letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove more test keys (#7488) 

Part of https://github.com/letsencrypt/boulder/issues/7476
This commit is contained in:
Aaron Gable 2024-05-16 08:20:07 -07:00 committed by GitHub
parent 6ae6aa8e90
commit eb607e5b10
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 30 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/ceremony/main_test.go
View File

@ -5,9 +5,12 @@ import (
"crypto/elliptic" "crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/x509" "crypto/x509"
"encoding/pem"
"fmt" "fmt"
"io/fs" "io/fs"
"math/big" "math/big"
"os"
"path"
"strings" "strings"
"testing" "testing"
"time" "time"
@ -18,18 +21,25 @@ import (
) )
func TestLoadPubKey(t *testing.T) { func TestLoadPubKey(t *testing.T) {
_, _, err := loadPubKey("../../test/test-ca.pubkey.pem") tmp := t.TempDir()
test.AssertNotError(t, err, "should not have errored") key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
_, _, err = loadPubKey("../../test/hierarchy/int-e1.key.pem") _, _, err := loadPubKey(path.Join(tmp, "does", "not", "exist"))
test.AssertError(t, err, "should have failed trying to parse a private key") test.AssertError(t, err, "should fail on non-existent file")
_, _, err = loadPubKey("/path/that/will/not/ever/exist/ever")
test.AssertError(t, err, "should have failed opening public key at non-existent path")
test.AssertErrorIs(t, err, fs.ErrNotExist) test.AssertErrorIs(t, err, fs.ErrNotExist)
_, _, err = loadPubKey("../../test/hierarchy/int-e1.cert.pem") _, _, err = loadPubKey("../../test/hierarchy/README.md")
test.AssertError(t, err, "should have failed when trying to parse a certificate") test.AssertError(t, err, "should fail on non-PEM file")
priv, _ := x509.MarshalPKCS8PrivateKey(key)
_ = os.WriteFile(path.Join(tmp, "priv.pem"), pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: priv}), 0644)
_, _, err = loadPubKey(path.Join(tmp, "priv.pem"))
test.AssertError(t, err, "should fail on non-pubkey PEM")
pub, _ := x509.MarshalPKIXPublicKey(key.Public())
_ = os.WriteFile(path.Join(tmp, "pub.pem"), pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pub}), 0644)
_, _, err = loadPubKey(path.Join(tmp, "pub.pem"))
test.AssertNotError(t, err, "should not have errored")
} }
func TestCheckOutputFileSucceeds(t *testing.T) { func TestCheckOutputFileSucceeds(t *testing.T) {

10
core/util_test.go
View File

@ -272,16 +272,16 @@ func TestLoadCert(t *testing.T) {
test.AssertError(t, err, "Loading nonexistent path did not error") test.AssertError(t, err, "Loading nonexistent path did not error")
test.AssertErrorWraps(t, err, &osPathErr) test.AssertErrorWraps(t, err, &osPathErr)
_, err = LoadCert("../test/test-ca.der") _, err = LoadCert("../test/hierarchy/README.md")
test.AssertError(t, err, "Loading non-PEM file did not error") test.AssertError(t, err, "Loading non-PEM file did not error")
test.AssertEquals(t, err.Error(), "no data in cert PEM file \"../test/test-ca.der\"") test.AssertContains(t, err.Error(), "no data in cert PEM file")
_, err = LoadCert("../test/hierarchy/int-e1.key.pem") _, err = LoadCert("../test/hierarchy/int-e1.key.pem")
test.AssertError(t, err, "Loading non-cert file did not error") test.AssertError(t, err, "Loading non-cert PEM file did not error")
test.AssertEquals(t, err.Error(), "x509: malformed tbs certificate") test.AssertContains(t, err.Error(), "x509: malformed tbs certificate")
cert, err := LoadCert("../test/hierarchy/int-r3.cert.pem") cert, err := LoadCert("../test/hierarchy/int-r3.cert.pem")
test.AssertNotError(t, err, "Failed to load cert file") test.AssertNotError(t, err, "Failed to load cert PEM file")
test.AssertEquals(t, cert.Subject.CommonName, "(TEST) Radical Rhino R3") test.AssertEquals(t, cert.Subject.CommonName, "(TEST) Radical Rhino R3")
} }

35
mocks/mocks.go
View File

@ -4,7 +4,6 @@ import (
"bytes" "bytes"
"context" "context"
"crypto/x509" "crypto/x509"
"encoding/pem"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -224,26 +223,7 @@ func (sa *StorageAuthorityReadOnly) GetSerialMetadata(ctx context.Context, req *
// GetCertificate is a mock // GetCertificate is a mock
func (sa *StorageAuthorityReadOnly) GetCertificate(_ context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.Certificate, error) { func (sa *StorageAuthorityReadOnly) GetCertificate(_ context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.Certificate, error) {
issuedTime := sa.clk.Now().Add(-1 * time.Hour) if req.Serial == "000000000000000000000000000000626164" {
// Serial ee == 238.crt
if req.Serial == "0000000000000000000000000000000000ee" {
certPemBytes, _ := os.ReadFile("test/238.crt")
certBlock, _ := pem.Decode(certPemBytes)
return &corepb.Certificate{
RegistrationID: 1,
Der: certBlock.Bytes,
Issued: timestamppb.New(issuedTime),
}, nil
} else if req.Serial == "0000000000000000000000000000000000b2" {
certPemBytes, _ := os.ReadFile("test/178.crt")
certBlock, _ := pem.Decode(certPemBytes)
return &corepb.Certificate{
RegistrationID: 1,
Der: certBlock.Bytes,
Issued: timestamppb.New(issuedTime),
}, nil
} else if req.Serial == "000000000000000000000000000000626164" {
return nil, errors.New("bad") return nil, errors.New("bad")
} else { } else {
return nil, berrors.NotFoundError("No cert") return nil, berrors.NotFoundError("No cert")
@ -257,18 +237,7 @@ func (sa *StorageAuthorityReadOnly) GetLintPrecertificate(_ context.Context, req
// GetCertificateStatus is a mock // GetCertificateStatus is a mock
func (sa *StorageAuthorityReadOnly) GetCertificateStatus(_ context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.CertificateStatus, error) { func (sa *StorageAuthorityReadOnly) GetCertificateStatus(_ context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.CertificateStatus, error) {
// Serial ee == 238.crt return nil, errors.New("no cert status")
if req.Serial == "0000000000000000000000000000000000ee" {
return &corepb.CertificateStatus{
Status: string(core.OCSPStatusGood),
}, nil
} else if req.Serial == "0000000000000000000000000000000000b2" {
return &corepb.CertificateStatus{
Status: string(core.OCSPStatusRevoked),
}, nil
} else {
return nil, errors.New("no cert status")
}
} }
func (sa *StorageAuthorityReadOnly) SetCertificateStatusReady(ctx context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*emptypb.Empty, error) { func (sa *StorageAuthorityReadOnly) SetCertificateStatusReady(ctx context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*emptypb.Empty, error) {

3
test/certs/README.md
View File

@ -66,6 +66,3 @@ TODO-list of PKIs to remove and clean up:
- unit tests: the //test/hierarchy/ directory holds a variety of certificates - unit tests: the //test/hierarchy/ directory holds a variety of certificates
used by unit tests. These should be replaced by certs which the unit tests used by unit tests. These should be replaced by certs which the unit tests
dynamically generate in-memory, rather than loading from disk. dynamically generate in-memory, rather than loading from disk.
- misc: the top-level //test/ directory contains a variety of keys and
certificates which are used largely at random throughout the tests. These
should be removed and replaced with one of the existing PKIs.

4
test/example-blocked-keys.yaml
View File

@ -10,10 +10,6 @@
# large scale blocks are required. # large scale blocks are required.
# #
blocked: blocked:
# test/test-ca2.pem
- F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg=
# test/test-ca.pem
- F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg=
# test/block-a-key/test/test.ecdsa.cert.pem # test/block-a-key/test/test.ecdsa.cert.pem
- cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M= - cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M=
# test/block-a-key/test/test.rsa.cert.pem # test/block-a-key/test/test.rsa.cert.pem

26
test/test-ca-cross.pem
View File

@ -1,26 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEVDCCAzygAwIBAgIRAK9XypXw7OdaRChSGGj75eQwDQYJKoZIhvcNAQELBQAw
KzEpMCcGA1UEAxMgYzJja2xpbmcgY3J5cHRvZ3IycGhlciBmMmtlIFJPT1QwHhcN
MjAwMzIwMDUxMjQ4WhcNMjUwMzIwMDUxMjQ4WjAfMR0wGwYDVQQDExRoYXBweSBo
YWNrZXIgZmFrZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIK
R3maBcUSsncXYzQT13D5Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a
3Ju+tIZSdn2v21JBwvxUzpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A
7WDXwYNmsdLNRi00o14UjoaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyi
wywmkwKbWnnxCQ/gsctKFUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmw
MO0yNff7ho+QT9x5+Y/7XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZN
CQWp27A+b/DmrFI9NqsCAwEAAaOCAX0wggF5MA4GA1UdDwEB/wQEAwIBFjASBgNV
HRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT7eE8S+WAVgyyfF380GbMuNupBiTAf
BgNVHSMEGDAWgBSka4yqAyzx5RbFiuihqe1p9iJF/jB/BggrBgEFBQcBAQRzMHEw
MgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3Qu
Y29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3Rz
L2RzdHJvb3RjYXgzLnA3YzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlk
ZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMFQGA1UdIARNMEswCAYGZ4EM
AQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6Ly9jcHMucm9v
dC14MS5sZXRzZW5jcnlwdC5vcmcwDQYJKoZIhvcNAQELBQADggEBALlR3Ro7EiBw
PvpcgONIadIswDaFN+kCjBgPCM2YlCbDsMyskAsEKpgRIQJ/Ks4DZ91e+80NX69s
BxoWk1eWqoqJkX6y5rrkFHDTluO3OO20d67/Uz2Q1iqqziu5sxzlkVVafZLTPklk
gkA717QLbofQzNFuI8UC4Imt8RNnZKwMAZgd38wAZ2jibC/WVz1fvzBg3hYvhxuV
6ZVlbV2uaEgfwSimnXIRc8W8cEpNko0nAnSl+RLPzfxfgJH/xCcgPYzPIVWuAbjN
e3r4u0e6U8Snjfvmmx4IVwKnK3ENxnB83ayU2pNgm4cc3bC1PwrNW8QKC5yswaNs
nM3gKNkO+XA=
-----END CERTIFICATE-----

BIN
test/test-ca.der
View File

Binary file not shown.

BIN
test/test-ca.key.der
View File

Binary file not shown.

9
test/test-ca.pubkey.pem
View File

@ -1,9 +0,0 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgpHeZoFxRKydxdjNBPX
cPk2v5neYvEwyHdNR23qwAKapsnRu1GWBd8y00szY5TUjprcm760hlJ2fa/bUkHC
/FTOllDjPLZyKYiIxANkJAcnDML0ZmfwdpbT3WLP0fQajcDtYNfBg2ax0s1GLTSj
XhSOhpWpo+xitla9EpohGppTSEeZLQBbBBK83/3eIwhe7KLDLCaTAptaefEJD+Cx
y0oVS1w2vATH1aCPoqWHANPIjVBZIFvFVg3JSA8XMrGtKbAw7TI19/uGj5BP3Hn5
j/tcTn1LgxzhlfFxcp7D+BKU31Tma9P4PYGEO2QK6l1+xk0JBanbsD5v8OasUj02
qwIDAQAB
-----END PUBLIC KEY-----

26
test/test-ca2-cross.pem
View File

@ -1,26 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEUzCCAzugAwIBAgIQH6R1jpezUu8ZJ4iIZxonEjANBgkqhkiG9w0BAQsFADAr
MSkwJwYDVQQDEyBjMmNrbGluZyBjcnlwdG9ncjJwaGVyIGYya2UgUk9PVDAeFw0y
MDAzMjAwNTEyNDhaFw0yNTAzMjAwNTEyNDhaMB8xHTAbBgNVBAMTFGgycHB5IGgy
Y2tlciBmYWtlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgpH
eZoFxRKydxdjNBPXcPk2v5neYvEwyHdNR23qwAKapsnRu1GWBd8y00szY5TUjprc
m760hlJ2fa/bUkHC/FTOllDjPLZyKYiIxANkJAcnDML0ZmfwdpbT3WLP0fQajcDt
YNfBg2ax0s1GLTSjXhSOhpWpo+xitla9EpohGppTSEeZLQBbBBK83/3eIwhe7KLD
LCaTAptaefEJD+Cxy0oVS1w2vATH1aCPoqWHANPIjVBZIFvFVg3JSA8XMrGtKbAw
7TI19/uGj5BP3Hn5j/tcTn1LgxzhlfFxcp7D+BKU31Tma9P4PYGEO2QK6l1+xk0J
BanbsD5v8OasUj02qwIDAQABo4IBfTCCAXkwDgYDVR0PAQH/BAQDAgEWMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFPt4TxL5YBWDLJ8XfzQZsy426kGJMB8G
A1UdIwQYMBaAFKRrjKoDLPHlFsWK6KGp7Wn2IkX+MH8GCCsGAQUFBwEBBHMwcTAy
BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
ZHN0cm9vdGNheDMucDdjMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRl
bnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwVAYDVR0gBE0wSzAIBgZngQwB
AgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290
LXgxLmxldHNlbmNyeXB0Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAO9BiY2477mlp
zj31skR9XENj8BQdEhs9bem2QfuEMpgI14qI5QnfhguRDTwsmIfheVfoxY1D+5t8
FazMip81aRZMxbNAYmdgrkwHfsC7ahO+H8xEHmqzH4BqcsKiY7TfgtW/y9P4hmCb
JvkAl7GmTx4IIEa7HzBzpMUDOZhPsMovsw5GAZRLw06WsfnER1zzXO9SW7WP3AZP
zBH+/Mf+bJBD5pmp/lLQr2pWh38KcFfmHCsaibXVztdqJFZpOjUNTSHQDzdXTgLd
3WmMSW+mQHoluDbuOAHkekzCv0EqQjBcLmrxwVg2vxfE7n8BzgKj/rHsJPRLnLet
lbjy2P6pFw==
-----END CERTIFICATE-----

19
wfe2/test/178.crt
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDETCCAfmgAwIBAgICALIwDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UEAxMDMTc4
MB4XDTE3MDIwMzAzNDcyNloXDTE4MDIwMzAzNDcyNlowDjEMMAoGA1UEAxMDMTc4
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXUn5n4NBLK6CqJXBR+t
dM4SVY911FKAwxI13k3aQvtBjaIPe6/CDiG7ZxGDsEB96pI6yYauhDQg6ELXcPN0
dmRX4qxVMQ/ngS7bSc7FmlN1qkq9p1AxNmesCmsWg9/4yJNCmlTdGu2Mo60Iosxx
CnQP3faG7ZPrGwzYvX9rwNedD3GlrFarQuU8VzD91fSQIzbDBtlP/+bY4FUbDtzw
WGpuAorrSOeDxC0Y3Tmd6IJLczof+vFP3EYjX+fwjnSWe75zz3z2DhVYu0tiid3k
UFDLaI5pY9JYYG3/D59lVKxg48PQP5q4qqWzmFnuUW/GOFHJABFnmOoD9j4t2YLk
GwIDAQABo3kwdzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
DAYDVR0TAQH/BAIwADBCBggrBgEFBQcBAQQ2MDQwMgYIKwYBBQUHMAKGJmh0dHA6
Ly9sb2NhbGhvc3Q6NDAwMC9hY21lL2lzc3Vlci1jZXJ0MA0GCSqGSIb3DQEBCwUA
A4IBAQBCeU7UGIDKqVJ3fG0GOGlz1JHDh51UIQ2w/KK3NRlqdtlQ3tcqBHYspVMz
YjliJuiVXi/hLEd9IyaTEfxqPnpla7rYo0PgChQ/Eg+IPMJm5t3HwnuNTsvJucX+
gCA/vGKsqSZU58JeilBVo4jl6btUc1LYMCWQ1QRfBpei/9sV0EF3f3HosqYA5I0L
VYzmsLBd8uyttFazgQKfM7Y/h1FcWGGJkH0rsZI7h4OOl0dn2aM9SCHiergJj4Sz
S6hUp2+RR70GSuZejYc7NGqk7/g624c6jJETEqJEBPy6tvxSq+DlVT1K3gWmM+Mc
yJjiZCq2Lifrn0KxkKuxsqWEW2tO
-----END CERTIFICATE-----

27
wfe2/test/178.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAuXUn5n4NBLK6CqJXBR+tdM4SVY911FKAwxI13k3aQvtBjaIP
e6/CDiG7ZxGDsEB96pI6yYauhDQg6ELXcPN0dmRX4qxVMQ/ngS7bSc7FmlN1qkq9
p1AxNmesCmsWg9/4yJNCmlTdGu2Mo60IosxxCnQP3faG7ZPrGwzYvX9rwNedD3Gl
rFarQuU8VzD91fSQIzbDBtlP/+bY4FUbDtzwWGpuAorrSOeDxC0Y3Tmd6IJLczof
+vFP3EYjX+fwjnSWe75zz3z2DhVYu0tiid3kUFDLaI5pY9JYYG3/D59lVKxg48PQ
P5q4qqWzmFnuUW/GOFHJABFnmOoD9j4t2YLkGwIDAQABAoIBAQCZ5kfbNUU2Xd6X
DoqqHNSDdrKuP+Om82QY/RaoyPBT309R6mdw27Rsp79tU5J1g786FmkkbViLKvsX
4sgH2nAOA00PNLVphmo1wJ2HTUibvaCKVYW2v4xnOncBGkbP3uAECngdvEjTnMe1
19SvzHoOE6xLJNZpdvOGOg3uizvvBVJbLg2osrJXacoulOjjpd5YCVJQT9vDKhUa
aq7CmInYfOM2flcAo7nLHWP7Jr4FX4me50lrYuzBOaJWLHcQH/mZriTgI8cXCoJx
fk0Lav38z6BgYumREa0OOGDVkNuxde5KSdcFUUEEfvtPSnruVwdNHja3z3d4Y1Bx
ca1khx4JAoGBAMMFbbFRQwtxTED75dr8qXZE8kJNmIvPC1og3zRjsN0aVaUltRFl
pj+/HZXOAxU+uc4ac7vzD/5ysSHhp2rrzVglBveSlM7U88KcEYI+Yu2KzM12UMkT
lIWQDtfIpnvXPwnMsde9JzQvXeeyEhy6IBDwtRg3UaNdday/+V9bKUznAoGBAPNy
NPsFtdQuT0FU8W3ehPw7dkBZl8YGy3YQxMh8IcThx4NRJHkK0yTV3/zg8owW6WvN
EPhEIWQ4u9szf4zPoCHbckEScLeDYlc/hyf2hmQdlYQTyZXE+nou1VYawlv9mJJ1
88Sct0ygmVcCcdCsi68abOijs+TJrGsI+cjKzTStAoGAd45vZeIMeQpXFguXKT31
4aR44/7QAv3F1tYKIALxnUqUsK7CJ00qsy/Fwl3OdArFO73pr5Jd/r5vKvc8fIbc
lynz8HhzM61HVsn4zeDTIw8RaPAcrHiNd6gOAWln7snRQn+zky/Jxes35V+8TNIp
8FiwnIzlRoJ4LpRuG3A2jIcCgYEAqRroGoa4647Plv4+RqePkPZtCf4yI2iM5JJ5
Xxp7CpwbTuiKgVo3mRrH4I0RbqZrtmpYI1yQJWITfAylyVZgUaRyFSmOCqvFH/4N
EIF6kQjL11c3bEXMCBuILaug3u2lkfdFQYnq+duFKJ+WF/IDhbrBdEhiqcY9coxl
lkjpinECgYEAkZO0XS0Z7KfFgSMQ2uFK8MO7naQM5kg+8H26HPuNWRmlkRDR7tOI
gQcwSbx7vqT5JJM/bSWI49b2Q19QncFJ0A8/P3/3dncFQ8QMsfMVzmhHvcn2SthU
Eh0aoOwi7rPYNiCTd/3y04x42a/hmo8rmcXOodZvnewOFbDu/s/m7ig=
-----END RSA PRIVATE KEY-----

19
wfe2/test/238.crt
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDBzCCAe+gAwIBAgICAO4wDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UEAwwDMjM4
MB4XDTE1MDYxMzAwMTU1NVoXDTE2MDYxMjAwMTU1NVowDjEMMAoGA1UEAwwDMjM4
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP9z1YFDa1WD9hVI9W3K
lWQmUGfLW35x6xkgDm8o3OTWR2QoxjXratacKhm2VevV22QjCBvHXeHx3fxSp5w/
p4CH+Ul76wCq3+WAPidO42YCP7SZdqYUR4GHKQ/oOyistRAKEamg4aPAbIs7l1Kn
T5YHFdSzCWpe6F2+ceoluvKEn6vFVloXKghaeEyTDKnnJKs3/04TdtZjVM5OObvQ
CGFlQlysDJxWahtVM93gylB8WYgyiekDAx1I3lCd3Vv0hF+x04xT3fwVRzmaKNzT
wN+znae643Qfg2oSSLV066K2WYepgzqKwv3IUdrLbes331AMs+FbdxHanMrOU1i+
OQIDAQABo28wbTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSOiDuzx4mEC9Io
y+7rEdnE+eeOyDAfBgNVHSMEGDAWgBSOiDuzx4mEC9Ioy+7rEdnE+eeOyDAaBgNV
HREEEzARgg9iYWQuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAJQA/7+n
S9AiB9YduVEs2TB7+62N59yACxd1y5qnmSLEeI9yXZnqQGugNxw7cl3CgFDWLNxB
8Q3hH5B0fYh2Ydqf8lrEYNH3ilsmqCQB3mHUlYtLLnVarzSPrFgxaBrRaGsAAaVd
neC5QCaxLFzzQI9gmyp6n7T2CATOk94vrrZJmfzpCMMRPHY7XgM15HDefXeH1+/Z
GESSM/YAD6rdojZVLwxTuzVVRm5+6NfnFG938SYir0aqYvFd0bxrdgTl1XR3sAip
iwuI3ku943Thbmyp/fEBUE2unvf+wbX+3Vzq52NadPcUrsNwJAR/kGdmTzcsiCIA
UL+BLF470rQo29w=
-----END CERTIFICATE-----

28
wfe2/test/238.key
View File

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8/3PVgUNrVYP2
FUj1bcqVZCZQZ8tbfnHrGSAObyjc5NZHZCjGNetq1pwqGbZV69XbZCMIG8dd4fHd
/FKnnD+ngIf5SXvrAKrf5YA+J07jZgI/tJl2phRHgYcpD+g7KKy1EAoRqaDho8Bs
izuXUqdPlgcV1LMJal7oXb5x6iW68oSfq8VWWhcqCFp4TJMMqeckqzf/ThN21mNU
zk45u9AIYWVCXKwMnFZqG1Uz3eDKUHxZiDKJ6QMDHUjeUJ3dW/SEX7HTjFPd/BVH
OZoo3NPA37Odp7rjdB+DahJItXTrorZZh6mDOorC/chR2stt6zffUAyz4Vt3Edqc
ys5TWL45AgMBAAECggEAc1PSJCt/r2R8ZNJyNclsQCLfulrL3aXX7+TiCczM+5Xs
J543v1Oxtv0ESDBuchm54ulE8zK4QlKYm6PX8A1JTnYBAx5TLoC2xG8wBT1JRzu9
DZCvwJXxc/zXNDhPtqHIWahS7Jo84NNinRmNIHbAP7FF241yPsGY7mQdzTdbFKrR
JH0l7VPCY4OG+CjxUJqoNuwkfrNh0hRh02IHU/rFlgR2Q7JP0XBwuufW1M6j7fYM
7PGZRA+6Ry72UcaCEVuOtGlz3wLrFq6CGTGWlUehQqch+nrTri0jMSH4Bd83mLz2
8+X0y/EONQlirbHbJxXq+mLASHrp3KCtdpCiLKcX8QKBgQDr+TNqLa7PIOhlw29A
RftunKwEdsi9uAg3jFSpHC/jLxR4/fUiz2XZrAfHNxn7mOK72V/9pj9zshLnxeSm
jEelEB2bABX8RhD38SUxoHoiWmqpPVOtBSXvMSQEO0F/1hGlxndHwe9mE2Zyq3eV
9MoJVeExkCP3Bxk9tjZfj4WC9QKBgQDNCab2WjLy7T9Bfmh2RmWXckzUMphYCLpX
CGG2O5nH2zOPAOxUpyLFDq3/WkzPnCdWOveI/LlZmkcjdslWp3tizk5kE1zgaFbO
s+7o/cYVrU5J3+kIq563ba7/xZ7wpfkg58milUWStpjQrB0H5tSlUEoC7fJ/GjHd
5j1raKQrtQKBgF9elSgJlIgD/cj7JqBsaET5LxCSzWjX0wJYRfMfAD+qTHTl9sf9
2GUUAQTDwU2NKb3QCdqi8SwaQUfJFDM3qNEOZVi6vSf7TWpX3Ldk61etAUSrE4Fu
/jjgvHS1WjCHXRSJ1LV8rPutRY98u1Uw3OLPAbedUNvK06m8VddjUwttAoGAAmca
jciA0Ff3Zc0VbE1m419zhwkQv/daN6rhekE4jB8Fe6eHHXbX8Xc6ksN8IvKxg1Et
lW1gvqwQKVo7Acj0qTPBt2qCrB6M5d817YULzTU6taLqGC/qrDuc0WJ/elJ3mOse
cclOB2ocYFWkAXOzCjzmoSIotVSZQQBxt9CCHAECgYEA01w8tKVCG2ucbC1GoCl0
t2MRmLqiRqRrn53fJ6j56fDbdLmnRAaaD1slZ0jpLk7JoDKGmNG2Rl9UXuydPaNZ
8h1Lu+CnhG50uOF3A/OIXsBiRsAgI2ez4/Jb+lNe3l3UcPV5gyGejAiymqRigbkn
bcixOm4jdOWV5Bpfv65AivQ=
-----END PRIVATE KEY-----

29
wfe2/test/not-an-example.com.crt
View File

@ -1,29 +0,0 @@
Produced by:
js test.js --agree --email jsha@newview.org --domains not-an-example.com --certFile cert.der --certKey ../../wfe/test/178.key
openssl x509 -text -inform der -in cert.der -outform pem -out ../../wfe/test/not-an-example.com.crt
-----BEGIN CERTIFICATE-----
MIIEYzCCA0ugAwIBAgIRAP8AAAAAAAAOS09n2G6BjEYwDQYJKoZIhvcNAQELBQAw
HzEdMBsGA1UEAwwUaGFwcHkgaGFja2VyIGZha2UgQ0EwHhcNMTUwOTA5MjI1NjAw
WhcNMTUxMjA4MjI1NjAwWjAdMRswGQYDVQQDExJub3QtYW4tZXhhbXBsZS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaqzue57mgXEoGTZZoVkkC
ZraebWgXI8irX2BgQB1A3iZa9onxGPMcWQMxhSuUisbEJi4UkMcVST12HX01rUwh
j41UuBxJvI1w4wvdstssTAaa9c9tsQ5+UED2bFRL1MsyBdbmCF/+pu3i+ZIYqWgi
KbjVBe3nlAVbo77zizwp3Y4Tp1/TBOwTAuFkHePmkNT63uPm9My/hNzsSm1o+Q51
9Cf7ry+JQmOVgz/jIgFVGFYJ17EV3KUIpUuDShuyCFATBQspgJSN2DoXRUlQjXXk
NTj23OxxdT/cVLcLJjytyG6e5izME2R2aCkDBWIc1a4/sRJ0R396auPXG6KhJ7o/
AgMBAAGjggGaMIIBljAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBGkJtghSl97/bTR
dyy0TaneZhnDMB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGoGCCsG
AQUFBwEBBF4wXDAmBggrBgEFBQcwAYYaaHR0cDovL2xvY2FsaG9zdDo0MDAyL29j
c3AwMgYIKwYBBQUHMAKGJmh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC9hY21lL2lzc3Vl
ci1jZXJ0MB0GA1UdEQQWMBSCEm5vdC1hbi1leGFtcGxlLmNvbTAnBgNVHR8EIDAe
MBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGMGA1UdIARcMFowCgYGZ4EM
AQIBMAAwTAYDKgMEMEUwIgYIKwYBBQUHAgEWFmh0dHA6Ly9leGFtcGxlLmNvbS9j
cHMwHwYIKwYBBQUHAgIwEwwRRG8gV2hhdCBUaG91IFdpbHQwDQYJKoZIhvcNAQEL
BQADggEBAJTSscrGO1ymwZ+rMF+mfVeHfplfyMzZ/6SZyvaYgO9DLr42KIETdHBg
Y9AZ6aOKboN/hY98kb9mQ0BpOCsSaCkgTsqCjw3szsRd/FMgUSVn36vFpbX2f5oD
gF40N/51EN5Efbe7aN4Oxmcgijh4IY2sczcskJixAd9T/hjVtv160LJ0xcHRrfji
u/Tc2E0q+E5k4V91D2HajwU6qcGbap02JI+pX/Oq4S36yfggIUyowmXQw4nm1cb0
cFXwrMzg+XtDHj+Ex+yBlauq+MP1rjXiHrNIO2hIiyRU9jdxfITAE4DmqEzEBZKY
NORfB6suv4wLnAlsLbPJEdsraq4/IiU=
-----END CERTIFICATE-----

11
wfe2/wfe_test.go
View File

@ -2659,10 +2659,9 @@ func TestFinalizeOrder(t *testing.T) {
targetPath := "1/1" targetPath := "1/1"
signedURL := fmt.Sprintf("http://%s/%s", targetHost, targetPath) signedURL := fmt.Sprintf("http://%s/%s", targetHost, targetPath)
// openssl req -outform der -new -nodes -key wfe/test/178.key -subj /CN=not-an-example.com | b64url // This example is a well-formed CSR for the name "example.com".
// a valid CSR
goodCertCSRPayload := `{ goodCertCSRPayload := `{
"csr": "MIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSbm90LWFuLWV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqs7nue5oFxKBk2WaFZJAma2nm1oFyPIq19gYEAdQN4mWvaJ8RjzHFkDMYUrlIrGxCYuFJDHFUk9dh19Na1MIY-NVLgcSbyNcOML3bLbLEwGmvXPbbEOflBA9mxUS9TLMgXW5ghf_qbt4vmSGKloIim41QXt55QFW6O-84s8Kd2OE6df0wTsEwLhZB3j5pDU-t7j5vTMv4Tc7EptaPkOdfQn-68viUJjlYM_4yIBVRhWCdexFdylCKVLg0obsghQEwULKYCUjdg6F0VJUI115DU49tzscXU_3FS3CyY8rchunuYszBNkdmgpAwViHNWuP7ESdEd_emrj1xuioSe6PwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAE_T1nWU38XVYL28hNVSXU0rW5IBUKtbvr0qAkD4kda4HmQRTYkt-LNSuvxoZCC9lxijjgtJi-OJe_DCTdZZpYzewlVvcKToWSYHYQ6Wm1-fxxD_XzphvZOujpmBySchdiz7QSVWJmVZu34XD5RJbIcrmj_cjRt42J1hiTFjNMzQu9U6_HwIMmliDL-soFY2RTvvZf-dAFvOUQ-Wbxt97eM1PbbmxJNWRhbAmgEpe9PWDPTpqV5AK56VAa991cQ1P8ZVmPss5hvwGWhOtpnpTZVHN3toGNYFKqxWPboirqushQlfKiFqT9rpRgM3-mFjOHidGqsKEkTdmfSVlVEk3oo=" "csr": "MIHRMHgCAQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ2hlvArQl5k0L1eF1vF5dwr7ASm2iKqibmauund-z3QJpuudnNEjlyOXi-IY1rxyhehRrtbm_bbcNCtZLgbkPvoAAwCgYIKoZIzj0EAwIDSQAwRgIhAJ8z2EDll2BvoNRotAknEfrqeP6K5CN1NeVMB4QOu0G1AiEAqAVpiGwNyV7SEZ67vV5vyuGsKPAGnqrisZh5Vg5JKHE="
}` }`
egUrl := mustParseURL("1/1") egUrl := mustParseURL("1/1")
@ -3367,11 +3366,9 @@ func TestFinalizeSCTError(t *testing.T) {
// Create a response writer to capture the WFE response // Create a response writer to capture the WFE response
responseWriter := httptest.NewRecorder() responseWriter := httptest.NewRecorder()
// Example CSR payload taken from `TestFinalizeOrder` // This example is a well-formed CSR for the name "example.com".
// openssl req -outform der -new -nodes -key wfe/test/178.key -subj /CN=not-an-example.com | b64url
// a valid CSR
goodCertCSRPayload := `{ goodCertCSRPayload := `{
"csr": "MIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSbm90LWFuLWV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqs7nue5oFxKBk2WaFZJAma2nm1oFyPIq19gYEAdQN4mWvaJ8RjzHFkDMYUrlIrGxCYuFJDHFUk9dh19Na1MIY-NVLgcSbyNcOML3bLbLEwGmvXPbbEOflBA9mxUS9TLMgXW5ghf_qbt4vmSGKloIim41QXt55QFW6O-84s8Kd2OE6df0wTsEwLhZB3j5pDU-t7j5vTMv4Tc7EptaPkOdfQn-68viUJjlYM_4yIBVRhWCdexFdylCKVLg0obsghQEwULKYCUjdg6F0VJUI115DU49tzscXU_3FS3CyY8rchunuYszBNkdmgpAwViHNWuP7ESdEd_emrj1xuioSe6PwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAE_T1nWU38XVYL28hNVSXU0rW5IBUKtbvr0qAkD4kda4HmQRTYkt-LNSuvxoZCC9lxijjgtJi-OJe_DCTdZZpYzewlVvcKToWSYHYQ6Wm1-fxxD_XzphvZOujpmBySchdiz7QSVWJmVZu34XD5RJbIcrmj_cjRt42J1hiTFjNMzQu9U6_HwIMmliDL-soFY2RTvvZf-dAFvOUQ-Wbxt97eM1PbbmxJNWRhbAmgEpe9PWDPTpqV5AK56VAa991cQ1P8ZVmPss5hvwGWhOtpnpTZVHN3toGNYFKqxWPboirqushQlfKiFqT9rpRgM3-mFjOHidGqsKEkTdmfSVlVEk3oo=" "csr": "MIHRMHgCAQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ2hlvArQl5k0L1eF1vF5dwr7ASm2iKqibmauund-z3QJpuudnNEjlyOXi-IY1rxyhehRrtbm_bbcNCtZLgbkPvoAAwCgYIKoZIzj0EAwIDSQAwRgIhAJ8z2EDll2BvoNRotAknEfrqeP6K5CN1NeVMB4QOu0G1AiEAqAVpiGwNyV7SEZ67vV5vyuGsKPAGnqrisZh5Vg5JKHE="
}` }`
// Create a finalization request with the above payload // Create a finalization request with the above payload