lPm+btgJlo273PtrXJcyX9q5YVU/Q7GCoCtlN7P9AK9BMqezGaVE0jzYnXSetj54 -C7m8DGCEOmB0zOSUsl6Bz/orBjh/Gz5j/hzB50OV09DF/qrG2sSnJZPto50uunyT -oa23KsDwJ/4SXvVBXM3OXryjK+uaMabcAnO6kmfPcB2kYiLXA6iVuczjRvZTXNc3 -DZH9UJ6t3j6J9mBAoydv/gffFvRDqv/EWgm+3TgVnol6XQhjgxjE+2ZYw2ZZ48H/ -M0MCAwEAAaNTMFEwHQYDVR0OBBYEFFO1zLflE61aqAvRiN4PQu4FaKzdMB8GA1Ud -IwQYMBaAFFO1zLflE61aqAvRiN4PQu4FaKzdMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KoZIhvcNAQELBQADggIBAAsP13Ejo09QdJbrBa0qd3vmMXQJ84/LaR5vI7cWZ0W1 -fG7UJvivMpB3vhA2buTI2EGTqC2/uc8m0GD/UhW2zQvmPSt0BvbUjjWlQNd0hamw -IafJfbRT5eiYYgsHbYcU9wfjDs7fad5/29qJ5FdI96eefuJIjtrdq8sUXDg3q929 -cH6t3dxuxUMjRZXBXTTZw7WkMnc1zvd6/1RSYSixkccZUlTrOjox19tPmmkwVFKH -n7cnB9omZzRpAklYM7Tjx/tYxId3CL3lZzF9/yiVRotUIeTHTCyfY6oOS50Cf/8V -pxl+xRNs2YguwblJOtS3yxgdiwbRK0vUKkcUJs73qZexIKYAMJU1VxZRSIQuNDAq -/eL7lN+ZLzL3Q4vKjUaRZAS4qClwv6CFaBxUyK1gSFRU9OHYhW6mRYXpqGIN1GPb -YAZwVb4pxwCMmIgLXW7BF6ykmx4o6sZsBLdiuQNrzAEkKbr8jgy/uTbKg2MHyzKa -xcn0N74BiLhzYvnQAdZ7MKZmEI0PXUw/wou8SMSdCPGjXjKlB3zRzqZrgr7FofSc -zSDC4MurJv3XLOpAIpJjQs2aewFKYMHxynfO1aco3OfPc8fFYempfcJJqtG9RhQQ -tTetpbWjbW0YyNQUkYoxhG0qWpy8tVMX70SPNSZH5ASBOMxKGBpFmPwVk+em8ssd ------END CERTIFICATE----- diff --git a/test/test-root.der b/test/test-root.der deleted file mode 100644 index 8bdddbdecb27d96cd83ddd86e898c0cb36f4b8e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 799 zcmXqLVwN^&Vq#vv%*4pV#K~~h@cbh)=d+~-ylk9WZ60mkc^MhGSs4tp4K)qa*_cCF zn0XYE6O*%ZGV{_El8Y(}O7hc-5(_d?ixkolvr`p<{QW}=?9(Ol2T ztFIKja}5q`Fg!VX>&c66e={8MOZ2RLX7%@%qfC*`j-(UYR)t7q{o!A9(IQc+Cd`ce z{+18#Zf<^Vb-^(OzC-(cps`7@3+h;Zi zY%@)2{CVrljtjxI8|$OP_7oc!%RXN7YR#4s$zYiqr(fs4_9bE)uU976 zOkSp^(l>n-awr3%92m-s4B8tMHeBAjAiJ#V{cU5Nq_RA%uWu)nHq?K(T=cQReDWEK z555y0zLWg@CB%GJXqBU!s-^TrGuNvY_owb&>?!C~yF2mJ>Z41KZNIr~0@t;d?`*Hv z?K3JYe7xiFWUmVUew`P`XX#H0)tU1#se9ek$un1lW=v-Gw|*~utgb=tWk;xU^EH!3 z^KG`vn67wdeYTzz_iRqk4Nm)tcNgBA-MT)SWk>!yyQiyIq7){-ll<1%6*@hTch9qL z-$WQKSW<5WS7*m;F9>Dj-5j}ni+i@d(t|Z0YmT^U>ev1C%;xcUeaLptUFP=NkN*pt gdG$PF?Fa5@5)T}&zn!`9#a^M8>R~|^heS-$01FmcAOHXW diff --git a/test/test-root.key b/test/test-root.key deleted file mode 100644 index 2946300aa..000000000 --- a/test/test-root.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD5Nu9qUddBg7oa -ElQlkjmYXaTj6dkMi+pbKuPD7aT35QBx6S4so+lJyW71oFG9SCDDdcUcBb3mpboO -/b7mC+KdSZOr1HLuRVNRgDHJm7XJ0e37AMROYUl95jr9+kEcciy4Ysi2qlQaavwP -otE4YSp8VjYH37Tw7tmz4W58NGAsdYS8tN2k+SvN4Mmz06jqDfyN9P1vj70CGz4W -+/Cqd4CRt5mAELY1YoH52sy40FM9sX9bVrxzMDMd46zqrLR0GVMc2Mvrb+j1xEo2 -Ip7cirAcl13TVXVotJSAht7Yes/0QLV2OdRdZHePHe6uxoq3s9MqwLnZQmRGqdqL -zQzNCPRbAgMBAAECggEBAPY6wPJbSkMA069OzLUSdLWGUJSfSESNOVA6YDAFbSlA -qd/idCzHBohQ7cDiVeCek0CL6+R0B90LgXmuXB8PPygIuk7b6XJiLKAp+QcpQcPW -FzwY1dxbYzFxeHfX+t0QMf88GvPf9pjje4g3ZmA+IKwYwemlrjEezRpdcbxmQ1+o -Cgm2jNieexTpn/sttNA9OccaCcxUPB4PZ3EnYa2rXCOEIb89L/bsr0R6Xw6Cwqbq -v/CrUdohGhgQS0UTa06OxRmFYwi7ARFg5NIQuqVfMLgrL3uF+aFkrIo3lQ/B06aO -UlEIv9xmaskMlRQeWwI3U0mvsD3ABUFjW6r7ZIrcKAECgYEA/qehThgYazhTp76p -dvztHCpqhocJdb7n5hM5psP3VXAn1/zyfTGJGs4LQTNLrJ7gfQ+1YxVVyfpHEHtq -BxHVoDuA8v342l9xP/NJL4HMagoUyhBlJ3EOIEIqtiiF3xlq8QQlRP1s9jVF3b06 -kPsV0Ck/I6U8I3v9U61vFrETwRsCgYEA+ofyxJAPKwgnZX8zPaML9lJiGmbbIrDn -yyPFgOntoIpAGEl+0aMklz3dMcnUCJEZmcAKmSvOL3naViKZNgK0+iNHSaiWE8ne -8IECP6KAMd1Dm0MzpxEmPahMeV+4U9GHSz+OxL5B/kj9FCq3oEodAm69IqSvAprR -WphwwCBiDcECgYAPLWp9vw3lhgvmWYS8JML1BMoojm/P5rrniYnMGK3rF64oP1ks -gQFM6a7eCfKerTFwArmq2CCu0w3dO53MIhH7ZNCAqwZj7YBQcW2ROUk3oLYwfN2q -hiBzZ74n8S5ZZ6hqCPc3r2sJGY+6cYbGEVDxgSPUOgrlioREsneGgLNOtQKBgBRV -Sk/HvWNpswDa1QbQn9zrDMlFxc1H/FgRXCs9USrxbYhLFr7e9c5MmBI9ZjcXx7Mh -0fpigsZ5pk3NWw/2IkgW6udAhoWuoah1YABYKP1jDuSgDKYnjyn76dEEAsrSu59Q -1j6Djomb1OZ5HRQmT7pt0G3qXcXhWNJ4gtYlCrBBAoGBAL+pAZQ4nDhb3KviCb9P -hlwgULkLwvlDycQEeRcZ6hW0jzvAABVL0v4fogCsIb+eCkVtCK9lfAFxEhoiSSqS -5mW0wdRU6RoRXE6WmWU/InjWEeNkw2NYKBdKOHWOO00GdYI2WhAOREAngLfa/wqf -r2J9yZi/JwN3TmIbPXEXK01A ------END PRIVATE KEY----- diff --git a/test/test-root.key.der b/test/test-root.key.der deleted file mode 100644 index 941dcb401dd1a078acd9f3501ba214642bc65aa4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1192 zcmV;Z1Xueof&`=j0RRGm0RaH{Ht%Xt*Fl528WL0`k~x@Nq~qz?42$YpD&xcLr1#|j zap^8Bqv=V>ZuOv1y+|O#b;TS7z2>F54*kC73*wzgldIHn?nP5kfHBFNwaL-#`vAmF zVM%@FI{o@V9C9qUV#v0tR2pjh52DdHVJdu9HV5Cd@b1~O;ck31U@UcnytLh<`76!f z$+Od_>J9vj^!;y-y#gCP7W?q3cYu+%nSc?^ zbQx0|*vsp0==H=(HX@$fim)7)UDH){Xtb1ohThnE&-6gGb~)5tWOt7p?ykm)x3kkK zz`5B%WJamli_Hwp2=rS50|5X50)hbn0QNe-@>@zn0MoBd%(W79wT4iXpGZWFIZ!%a zFa>QXK&jv2bS%dPh*0go;#J_DlR%5>!cz*ZSQMG5CykFVXdoNBZMKpJumj`uS9xZ4uZm_>c8--QQ9FI z7!XTE6KhV6#TkWT2)h9hVC2#ex}{$*xGOJvh54amtco|455d!>j#5zwzuabO$qbbg z9$Nx8Q%SF|J-`J)V_T~GWQyD<0Rn-60RE?;P8b+#I8&#-sdoJB94cythY5AQ=jIbR zro;DDa3|ON@_jLh8qNzrGfS+V;C&CZV-;1&`bQ9ZY6lV3pgVx_{rK8naX<4(FM-Tz z3KYr^WhZeCAVMm(D23k{YViamMEz{`HAUUMI*|Jn&?!G7r92~h{Zp-P7O@k-8v=oW z0Q!gW#E=gw2q$HKGd-gV_EKURX4@jL=gT9-fa&d^ia;1ie$k^Omp$Dv$PYnKlBn`Xfh4sFoAS-td6}Kcav!-9wv0Gp7+IJ*Z51U$|4zhf6<>#J)lP zNc|Klx1dTL0&cw`q^|;+(OQ^rz#w7`!2*GR4=rkazYXPv3+7pbyd=W)1j;CmZ_nns z=ZT5T7_I9Ut|&iQEP(+`>8{=h@}8|Ra00oi*dVUc4c$AP%pwu{WYB=C24n4jP;qUM zIY~F5wlI9%s)itQXTB%#E?H-&Y6$l?uWJbzkGgS&#t~5Qfg{v93gwD~M6!2=fU{1u z0)c=ORZ36Cy<=&!0NT|C(4XAv49P{s%}4xL5nL-hQ7Z9mh)Wi}-u2E*m=Zl^Hy6jV zA<_C`g2s8KP0d>m_993Y>gPa)g|4BfbzlHkDE(s&CprN%F?@^P}V+! zj)|Mp=6M|yCQrI;&~55n#o<`ec!Jg?3a~)}fq?+OsR5KYoH$$DtKtd2Plj9|P`L}j z`9sOX1bG)3>J_w)JHP-HOVa)yq5!NRzn%(3Z3wSrd;xJ18X`$5lICT!!PHdg8WCJh zmYHQgB6!vj<7C5QSSS}tICYLYO$K#>Hd+u4L_jBix7z;-pRZzl$(X+<19whh8$EFs GD@{OpZ!^;X diff --git a/test/test-root.pem b/test/test-root.pem deleted file mode 100644 index 2a5e4ab8f..000000000 --- a/test/test-root.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDGzCCAgOgAwIBAgIJAM0xz+I2Q811MA0GCSqGSIb3DQEBCwUAMCsxKTAnBgNV -BAMMIGNhY2tsaW5nIGNyeXB0b2dyYXBoZXIgZmFrZSBST09UMB4XDTE1MTAyMTIw -MTE1MloXDTIwMTAxOTIwMTE1MlowKzEpMCcGA1UEAwwgY2Fja2xpbmcgY3J5cHRv -Z3JhcGhlciBmYWtlIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQD5Nu9qUddBg7oaElQlkjmYXaTj6dkMi+pbKuPD7aT35QBx6S4so+lJyW71oFG9 -SCDDdcUcBb3mpboO/b7mC+KdSZOr1HLuRVNRgDHJm7XJ0e37AMROYUl95jr9+kEc -ciy4Ysi2qlQaavwPotE4YSp8VjYH37Tw7tmz4W58NGAsdYS8tN2k+SvN4Mmz06jq -DfyN9P1vj70CGz4W+/Cqd4CRt5mAELY1YoH52sy40FM9sX9bVrxzMDMd46zqrLR0 -GVMc2Mvrb+j1xEo2Ip7cirAcl13TVXVotJSAht7Yes/0QLV2OdRdZHePHe6uxoq3 -s9MqwLnZQmRGqdqLzQzNCPRbAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTppD/unqXm8tXXeWA8k6YuJI6XqjANBgkq -hkiG9w0BAQsFAAOCAQEAK7AgsNO9oGt2iu/bMyxidm4q9e2SdYB/8NNy8Xg3k8w4 -8E2R4e4Z+/RUN7pVekEeJTkb0TZF1TjflbujSRFKfbthyqvFpca32baQCtbp7j3X -fr4ycXHjuOOTSnhPjyzox5ovklUsnPFii67Vk5mqVWiTA0877xvGfoAu6YhVQ4PW -NIE3tj2mAtRLavM7ml7mnFLYCT947tDszbWvWwS4b+4+5aoEWiCT7hn2iYpVl1EN -vOb29hQBOARl2VN7a1y3cFUFDbNZt7RHay8i4KzxfMRHKS9+/UlrDEjrwj283QOH -2+P/EMzq52it8AuWGOBB1+2Zsei9EuknVlI4whQ0Zg== ------END CERTIFICATE----- diff --git a/test/test-root.pubkey.pem b/test/test-root.pubkey.pem deleted file mode 100644 index 9e535a731..000000000 --- a/test/test-root.pubkey.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+TbvalHXQYO6GhJUJZI5 -mF2k4+nZDIvqWyrjw+2k9+UAcekuLKPpSclu9aBRvUggw3XFHAW95qW6Dv2+5gvi -nUmTq9Ry7kVTUYAxyZu1ydHt+wDETmFJfeY6/fpBHHIsuGLItqpUGmr8D6LROGEq -fFY2B9+08O7Zs+FufDRgLHWEvLTdpPkrzeDJs9Oo6g38jfT9b4+9Ahs+FvvwqneA -kbeZgBC2NWKB+drMuNBTPbF/W1a8czAzHeOs6qy0dBlTHNjL62/o9cRKNiKe3Iqw -HJdd01V1aLSUgIbe2HrP9EC1djnUXWR3jx3ursaKt7PTKsC52UJkRqnai80MzQj0 -WwIDAQAB ------END PUBLIC KEY----- diff --git a/test/test-root2.key b/test/test-root2.key deleted file mode 100644 index 99f4d2092..000000000 --- a/test/test-root2.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC9x/+2MZam+0f9 -lwLLEMAMPwFCf491hrLXWMRClgFp4rWgZ0pnuytSYhljwzkFS0YS/CZL/m/6P9Qp -bZjxJbKbAI85oJiyMOB96CDXyFV3Wx9Xi28clgIGE5EfPNPQjQy/H7ZmyQsRoOyv -qqbMzssvrnGPDW2GrcVQ0AVuyA1xTwg3gxTKKXkiCsN+XFMtyeWJT9JcJ6wXuzjf -tQT2SYZVlSETrJdSYGX/DYfxQFh0Vv8d/AVX245bqaHIEjl5gSsUcz3cDdlEp8vm -iU2i4e7ILWhijfwEvxH2bYFXbqZQw9sBxBYgcbekSK0UjqxWeHA+mGGq5joJdtDi -SSho5l6tAgMBAAECggEBAKlhYzy9LXSDOVGAAiIzJPTJFtq+9s8yFVRWCXRUZZaX -nPs4tRO33YZ9v6NmjfHHqRcwrQ2OXWrApR8EjkhMGQh2i14nk6EWNoapMwbj6kPI -tERyUgz1ZYD+3bs/ktzDxuid6TH7pUFqm1R9vrl0p6w6yWef2G0nkr/5qZ+iNT02 -ft6FDcwsyTd7Ghus6Kw8MEi9AR6oTf0ECrB/LeA7pcMZnu7A4jLSxEM5KfxCDjqg -5N4IG0RXXfMjPy82mxhm/RQYiuGRrsN7ZM928bRZB5I5MrJdOnDNLiMglQTtZFIq -xkfCU3Dv6kJemDyNqsa+ghiBUbvPjkfQNBTwHx+WOBECgYEA2Hrc+6TgyjkR6V0L -rx39U2Cak09pjjNHwvj4vDyEeS54nVN92ZndzWRdHl7899J5KhgtaaFUWIBL3YIx -1SiDdw6GNn88Z6avku9oFf+T2NcRsPRHulmyhOERisCbWuKXuRvPSbBIsi+AQGyb -CJdA2sTlRrwnhPReXCAlUyJM34sCgYEA4G1hA/mGAMUicOKptpilG89UsFq6hms+ -VEBKmlglWMl9CZrk6UvOmLfU2yGAqE01R7asM7Q0rIYNEXvt5ZuB/p+BOihdnkV/ -vYfkugfZ8mOZN8GtMTP4Z9PxQmvjcqWwo2+/omPtB4wHLKfJK+CCWeeOeLGAQH2i -bTU+0//DAacCgYEAuVWW06p4+Sia+Ru74RTfyP4v2GZojGHC0l2tNhrpn4X1pVvR -pvZgOnPudQ4FrXX4Xd2NI54HRC2yxdWtLD0fMFKy/P05jdPbBQUKK6s/vKmEb+bz -cctRVwoJpqz3VHwiQUxZz1CpLEQWnRFeOaCk2acwU7rKar17+4tZ6S64ebkCgYEA -tyDpihnA+73glaaO/51dFO1AWMsf6vF1ob/4YCtPBj0bl4vaAHhIM5vFx6110190 -+3iW2XXRiXm1DjBG9hXHpGK5SyCHC9AAJULPI/GmKUCWVMXoMf8LUoXCFwX8SZ/k -G+jiwXqyfncHn6ul3vTKyNvHCLsmQPmDYYOSKeFIWX8CgYEAq6lUwM2vwkHc5Byi -u5wwP7Z5ySzWAycQRpe6c5xaQu4j//Ffk4OdS4YhiRSRgT4f0HvivMr/TfGQhmY3 -nqgvUFwkqpbuy8vqHe94Wk8zqepJ/60HHxbfZWAEJp8u5BtpS43xCrWaBLwZV6A4 -NzPaKLFwbLKWd3uZ4k/2Zqv1pcA= ------END PRIVATE KEY----- diff --git a/test/test-root2.pem b/test/test-root2.pem deleted file mode 100644 index 0f9a16661..000000000 --- a/test/test-root2.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIRAO/xiDmGzMbLK9FFkPi4RngwDQYJKoZIhvcNAQELBQAw -KzEpMCcGA1UEAxMgYzJja2xpbmcgY3J5cHRvZ3IycGhlciBmMmtlIFJPT1QwHhcN -MjAwMzIwMDUxMjQ4WhcNMjUwMzIwMDUxMjQ4WjArMSkwJwYDVQQDEyBjMmNrbGlu -ZyBjcnlwdG9ncjJwaGVyIGYya2UgUk9PVDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL3H/7Yxlqb7R/2XAssQwAw/AUJ/j3WGstdYxEKWAWnitaBnSme7 -K1JiGWPDOQVLRhL8Jkv+b/o/1CltmPElspsAjzmgmLIw4H3oINfIVXdbH1eLbxyW -AgYTkR8809CNDL8ftmbJCxGg7K+qpszOyy+ucY8NbYatxVDQBW7IDXFPCDeDFMop -eSIKw35cUy3J5YlP0lwnrBe7ON+1BPZJhlWVIROsl1JgZf8Nh/FAWHRW/x38BVfb -jlupocgSOXmBKxRzPdwN2USny+aJTaLh7sgtaGKN/AS/EfZtgVduplDD2wHEFiBx -t6RIrRSOrFZ4cD6YYarmOgl20OJJKGjmXq0CAwEAAaNCMEAwDgYDVR0PAQH/BAQD -AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKRrjKoDLPHlFsWK6KGp7Wn2 -IkX+MA0GCSqGSIb3DQEBCwUAA4IBAQBOIa4+jF7TwdK+IADJOCxk03HDpjWtzouB -iJvo36KB8fvpUmjpXIEP7sImREwDDxEAeCd4CFCdiRlU8PKTuA5ftjAVWLxgRglT -Nuo9+BozkWbwXY7RD6YjVqXTJCLA5XpvlhikCQNUAPq2IyilNykPOH7OxbHNqA1r -UkeAzYVP1+OlT+MDiaW91bjqSqmgJ6zrMUhVGQqEPf+zvWwHBcA3P9bAxzCs8BdZ -1lshzl4eWR6O2Yt2YIQ59Z2c4Y2YLZAZWA6lIWwyLrve/WGvmx2wK9aQGteuLG2j -hP5nvZQS4oCa4swVkwcEzh+rXAYSWn6+v95htYqzwwaP7NrTCy8F ------END CERTIFICATE----- diff --git a/test/v2_integration.py b/test/v2_integration.py index 095263c91..2889b3fcd 100644 --- a/test/v2_integration.py +++ b/test/v2_integration.py @@ -679,7 +679,7 @@ def test_revoke_by_account_unspecified(): reset_akamai_purges() client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") verify_akamai_purge() def test_revoke_by_account_with_reason(): @@ -693,7 +693,7 @@ def test_revoke_by_account_with_reason(): # Requesting revocation for keyCompromise should work, but not block the # key. client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() @@ -712,7 +712,7 @@ def test_revoke_by_authz(): # Even though we requested reason 1 ("keyCompromise"), the result should be # 5 ("cessationOfOperation") due to the authorization method. client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "cessationOfOperation") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "cessationOfOperation") verify_akamai_purge() @@ -755,7 +755,7 @@ def test_revoke_by_privkey(): # Even though we requested reason 0 ("unspecified"), the result should be # 1 ("keyCompromise") due to the authorization method. revoke_client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() @@ -797,7 +797,7 @@ def test_double_revocation(): # First revoke for any reason. sub_client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") verify_akamai_purge() # Re-revocation for anything other than keyCompromise should fail. @@ -812,7 +812,7 @@ def test_double_revocation(): # via the cert key to demonstrate said compromise. reset_akamai_purges() cert_client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() # A subsequent attempt should fail, because the cert is already revoked @@ -1229,7 +1229,7 @@ def test_auth_deactivation_v2(): def test_ocsp(): cert_file = temppath('test_ocsp.pem') chisel2.auth_and_issue([random_domain()], cert_output=cert_file.name) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "good") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "good") def test_ct_submission(): hostname = random_domain() @@ -1307,7 +1307,7 @@ def ocsp_exp_unauth_setup(): # isn't, we'll get an expired OCSP response. Just check that it exists; # don't do the full verification (which would fail). lastException = None - for issuer_file in glob.glob("/hierarchy/int-rsa-*.cert.pem"): + for issuer_file in glob.glob("test/certs/webpki/int-rsa-*.cert.pem"): try: check_ocsp_basic_oid(cert_file.name, issuer_file, "http://localhost:4002") global ocsp_exp_unauth_setup_data @@ -1326,7 +1326,7 @@ def test_ocsp_exp_unauth(): last_error = "" while tries < 5: try: - verify_ocsp(cert_file, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "XXX") + verify_ocsp(cert_file, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "XXX") raise(Exception("Unexpected return from verify_ocsp")) except subprocess.CalledProcessError as cpe: last_error = cpe.output @@ -1597,7 +1597,7 @@ def test_admin_revoker_cert(): "-reason", "keyCompromise"]) # Wait for OCSP response to indicate revocation took place - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() def test_admin_revoker_batched(): @@ -1622,7 +1622,7 @@ def test_admin_revoker_batched(): "-parallelism", "2"]) for cert_file in cert_files: - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "unspecified") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "unspecified") def test_sct_embedding(): order = chisel2.auth_and_issue([random_domain()]) @@ -1694,7 +1694,7 @@ def ocsp_resigning_setup(): client.revoke(josepy.ComparableX509(cert), 5) ocsp_response, reason = get_ocsp_response_and_reason( - cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002") + cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002") global ocsp_resigning_setup_data ocsp_resigning_setup_data = { 'cert_file': cert_file.name, @@ -1710,7 +1710,7 @@ def test_ocsp_resigning(): tries = 0 while tries < 5: resp, reason = get_ocsp_response_and_reason( - ocsp_resigning_setup_data['cert_file'], "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002") + ocsp_resigning_setup_data['cert_file'], "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002") if resp != ocsp_resigning_setup_data['response']: break tries += 1 diff --git a/tn.sh b/tn.sh index 6fdb3da70..f44939184 100755 --- a/tn.sh +++ b/tn.sh @@ -7,4 +7,10 @@ if type realpath >/dev/null 2>&1 ; then cd "$(realpath -- $(dirname -- "$0"))" fi +# Generate the test keys and certs necessary for the integration tests. +docker compose up bsetup + +# Use a predictable name for the container so we can grab the logs later +# for use when testing logs analysis tools. +docker rm boulder_tests exec docker compose -f docker-compose.yml -f docker-compose.next.yml run boulder ./test.sh "$@"