From 6ae6aa8e90551d6b62fce88eb2c3c92b05e4966a Mon Sep 17 00:00:00 2001 From: Aaron Gable Date: Wed, 15 May 2024 08:31:23 -0700 Subject: [PATCH] Dynamically generate grpc-creds at integration test startup (#7477) The summary here is: - Move test/cert-ceremonies to test/certs - Move .hierarchy (generated by the above) to test/certs/webpki - Remove our mapping of .hierarchy to /hierarchy inside docker - Move test/grpc-creds to test/certs/ipki - Unify the generation of both test/certs/webpki and test/certs/ipki into a single script at test/certs/generate.sh - Make that script the entrypoint of a new docker compose service - Have t.sh and tn.sh invoke that service to ensure keys and certs are created before tests run No production changes are necessary, the config changes here are just for testing purposes. Part of https://github.com/letsencrypt/boulder/issues/7476 --- .gitignore | 2 - ca/ca_test.go | 1 - ca/testdata/ca_cert.pem | 33 -------- ca/testdata/ca_key.pem | 51 ------------ ca/testdata/dupe_name.der.csr | Bin 664 -> 0 bytes ca/testdata/no_cn.der.csr | Bin 643 -> 0 bytes ca/testdata/no_san.der.csr | Bin 611 -> 0 bytes ca/testdata/testcsr.go | 44 +--------- cmd/boulder-wfe2/main_test.go | 77 ++++-------------- cmd/ceremony/cert_test.go | 6 +- cmd/ceremony/main_test.go | 2 +- cmd/config_test.go | 74 +++++++++++++---- cmd/ocsp-responder/testdata/test-ca.der.pem | 19 ----- cmd/ocsp-responder/testdata/test-ca.key | 28 ------- docker-compose.next.yml | 2 +- docker-compose.yml | 19 ++++- grpc/creds/creds_test.go | 43 +++++----- grpc/creds/testdata/example.com/cert.pem | 19 ----- grpc/creds/testdata/example.com/key.pem | 27 ------ issuance/issuer_test.go | 20 ++--- start.py | 3 - t.sh | 3 + test/PKI.md | 50 ------------ test/boulder-tools/Dockerfile | 1 + test/certs/.gitignore | 3 + test/certs/README.md | 71 ++++++++++++++++ test/certs/generate.sh | 60 ++++++++++++++ ...ntermediate-cert-ceremony-ecdsa-cross.yaml | 8 +- .../intermediate-cert-ceremony-ecdsa.yaml | 6 +- .../intermediate-cert-ceremony-rsa.yaml | 6 +- .../intermediate-key-ceremony-ecdsa.yaml | 4 +- .../intermediate-key-ceremony-rsa.yaml | 4 +- .../root-ceremony-ecdsa.yaml | 4 +- .../root-ceremony-rsa.yaml | 4 +- .../root-crl-ecdsa.yaml | 4 +- .../root-crl-rsa.yaml | 4 +- .../generate.go => certs/webpki.go} | 32 +++----- test/config-next/admin-revoker.json | 6 +- test/config-next/admin.json | 6 +- test/config-next/akamai-purger.json | 6 +- test/config-next/bad-key-revoker.json | 6 +- test/config-next/ca.json | 30 +++---- test/config-next/crl-storer.json | 18 ++-- test/config-next/crl-updater.json | 18 ++-- test/config-next/expiration-mailer.json | 6 +- test/config-next/health-checker.json | 6 +- test/config-next/nonce-a.json | 6 +- test/config-next/nonce-b.json | 6 +- test/config-next/ocsp-responder.json | 18 ++-- test/config-next/publisher.json | 22 ++--- test/config-next/ra.json | 18 ++-- test/config-next/remoteva-a.json | 6 +- test/config-next/remoteva-b.json | 6 +- test/config-next/sa.json | 6 +- test/config-next/va-remote-a.json | 6 +- test/config-next/va-remote-b.json | 6 +- test/config-next/va.json | 6 +- test/config-next/wfe2.json | 30 +++---- test/config/admin-revoker.json | 6 +- test/config/admin.json | 6 +- test/config/akamai-purger.json | 6 +- test/config/bad-key-revoker.json | 6 +- test/config/ca.json | 18 ++-- test/config/crl-storer.json | 12 +-- test/config/crl-updater.json | 12 +-- test/config/expiration-mailer.json | 6 +- test/config/health-checker.json | 6 +- test/config/nonce-a.json | 6 +- test/config/nonce-b.json | 6 +- test/config/ocsp-responder.json | 12 +-- test/config/publisher.json | 22 ++--- test/config/ra.json | 12 +-- test/config/remoteva-a.json | 6 +- test/config/remoteva-b.json | 6 +- test/config/sa.json | 6 +- test/config/va-remote-a.json | 6 +- test/config/va-remote-b.json | 6 +- test/config/va.json | 6 +- test/config/wfe2.json | 30 +++---- test/consul/config.hcl | 8 +- test/example-blocked-keys.yaml | 4 - test/grpc-creds/10.77.77.77/cert.pem | 19 ----- test/grpc-creds/10.77.77.77/key.pem | 27 ------ test/grpc-creds/README.txt | 1 - .../grpc-creds/admin-revoker.boulder/cert.pem | 19 ----- test/grpc-creds/admin-revoker.boulder/key.pem | 27 ------ .../grpc-creds/akamai-purger.boulder/cert.pem | 19 ----- test/grpc-creds/akamai-purger.boulder/key.pem | 27 ------ .../bad-key-revoker.boulder/cert.pem | 19 ----- .../bad-key-revoker.boulder/key.pem | 27 ------ test/grpc-creds/ca.boulder/cert.pem | 19 ----- test/grpc-creds/ca.boulder/key.pem | 27 ------ test/grpc-creds/consul.boulder/cert.pem | 19 ----- test/grpc-creds/consul.boulder/key.pem | 27 ------ test/grpc-creds/creds-test/cert.pem | 19 ----- test/grpc-creds/creds-test/key.pem | 27 ------ test/grpc-creds/crl-storer.boulder/cert.pem | 19 ----- test/grpc-creds/crl-storer.boulder/key.pem | 27 ------ test/grpc-creds/crl-updater.boulder/cert.pem | 19 ----- test/grpc-creds/crl-updater.boulder/key.pem | 27 ------ .../expiration-mailer.boulder/cert.pem | 19 ----- .../expiration-mailer.boulder/key.pem | 27 ------ test/grpc-creds/generate.sh | 30 ------- .../health-checker.boulder/cert.pem | 19 ----- .../grpc-creds/health-checker.boulder/key.pem | 27 ------ test/grpc-creds/minica-key.pem | 27 ------ test/grpc-creds/minica.pem | 19 ----- test/grpc-creds/nonce.boulder/cert.pem | 20 ----- test/grpc-creds/nonce.boulder/key.pem | 27 ------ .../ocsp-responder.boulder/cert.pem | 19 ----- .../grpc-creds/ocsp-responder.boulder/key.pem | 27 ------ test/grpc-creds/ocsp-updater.boulder/cert.pem | 19 ----- test/grpc-creds/ocsp-updater.boulder/key.pem | 27 ------ test/grpc-creds/publisher.boulder/cert.pem | 20 ----- test/grpc-creds/publisher.boulder/key.pem | 27 ------ test/grpc-creds/ra.boulder/cert.pem | 19 ----- test/grpc-creds/ra.boulder/key.pem | 27 ------ test/grpc-creds/rva.boulder/cert.pem | 19 ----- test/grpc-creds/rva.boulder/key.pem | 27 ------ test/grpc-creds/sa.boulder/cert.pem | 19 ----- test/grpc-creds/sa.boulder/key.pem | 27 ------ test/grpc-creds/va.boulder/cert.pem | 19 ----- test/grpc-creds/va.boulder/key.pem | 27 ------ test/grpc-creds/wfe.boulder/cert.pem | 19 ----- test/grpc-creds/wfe.boulder/key.pem | 27 ------ test/helpers.py | 2 +- test/integration-test.py | 3 - .../akamai_purger_drain_queue_test.go | 6 +- .../akamai-purger-queue-drain-config.json | 6 +- test/integration/testdata/nonce-client.json | 6 +- .../testdata/srv-resolver-config.json | 6 +- test/startservers.py | 17 +--- test/test-ee.key | 27 ------ test/test-ee.pem | 20 ----- test/test-example.key | 52 ------------ test/test-example.pem | 29 ------- test/test-root.der | Bin 799 -> 0 bytes test/test-root.key | 28 ------- test/test-root.key.der | Bin 1192 -> 0 bytes test/test-root.pem | 19 ----- test/test-root.pubkey.pem | 9 -- test/test-root2.key | 28 ------- test/test-root2.pem | 19 ----- test/v2_integration.py | 26 +++--- tn.sh | 6 ++ 145 files changed, 561 insertions(+), 1933 deletions(-) delete mode 100644 ca/testdata/ca_cert.pem delete mode 100644 ca/testdata/ca_key.pem delete mode 100644 ca/testdata/dupe_name.der.csr delete mode 100644 ca/testdata/no_cn.der.csr delete mode 100644 ca/testdata/no_san.der.csr delete mode 100644 cmd/ocsp-responder/testdata/test-ca.der.pem delete mode 100644 cmd/ocsp-responder/testdata/test-ca.key delete mode 100644 grpc/creds/testdata/example.com/cert.pem delete mode 100644 grpc/creds/testdata/example.com/key.pem delete mode 100644 test/PKI.md create mode 100644 test/certs/.gitignore create mode 100644 test/certs/README.md create mode 100755 test/certs/generate.sh rename test/{cert-ceremonies => certs}/intermediate-cert-ceremony-ecdsa-cross.yaml (76%) rename test/{cert-ceremonies => certs}/intermediate-cert-ceremony-ecdsa.yaml (75%) rename test/{cert-ceremonies => certs}/intermediate-cert-ceremony-rsa.yaml (75%) rename test/{cert-ceremonies => certs}/intermediate-key-ceremony-ecdsa.yaml (61%) rename test/{cert-ceremonies => certs}/intermediate-key-ceremony-rsa.yaml (61%) rename test/{cert-ceremonies => certs}/root-ceremony-ecdsa.yaml (83%) rename test/{cert-ceremonies => certs}/root-ceremony-rsa.yaml (83%) rename test/{cert-ceremonies => certs}/root-crl-ecdsa.yaml (69%) rename test/{cert-ceremonies => certs}/root-crl-rsa.yaml (70%) rename test/{cert-ceremonies/generate.go => certs/webpki.go} (79%) delete mode 100644 test/grpc-creds/10.77.77.77/cert.pem delete mode 100644 test/grpc-creds/10.77.77.77/key.pem delete mode 100644 test/grpc-creds/README.txt delete mode 100644 test/grpc-creds/admin-revoker.boulder/cert.pem delete mode 100644 test/grpc-creds/admin-revoker.boulder/key.pem delete mode 100644 test/grpc-creds/akamai-purger.boulder/cert.pem delete mode 100644 test/grpc-creds/akamai-purger.boulder/key.pem delete mode 100644 test/grpc-creds/bad-key-revoker.boulder/cert.pem delete mode 100644 test/grpc-creds/bad-key-revoker.boulder/key.pem delete mode 100644 test/grpc-creds/ca.boulder/cert.pem delete mode 100644 test/grpc-creds/ca.boulder/key.pem delete mode 100644 test/grpc-creds/consul.boulder/cert.pem delete mode 100644 test/grpc-creds/consul.boulder/key.pem delete mode 100644 test/grpc-creds/creds-test/cert.pem delete mode 100644 test/grpc-creds/creds-test/key.pem delete mode 100644 test/grpc-creds/crl-storer.boulder/cert.pem delete mode 100644 test/grpc-creds/crl-storer.boulder/key.pem delete mode 100644 test/grpc-creds/crl-updater.boulder/cert.pem delete mode 100644 test/grpc-creds/crl-updater.boulder/key.pem delete mode 100644 test/grpc-creds/expiration-mailer.boulder/cert.pem delete mode 100644 test/grpc-creds/expiration-mailer.boulder/key.pem delete mode 100755 test/grpc-creds/generate.sh delete mode 100644 test/grpc-creds/health-checker.boulder/cert.pem delete mode 100644 test/grpc-creds/health-checker.boulder/key.pem delete mode 100644 test/grpc-creds/minica-key.pem delete mode 100644 test/grpc-creds/minica.pem delete mode 100644 test/grpc-creds/nonce.boulder/cert.pem delete mode 100644 test/grpc-creds/nonce.boulder/key.pem delete mode 100644 test/grpc-creds/ocsp-responder.boulder/cert.pem delete mode 100644 test/grpc-creds/ocsp-responder.boulder/key.pem delete mode 100644 test/grpc-creds/ocsp-updater.boulder/cert.pem delete mode 100644 test/grpc-creds/ocsp-updater.boulder/key.pem delete mode 100644 test/grpc-creds/publisher.boulder/cert.pem delete mode 100644 test/grpc-creds/publisher.boulder/key.pem delete mode 100644 test/grpc-creds/ra.boulder/cert.pem delete mode 100644 test/grpc-creds/ra.boulder/key.pem delete mode 100644 test/grpc-creds/rva.boulder/cert.pem delete mode 100644 test/grpc-creds/rva.boulder/key.pem delete mode 100644 test/grpc-creds/sa.boulder/cert.pem delete mode 100644 test/grpc-creds/sa.boulder/key.pem delete mode 100644 test/grpc-creds/va.boulder/cert.pem delete mode 100644 test/grpc-creds/va.boulder/key.pem delete mode 100644 test/grpc-creds/wfe.boulder/cert.pem delete mode 100644 test/grpc-creds/wfe.boulder/key.pem delete mode 100644 test/test-ee.key delete mode 100644 test/test-ee.pem delete mode 100644 test/test-example.key delete mode 100644 test/test-example.pem delete mode 100644 test/test-root.der delete mode 100644 test/test-root.key delete mode 100644 test/test-root.key.der delete mode 100644 test/test-root.pem delete mode 100644 test/test-root.pubkey.pem delete mode 100644 test/test-root2.key delete mode 100644 test/test-root2.pem diff --git a/.gitignore b/.gitignore index e7a952c1d90..bb3f1cc4bed 100644 --- a/.gitignore +++ b/.gitignore @@ -37,8 +37,6 @@ tags .idea .vscode/* -.hierarchy/ -.softhsm-tokens/ # ProxySQL log files test/proxysql/*.log* diff --git a/ca/ca_test.go b/ca/ca_test.go index 799bfac3b67..976bb84959a 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -922,7 +922,6 @@ func TestRejectValidityTooLong(t *testing.T) { testCtx.fc) test.AssertNotError(t, err, "Failed to create CA") - // This time is a few minutes before the notAfter in testdata/ca_cert.pem future, err := time.Parse(time.RFC3339, "2025-02-10T00:30:00Z") test.AssertNotError(t, err, "Failed to parse time") diff --git a/ca/testdata/ca_cert.pem b/ca/testdata/ca_cert.pem deleted file mode 100644 index 4737897abc9..00000000000 --- a/ca/testdata/ca_cert.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFxDCCA6ygAwIBAgIJALe2d/gZHJqAMA0GCSqGSIb3DQEBCwUAMDExCzAJBgNV -BAYTAlVTMRAwDgYDVQQKDAdUZXN0IENBMRAwDgYDVQQDDAdUZXN0IENBMB4XDTE1 -MDIxMzAwMzI0NFoXDTI1MDIxMDAwMzI0NFowMTELMAkGA1UEBhMCVVMxEDAOBgNV -BAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQCqYzR0R/8n0wKTYi3N68vR0onziVVS1/+9DsBcWLj3a8Vd -zds+snPbJu2M7TyhWSFGsUYaAu58vYl44GfmlRlCunpOrIIuhDh//Kua720J4bwK -0ODGLph70uO+VyEQeFQqEAdzy4v5puUfNbEdN66Ge5OGuwsVRwlBZvXRTbsuJend -cJadRC5kzxiPbnAqj9V44RK1Cn615dK/JTFVho2iHFER1k+MGMrso+8mn6asLZOj -RSx5wt+JEPbrE24X9fb+cF5J/e5AWL3OrcgdAf4953OJn5N/v+6F5FyaE+t0JKzn -THtLL1HCKMQmocpU2rTfYA1MWfLdY/KQZAdychoD6sQ6uuxCKRf6Zan/UH+4RcTW -ciPk8QAXRztkJGyJQozzLXfLnZFFHKtrS80h55SyvAA5UhwpVGjlKwKbwFHmNDj4 -5XE3anmiZFNdrAgAwDf+Pbukmolh2ffz++vZhHJuvorFhGziG9+O9IoBdTkKvJwY -qAkk+PP6Pe8GKgZsojvPr6vVewDEVGoBNth9/OAAVmIDXtoHEqWpk2rlCQsYcMjt -w+bVUxNpjs5kFXGwOpe6XfOxiMQxWaadqq3VUB06XXyS4JADtYm6EjrFPtEUG6Yu -9bGefjN/jyMls/8MwQR/HKNidueeKpuLfJYKvbudNf9XLVaZW9zf52WT0bqEdwID -AQABo4HeMIHbMB0GA1UdDgQWBBSaJqZ383/ySesJvVCWHAHhZcKpqzBhBgNVHSME -WjBYgBSaJqZ383/ySesJvVCWHAHhZcKpq6E1pDMwMTELMAkGA1UEBhMCVVMxEDAO -BgNVBAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0GCCQC3tnf4GRyagDAPBgNV -HRMECDAGAQH/AgEBMAsGA1UdDwQEAwIBBjA5BggrBgEFBQcBAQQtMCswKQYIKwYB -BQUHMAGGHWh0dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjgwODAvMA0GCSqGSIb3DQEB -CwUAA4ICAQCWJo5AaOIW9n17sZIMRO4m3S2gF2Bs03X4i29/NyMCtOGlGk+VFmu/ -1rP3XYE4KJpSq+9/LV1xXFd2FTvuSz18MAvlCz2b5V7aBl88qup1htM/0VXXTy9e -p9tapIDuclcVez1kkdxPSwXh9sejcfNoZrgkPr/skvWp4WPy+rMvskHGB1BcRIG3 -xgR0IYIS0/3N6k6mcDaDGjGHMPoKY3sgg8Q/FToTxiMux1p2eGjbTmjKzOirXOj4 -Alv82qEjIRCMdnvOkZI35cd7tiO8Z3m209fhpkmvye2IERZxSBPRC84vrFfh0aWK -U/PisgsVD5/suRfWMqtdMHf0Mm+ycpgcTjijqMZF1gc05zfDqfzNH/MCcCdH9R2F -13ig5W8zJU8M1tV04ftElPi0/a6pCDs9UWk+ADIsAScee7P5kW+4WWo3t7sIuj8i -wAGiF+tljMOkzvGnxcuy+okR3EhhQdwOl+XKBgBXrK/hfvLobSQeHKk6+oUJzg4b -wL7gg7ommDqj181eBc1tiTzXv15Jd4cy9s/hvZA0+EfZc6+21urlwEGmEmm0EsAG -ldK1FVOTRlXJrjw0K57bI+7MxhdD06I4ikFCXRTAIxVSRlXegrDyAwUZv7CqH0mr -8jcQV9i1MJFGXV7k3En0lQv2z5AD9aFtkc6UjHpAzB8xEWMO0ZAtBg== ------END CERTIFICATE----- \ No newline at end of file diff --git a/ca/testdata/ca_key.pem b/ca/testdata/ca_key.pem deleted file mode 100644 index e7dcfd5b88f..00000000000 --- a/ca/testdata/ca_key.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAqmM0dEf/J9MCk2ItzevL0dKJ84lVUtf/vQ7AXFi492vFXc3b -PrJz2ybtjO08oVkhRrFGGgLufL2JeOBn5pUZQrp6TqyCLoQ4f/yrmu9tCeG8CtDg -xi6Ye9LjvlchEHhUKhAHc8uL+ablHzWxHTeuhnuThrsLFUcJQWb10U27LiXp3XCW -nUQuZM8Yj25wKo/VeOEStQp+teXSvyUxVYaNohxREdZPjBjK7KPvJp+mrC2To0Us -ecLfiRD26xNuF/X2/nBeSf3uQFi9zq3IHQH+PedziZ+Tf7/uheRcmhPrdCSs50x7 -Sy9RwijEJqHKVNq032ANTFny3WPykGQHcnIaA+rEOrrsQikX+mWp/1B/uEXE1nIj -5PEAF0c7ZCRsiUKM8y13y52RRRyra0vNIeeUsrwAOVIcKVRo5SsCm8BR5jQ4+OVx -N2p5omRTXawIAMA3/j27pJqJYdn38/vr2YRybr6KxYRs4hvfjvSKAXU5CrycGKgJ -JPjz+j3vBioGbKI7z6+r1XsAxFRqATbYffzgAFZiA17aBxKlqZNq5QkLGHDI7cPm -1VMTaY7OZBVxsDqXul3zsYjEMVmmnaqt1VAdOl18kuCQA7WJuhI6xT7RFBumLvWx -nn4zf48jJbP/DMEEfxyjYnbnniqbi3yWCr27nTX/Vy1WmVvc3+dlk9G6hHcCAwEA -AQKCAgEAirFJ50Ubmu0V8aY/JplDRT4dcJFfVJnh36B8UC8gELY2545DYpub1s2v -G8GYUrXcclCmgVHVktAtcKkpqfW/pCNqn1Ooe/jAjN29SdaOaTbH+/3emTMgh9o3 -6528mk14JOz7Q/Rxsft6EZeA3gmPFITOpyLleKJkFEqc2YxuSrgtz0RwNP9kzEYO -9eGth9egqk57DcbHMYUrsM+zgqyN6WEnVF+gTKd5tnoSltvprclDnekWtN49WrLm -ap9cREDAlogdGBmMr/AMQIoQlBwlOXqG/4VXaOtwWqhyADEqvVWFMJl+2spfwK2y -TMfxjHSiOhlTeczV9gP/VC04Kp5aMXXoCg2Gwlcr4DBic1k6eI/lmUQv6kg/4Nbf -yU+BCUtBW5nfKgf4DOcqX51n92ELnKbPKe41rcZxbTMvjsEQsGB51QLOMHa5tKe8 -F2R3fuP9y5k9lrMcz2vWL+9Qt4No5e++Ej+Jy1NKhrcfwQ6fGpMcZNesl0KHGjhN -dfZZRMHNZNBbJKHrXxAHDxtvoSqWOk8XOwP12C2MbckHkSaXGTLIuGfwcW6rvdF2 -EXrSCINIT1eCmMrnXWzWCm6UWxxshLsqzU7xY5Ov8qId211gXnC2IonAezWwFDE9 -JYjwGJJzNTiEjX6WdeCzT64FMtJk4hpoa3GzroRG2LAmhhnWVaECggEBANblf0L5 -2IywbeqwGF3VsSOyT8EeiAhOD9NUj4cYfU8ueqfY0T9/0pN39kFF8StVk5kOXEmn -dFk74gUC4+PBjrBAMoKvpQ2UpUvX9hgFQYoNmJZxSqF8KzdjS4ABcWIWi8thOAGc -NLssTw3eBsWT7ahX097flpWFVqVaFx5OmB6DOIHVTA+ppf6RYCETgDJomaRbzn8p -FMTpRZBYRLj/w2WxFy1J8gWGSq2sATFCMc3KNFwVQnDVS03g8W/1APqMVU0mIeau -TltSACvdwigLgWUhYxN+1F5awBlGqMdP+TixisVrHZWZw7uFMb8L/MXW1YA4FN8h -k2/Bp8wJTD+G/dkCggEBAMr6Tobi/VlYG+05cLmHoXGH98XaGBokYXdVrHiADGQI -lhYtnqpXQc1vRqp+zFacjpBjcun+nd6HzIFzsoWykevxYKgONol+iTSyHaTtYDm0 -MYrgH8nBo26GSCdz3IGHJ/ux1LL8ZAbY2AbP81x63ke+g9yXQPBkZQp6vYW/SEIG -IKhy+ZK6tZa0/z7zJNfM8PuN+bK4xJorUwbRqIv4owj0Bf92v+Q/wETYeEBpkDGU -uJ3wDc3FVsK5+gaJECS8DNkOmZ+o5aIlMQHbwxXe8NUm4uZDT+znx0uf+Hw1wP1P -zGL/TnjrZcmKRR47apkPXOGZWpPaNV0wkch/Xh1KEs8CggEBAJaRoJRt+LPC3pEE -p13/3yjSxBzc5pVjFKWO5y3SE+LJ/zjhquNiDUo0UH+1oOArCsrADBuzT8tCMQAv -4TrwoKiPopR8uxoD37l/bLex3xT6p8IpSRBSrvkVAo6C9E203Gg5CwPdzfijeBSQ -T5BaMLe2KgZMBPdowKgEspQSn3UpngsiRzPmOx9d/svOHRG0xooppUrlnt7FT29u -2WACHIeBCGs8F26VhHehQAiih8DX/83RO4dRe3zqsmAue2wRrabro+88jDxh/Sq/ -K03hmd0hAoljYStnTJepMZLNTyLRCxl+DvGGFmWqUou4u3hnKZq4MK+Sl/pC5u4I -SbttOykCggEAEk0RSX4r46NbGT+Fl2TQPKFKyM8KP0kqdI0H+PFqrJZNmgBQ/wDR -EQnIcFTwbZq+C+y7jreDWm4aFU3uObnJCGICGgT2C92Z12N74sP4WhuSH/hnRVSt -PKjk1pHOvusFwt7c06qIBkoE6FBVm/AEHKnjz77ffw0+QvygG/AMPs+4oBeFwyIM -f2MgZHedyctTqwq5CdE5AMGJQeMjdENdx8/gvpDhal4JIuv1o7Eg7CeBodPkGrqB -QRttnKs9BmLiMavsVAXxdnYt/gHnjBBG3KEd8i79hNm9EWeCCwj5tp08S2zDkYl/ -6vUJmFk5GkXVVQ3zqcMR7q4TZuV9Ad0M5wKCAQAY89F3qpokGhDtlVrB78gY8Ol3 -w9eq7HwEYfu8ZTN0+TEQMTEbvLbCcNYQqfRSqAAtb8hejaBQYbxFwNx9VA6sV4Tj -6EUMnp9ijzBf4KH0+r1wgkxobDjFH+XCewDLfTvhFDXjFcpRsaLfYRWz82JqSag6 -v+lJi6B2hbZUt750aQhomS6Bu0GE9/cE+e17xpZaMgXcWDDnse6W0JfpGHe8p6qD -EcaaKadeO/gSnv8wM08nHL0d80JDOE/C5I0psKryMpmicJK0bI92ooGrkJsF+Sg1 -huu1W6p9RdxJHgphzmGAvTrOmrDAZeKtubsMS69VZVFjQFa1ZD/VMzWK1X2o ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/ca/testdata/dupe_name.der.csr b/ca/testdata/dupe_name.der.csr deleted file mode 100644 index 6884aa08e86414b231b7dedd8260f903e572d61e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 664 zcmXqLVwz&m#8|_`$Y8*0$Zf#M#vIDRCd?EX3=~x|;AP{~YV&CO&dbQi$jZRn#K_M8 z6z5`UVq|1^SF72h)ntCR<#}A;o!|TW1XYZx1*{oAubh26TXSDZsL|Y`%4>y--U_wa z9``Db*Qvbt_u+bj^aTsyjb&-DPQogd?xP4X&wIO5#ZB|JSm4+#Cw zQT?dH!o`#Ea+ceRlvL&Y+K$Y3jvsm2d~83{iD{f$!Dr#TC;_n((WPvX`{r!V-)Wa>Z2TfEE)!CO@fJfdHE%} zsTGO21v#mD$@#fhgpfm-8yw1v48jo$!;HJvT#~+)Z`!ULf{QgMe3a}Ie%sh4H;3!U|MQv0&` zMSMFqzfncZ59OWrmkZ{->B^sdC+35U{C~IgyF;Iuox8$w_RFaa^UB3nX{8?xH=VFM z)=g%k&C%+XKtsRFiFS&mRj*s}qm4hZFOZ+STw?PIQ_C>Dl(yyig1$dyyglq^adY?W iX%}{^R#Q+CZgonmEocC~1jn^*~%JuhhrixttE4CinqG;cIidtoC~C%{zSMd$qQF z_L8p0m2D%!HX}B|K#OHYmN4ARqsjnpDC2CX$z9rnwpec|$lhaS90|38Q{#rGM+Z4f zyQJP0UnfPTTXB1z)VR1z358fYTo=>mi@$Nmj_%C0)l$|R-gq_agVyYuK@my?gZS>Q zic@T}%2$TMDzgFu0RRD@Eifwv2`Yw2hW8Bt2@WwHFdQ%%1_M&LNQUc8gGaTkWehrMA@s@-ClV2V{-;zWm+{493`)n&mW21sRwUP zYlODinwaf}^*CZqLpb^m@uURjW8G)~X-Xl|g_V+a1~7{6p{#z7RsgVGGr*^^T{@po zGRMMFWCCmhmou?>F;Y~oPbKLJ9RT{xX)!xC{l;oo82d?}*$xLq)@p*&Hz=H$XtV4} dNG8QF$5_hF%oyNfX5EQm#8Jb}BEqiIHzsoY6~q7l diff --git a/ca/testdata/no_san.der.csr b/ca/testdata/no_san.der.csr deleted file mode 100644 index db8558236360bc7d27a870a9d94885c561973fa5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 611 zcmV-p0-XIYf&yPKf&oVY0RS)>F&How1_M&LNQU9=GoXgaW46fGo`C8sd5FteX4sMhjRCOcd?NU@{Xqeg#x{M{ejYyWsC{h=p> z{U>|q#(@0aEW~GO&-LGRpY*(OF5#tM6>>An_Pa~Vk=-0!C?vEmNfYF8TpOeSAKnd+ z!gRl=8hPZP&&LNQU0#Lcf{@&__5*)MG|E%Qr;SHMGz8$gufmK8FC|J8Q|BNN6Mah4*lN z8@NLbVpJCut8BCSUlsz8-}!D=_CGpd%4Vre~4 zS=B#kmZ4c0T|c+ASkz+PW7$R2<7f>lA1s(N!@t=ok~Q8vG+IL*<)(Gu;e!ahCn-TX x&4fcOq$CjGxO(RTC*7KuYlImf0l-kk%9r~Mwjy10S#}Hoa#WrU^v}+7YzUa diff --git a/ca/testdata/testcsr.go b/ca/testdata/testcsr.go index e1a1b07dfa0..cd22487cde0 100644 --- a/ca/testdata/testcsr.go +++ b/ca/testdata/testcsr.go @@ -3,53 +3,17 @@ package main import ( + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" "crypto/x509" "crypto/x509/pkix" - "encoding/pem" "log" "os" ) -// A 2048-bit RSA private key -var rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA5cpXqfCaUDD+hf93j5jxbrhK4jrJAzfAEjeZj/Lx5Rv/7eEO -uhS2DdCU2is82vR6yJ7EidUYVz/nUAjSTP7JIEsbyvfsfACABbqRyGltHlJnULVH -y/EMjt9xKZf17T8tOLHVUEAJTxsvjKn4TMIQJTNrAqm/lNrUXmCIR41Go+3RBGC6 -YdAKEwcZMCzrjQGF06mC6/6xMmYMSMd6+VQRFIPpuPK/6BBp1Tgju2LleRC5uatj -QcFOoilGkfh1RnZp3GJ7q58KaqHiPmjl31rkY5vS3LP7yfU5TRBcxCSG8l8LKuRt -MArkbTEtj3PkDjbipL/SkLrZ28e5w9Egl4g1MwIDAQABAoIBABZqY5zPPK5f6SQ3 -JHmciMitL5jb9SncMV9VjyRMpa4cyh1xW9dpF81HMI4Ls7cELEoPuspbQDGaqTzU -b3dVT1dYHFDzWF1MSzDD3162cg+IKE3mMSfCzt/NCiPtj+7hv86NAmr+pCnUVBIb -rn4GXD7UwjaTSn4Bzr+aGREpxd9Nr0JdNQwxVHZ75A92vTihCfaXyMCjhW3JEpF9 -N89XehgidoGgtUxxeeb+WsO3nvVBpLv/HDxMTx/IDzvSA5nLlYMcqVzb7IJoeAQu -og0WJKlniYzvIdoQ6/hGydAW5sKd0qWh0JPYs7uLKAWrdAWvrFAp7//fYKVamalU -8pUu/WkCgYEA+tcTQ3qTnVh41O9YeM/7NULpIkuCAlR+PBRky294zho9nGQIPdaW -VNvyqqjLaHaXJVokYHbU4hDk6RbrhoWVd4Po/5g9cUkT1f6nrdZGRkg4XOCzHWvV -Yrqh3eYYX4bdiH5EhB78m0rrbjHfd7SF3cdYNzOUS2kJvCInYC6zPx8CgYEA6oRr -UhZFuoqRsEb28ELM8sHvdIMA/C3aWCu+nUGQ4gHSEb4uvuOD/7tQNuCaBioiXVPM -/4hjk9jHJcjYf5l33ANqIP7JiYAt4rzTWXF3iS6kQOhQhjksSlSnWqw0Uu1DtlpG -rzeG1ZkBuwH7Bx0yj4sGSz5sAvyF44aRsE6AC20CgYEArafWO0ISDb1hMbFdo44B -ELd45Pg3UluiZP+NZFWQ4cbC3pFWL1FvE+KNll5zK6fmLcLBKlM6QCOIBmKKvb+f -YXVeCg0ghFweMmkxNqUAU8nN02bwOa8ctFQWmaOhPgkFN2iLEJjPMsdkRA6c8ad1 -gbtvNBAuWyKlzawrbGgISesCgYBkGEjGLINubx5noqJbQee/5U6S6CdPezKqV2Fw -NT/ldul2cTn6d5krWYOPKKYU437vXokst8XooKm/Us41CAfEfCCcHKNgcLklAXsj -ve5LOwEYQw+7ekORJjiX1tAuZN51wmpQ9t4x5LB8ZQgDrU6bPbdd/jKTw7xRtGoS -Wi8EsQKBgG8iGy3+kVBIjKHxrN5jVs3vj/l/fQL0WRMLCMmVuDBfsKyy3f9n8R1B -/KdwoyQFwsLOyr5vAjiDgpFurXQbVyH4GDFiJGS1gb6MNcinwSTpsbOLLV7zgibX -A2NgiQ+UeWMia16dZVd6gGDlY3lQpeyLdsdDd+YppNfy9vedjbvT ------END RSA PRIVATE KEY-----` - -// NISTP256 ECDSA private key -var ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY----- -MHcCAQEEIKwK8ik0Zgw26bWaGuNYa/QAtCDRwpOPS5FIhbwuFqWuoAoGCCqGSM49 -AwEHoUQDQgAEfkxXCNEy4/zfwQ4arciDYQql7/+ftYvf51JTLCJAFu8kWKvNBENT -X8ays994FANu2VsJTF5Ud5JPYWHT87hjAA== ------END EC PRIVATE KEY-----` - func main() { - block, _ := pem.Decode([]byte(rsaPrivateKey)) - rsaPriv, err := x509.ParsePKCS1PrivateKey(block.Bytes) + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatalf("Failed to parse private key: %s", err) } @@ -65,7 +29,7 @@ func main() { "Capitalizedletters.COM", }, } - csr, err := x509.CreateCertificateRequest(rand.Reader, req, rsaPriv) + csr, err := x509.CreateCertificateRequest(rand.Reader, req, priv) if err != nil { log.Fatalf("unable to create CSR: %s", err) } diff --git a/cmd/boulder-wfe2/main_test.go b/cmd/boulder-wfe2/main_test.go index 8b2b90e044c..a1f79af8de4 100644 --- a/cmd/boulder-wfe2/main_test.go +++ b/cmd/boulder-wfe2/main_test.go @@ -3,77 +3,36 @@ package notmain import ( "crypto/x509" "encoding/pem" - "os" "testing" - "github.com/letsencrypt/boulder/core" "github.com/letsencrypt/boulder/test" ) -func TestLoadChain_Valid(t *testing.T) { - issuer, chainPEM, err := loadChain([]string{ - "../../test/test-ca-cross.pem", - "../../test/test-root2.pem", +func TestLoadChain(t *testing.T) { + // Most of loadChain's logic is implemented in issuance.LoadChain, so this + // test only covers the construction of the PEM bytes. + _, chainPEM, err := loadChain([]string{ + "../../test/hierarchy/int-e1.cert.pem", + "../../test/hierarchy/root-x2-cross.cert.pem", + "../../test/hierarchy/root-x1.cert.pem", }) test.AssertNotError(t, err, "Should load valid chain") - expectedIssuer, err := core.LoadCert("../../test/test-ca-cross.pem") - test.AssertNotError(t, err, "Failed to load test issuer") - - chainIssuerPEM, rest := pem.Decode(chainPEM) - test.AssertNotNil(t, chainIssuerPEM, "Failed to decode chain PEM") - parsedIssuer, err := x509.ParseCertificate(chainIssuerPEM.Bytes) + // Parse the first certificate in the PEM blob. + certPEM, rest := pem.Decode(chainPEM) + test.AssertNotNil(t, certPEM, "Failed to decode chain PEM") + _, err = x509.ParseCertificate(certPEM.Bytes) test.AssertNotError(t, err, "Failed to parse chain PEM") - // The three versions of the intermediate (the one loaded by us, the one - // returned by loadChain, and the one parsed from the chain) should be equal. - test.AssertByteEquals(t, issuer.Raw, expectedIssuer.Raw) - test.AssertByteEquals(t, parsedIssuer.Raw, expectedIssuer.Raw) + // Parse the second certificate in the PEM blob. + certPEM, rest = pem.Decode(rest) + test.AssertNotNil(t, certPEM, "Failed to decode chain PEM") + _, err = x509.ParseCertificate(certPEM.Bytes) + test.AssertNotError(t, err, "Failed to parse chain PEM") // The chain should contain nothing else. - rootIssuerPEM, _ := pem.Decode(rest) - if rootIssuerPEM != nil { + certPEM, rest = pem.Decode(rest) + if certPEM != nil || len(rest) != 0 { t.Error("Expected chain PEM to contain one cert and nothing else") } } - -func TestLoadChain_TooShort(t *testing.T) { - _, _, err := loadChain([]string{"/path/to/one/cert.pem"}) - test.AssertError(t, err, "Should reject too-short chain") -} - -func TestLoadChain_Unloadable(t *testing.T) { - _, _, err := loadChain([]string{ - "does-not-exist.pem", - "../../test/test-root2.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") - - _, _, err = loadChain([]string{ - "../../test/test-ca-cross.pem", - "does-not-exist.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") - - invalidPEMFile, _ := os.CreateTemp("", "invalid.pem") - err = os.WriteFile(invalidPEMFile.Name(), []byte(""), 0640) - test.AssertNotError(t, err, "Error writing invalid PEM tmp file") - _, _, err = loadChain([]string{ - invalidPEMFile.Name(), - "../../test/test-root2.pem", - }) - test.AssertError(t, err, "Should reject unloadable chain") -} - -func TestLoadChain_InvalidSig(t *testing.T) { - _, _, err := loadChain([]string{ - "../../test/test-root2.pem", - "../../test/test-ca-cross.pem", - }) - test.AssertError(t, err, "Should reject invalid signature") -} - -func TestLoadChain_NoRoot(t *testing.T) { - // TODO(#5251): Implement this when we have a hierarchy which includes two - // CA certs, neither of which is a root. -} diff --git a/cmd/ceremony/cert_test.go b/cmd/ceremony/cert_test.go index c31313ed290..95a2b33755f 100644 --- a/cmd/ceremony/cert_test.go +++ b/cmd/ceremony/cert_test.go @@ -15,9 +15,10 @@ import ( "testing" "time" + "github.com/miekg/pkcs11" + "github.com/letsencrypt/boulder/pkcs11helpers" "github.com/letsencrypt/boulder/test" - "github.com/miekg/pkcs11" ) // samplePubkey returns a slice of bytes containing an encoded @@ -575,9 +576,6 @@ func TestLoadCert(t *testing.T) { _, err = loadCert("../../test/hierarchy/int-e1.key.pem") test.AssertError(t, err, "should have failed when trying to parse a private key") - - _, err = loadCert("../../test/test-root.pubkey.pem") - test.AssertError(t, err, "should have failed when trying to parse a public key") } func TestGenerateSKID(t *testing.T) { diff --git a/cmd/ceremony/main_test.go b/cmd/ceremony/main_test.go index 1f0a3fb445b..c4e9b52f317 100644 --- a/cmd/ceremony/main_test.go +++ b/cmd/ceremony/main_test.go @@ -18,7 +18,7 @@ import ( ) func TestLoadPubKey(t *testing.T) { - _, _, err := loadPubKey("../../test/test-root.pubkey.pem") + _, _, err := loadPubKey("../../test/test-ca.pubkey.pem") test.AssertNotError(t, err, "should not have errored") _, _, err = loadPubKey("../../test/hierarchy/int-e1.key.pem") diff --git a/cmd/config_test.go b/cmd/config_test.go index 65340d0b73e..b6eeb98606d 100644 --- a/cmd/config_test.go +++ b/cmd/config_test.go @@ -1,9 +1,19 @@ package cmd import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "os" + "path" "regexp" "strings" "testing" + "time" "github.com/letsencrypt/boulder/metrics" "github.com/letsencrypt/boulder/test" @@ -52,9 +62,43 @@ func TestPasswordConfig(t *testing.T) { func TestTLSConfigLoad(t *testing.T) { null := "/dev/null" nonExistent := "[nonexistent]" - cert := "../test/grpc-creds/creds-test/cert.pem" - key := "../test/grpc-creds/creds-test/key.pem" - caCert := "../test/grpc-creds/minica.pem" + tmp := t.TempDir() + cert := path.Join(tmp, "TestTLSConfigLoad.cert.pem") + key := path.Join(tmp, "TestTLSConfigLoad.key.pem") + caCert := path.Join(tmp, "TestTLSConfigLoad.cacert.pem") + + rootKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + test.AssertNotError(t, err, "creating test root key") + rootTemplate := &x509.Certificate{ + Subject: pkix.Name{CommonName: "test root"}, + SerialNumber: big.NewInt(12345), + NotBefore: time.Now().Add(-24 * time.Hour), + NotAfter: time.Now().Add(24 * time.Hour), + IsCA: true, + } + rootCert, err := x509.CreateCertificate(rand.Reader, rootTemplate, rootTemplate, rootKey.Public(), rootKey) + test.AssertNotError(t, err, "creating test root cert") + err = os.WriteFile(caCert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCert}), os.ModeAppend) + test.AssertNotError(t, err, "writing test root cert to disk") + + intKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + test.AssertNotError(t, err, "creating test intermediate key") + intKeyBytes, err := x509.MarshalECPrivateKey(intKey) + test.AssertNotError(t, err, "marshalling test intermediate key") + err = os.WriteFile(key, pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: intKeyBytes}), os.ModeAppend) + test.AssertNotError(t, err, "writing test intermediate key cert to disk") + + intTemplate := &x509.Certificate{ + Subject: pkix.Name{CommonName: "test intermediate"}, + SerialNumber: big.NewInt(67890), + NotBefore: time.Now().Add(-12 * time.Hour), + NotAfter: time.Now().Add(12 * time.Hour), + IsCA: true, + } + intCert, err := x509.CreateCertificate(rand.Reader, intTemplate, rootTemplate, intKey.Public(), rootKey) + test.AssertNotError(t, err, "creating test intermediate cert") + err = os.WriteFile(cert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: intCert}), os.ModeAppend) + test.AssertNotError(t, err, "writing test intermediate cert to disk") testCases := []struct { TLSConfig @@ -69,26 +113,20 @@ func TestTLSConfigLoad(t *testing.T) { {TLSConfig{null, key, caCert}, "loading key pair.*failed to find any PEM data"}, {TLSConfig{cert, null, caCert}, "loading key pair.*failed to find any PEM data"}, {TLSConfig{cert, key, null}, "parsing CA certs"}, + {TLSConfig{cert, key, caCert}, ""}, } for _, tc := range testCases { - var title [3]string - if tc.CertFile == "" { - title[0] = "nil" - } else { - title[0] = tc.CertFile - } - if tc.KeyFile == "" { - title[1] = "nil" - } else { - title[1] = tc.KeyFile - } - if tc.CACertFile == "" { - title[2] = "nil" - } else { - title[2] = tc.CACertFile + title := [3]string{tc.CertFile, tc.KeyFile, tc.CACertFile} + for i := range title { + if title[i] == "" { + title[i] = "nil" + } } t.Run(strings.Join(title[:], "_"), func(t *testing.T) { _, err := tc.TLSConfig.Load(metrics.NoopRegisterer) + if err == nil && tc.want == "" { + return + } if err == nil { t.Errorf("got no error") } diff --git a/cmd/ocsp-responder/testdata/test-ca.der.pem b/cmd/ocsp-responder/testdata/test-ca.der.pem deleted file mode 100644 index 760417fe943..00000000000 --- a/cmd/ocsp-responder/testdata/test-ca.der.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDETCCAfmgAwIBAgIJAJzxkS6o1QkIMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV -BAMMFGhhcHB5IGhhY2tlciBmYWtlIENBMB4XDTE1MDQwNzIzNTAzOFoXDTI1MDQw -NDIzNTAzOFowHzEdMBsGA1UEAwwUaGFwcHkgaGFja2VyIGZha2UgQ0EwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCkd5mgXFErJ3F2M0E9dw+Ta/md5i -8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9r9tSQcL8VM6WUOM8 -tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHSzUYtNKNeFI6Glamj -7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p58QkP4LHLShVLXDa8 -BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aPkE/cefmP+1xOfUuD -HOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w5qxSPTarAgMBAAGj -UDBOMB0GA1UdDgQWBBT7eE8S+WAVgyyfF380GbMuNupBiTAfBgNVHSMEGDAWgBT7 -eE8S+WAVgyyfF380GbMuNupBiTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA -A4IBAQAd9Da+Zv+TjMv7NTAmliqnWHY6d3UxEZN3hFEJ58IQVHbBZVZdW7zhRktB -vR05Kweac0HJeK91TKmzvXl21IXLvh0gcNLU/uweD3no/snfdB4OoFompljThmgl -zBqiqWoKBJQrLCA8w5UB+ReomRYd/EYXF/6TAfzm6hr//Xt5mPiUHPdvYt75lMAo -vRxLSbF8TSQ6b7BYxISWjPgFASNNqJNHEItWsmQMtAjjwzb9cs01XH9pChVAWn9L -oeMKa+SlHSYrWG93+EcrIH/dGU76uNOiaDzBSKvaehG53h25MHuO1anNICJvZovW -rFo4Uv1EnkKJm3vJFe50eJGhEKlx ------END CERTIFICATE----- diff --git a/cmd/ocsp-responder/testdata/test-ca.key b/cmd/ocsp-responder/testdata/test-ca.key deleted file mode 100644 index e3b5697be66..00000000000 --- a/cmd/ocsp-responder/testdata/test-ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCCkd5mgXFErJ3 -F2M0E9dw+Ta/md5i8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9 -r9tSQcL8VM6WUOM8tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHS -zUYtNKNeFI6Glamj7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p5 -8QkP4LHLShVLXDa8BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aP -kE/cefmP+1xOfUuDHOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w -5qxSPTarAgMBAAECggEAZh00uhjFOo35X1TufwSGF0z/c9uMvfMB4i1ufM2qgXud -WXLSLcrksZhhTfLAS4KSTa3PtSKqLBoPg1tdhy9WZqZWxaIxw8ybzaGtn8HNHGyr -LzsVlSLT2ATN4C7VAT9+DeVext0kWHtdz3r5mGagJq2Yx9jRGpQW6rBA9h4ol699 -BM09UPCcdlGmpdrb0jDjyfohG139EBSmEeB+Jim+oLO1sXe/LvWllU0UL527CExp -ykiIjASd4s7tFErV9sVJ+bDI97GOyBUGcVMiQ+TRPKFr0kfLgbJz24l8ycPI4odp -IGY+6igicg67n5BktAH+UfCQlUIpWbF2SwRAMht0AQKBgQD8gocy2VuCPj285hBY -8g/1GFd58HkCh54bOhAOb2PK+NE4mRuHCBlBj/tQOmgYz2Pna2k5ldJSUwXsUKkx -9R7hutnwXbcQTSQIRcjhYDLeGetJYXR96ylDig+6XjdW3A5SIc2JzlbVThP39TTm -gRqE/rj9G4ARMfHxffp7YT5AqwKBgQDEuN0pYMKjaW0xvc7WYUOqGHqt2di/BwMr -Ur438MtePArELY35P6kDcrfnlacDToA3Tebk9Rw18y1kl3BFO7VdJbQJSa6RWbp5 -aK7E5lq1pCrdyhGwiaI1f5VgzeY8ywS3TqGqU9GOqpENiZqgs1ly9l8gZSaw8/yF -uDWGg7jiAQKBgQCyLtGEmkiuoYkjUR1cBoQoKeMgkwZxOI3jHJfT99ptkiLhU3lP -UfGwiA+JT43BZCdVWEBKeGSP3zIgzdJ3BEekdhvwN9FEWYsBo2zbTOzYOWYExBZV -/KmDlVr/4hge3O3mGyBVDBvOLWh94rRPq+6wxqZ3RP6cI6hdBs7IXZh2PQKBgQDB -rav4kA4xKpvaDCC2yj3/Gmi1/zO5J2NEZQtoMgdXeM+0w5Dy4204Otq7A4jR5Ziw -Wl9H7dZfe1Kmpb5gO1/dHEC7oDJhYjEIVTs0GgMWsFGP2OE/qNHtz/W2wCC8m7jB -7IWYFzvLNTzoUiDNtKYNXGjdkRjdwOlOkcUI8Wi2AQKBgQC9EJsMz/ySt58IvwWy -fQJyg742j21pXHqlMnmHygnSgNa7f3yPQK3FxjvhIPmgu7x8+sSUtXHOjKhZML3p -SdTm/yN487hOYp03jy/wVXLcCDp9XhBeIt/z/TZMPMjAHOLG9xG6cF8AOVq7mLBc -tsDWUHoXPZj/YciXZLq3fPuXyw== ------END PRIVATE KEY----- diff --git a/docker-compose.next.yml b/docker-compose.next.yml index 2b88ea2b558..b18fb5ee74d 100644 --- a/docker-compose.next.yml +++ b/docker-compose.next.yml @@ -2,6 +2,6 @@ services: boulder: environment: FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: &boulder_config_dir test/config-next + BOULDER_CONFIG_DIR: test/config-next GOFLAGS: -mod=vendor GOCACHE: /boulder/.gocache/go-build-next diff --git a/docker-compose.yml b/docker-compose.yml index b7dc73ed46b..f2530957962 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ services: # The `letsencrypt/boulder-tools:latest` tag is automatically built in local # dev environments. In CI a specific BOULDER_TOOLS_TAG is passed, and it is # pulled with `docker compose pull`. - image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest} + image: &boulder_tools_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest} build: context: test/boulder-tools/ # Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh. @@ -20,8 +20,7 @@ services: volumes: - .:/boulder:cached - ./.gocache:/root/.cache/go-build:cached - - ./.hierarchy:/hierarchy/:cached - - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached networks: bouldernet: ipv4_address: 10.77.77.77 @@ -62,6 +61,20 @@ services: entrypoint: test/entrypoint.sh working_dir: &boulder_working_dir /boulder + bsetup: + image: *boulder_tools_image + volumes: + - .:/boulder:cached + - ./.gocache:/root/.cache/go-build:cached + - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + entrypoint: test/certs/generate.sh + working_dir: *boulder_working_dir + profiles: + # Adding a profile to this container means that it won't be started by a + # normal "docker compose up/run boulder", only when specifically invoked + # with a "docker compose up bsetup". + - setup + bmysql: image: mariadb:10.5 networks: diff --git a/grpc/creds/creds_test.go b/grpc/creds/creds_test.go index ad38c0c8e67..e252f004f1c 100644 --- a/grpc/creds/creds_test.go +++ b/grpc/creds/creds_test.go @@ -12,59 +12,58 @@ import ( "testing" "time" - "github.com/letsencrypt/boulder/core" + "github.com/jmhodges/clock" + "github.com/letsencrypt/boulder/test" ) func TestServerTransportCredentials(t *testing.T) { + _, badCert := test.ThrowAwayCert(t, clock.New()) + goodCert := &x509.Certificate{ + DNSNames: []string{"creds-test"}, + IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)}, + } acceptedSANs := map[string]struct{}{ "creds-test": {}, } - certFile := "../../test/grpc-creds/creds-test/cert.pem" - badCertFile := "testdata/example.com/cert.pem" - goodCert, err := core.LoadCert(certFile) - test.AssertNotError(t, err, "core.LoadCert failed on "+certFile) - badCert, err := core.LoadCert(badCertFile) - test.AssertNotError(t, err, "core.LoadCert failed on "+badCertFile) servTLSConfig := &tls.Config{} // NewServerCredentials with a nil serverTLSConfig should return an error - _, err = NewServerCredentials(nil, acceptedSANs) + _, err := NewServerCredentials(nil, acceptedSANs) test.AssertEquals(t, err, ErrNilServerConfig) - // A creds with a empty acceptedSANs list should consider any peer valid + // A creds with a nil acceptedSANs list should consider any peer valid wrappedCreds, err := NewServerCredentials(servTLSConfig, nil) test.AssertNotError(t, err, "NewServerCredentials failed with nil acceptedSANs") bcreds := wrappedCreds.(*serverTransportCredentials) - emptyState := tls.ConnectionState{} - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertNotError(t, err, "validateClient() errored for emptyState") + + // A creds with a empty acceptedSANs list should consider any peer valid wrappedCreds, err = NewServerCredentials(servTLSConfig, map[string]struct{}{}) test.AssertNotError(t, err, "NewServerCredentials failed with empty acceptedSANs") bcreds = wrappedCreds.(*serverTransportCredentials) - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertNotError(t, err, "validateClient() errored for emptyState") - // A creds given an empty TLS ConnectionState to verify should return an error + // A properly-initialized creds should fail to verify an empty ConnectionState bcreds = &serverTransportCredentials{servTLSConfig, acceptedSANs} - err = bcreds.validateClient(emptyState) + err = bcreds.validateClient(tls.ConnectionState{}) test.AssertEquals(t, err, ErrEmptyPeerCerts) // A creds should reject peers that don't have a leaf certificate with // a SAN on the accepted list. - wrongState := tls.ConnectionState{ + err = bcreds.validateClient(tls.ConnectionState{ PeerCertificates: []*x509.Certificate{badCert}, - } - err = bcreds.validateClient(wrongState) + }) var errSANNotAccepted ErrSANNotAccepted test.AssertErrorWraps(t, err, &errSANNotAccepted) // A creds should accept peers that have a leaf certificate with a SAN // that is on the accepted list - rightState := tls.ConnectionState{ + err = bcreds.validateClient(tls.ConnectionState{ PeerCertificates: []*x509.Certificate{goodCert}, - } - err = bcreds.validateClient(rightState) + }) test.AssertNotError(t, err, "validateClient(rightState) failed") // A creds configured with an IP SAN in the accepted list should accept a peer @@ -74,7 +73,9 @@ func TestServerTransportCredentials(t *testing.T) { "127.0.0.1": {}, } bcreds = &serverTransportCredentials{servTLSConfig, acceptedIPSans} - err = bcreds.validateClient(rightState) + err = bcreds.validateClient(tls.ConnectionState{ + PeerCertificates: []*x509.Certificate{goodCert}, + }) test.AssertNotError(t, err, "validateClient(rightState) failed with an IP accepted SAN list") } diff --git a/grpc/creds/testdata/example.com/cert.pem b/grpc/creds/testdata/example.com/cert.pem deleted file mode 100644 index e991ca1b4af..00000000000 --- a/grpc/creds/testdata/example.com/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDETCCAfmgAwIBAgIITp8UbMgujuEwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgNDk2YzRkMCAXDTE2MTIyNjE5MTEyOFoYDzIxMDYx -MjI2MTkxMTI4WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAL18+TWZsdGOxfObbuHQ8mOSXvc6+gtVHN9lSFOt -x7JiM2OZhQFOlYPDox/KqQX0tlyfYZ808NZcwWConQL+Atme8AKy0pahqI99WChh -li9ehbbbTGoWa8NxWbkqGDgD3waQ8YFZbWXosiK+dt4cAbNpAdX1yByQts/GUKW0 -PYyqwoOvjE5tBXBzrIL6PVxmGz5ALjq8GMl3HTyZXO5AfBuomNRYYkEV6zx/TOTq -PhO7flLnMVauv0aJbsaD+ZpPF2Zi/fw/4q2nolag+oA1f55mHxjN39ocLHa++CJA -ft4LRK/75QVaYKICn4r13DiCvGI44ltv+lmwSPZ311lvIF8CAwEAAaNXMFUwDgYD -VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV -HRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUA -A4IBAQAp/W32B/Pnm1oZXSVWTSN6ztSWjgiB3du1ryPe5VSPBmYZU1hHvORBfjuH -5JI9mHioW+0aoiDuABgpIXf5hMfXljyJXN+vO70C5PStUnFmHTtGADw62vRxhVVU -PLKtSAph8QpMTEUe+skV5RZ525aqHH54GSrSm7EdkIrgrkuGQhOViZ6QEqew29I3 -UK6cNe3w4d0XTzwPej4TNDGwumwWf/TEopp/kdOsFn93aZh/C/uTuI8gyqI9HiO0 -uQCwsePBr0G0w+vns38oC9jgyu6S3bOnq8XBzLjWgJ2lL//0g7bqvc5Wi1ClJnNS -OW48oQi9pw/ceqkYaMjCc0M5M0ix ------END CERTIFICATE----- diff --git a/grpc/creds/testdata/example.com/key.pem b/grpc/creds/testdata/example.com/key.pem deleted file mode 100644 index 295a72f3b37..00000000000 --- a/grpc/creds/testdata/example.com/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAvXz5NZmx0Y7F85tu4dDyY5Je9zr6C1Uc32VIU63HsmIzY5mF -AU6Vg8OjH8qpBfS2XJ9hnzTw1lzBYKidAv4C2Z7wArLSlqGoj31YKGGWL16FtttM -ahZrw3FZuSoYOAPfBpDxgVltZeiyIr523hwBs2kB1fXIHJC2z8ZQpbQ9jKrCg6+M -Tm0FcHOsgvo9XGYbPkAuOrwYyXcdPJlc7kB8G6iY1FhiQRXrPH9M5Oo+E7t+Uucx -Vq6/RoluxoP5mk8XZmL9/D/iraeiVqD6gDV/nmYfGM3f2hwsdr74IkB+3gtEr/vl -BVpgogKfivXcOIK8YjjiW2/6WbBI9nfXWW8gXwIDAQABAoIBAQCrLixgXMGEQ8vW -YBOSktV2WHPMOw5KkJBtzCzD05k1MHumPbknThvKFkHWZZm+VK0uDZn+XrA3p0HX -FVwKqPhgKrI+bdfK1q3VOvIaQNaRYn2/jGuC51BhFpRsr3eDmxOu9eAG74fh6Y6L -zq7JxllO/8z1wn0OOTm9iDWxDJwR51+tq/BSJhj681QPTOYmMxeHVxlXbZWs3JH3 -2md/s3M2ZKuyS/i6B4d2wijxMbZsbmX2gYC/N+i/DfLyfwh1+/6BvTZIsW5e1LRQ -kcIltZxlCT/PQw/rQjgDZROujlpiuYc2jaedn5JRDYNu+tnITi5oPswXezMH7QQs -PpQCcQfpAoGBAN53rCeLOyenihR35L5J/pqgMTwvGywEiNzVLqv9KUxyhZZvexIj -n5nQhRBIWD+2LpM1wmkMwb0xJT9PKbZgtaxYoledkFbWC+n7F6VqG/jb8ZUlkYdD -6QVUqAOIiuQLKJTzKStDQlAJXhGF5eItI+yAnL7utUsliLPbh1zUrLXTAoGBANoM -u5F/bqXOf2kQqXx7PfIuFRmQau97l0e7M1R7agvsgSnFvoa47Lkkx+KztZO+n8YD -wpEe3otuEYQAhG4WnLcZsBkAtKlGNv9JXwYOKFttKHSEtQ2LA10AsgILknJpZggE -/rMVyam+bjwusTfb610S8gYSjl7IKMIU+S+aAdfFAoGBAMgm3VF6l882kimWMMvv -YM0XQRTHwOeacNRWTLZaf9SS2JOfWxfXyxklHQKoRBWWQFMbs/y1iH1CASPzgjDe -07TqzayMSzeFPpTV3tFpJR+CKtkoQsVzGOw93SfIqkU/sNRJ7YlJ6xh9RQ/46vnR -6Rc4I045EA07CMHgyemAQp8XAoGAbIYtzKqp/WgbTcV3NXd5S1HYOpMARhUzJAZt -87xA+ZJKbun2e8MKPtOpkJF07AXSK5Gvgt7kUG0F1rcTMl+avB7S4H7Ta/SAZuqz -mqXtPCPGIMfz/LuVfvJbplzwFHWUzKT/x04uwob/AoESvwR7ziUhxBf0OARTFNWv -eBukkykCgYAuJ9jYMXVXae4phx0SgUNR40y7TA/TWbK2QgVGhWoGLlOOD3eqlxRS -xjV5ZcOy5XcCsL5tyN5IhTRUdCWF0l/v9EfvY0Zib7BWZk/dFcmLba2w2YW4cWD4 -WI5hndU1a8engsQ9C7PQPzU9GiRbcnwU8n1pGAE5Aa8u7b3WCFi2ag== ------END RSA PRIVATE KEY----- diff --git a/issuance/issuer_test.go b/issuance/issuer_test.go index f7f09522b31..4e96145a123 100644 --- a/issuance/issuer_test.go +++ b/issuance/issuer_test.go @@ -214,12 +214,12 @@ func TestNewIssuerKeyUsage(t *testing.T) { func TestLoadChain_Valid(t *testing.T) { chain, err := LoadChain([]string{ - "../test/test-ca-cross.pem", - "../test/test-root2.pem", + "../test/hierarchy/int-e1.cert.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertNotError(t, err, "Should load valid chain") - expectedIssuer, err := core.LoadCert("../test/test-ca-cross.pem") + expectedIssuer, err := core.LoadCert("../test/hierarchy/int-e1.cert.pem") test.AssertNotError(t, err, "Failed to load test issuer") chainIssuer := chain[0] @@ -236,12 +236,12 @@ func TestLoadChain_TooShort(t *testing.T) { func TestLoadChain_Unloadable(t *testing.T) { _, err := LoadChain([]string{ "does-not-exist.pem", - "../test/test-root2.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertError(t, err, "Should reject unloadable chain") _, err = LoadChain([]string{ - "../test/test-ca-cross.pem", + "../test/hierarchy/int-e1.cert.pem", "does-not-exist.pem", }) test.AssertError(t, err, "Should reject unloadable chain") @@ -251,19 +251,19 @@ func TestLoadChain_Unloadable(t *testing.T) { test.AssertNotError(t, err, "Error writing invalid PEM tmp file") _, err = LoadChain([]string{ invalidPEMFile.Name(), - "../test/test-root2.pem", + "../test/hierarchy/root-x2.cert.pem", }) test.AssertError(t, err, "Should reject unloadable chain") } func TestLoadChain_InvalidSig(t *testing.T) { _, err := LoadChain([]string{ - "../test/test-root2.pem", - "../test/test-ca-cross.pem", + "../test/hierarchy/int-e1.cert.pem", + "../test/hierarchy/root-x1.cert.pem", }) test.AssertError(t, err, "Should reject invalid signature") - test.Assert(t, strings.Contains(err.Error(), "test-ca-cross.pem"), + test.Assert(t, strings.Contains(err.Error(), "root-x1.cert.pem"), fmt.Sprintf("Expected error to mention filename, got: %s", err)) - test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=happy hacker fake CA\""), + test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=(TEST) Ineffable Ice X1"), fmt.Sprintf("Expected error to mention subject, got: %s", err)) } diff --git a/start.py b/start.py index b297390e333..f224b9e6c2f 100755 --- a/start.py +++ b/start.py @@ -20,9 +20,6 @@ if not startservers.install(race_detection=False): raise(Exception("failed to build")) -# Setup issuance hierarchy -startservers.setupHierarchy() - if not startservers.start(fakeclock=None): sys.exit(1) try: diff --git a/t.sh b/t.sh index 10b87227d4b..a2d1a1ea5f8 100755 --- a/t.sh +++ b/t.sh @@ -7,6 +7,9 @@ if type realpath >/dev/null 2>&1 ; then cd "$(realpath -- $(dirname -- "$0"))" fi +# Generate the test keys and certs necessary for the integration tests. +docker compose up bsetup + # Use a predictable name for the container so we can grab the logs later # for use when testing logs analysis tools. docker rm boulder_tests diff --git a/test/PKI.md b/test/PKI.md deleted file mode 100644 index 9236f7bd320..00000000000 --- a/test/PKI.md +++ /dev/null @@ -1,50 +0,0 @@ -Boulder's test environment contains four separate PKIs: -* WFE (simulating the public WebPKI) -* gRPC (simulating an internal PKI) -* Redis (simulating another internal PKI) -* Issuance - -In live deployment, the issuance PKI is a member of the global WebPKI, but we -simulate them as separate PKIs here. - -The PKI used by WFE is under `test/wfe-tls/`, with `test/wfe-tls/minica.pem` -serving as the root. There are no intermediates. Setting -`test/wfe-tls/minica.pem` as a trusted root is sufficient to connect to the WFE -over HTTPS. Currently there is only one end-entity certificate in this PKI, and -that's all we expect to need. To validate HTTPS connections to a test-mode WFE -in Python, set the environment variable `REQUESTS_CA_BUNDLE`. For Node, set -`NODE_EXTRA_CA_CERTS`. These variables should be set to -`/path/to/boulder/test/wfe-tls/minica.pem` (but only in testing environments!). -Note that in the Python case, setting this environment variable may break HTTPS -connections to non-WFE destinations. If causes problems for you, you may need to -create a combined bundle containing `test/wfe-tls/minica.pem` in addition to the -other relevant root certificates. - -The gRPC PKI is under `test/grpc-creds/`. Each Boulder component has two -hostnames, each resolving to a different IP address in our test environment, -plus a third hostname that resolves to both IP addresses. Certificates for these -components contain all three hostnames, both test IP addresses, and are stored -under `test/grpc-creds/SERVICE.boulder`. - -To issue new certificates in the WFE or gRPC PKI, install -https://github.com/jsha/minica, cd to the directory containing `minica.pem` for -the PKI you want to issue in, and run `minica -domains YOUR_NEW_DOMAINs`. If -you're updating the gRPC PKI, please make sure to update -`grpc-creds/generate.sh`. - -The issuance PKI consists of a RSA and ECDSA roots, several intermediates and -cross-signed intermediates, and CRLs. These certificates and their keys are -generated using the `ceremony` tool during integration testing. The private keys -are stored in SoftHSM in the boulder repository root `.softhsm-tokens/` folder, -and the public keys and certificates are written out to the boulder repository -root in the `.hierarchy/` folder. - -To regenerate the issuance PKI files, run the following commands: - - sudo rm -f .hierarchy/ .softhsm-tokens/ - docker compose run -it boulder go run test/cert-ceremonies/generate.go - -Certificate `test-example.pem`, together with `test-example.key` are self-signed -certs used in integration tests and were generated using: - - openssl req -x509 -newkey rsa:4096 -keyout test-example.key -out test-example.pem -days 36500 -nodes -subj "/CN=www.example.com" diff --git a/test/boulder-tools/Dockerfile b/test/boulder-tools/Dockerfile index 6dc912028f4..7470a47e5f0 100644 --- a/test/boulder-tools/Dockerfile +++ b/test/boulder-tools/Dockerfile @@ -15,6 +15,7 @@ RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2.0 RUN go install github.com/letsencrypt/pebble/v2/cmd/pebble-challtestsrv@66511d8 RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2 RUN go install honnef.co/go/tools/cmd/staticcheck@2023.1.7 +RUN go install github.com/jsha/minica@v1.1.0 FROM rust:bullseye as rustdeps # Provided automatically by docker build. diff --git a/test/certs/.gitignore b/test/certs/.gitignore new file mode 100644 index 00000000000..ddb1034ff5a --- /dev/null +++ b/test/certs/.gitignore @@ -0,0 +1,3 @@ +/ipki +/webpki +/.softhsm-tokens diff --git a/test/certs/README.md b/test/certs/README.md new file mode 100644 index 00000000000..e70955d0291 --- /dev/null +++ b/test/certs/README.md @@ -0,0 +1,71 @@ +# Test keys and certificates + +## Dynamically-Generated PKIs + +This directory contains scripts and programs which generate PKIs (collections of +keys and certificates) for use in our integration tests. Each PKI has its own +subdirectory. The scripts do not regenerate a directory if it already exists, to +allow the generated files to be re-used across many runs on a developer's +machine. To force the scripts to regenerate a PKI, simply delete its whole +directory. + +This script is invoked automatically by the `bsetup` container in our docker +compose system. It is invoked automatically by `t.sh` and `tn.sh`. If you want +to run it manually, the expected way to do so is: + +```sh +$ docker compose up bsetup +[+] Running 0/1 +Attaching to bsetup-1 +bsetup-1 | Generating ipki/... +bsetup-1 | Generating webpki/... +bsetup-1 exited with code 0 +``` + +To add new certificates to an existing PKI, edit the script which generates that +PKI's subdirectory. To add a whole new PKI, create a new generation script, +execute that script from this directory's top-level `generate.sh`, and add the +new subdirectory to this directory's `.gitignore` file. + +### webpki + +The "webpki" PKI emulates our publicly-trusted hierarchy. It consists of RSA and +ECDSA roots, several intermediates and cross-signed intermediates, and CRLs. +These certificates and their keys are generated using the `ceremony` tool. The +private keys are stored in SoftHSM in the `.softhsm-tokens` subdirectory. + +This PKI is loaded by the CA, RA, and other components. It is used as the +issuance hierarchy for all end-entity certificates issued as part of the +integration tests. + +### ipki + +The "ipki" PKI emulates our internal PKI that the various Boulder services use +to authenticate each other when establishing gRPC connections. It includes one +certificate for each service which participates in our gRPC cluster. Some of +these certificates (for the services that we run multiple copies of) have +multiple names, so the same certificate can be loaded by each copy of that +service. + +This PKI is loaded by virtually every Boulder component. + +## Other Test PKIs + +A variety of other PKIs (collections of keys and certificates) exist in this +repository for the sake of unit and integration testing. We list them here as a +TODO-list of PKIs to remove and clean up: + +- challtestsrv DoH: Our fake DNS challenge test server (which fulfills DNS-01 + challenges during integration tests) can negotiate DoH handshakes. The key and + cert is uses for this are currently generated as part of the ipki directory, + but are fundamentally different from that PKI and should be moved. +- wfe-tls: The //test/wfe-tls/ directory holds the key and certificate which the + WFE uses to negotiate TLS handshakes with API clients. +- redis: The //test/redis-tls/ directory holds the key and certificate used by + our test redis cluster. This should probably be moved into the ipki directory. +- unit tests: the //test/hierarchy/ directory holds a variety of certificates + used by unit tests. These should be replaced by certs which the unit tests + dynamically generate in-memory, rather than loading from disk. +- misc: the top-level //test/ directory contains a variety of keys and + certificates which are used largely at random throughout the tests. These + should be removed and replaced with one of the existing PKIs. diff --git a/test/certs/generate.sh b/test/certs/generate.sh new file mode 100755 index 00000000000..ad68869c2cf --- /dev/null +++ b/test/certs/generate.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -e + +cd "$(realpath -- $(dirname -- "$0"))" + +ipki() ( + # Check that `minica` is installed + command -v minica >/dev/null 2>&1 || { + echo >&2 "No 'minica' command available."; + echo >&2 "Check your GOPATH and run: 'go install github.com/jsha/minica@latest'."; + exit 1; + } + + # Minica generates everything in-place, so we need to cd into the subdirectory. + # This function executes in a subshell, so this cd does not affect the parent + # script. + mkdir ipki + cd ipki + + # Used by challtestsrv to negotiate DoH handshakes. + # TODO: Move this out of the ipki directory. + # This also creates the issuer key, so the loops below can run in the + # background without competing over who gets to create it. + minica -ip-addresses 10.77.77.77,10.88.88.88 + + for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \ + wfe akamai-purger bad-key-revoker crl-updater crl-storer \ + health-checker; do + minica -domains "${SERVICE}.boulder" & + done + + for SERVICE in publisher nonce ra ca sa va rva ; do + minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" & + done + + wait + + # minica sets restrictive directory permissions, but we don't want that + chmod -R go+rX . +) + +webpki() ( + # Because it invokes the ceremony tool, webpki.go expects to be invoked with + # the root of the boulder repo as the current working directory. + # This function executes in a subshell, so this cd does not affect the parent + # script. + cd ../.. + mkdir ./test/certs/webpki + go run ./test/certs/webpki.go +) + +if ! [ -d ipki ]; then + echo "Generating ipki/..." + ipki +fi + +if ! [ -d webpki ]; then + echo "Generating webpki/..." + webpki +fi diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml b/test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml similarity index 76% rename from test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml rename to test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml index 1390e214a16..1b040904586 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa-cross.yaml +++ b/test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml @@ -5,11 +5,11 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-rsa.cert.pem - certificate-to-cross-sign-path: /hierarchy/{{ .FileName }}.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem + certificate-to-cross-sign-path: test/certs/webpki/{{ .FileName }}.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}-cross.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}-cross.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml b/test/certs/intermediate-cert-ceremony-ecdsa.yaml similarity index 75% rename from test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml rename to test/certs/intermediate-cert-ceremony-ecdsa.yaml index 16ca1926b8a..f5a4fc24143 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-ecdsa.yaml +++ b/test/certs/intermediate-cert-ceremony-ecdsa.yaml @@ -5,10 +5,10 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root ecdsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem certificate-profile: signature-algorithm: ECDSAWithSHA384 common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml b/test/certs/intermediate-cert-ceremony-rsa.yaml similarity index 75% rename from test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml rename to test/certs/intermediate-cert-ceremony-rsa.yaml index e4c380baded..6ed8ddaffb4 100644 --- a/test/cert-ceremonies/intermediate-cert-ceremony-rsa.yaml +++ b/test/certs/intermediate-cert-ceremony-rsa.yaml @@ -5,10 +5,10 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - issuer-certificate-path: /hierarchy/root-rsa.cert.pem + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem outputs: - certificate-path: /hierarchy/{{ .FileName }}.cert.pem + certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: {{ .CommonName }} diff --git a/test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml b/test/certs/intermediate-key-ceremony-ecdsa.yaml similarity index 61% rename from test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml rename to test/certs/intermediate-key-ceremony-ecdsa.yaml index 5325f321424..13835efe793 100644 --- a/test/cert-ceremonies/intermediate-key-ceremony-ecdsa.yaml +++ b/test/certs/intermediate-key-ceremony-ecdsa.yaml @@ -8,5 +8,5 @@ key: type: ecdsa ecdsa-curve: P-384 outputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json diff --git a/test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml b/test/certs/intermediate-key-ceremony-rsa.yaml similarity index 61% rename from test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml rename to test/certs/intermediate-key-ceremony-rsa.yaml index 76e8488f7f6..439abf15c34 100644 --- a/test/cert-ceremonies/intermediate-key-ceremony-rsa.yaml +++ b/test/certs/intermediate-key-ceremony-rsa.yaml @@ -8,5 +8,5 @@ key: type: rsa rsa-mod-length: 2048 outputs: - public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem - pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json + public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem + pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json diff --git a/test/cert-ceremonies/root-ceremony-ecdsa.yaml b/test/certs/root-ceremony-ecdsa.yaml similarity index 83% rename from test/cert-ceremonies/root-ceremony-ecdsa.yaml rename to test/certs/root-ceremony-ecdsa.yaml index ef73ab4f14f..573533d481a 100644 --- a/test/cert-ceremonies/root-ceremony-ecdsa.yaml +++ b/test/certs/root-ceremony-ecdsa.yaml @@ -8,8 +8,8 @@ key: type: ecdsa ecdsa-curve: P-384 outputs: - public-key-path: /hierarchy/root-ecdsa.pubkey.pem - certificate-path: /hierarchy/root-ecdsa.cert.pem + public-key-path: test/certs/webpki/root-ecdsa.pubkey.pem + certificate-path: test/certs/webpki/root-ecdsa.cert.pem certificate-profile: signature-algorithm: ECDSAWithSHA384 common-name: root ecdsa diff --git a/test/cert-ceremonies/root-ceremony-rsa.yaml b/test/certs/root-ceremony-rsa.yaml similarity index 83% rename from test/cert-ceremonies/root-ceremony-rsa.yaml rename to test/certs/root-ceremony-rsa.yaml index 79c39f549f4..1bc5a323061 100644 --- a/test/cert-ceremonies/root-ceremony-rsa.yaml +++ b/test/certs/root-ceremony-rsa.yaml @@ -8,8 +8,8 @@ key: type: rsa rsa-mod-length: 4096 outputs: - public-key-path: /hierarchy/root-rsa.pubkey.pem - certificate-path: /hierarchy/root-rsa.cert.pem + public-key-path: test/certs/webpki/root-rsa.pubkey.pem + certificate-path: test/certs/webpki/root-rsa.cert.pem certificate-profile: signature-algorithm: SHA256WithRSA common-name: root rsa diff --git a/test/cert-ceremonies/root-crl-ecdsa.yaml b/test/certs/root-crl-ecdsa.yaml similarity index 69% rename from test/cert-ceremonies/root-crl-ecdsa.yaml rename to test/certs/root-crl-ecdsa.yaml index 37280542887..b68f363164b 100644 --- a/test/cert-ceremonies/root-crl-ecdsa.yaml +++ b/test/certs/root-crl-ecdsa.yaml @@ -5,9 +5,9 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root ecdsa inputs: - issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem + issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem outputs: - crl-path: /hierarchy/root-ecdsa.crl.pem + crl-path: test/certs/webpki/root-ecdsa.crl.pem crl-profile: this-update: 2023-01-01 12:00:00 next-update: 2023-12-15 12:00:00 diff --git a/test/cert-ceremonies/root-crl-rsa.yaml b/test/certs/root-crl-rsa.yaml similarity index 70% rename from test/cert-ceremonies/root-crl-rsa.yaml rename to test/certs/root-crl-rsa.yaml index 56e63113460..ee23302e727 100644 --- a/test/cert-ceremonies/root-crl-rsa.yaml +++ b/test/certs/root-crl-rsa.yaml @@ -5,9 +5,9 @@ pkcs11: signing-key-slot: {{ .SlotID }} signing-key-label: root rsa inputs: - issuer-certificate-path: /hierarchy/root-rsa.cert.pem + issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem outputs: - crl-path: /hierarchy/root-rsa.crl.pem + crl-path: test/certs/webpki/root-rsa.crl.pem crl-profile: this-update: 2023-01-01 12:00:00 next-update: 2023-12-15 12:00:00 diff --git a/test/cert-ceremonies/generate.go b/test/certs/webpki.go similarity index 79% rename from test/cert-ceremonies/generate.go rename to test/certs/webpki.go index b72c00f8664..759c1169410 100644 --- a/test/cert-ceremonies/generate.go +++ b/test/certs/webpki.go @@ -38,7 +38,7 @@ func genKey(path string, inSlot string) error { if err != nil { return err } - output, err := exec.Command("bin/ceremony", "-config", tmpPath).CombinedOutput() + output, err := exec.Command("./bin/ceremony", "-config", tmpPath).CombinedOutput() if err != nil { return fmt.Errorf("error running ceremony for %s: %s:\n%s", tmpPath, err, string(output)) } @@ -70,7 +70,7 @@ func rewriteConfig(path string, rewrites map[string]string) (string, error) { // runCeremony is used to run a ceremony with a given config. func runCeremony(path string) error { - output, err := exec.Command("bin/ceremony", "-config", path).CombinedOutput() + output, err := exec.Command("./bin/ceremony", "-config", path).CombinedOutput() if err != nil { return fmt.Errorf("error running ceremony for %s: %s:\n%s", path, err, string(output)) } @@ -81,17 +81,9 @@ func main() { _ = blog.Set(blog.StdoutLogger(6)) defer cmd.AuditPanic() - // If one of the output files already exists, assume this ran once - // already for the container and don't re-run. - outputFile := "/hierarchy/root-rsa.pubkey.pem" - if loc, err := os.Stat(outputFile); err == nil && loc.Mode().IsRegular() { - fmt.Println("skipping certificate generation: already exists") - return - } else if err == nil && !loc.Mode().IsRegular() { - cmd.Fail(fmt.Sprintf("statting %q: not a regular file", outputFile)) - } else if err != nil && !os.IsNotExist(err) { - cmd.Fail(fmt.Sprintf("statting %q: %s", outputFile, err)) - } + // Compile the ceremony binary for easy re-use. + _, err := exec.Command("make", "build").CombinedOutput() + cmd.FailOnError(err, "compiling ceremony tool") // Create SoftHSM slots for the root signing keys rsaRootKeySlot, err := createSlot("Root RSA") @@ -100,9 +92,9 @@ func main() { cmd.FailOnError(err, "failed creating softhsm2 slot for ECDSA root key") // Generate the root signing keys and certificates - err = genKey("test/cert-ceremonies/root-ceremony-rsa.yaml", rsaRootKeySlot) + err = genKey("test/certs/root-ceremony-rsa.yaml", rsaRootKeySlot) cmd.FailOnError(err, "failed to generate RSA root key + root cert") - err = genKey("test/cert-ceremonies/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot) + err = genKey("test/certs/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot) cmd.FailOnError(err, "failed to generate ECDSA root key + root cert") // Do everything for all of the intermediates @@ -126,7 +118,7 @@ func main() { cmd.FailOnError(err, "failed to create softhsm2 slot for intermediate key") // Generate key - keyConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-key-ceremony-%s.yaml", alg) + keyConfigTemplate := fmt.Sprintf("test/certs/intermediate-key-ceremony-%s.yaml", alg) keyConfig, err := rewriteConfig(keyConfigTemplate, map[string]string{ "SlotID": keySlot, "Label": name, @@ -138,7 +130,7 @@ func main() { cmd.FailOnError(err, "failed to generate intermediate key") // Generate cert - certConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s.yaml", alg) + certConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s.yaml", alg) certConfig, err := rewriteConfig(certConfigTemplate, map[string]string{ "SlotID": rootKeySlot, "CommonName": name, @@ -154,7 +146,7 @@ func main() { continue } - crossConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s-cross.yaml", alg) + crossConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s-cross.yaml", alg) crossConfig, err := rewriteConfig(crossConfigTemplate, map[string]string{ "SlotID": rsaRootKeySlot, "CommonName": name, @@ -168,14 +160,14 @@ func main() { } // Create CRLs stating that the intermediates are not revoked. - rsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-rsa.yaml", map[string]string{ + rsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-rsa.yaml", map[string]string{ "SlotID": rsaRootKeySlot, }) cmd.FailOnError(err, "failed to rewrite RSA root CRL config with key ID") err = runCeremony(rsaTmpCRLConfig) cmd.FailOnError(err, "failed to generate RSA root CRL") - ecdsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-ecdsa.yaml", map[string]string{ + ecdsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-ecdsa.yaml", map[string]string{ "SlotID": ecdsaRootKeySlot, }) cmd.FailOnError(err, "failed to rewrite ECDSA root CRL config with key ID") diff --git a/test/config-next/admin-revoker.json b/test/config-next/admin-revoker.json index 2f8a1634454..389fc0080e3 100644 --- a/test/config-next/admin-revoker.json +++ b/test/config-next/admin-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 1 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/admin.json b/test/config-next/admin.json index bd85f80ff0c..09dfe167dcf 100644 --- a/test/config-next/admin.json +++ b/test/config-next/admin.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8014", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/akamai-purger.json b/test/config-next/akamai-purger.json index 0f6303ebc22..d9c6ee75ed9 100644 --- a/test/config-next/akamai-purger.json +++ b/test/config-next/akamai-purger.json @@ -12,9 +12,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9099", diff --git a/test/config-next/bad-key-revoker.json b/test/config-next/bad-key-revoker.json index be9afdd2767..c66693c40b9 100644 --- a/test/config-next/bad-key-revoker.json +++ b/test/config-next/bad-key-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 10 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/ca.json b/test/config-next/ca.json index e2f682bb8ab..58c335d9ffc 100644 --- a/test/config-next/ca.json +++ b/test/config-next/ca.json @@ -1,9 +1,9 @@ { "ca": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ca.boulder/cert.pem", - "keyFile": "test/grpc-creds/ca.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ca.boulder/cert.pem", + "keyFile": "test/certs/ipki/ca.boulder/key.pem" }, "hostnamePolicyFile": "test/hostname-policy.yaml", "grpcCA": { @@ -69,8 +69,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-a/", "location": { - "configFile": "/hierarchy/int-ecdsa-a.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-a.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", "numSessions": 2 } }, @@ -80,8 +80,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-b/", "location": { - "configFile": "/hierarchy/int-ecdsa-b.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-b.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-b.cert.pem", "numSessions": 2 } }, @@ -91,8 +91,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-c/", "location": { - "configFile": "/hierarchy/int-ecdsa-c.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-c.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-c.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-c.cert.pem", "numSessions": 2 } }, @@ -102,8 +102,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-a/", "location": { - "configFile": "/hierarchy/int-rsa-a.pkcs11.json", - "certFile": "/hierarchy/int-rsa-a.cert.pem", + "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-a.cert.pem", "numSessions": 2 } }, @@ -113,8 +113,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-b/", "location": { - "configFile": "/hierarchy/int-rsa-b.pkcs11.json", - "certFile": "/hierarchy/int-rsa-b.cert.pem", + "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-b.cert.pem", "numSessions": 2 } }, @@ -124,8 +124,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-c/", "location": { - "configFile": "/hierarchy/int-rsa-c.pkcs11.json", - "certFile": "/hierarchy/int-rsa-c.cert.pem", + "configFile": "test/certs/webpki/int-rsa-c.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-c.cert.pem", "numSessions": 2 } } diff --git a/test/config-next/crl-storer.json b/test/config-next/crl-storer.json index 61352d23d90..0934bcef071 100644 --- a/test/config-next/crl-storer.json +++ b/test/config-next/crl-storer.json @@ -1,9 +1,9 @@ { "crlStorer": { "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-storer.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-storer.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-storer.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-storer.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", @@ -21,12 +21,12 @@ } }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", diff --git a/test/config-next/crl-updater.json b/test/config-next/crl-updater.json index d31ea4af1bd..86f7e601d3d 100644 --- a/test/config-next/crl-updater.json +++ b/test/config-next/crl-updater.json @@ -1,9 +1,9 @@ { "crlUpdater": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-updater.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-updater.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-updater.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-updater.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", @@ -36,12 +36,12 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "numShards": 10, "shardWidth": "240h", diff --git a/test/config-next/expiration-mailer.json b/test/config-next/expiration-mailer.json index 0b784714938..52eefb89142 100644 --- a/test/config-next/expiration-mailer.json +++ b/test/config-next/expiration-mailer.json @@ -19,9 +19,9 @@ "emailTemplate": "test/config-next/expiration-mailer.gotmpl", "parallelSends": 10, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem", - "keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem", + "keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/health-checker.json b/test/config-next/health-checker.json index 5999162641e..e2663f51008 100644 --- a/test/config-next/health-checker.json +++ b/test/config-next/health-checker.json @@ -3,8 +3,8 @@ "timeout": "1s" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/health-checker.boulder/cert.pem", - "keyFile": "test/grpc-creds/health-checker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/health-checker.boulder/cert.pem", + "keyFile": "test/certs/ipki/health-checker.boulder/key.pem" } } diff --git a/test/config-next/nonce-a.json b/test/config-next/nonce-a.json index d1a86a2b018..5e3a00c070d 100644 --- a/test/config-next/nonce-a.json +++ b/test/config-next/nonce-a.json @@ -29,9 +29,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config-next/nonce-b.json b/test/config-next/nonce-b.json index d1a86a2b018..5e3a00c070d 100644 --- a/test/config-next/nonce-b.json +++ b/test/config-next/nonce-b.json @@ -29,9 +29,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config-next/ocsp-responder.json b/test/config-next/ocsp-responder.json index d66404cac83..df989d3a7b3 100644 --- a/test/config-next/ocsp-responder.json +++ b/test/config-next/ocsp-responder.json @@ -17,9 +17,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", - "keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem", + "keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -44,12 +44,12 @@ "logSampleRate": 1, "path": "/", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "liveSigningPeriod": "60h", "timeout": "4.9s", diff --git a/test/config-next/publisher.json b/test/config-next/publisher.json index af519b2df9f..3d0a0fb7e4e 100644 --- a/test/config-next/publisher.json +++ b/test/config-next/publisher.json @@ -4,20 +4,20 @@ "blockProfileRate": 1000000000, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ] ], "grpc": { @@ -36,9 +36,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/publisher.boulder/cert.pem", - "keyFile": "test/grpc-creds/publisher.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/publisher.boulder/cert.pem", + "keyFile": "test/certs/ipki/publisher.boulder/key.pem" }, "features": {} }, diff --git a/test/config-next/ra.json b/test/config-next/ra.json index a453eeb5109..6ead495610a 100644 --- a/test/config-next/ra.json +++ b/test/config-next/ra.json @@ -14,17 +14,17 @@ "orderLifetime": "168h", "finalizeTimeout": "30s", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-rsa-c.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-rsa-c.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-c.cert.pem" ], "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ra.boulder/cert.pem", - "keyFile": "test/grpc-creds/ra.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ra.boulder/cert.pem", + "keyFile": "test/certs/ipki/ra.boulder/key.pem" }, "vaService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config-next/remoteva-a.json b/test/config-next/remoteva-a.json index 1a2d3d5f08b..4085a6e140c 100644 --- a/test/config-next/remoteva-a.json +++ b/test/config-next/remoteva-a.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "skipGRPCClientCertVerification": true, "grpc": { diff --git a/test/config-next/remoteva-b.json b/test/config-next/remoteva-b.json index 6ab73ee7de0..8e9a44e84fb 100644 --- a/test/config-next/remoteva-b.json +++ b/test/config-next/remoteva-b.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "skipGRPCClientCertVerification": true, "grpc": { diff --git a/test/config-next/sa.json b/test/config-next/sa.json index 45ec3810099..c11cc9b438e 100644 --- a/test/config-next/sa.json +++ b/test/config-next/sa.json @@ -15,9 +15,9 @@ "ParallelismPerRPC": 20, "lagFactor": "200ms", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/sa.boulder/cert.pem", - "keyFile": "test/grpc-creds/sa.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/sa.boulder/cert.pem", + "keyFile": "test/certs/ipki/sa.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va-remote-a.json b/test/config-next/va-remote-a.json index 682e393f0bb..15cac91de24 100644 --- a/test/config-next/va-remote-a.json +++ b/test/config-next/va-remote-a.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va-remote-b.json b/test/config-next/va-remote-b.json index e10964f72d1..e7fd187a5bb 100644 --- a/test/config-next/va-remote-b.json +++ b/test/config-next/va-remote-b.json @@ -10,9 +10,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/va.json b/test/config-next/va.json index bd3ad7677e9..abc38e53805 100644 --- a/test/config-next/va.json +++ b/test/config-next/va.json @@ -13,9 +13,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/va.boulder/cert.pem", - "keyFile": "test/grpc-creds/va.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/va.boulder/cert.pem", + "keyFile": "test/certs/ipki/va.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config-next/wfe2.json b/test/config-next/wfe2.json index 4c5fec4d493..b351c30b4c8 100644 --- a/test/config-next/wfe2.json +++ b/test/config-next/wfe2.json @@ -15,9 +15,9 @@ "blockedKeyFile": "test/example-blocked-keys.yaml" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -75,28 +75,28 @@ }, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-a-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-b-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ] ], "staleTimeout": "5m", diff --git a/test/config/admin-revoker.json b/test/config/admin-revoker.json index 4e364e3dbd5..c450e00878d 100644 --- a/test/config/admin-revoker.json +++ b/test/config/admin-revoker.json @@ -5,9 +5,9 @@ "maxOpenConns": 1 }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/admin.json b/test/config/admin.json index 4e8bdc423ea..44ff407af1a 100644 --- a/test/config/admin.json +++ b/test/config/admin.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8014", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/akamai-purger.json b/test/config/akamai-purger.json index 29e90e6ba71..3b2fe51b7a7 100644 --- a/test/config/akamai-purger.json +++ b/test/config/akamai-purger.json @@ -9,9 +9,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9099", diff --git a/test/config/bad-key-revoker.json b/test/config/bad-key-revoker.json index 941f20443d4..3dda0c44219 100644 --- a/test/config/bad-key-revoker.json +++ b/test/config/bad-key-revoker.json @@ -6,9 +6,9 @@ }, "debugAddr": ":8020", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem", - "keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem", + "keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/ca.json b/test/config/ca.json index d1a034c373e..cbb84f38511 100644 --- a/test/config/ca.json +++ b/test/config/ca.json @@ -2,9 +2,9 @@ "ca": { "debugAddr": ":8001", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ca.boulder/cert.pem", - "keyFile": "test/grpc-creds/ca.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ca.boulder/cert.pem", + "keyFile": "test/certs/ipki/ca.boulder/key.pem" }, "hostnamePolicyFile": "test/hostname-policy.yaml", "grpcCA": { @@ -65,8 +65,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/ecdsa-a/", "location": { - "configFile": "/hierarchy/int-ecdsa-a.pkcs11.json", - "certFile": "/hierarchy/int-ecdsa-a.cert.pem", + "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", "numSessions": 2 } }, @@ -77,8 +77,8 @@ "ocspURL": "http://ca.example.org:4002/", "crlURLBase": "http://ca.example.org:4501/rsa-a/", "location": { - "configFile": "/hierarchy/int-rsa-a.pkcs11.json", - "certFile": "/hierarchy/int-rsa-a.cert.pem", + "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-a.cert.pem", "numSessions": 2 } }, @@ -89,8 +89,8 @@ "ocspURL": "http://ca.example.org:4003/", "crlURLBase": "http://ca.example.org:4501/rsa-b/", "location": { - "configFile": "/hierarchy/int-rsa-b.pkcs11.json", - "certFile": "/hierarchy/int-rsa-b.cert.pem", + "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", + "certFile": "test/certs/webpki/int-rsa-b.cert.pem", "numSessions": 2 } } diff --git a/test/config/crl-storer.json b/test/config/crl-storer.json index 0630fc55d60..ee3285d0ae7 100644 --- a/test/config/crl-storer.json +++ b/test/config/crl-storer.json @@ -2,9 +2,9 @@ "crlStorer": { "debugAddr": ":9667", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-storer.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-storer.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-storer.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-storer.boulder/key.pem" }, "grpc": { "address": ":9309", @@ -23,9 +23,9 @@ } }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json index 802eb38cefb..aabfad987fe 100644 --- a/test/config/crl-updater.json +++ b/test/config/crl-updater.json @@ -1,9 +1,9 @@ { "crlUpdater": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/crl-updater.boulder/cert.pem", - "keyFile": "test/grpc-creds/crl-updater.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/crl-updater.boulder/cert.pem", + "keyFile": "test/certs/ipki/crl-updater.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", @@ -36,9 +36,9 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "numShards": 10, "shardWidth": "240h", diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer.json index 9eaa6442e9c..8992dc17ed0 100644 --- a/test/config/expiration-mailer.json +++ b/test/config/expiration-mailer.json @@ -17,9 +17,9 @@ "emailTemplate": "test/config/expiration-mailer.gotmpl", "debugAddr": ":8008", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem", - "keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem", + "keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem" }, "saService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/health-checker.json b/test/config/health-checker.json index 5999162641e..e2663f51008 100644 --- a/test/config/health-checker.json +++ b/test/config/health-checker.json @@ -3,8 +3,8 @@ "timeout": "1s" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/health-checker.boulder/cert.pem", - "keyFile": "test/grpc-creds/health-checker.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/health-checker.boulder/cert.pem", + "keyFile": "test/certs/ipki/health-checker.boulder/key.pem" } } diff --git a/test/config/nonce-a.json b/test/config/nonce-a.json index 70fdf15e095..c2dd9765c85 100644 --- a/test/config/nonce-a.json +++ b/test/config/nonce-a.json @@ -27,9 +27,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config/nonce-b.json b/test/config/nonce-b.json index 70fdf15e095..c2dd9765c85 100644 --- a/test/config/nonce-b.json +++ b/test/config/nonce-b.json @@ -27,9 +27,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/nonce.boulder/cert.pem", - "keyFile": "test/grpc-creds/nonce.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/nonce.boulder/cert.pem", + "keyFile": "test/certs/ipki/nonce.boulder/key.pem" } } } diff --git a/test/config/ocsp-responder.json b/test/config/ocsp-responder.json index f1762213a12..cb66e9db280 100644 --- a/test/config/ocsp-responder.json +++ b/test/config/ocsp-responder.json @@ -21,9 +21,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", - "keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem", + "keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -49,9 +49,9 @@ "path": "/", "listenAddress": "0.0.0.0:4002", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "liveSigningPeriod": "60h", "timeout": "4.9s", diff --git a/test/config/publisher.json b/test/config/publisher.json index 409e88fad8c..8b67b0bc7d8 100644 --- a/test/config/publisher.json +++ b/test/config/publisher.json @@ -4,20 +4,20 @@ "blockProfileRate": 1000000000, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ] ], "debugAddr": ":8009", @@ -38,9 +38,9 @@ } }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/publisher.boulder/cert.pem", - "keyFile": "test/grpc-creds/publisher.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/publisher.boulder/cert.pem", + "keyFile": "test/certs/ipki/publisher.boulder/key.pem" }, "features": {} }, diff --git a/test/config/ra.json b/test/config/ra.json index 20e997c1865..add1779ab63 100644 --- a/test/config/ra.json +++ b/test/config/ra.json @@ -14,14 +14,14 @@ }, "orderLifetime": "168h", "issuerCerts": [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/int-ecdsa-a.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/int-ecdsa-a.cert.pem" ], "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/ra.boulder/cert.pem", - "keyFile": "test/grpc-creds/ra.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/ra.boulder/cert.pem", + "keyFile": "test/certs/ipki/ra.boulder/key.pem" }, "vaService": { "dnsAuthority": "consul.service.consul", diff --git a/test/config/remoteva-a.json b/test/config/remoteva-a.json index 49d7ef5a869..ca21d7c89ea 100644 --- a/test/config/remoteva-a.json +++ b/test/config/remoteva-a.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/remoteva-b.json b/test/config/remoteva-b.json index 5adc12af89a..f49cd16c141 100644 --- a/test/config/remoteva-b.json +++ b/test/config/remoteva-b.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/sa.json b/test/config/sa.json index d5dd3d17095..24f6356283e 100644 --- a/test/config/sa.json +++ b/test/config/sa.json @@ -11,9 +11,9 @@ "ParallelismPerRPC": 20, "debugAddr": ":8003", "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/sa.boulder/cert.pem", - "keyFile": "test/grpc-creds/sa.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/sa.boulder/cert.pem", + "keyFile": "test/certs/ipki/sa.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va-remote-a.json b/test/config/va-remote-a.json index 2a841578aaa..c9571b5c40a 100644 --- a/test/config/va-remote-a.json +++ b/test/config/va-remote-a.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va-remote-b.json b/test/config/va-remote-b.json index eab681227ab..c853f0cd99b 100644 --- a/test/config/va-remote-b.json +++ b/test/config/va-remote-b.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/rva.boulder/cert.pem", - "keyFile": "test/grpc-creds/rva.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/rva.boulder/cert.pem", + "keyFile": "test/certs/ipki/rva.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/va.json b/test/config/va.json index efb346be49f..37388b8f964 100644 --- a/test/config/va.json +++ b/test/config/va.json @@ -14,9 +14,9 @@ "dnsAllowLoopbackAddresses": true, "issuerDomain": "happy-hacker-ca.invalid", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/va.boulder/cert.pem", - "keyFile": "test/grpc-creds/va.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/va.boulder/cert.pem", + "keyFile": "test/certs/ipki/va.boulder/key.pem" }, "grpc": { "maxConnectionAge": "30s", diff --git a/test/config/wfe2.json b/test/config/wfe2.json index 7abb7899db1..574b9b09c44 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json @@ -17,9 +17,9 @@ "blockedKeyFile": "test/example-blocked-keys.yaml" }, "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "raService": { "dnsAuthority": "consul.service.consul", @@ -77,28 +77,28 @@ }, "chains": [ [ - "/hierarchy/int-rsa-a.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-rsa-b.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-rsa-b.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-a.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b.cert.pem", - "/hierarchy/root-ecdsa.cert.pem" + "test/certs/webpki/int-ecdsa-b.cert.pem", + "test/certs/webpki/root-ecdsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-a-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-a-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ], [ - "/hierarchy/int-ecdsa-b-cross.cert.pem", - "/hierarchy/root-rsa.cert.pem" + "test/certs/webpki/int-ecdsa-b-cross.cert.pem", + "test/certs/webpki/root-rsa.cert.pem" ] ], "staleTimeout": "5m", diff --git a/test/consul/config.hcl b/test/consul/config.hcl index b8543f5773e..08e3c2d1d22 100644 --- a/test/consul/config.hcl +++ b/test/consul/config.hcl @@ -10,10 +10,10 @@ log_level = "ERROR" enable_agent_tls_for_checks = true tls { defaults { - ca_file = "test/grpc-creds/minica.pem" - ca_path = "test/grpc-creds/minica-key.pem" - cert_file = "test/grpc-creds/consul.boulder/cert.pem" - key_file = "test/grpc-creds/consul.boulder/key.pem" + ca_file = "test/certs/ipki/minica.pem" + ca_path = "test/certs/ipki/minica-key.pem" + cert_file = "test/certs/ipki/consul.boulder/cert.pem" + key_file = "test/certs/ipki/consul.boulder/key.pem" verify_incoming = false } } diff --git a/test/example-blocked-keys.yaml b/test/example-blocked-keys.yaml index 093a1e46a52..028d7423f0a 100644 --- a/test/example-blocked-keys.yaml +++ b/test/example-blocked-keys.yaml @@ -14,10 +14,6 @@ blocked: - F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg= # test/test-ca.pem - F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg= - # test/test-example.pem - - 6E/Drp3Lzo85pYykpzx/tZpQZXeovto8/ezq1DBiSCc= - # test/test-root.pem - - Jy5HDlBtUvKkLtEsGbdp0o9LvVJx1lYG3R+n5G/KgIo= # test/block-a-key/test/test.ecdsa.cert.pem - cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M= # test/block-a-key/test/test.rsa.cert.pem diff --git a/test/grpc-creds/10.77.77.77/cert.pem b/test/grpc-creds/10.77.77.77/cert.pem deleted file mode 100644 index 12804efa3b7..00000000000 --- a/test/grpc-creds/10.77.77.77/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDjCCAfagAwIBAgIIQbFdR2fXsHswDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMTIwODE4MDkzMloXDTI2MDEw -NzE4MDkzMlowFjEUMBIGA1UEAxMLMTAuNzcuNzcuNzcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCrE64Z4Yh4E6aQ1zQiNgCvW5LWBI9yZZybZxLV5J1C -yMtpgY3YsCPZ/6JUI4SvabenU5Pa3T407eHjmDCRNce04j4BE6e7psPjRa7hvI2A -+IvLB7eiaCnE+sdAMFsLxraWwTu67tmeRxYxWScMpULlFren3HNNqmtAN3a4yGy5 -y2pHMgCnOSE9R53tuF2uqJ8BRW44VLDt4kZ9hwm0dW8EJY8MBCACPGtW2YwBG/5E -zrRKDWSBl9g3mYOwgRdxUMV1h0eVr/llVFb+/UZCLUb5zq/zKKEkYOT4Ihr7wtin -ahLwwVwdUsMNE9NzljMC/aIR74qhBeN2xAJ3ZZQKrqL1AgMBAAGjVjBUMA4GA1Ud -DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T -AQH/BAIwADAVBgNVHREEDjAMhwQKTU1NhwQKWFhYMA0GCSqGSIb3DQEBCwUAA4IB -AQCOa5b+zRgQBhlPWiC04K5C/Ys3dUtqKhKrWvPIiraNi792X/T5t1ZL9liV9A6n -b10hHcCDIfyRFIJRyE8G2fyzqNlGwCr8J6puWrg4wMPt8q+6a4r2ZqaXm3aQTfGs -4Tgxz10gOVimeiUshVyrpaceyiboOKxJbBRuLNTTK9Jp74fWRd+F8KAINWN+SpF4 -6ggzXNiPYZZTBPGeAOMyf0rnf7CWAbw017uHhCiykJkMy8sZJcmQF49gDZTIN9pt -eI0SeB4ku5lgAOunqrTGyPLeVaevtcU//TdATuukhnCFes6vt/6yC+sWQEhEQw7P -y2Kp8T8KcOlTeKr8Cb07B2M0 ------END CERTIFICATE----- diff --git a/test/grpc-creds/10.77.77.77/key.pem b/test/grpc-creds/10.77.77.77/key.pem deleted file mode 100644 index 30a8d2135a4..00000000000 --- a/test/grpc-creds/10.77.77.77/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqxOuGeGIeBOmkNc0IjYAr1uS1gSPcmWcm2cS1eSdQsjLaYGN -2LAj2f+iVCOEr2m3p1OT2t0+NO3h45gwkTXHtOI+AROnu6bD40Wu4byNgPiLywe3 -omgpxPrHQDBbC8a2lsE7uu7ZnkcWMVknDKVC5Ra3p9xzTaprQDd2uMhsuctqRzIA -pzkhPUed7bhdrqifAUVuOFSw7eJGfYcJtHVvBCWPDAQgAjxrVtmMARv+RM60Sg1k -gZfYN5mDsIEXcVDFdYdHla/5ZVRW/v1GQi1G+c6v8yihJGDk+CIa+8LYp2oS8MFc -HVLDDRPTc5YzAv2iEe+KoQXjdsQCd2WUCq6i9QIDAQABAoIBACgZH8ifLT5/1J3E -Y0rVf4manCsfvIOiv3dJTIfn4thhehQLsrSkbHLPUTwJazM2Qz6r/07gZpE/ZJ/U -7yVKBromAUR9V+ZK60Uc8yWj7ULafuGiuG8PnSK3aPZpnx1+gROKzTY+f7FylggR -Dm8PWUOa9Icay8fbdvIBTgl3qMxPOCgLyXNXNJHcKIPb71L1T5EL2H9Z5vHF9tFy -TnbpeK0GlmBHIeseVaFzruin3sqxjRftVEgTL5XhTq/9uY3EUutq8SGRoidbpp/+ -cr0I1IpFcrJVmJHKdfJkdRI2u3LtMKS3bpqJU7MKn1DRzvQatdSQwn/V8wU3iG8o -04dus60CgYEA3IBOLJRfMFgj6LbMSySoP8JIzVvnBHIMXGd7mzuYUlV2GjVO5oD2 -nh4Q3eGDT2TZ1GbaGGHLhpCXIx87oSXHZz+vw+sDh+WHEApLKZMRZLMxAbNcsPQL -fhcmaQVkfxaV78rrt8TYuLDIU//bOTwGJ48Maj92RT1z5hOOiBkdQe8CgYEAxp5p -Au9kiJFEIgHVtEN+1qHfnwZJI0xOkDfsd+a1J6PZLimHAfiYETAHfJq1cMC4Mt/G -4l/WDqwcWXI/9A/gN7NRv0miQ+tDyVHntohaGoU+0hm6QfXag6VloWs/X8mlzCeu -46AXAni4lbW9nNWwImEL1uSC/Oo5vB45OpHR/VsCgYAivfyTPZV58olF43dw54ey -9BOwd6iApM+Zx5xMKymm31xKaNfTrcIty6LwstWTrto7gzEd4lrFCwclO4iTrXYr -qHczMVZPFTUgq96H4Go/KZSxJeeW4fzlkxQ0O+tHsvFQ5PIa9GMJRqFpyshpzjFS -DlHwc6tY4YPfXnl4rCxV9QKBgAsrwbA+kqLzuKdI/yICYdHkjNU+30Iy+oA2BQDB -YxL1rjNgdo1v0+2zi9hAQ1AyJqoF2APHbByrJXUKbfpmIjA/z6s4kv3K76cVCjlD -9f1j3SKn+8fV8hJRbSPlCk1y4/ZVjQqUaHblH0ycSivWAPAOEUJm288pxVGFSaa3 -qN3dAoGBAIGSn1PSjIVqypCQBBydedS4WDjqwkLoL0bOOZRLxgk+dtfD2l8wKqWp -Helyqym23d58QPb0ZwMU3g/0pZXDqX+w+bnUvAvjfADmFNe6T1nWYiu9Mn5YHAyO -G5s2aHfB8aSIqQSRASlWgFEmftfpuapRGAmOyZr2JYZuaELkvPmP ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/README.txt b/test/grpc-creds/README.txt deleted file mode 100644 index a3fedd51758..00000000000 --- a/test/grpc-creds/README.txt +++ /dev/null @@ -1 +0,0 @@ -See ../test/PKI.md diff --git a/test/grpc-creds/admin-revoker.boulder/cert.pem b/test/grpc-creds/admin-revoker.boulder/cert.pem deleted file mode 100644 index 3ac5ac403b1..00000000000 --- a/test/grpc-creds/admin-revoker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIII+r9Aa122b8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owIDEeMBwGA1UEAxMVYWRtaW4tcmV2b2tlci5ib3VsZGVyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd -92EnovjLUaTw8VsNkzuhVayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gzi -z7vVjunWGTTbbzZyu6Kx9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+ -fCd/1ldqV1pNJoxjK3IYjOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRt -LRJ/oUmZnYZTrKSeKm/7uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5m -bKDRv8S1rw77DJN4CtWwzuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQAB -o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF -BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWRtaW4tcmV2b2tlci5ib3Vs -ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQBMy1TRdqMV5jUIOXdAkiI3TosDM2vrRMCF -TIfmhlE8lAy/PkoTX3i7aUPd1MYfJw18XGwaS0R+hlDusZPSgj4GmatDO19nrRoQ -fK7Jv1vWT40uLr2KbuQcdtJtPHcBZD7H/j3nIFYgCy4KRX0Hf+a0OCKIMuQpafv/ -z8iysucwB21EndkbG/WhPBjCP/OuFYjsF4oGtndssnNm7Hze+2wBwyLRoBdets/+ -Wc64SZ+rPf8zab2qsxk5HS4xgOxL1qQJF6s1YgCJlZnMTWA0iAyZb2P5/g+Lsh9r -5R1JRKCLCyg+skhZhPPG2Y5B0RWLiq+H3RsX7RWNwqc5cZTL1EDv ------END CERTIFICATE----- diff --git a/test/grpc-creds/admin-revoker.boulder/key.pem b/test/grpc-creds/admin-revoker.boulder/key.pem deleted file mode 100644 index e5e33fb0544..00000000000 --- a/test/grpc-creds/admin-revoker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd92EnovjLUaTw8VsNkzuh -VayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gziz7vVjunWGTTbbzZyu6Kx -9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+fCd/1ldqV1pNJoxjK3IY -jOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRtLRJ/oUmZnYZTrKSeKm/7 -uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5mbKDRv8S1rw77DJN4CtWw -zuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQABAoIBAQDYQGZ2fnN9OKhz -In/bbwPXzQsG70WfKiIWfe5YDBacy6cRL9Z+UJwmp5FviqIASXLSRoPZBbZHlRth -GXTDoqZIgWxDBbxsWF1nCwQGRYixrJtfL6o08fAzWYMroO79NecGRy75zFLG7QgJ -jvFeqazMa952u94vckImNSk0xjc9Qcwnb+DJyyDITTp0nSYS3MeBFcP3wXD3JpaX -eTpgk67Z3GWQpgzxcB1t7YTh8PEmcqz1ck4vQDJbSomjCfipxM+e2RS1jkCXl9NP -anQ4doK7xQAFwO90ZS9+fwffn0ath8qJEtb+wMrZeS6HbisvRw4ye+zK1CWYsi13 -oMNgm7jBAoGBAPWPWZHm2r+02pOE5ll1/ZlL0tS8vNzLF82MK6KNioDLO5qBpWkw -z/WYPUXvFrG1FFmBiI4BF0S9pGT2UN7rTYfkq01cH8d7e4zDBKaUR8zAalCfUvbH -8eDdxA0+OPuBsQftPOkX0gNeUHAQF4h6VWAk+rJ5Qp+KHRa2FI9EpymbAoGBAOIg -EYkSNJSPV/SngVKwvaBEaf5xaiFqr3rxyw/GUt0ufCEZJgxHHsvNW62f1qG7/tXn -/HYwFs/W28giOsBLf5KFJhzkcxmbzcN6noESBcFGBU8moRmFalx8tJPSZYsk9e75 -3AslH265W7BCdSDgoBeklxEVvT95kYnjXD/6sbsJAoGAZIw8/dwMSCEyuuLZO1pv -69w7SPa7UqEqbvTtTRMt2kzdbAeYBnmBPawHsuISZdOisH+0vYi+0Vvhu6GMPasV -xQYiCnwlWxY54cpc1iSzPaiwH7ENVJVMemn0BAQtavaQ2ZEPttYVHWH6B9je+fg1 -ize5G2lBmXgBLzKBOqS+2e8CgYEA16A42HqRxTBDcTrhqRZ8XH2gjU9dIux21UgI -mMxHbD7Ng0pV69NN3I3A5HnM04FPam7DYXhN6Hc8MUXivEfCKNfrFhYKY9schVFC -IFYtQrYgje+KI6oDWJpaH7O7vMnL8sw0NjR6Gr2KXzOgOW+5eZIrs9EFG6gzTkeO -SjwmivECgYAiApXx3ie+bHXObfGoYP1QSGStC3jQrvCktPMH8/dn/cTYI0DYOvqu -Xrl8KinPU6y7qe77fLXgvD20uiJom3JdT3n7MdbyhGDmrVdSN8qT8l9LCsk+VKjA -0V2M6gXDvEqSdTmu/Wp7KaEirg6gUGFGMbCuPFHtlYimsNKwzbKRQQ== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/akamai-purger.boulder/cert.pem b/test/grpc-creds/akamai-purger.boulder/cert.pem deleted file mode 100644 index acd512b6cff..00000000000 --- a/test/grpc-creds/akamai-purger.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIIW5j5C55IeY8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowIDEeMBwGA1UEAxMVYWthbWFpLXB1cmdlci5ib3VsZGVyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg6 -2ROwwG9QUxSqBvRatXxwikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QP -a0RhyCaJNvVXeZQTFVNiD2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoL -ygWmKII73Z9cFfCbZCyI+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm -1r9k1usS2nb2WuYD3zS7pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3 -bQTV3G4UWCQVY56gDlGPNc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQAB -o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF -BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWthbWFpLXB1cmdlci5ib3Vs -ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQAdCgi6pSIIJu7Mp0zUWEF8XDadu8ys6j8F -RUiVJwEsxPlS8yMwdcK5r0fs0A869aeFJ0+1aWR2pgSQojhhBqYYqtO41J4BW/RM -n2sksSdr+Xyg7pU7jtsrT8x7peZHlgnm/lGkj4BwTg7phMNKTlcnbubMZDfzrqGm -6nFkTDyVRrNsoQIQNEW5zWuOEwYVtYhC5g/0De3bRgNuWgBFeW6WANuZNdX6PzoM -q1a9sc0HNfH/3mFyVYFY9HTWvnwMhWH3rh3bF14yGy5atyp9QffgB++xTV2rnknk -6y6iB2ULsX0wzcaDsJRTgXFaZpIXYjrOyzQBCUfqut7wdgNKDznI ------END CERTIFICATE----- diff --git a/test/grpc-creds/akamai-purger.boulder/key.pem b/test/grpc-creds/akamai-purger.boulder/key.pem deleted file mode 100644 index f64a749898f..00000000000 --- a/test/grpc-creds/akamai-purger.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg62ROwwG9QUxSqBvRatXxw -ikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QPa0RhyCaJNvVXeZQTFVNi -D2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoLygWmKII73Z9cFfCbZCyI -+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm1r9k1usS2nb2WuYD3zS7 -pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3bQTV3G4UWCQVY56gDlGP -Nc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQABAoIBAHQsRrsDdJP9pRm4 -bN2aQkCQ1KKrs2d9rXU2j4K3EPSS8qkLm3nlZhEAaPcDbt00n7wZLQ4qTwlST3WS -5prdVO3fXQrAwGqUjzEtbWoJsfj/bNQKhhcoae8asr7X0ZLqvp2DoxGT2ugIhcu4 -bdTWlmcxE8wRuEqqVIhXT0E8wQiv0eqcIdph/jfKisvRp0v8GUodX78XcKTVZVSZ -A6OQX3LvDwun/iFxIDB28m0OQ5KYdhPG52pso+DAedtM7y8nHAmMAOfo9ERIZGtW -6kWElCl1HAm9+i4KO8FYRD/qu+uE3MbEzKnhJUNU4BPBEFOf2J4RfVlkkficNiry -uQMeUJkCgYEAywxeuvtfRPEA5HFYEV7hIxX0qIoj+0WvZ/3SXP7mLC1cmPRy3clO -ekMWAW8uoUXWrP3/DPiACLaUcmTLK0evdv2vJ67QHHLRej4TPGqA0JCNFQmTI2eb -jnnjc8O3hEE/cT/X+xG2tj+00uSjWeWBwZyReMISswh9wZfWx05SKYsCgYEA+NmT -WLQpH7FZfwQvE8NvHWRoQfq1mqK7jEjeW/3MGLoz6eYWYGnrmlSaxCtJtWZsodTz -uE7jCgtPcRQVq0ab+Wav/45jXdi/kp6DGVMj0fCOO2jXBS2juNjRmgjt+0qjMVS1 -oV6tPws02Pmu2cjztL4KopXg73HeDUevRSIRZsMCgYB3FuxAsspvvwKM+cVzeriF -QY1bhJoR+A8m6QIGtSH+6yQSOd1dI4K5xrsTYEhzImkE0XxT+TPu6FcsuN1IpyTM -n4Gpvqgk51rhXaMenkCrEv0MR69a5puf9vFmpnXuRe6V16IviXYmcjr2Lk94nFl8 -Wv4fW4RoKSTI9OttvgwGfQKBgBAJ9fVBp2TjiWEmY+JiNkcusYmPHyVYV74y9CH5 -ua3eUnpA2jBco1LPISqDn7yRXW8QyqSWcQu0ruoa4UqowmTQuYc/JihmT/KjRM/d -C/H8Dy7FExbCWksPrnK/IJeRt/L2Ar7j20a08jMJ5LskuJBtr0HLZzQHosg4VpOe -HoEBAoGADl98HXd9a19TOXST9bhDSIDoTQAVwbGm4Oa02vsG9jH3zJXT4eqmGe0u -o54kve3wijfZCX6CXydavhWjMw8oPWtmgolWbq/XmCL2u2IipsmOCRJIe+d5/MR6 -w8zhTO1S01HOTt4iqPdUDm3dVLglxBWsEY54UPiWy/C5crVVjco= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/bad-key-revoker.boulder/cert.pem b/test/grpc-creds/bad-key-revoker.boulder/cert.pem deleted file mode 100644 index 35d3f0f4295..00000000000 --- a/test/grpc-creds/bad-key-revoker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIC7tqBcllYu4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowIjEgMB4GA1UEAxMXYmFkLWtleS1yZXZva2VyLmJvdWxkZXIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl3ZqES4bxj9rIgXPNO6g4g8co -juSenavBtnJs9Rd4tCX4Fh7i3uw5yRqumeSyqFOnnIX1BYT2vJO9ZbGYNm+yDhTj -kNcmGVHkaEY47okcx/b1DPgsYeX/t0hF+/ol/iYaBWSXbBiol2E5K9uf8j0IjFCH -X9zX5eIhkGGxku9S7WXh6X2XywNW4WURevs4B92dDrv+fQg59Dno7fIaRE+T5jhO -1drWm4LO0ueCeYFHHs06i4d388pEiwUeQ3Nd7zQhovTs7SoWcDhoHU3dPwMr5p0j -e8tZtxhMgfbT2uF/rpxNCmLHlDOR/GD/xQOb8iyqPzWo+cxbI/VbE+Y5R3FRAgMB -AAGjYzBhMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwDAYDVR0TAQH/BAIwADAiBgNVHREEGzAZghdiYWQta2V5LXJldm9rZXIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAFeVYM9Uo2TIMN3lnTPlmIkoAcEvb -SO2B10ezjg8h+x9hJCw8AC0fyxY5cFvO6ZpnPlr+BS8R5lyMqA8nhyJMErDbqTla -d/6IOzLs88VCprda5anEQSOTq0I+tbOzVP8O3Vu+fJQ8kJEgFcCQKVUllqCj/w4h -hh8co3sfrj3oNSmy+/Nd0y5RGUpqBiRp0X0pls1flBus8MchXnDcVo+p9re788rl -DTCO4zk+SoDMNCMihkkSJAQKAzwhSyNDgwvL7cwOexhI0tLZGC+u2NlriIFqZqAT -qiILQnyMNTWnUfcUtu/iHr01RJcCAn2dfCuhBEUHv0XS+Y0gw2vR4YpyLw== ------END CERTIFICATE----- diff --git a/test/grpc-creds/bad-key-revoker.boulder/key.pem b/test/grpc-creds/bad-key-revoker.boulder/key.pem deleted file mode 100644 index ebd53663dbe..00000000000 --- a/test/grpc-creds/bad-key-revoker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA5d2ahEuG8Y/ayIFzzTuoOIPHKI7knp2rwbZybPUXeLQl+BYe -4t7sOckarpnksqhTp5yF9QWE9ryTvWWxmDZvsg4U45DXJhlR5GhGOO6JHMf29Qz4 -LGHl/7dIRfv6Jf4mGgVkl2wYqJdhOSvbn/I9CIxQh1/c1+XiIZBhsZLvUu1l4el9 -l8sDVuFlEXr7OAfdnQ67/n0IOfQ56O3yGkRPk+Y4TtXa1puCztLngnmBRx7NOouH -d/PKRIsFHkNzXe80IaL07O0qFnA4aB1N3T8DK+adI3vLWbcYTIH209rhf66cTQpi -x5Qzkfxg/8UDm/Isqj81qPnMWyP1WxPmOUdxUQIDAQABAoIBAQDDF9VYKV4r0cOH -388wRkzdQoMbGkRRl1K6g6YUceRs7sE3EVc/iKKH3PaHcFgZhiISJRfQwNF8NMtT -uWcE4FbmkWsLRdhFHsJRkGrhURsQUWt5ynsr+B8kbSOrOlSyQEWIWkFo/zbiiDDd -PCsYUpmYkraaXzNqDlNh11ADTclP4E+LxOD0/f34AnmP3+NjDEzjyX3u53zsJkQH -OSlObz2Bsr6NwBUKVdj1iA3Yms3RzF+/AWlTS4IEFRywJvhGXpPmc95Eb0HgW4tB -aZSVmJzL4M+imm8nLzlM4F2ocMLk4pWiZcdjY3EEO5Xfzy1nVGKMtjh+CD/LaUkS -LPWxycZtAoGBAPGTy6I+4UhnPevkgrLPSN9NuSIRNfeBeRtOTqoO1EHybtWJyXFk -1Em42RcqpV3sDj80LsajTd2iWCIMRxTxS9XIWnE4QuEcI/L05rIULXKJYzDG/lTt -M3xPUiOF3I8hjAtg0UT+MbMaeBLKetK19WZgN7X9eUa2Gchv9l8ypqbDAoGBAPOW -z03Z8R8zG58NShSQMwskGic4F6zRVnOI39nQbE1z4gXGlAJW2sgp9Z6KvNDTvAPh -tmunuFw1CJeFO1d5ITmSHD2U+/6v9mICGuzPYdkAOsDgymzdziu4zkLRQcXuayAX -D3q0OUH7PV0JCr7q1II0iqvPfU9z7VIakhflro5bAoGBAMxiZZucJY/TQVFNoMJV -m2rJ4EMRWp5PnT3b77PzHeO5j8n8bEEStIS27nyqKQSgjaEtrhGC4oMMMhKEXrM6 -PxXdD5/QoMzBuSx5xKCPb7ACyrfe9Bi4IqIenfjN7T/vewO5YvRDN5s3XrVPN8EE -D14RM7E2hZ+su32YNFJwkQxvAoGBAMsTZp6j3MbDB/sQzDragQN/xKH/vJUiLO3D -JcRkY3Yq7zsbc5eDq4AGozPavFFoxC2ERl34BNYyjIgt1ew2GwHxEsQwaenJ7yGE -WcglmJCeBV15yqj6PgDrYGIKLMiD3SFyuD/28mlUuLLQb/n8stAeV6GnKPRNVIQH -jNaJcH5TAoGAI2yMpNV2GrV3fMIg/tzEmy76BUvue2Bwkd/6aktbcOWbbf2YpEo4 -xg8QTN6QjMyD4GPPkbpmBJe5d6I9fLsxMHqaBHuuJi3WJY1ka53K2Bcken++HaKs -JDOz2SlfEwci5WdVPzC0l/dFmaojbtZWElNcy0tisflFEC6QwyibiC4= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ca.boulder/cert.pem b/test/grpc-creds/ca.boulder/cert.pem deleted file mode 100644 index 73c7b2d91ea..00000000000 --- a/test/grpc-creds/ca.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIUk0XH4XG6SowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKY2EuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAOu8LYhkVCZ7AHLuSBFjGgDt1Lcm/pQAaFfKtHnRJSvN -y0EWk0hIPqLov2QR3p03ZdZlzTxQhAO8u950I7Qjp9UMghfr3+Yd0VgSdcGoOGPL -WT7lV+mzmQpiGdcItSKRbG6kTqAo2BseQnYTaZVNLJXzaRvQ2KKfp3slefDY6oa9 -9WAPRISjAba9NS0ob2gKhiv/6pESwKNNzYT8TKXRs/bPYbZsXoraaKUuA0gADFTg -ioLJhdyOjGcpIpyVcD4+zJmZfAGpdTlO8BDxE/GDVBd4sq+f9DL4NpCnnNI1ZtRs -FobqNys5TAmXQYhGvAF6QG2F1QfmmQwrdlln9lwttIcCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCmNhLmJvdWxkZXKCC2NhMS5ib3VsZGVyggtjYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAUR6EEIUSvIW8+Ceh/nti0V3VIm0V -cFFmFM33Gi4ZXCUxCJTgsFQHMUboXLOITba20YZLtUMWtDjwOuDI1Kq68BxagMRN -uOM8PBXUfT69mJbCmVOmtE9NGO5Pv1lQgtQI+hdbAHOIcCnhJGEguLSLO707a21s -MaJ5vHovH6bw4ZnKw2+qvc+9SAKeLWrdOp1BDvMOiCgI7IwxhdlK0XkV75AAVkrd -aINmvNyiTfhtNO0/CNQfXQmrLDnF9xvJWj06VnLy9NN+bgSk+Wtl5gUwHX2uY4tl -JU0NOQmgzDJZBd4v1a5XURbJl6Aig5nkVR1DpbBmLCVxNdjZjhhkkwGksQ== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ca.boulder/key.pem b/test/grpc-creds/ca.boulder/key.pem deleted file mode 100644 index 794d800001e..00000000000 --- a/test/grpc-creds/ca.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA67wtiGRUJnsAcu5IEWMaAO3Utyb+lABoV8q0edElK83LQRaT -SEg+oui/ZBHenTdl1mXNPFCEA7y73nQjtCOn1QyCF+vf5h3RWBJ1wag4Y8tZPuVX -6bOZCmIZ1wi1IpFsbqROoCjYGx5CdhNplU0slfNpG9DYop+neyV58Njqhr31YA9E -hKMBtr01LShvaAqGK//qkRLAo03NhPxMpdGz9s9htmxeitpopS4DSAAMVOCKgsmF -3I6MZykinJVwPj7MmZl8Aal1OU7wEPET8YNUF3iyr5/0Mvg2kKec0jVm1GwWhuo3 -KzlMCZdBiEa8AXpAbYXVB+aZDCt2WWf2XC20hwIDAQABAoIBAGy+aeK5JXh61UIv -WV9r79rt22qBun5bkcat44MuT49dZ52m5Fo7uWk9JMzs0VyE6Z11aK+iFMQElEWS -HcZDjHBjTL/sN2TX7HJMUbX7+8dNTuYMtflAuCBqELF5etVvcC257etD7CzWUKJX -YiVVbHPfzWTfeo/KRmAwcYgBCG8O3zM30Vvy/e8S6AdNskjozSpDy/FqHB+u65Rr -UWBWtmBM47oeo0ZQFLSOjimziqLnCq08uLtj5mQyV5/9kfqFgLQ37BrT8gSjxDmj -KXSEsvLJOZHioe6exWRsGaq2+KrD7A0Ns+sV7GUr16QnoTHNpfdvx2GMtaFg40MO -4dUIxIECgYEA94nv+e8wGkmEE+Fs93oLwbRmZ9HMof2TsI38miThUk8polD6ppc7 -uhs4v+FjO+KvE4Epon0sC5C+q2LkbbtX2vC1cp2XAfW++GlfB2GgrUQTBilsGiBw -pkVfTSv0IwcADuUwwWXV10jMbLRBXP+eAMNoAHI3SNLwMPMSX26/5K8CgYEA88rz -9wZoL0jFOtDvEzU8BfLQzdRtF7jwr6rdgX6ijk5EXf2TEfCcWlzzATbFjwULnf1t -+puAS4XuZXT9eYjeLYefrnTwia6MB+9QuAWR+Xnw++R3BTbEF3tMqbCL44Z02K1/ -MWlyKSA9aVIHW6z9CcQUw0yOQweoBtb48ZoVU6kCgYAev87EoFa8XTd/9LfBgjKl -rFAwQ1qFIOfQvcKML1qiC91jIWYRfaXYt3r0Mv5NuRoAdUIDwkLPaPqWdaFklCoU -s2QGydaxUqKXXxeD5je8bkFiuZCJKlB0BxgQkQ4xr7PtJcFJtOm8ZXmnYzjfYY1y -ENQBgi6l6DYYDonQuwQxVwKBgEAw6Bva7APHPWdHLCv6kFtgm+oWTMM6RuV6L+iw -10xw/z9gTSEkIYcJglKHgW0u/ugSmqqp1xYLpcHBFBy0FQwX8cuVruARvX05Xh+W -F+GAYhtxBIWy7d7g8Ead3beC57FFvX/dK9n4SzM4DgftfJLdtjnWJn8vvOZQJCw5 -TfRBAoGARbZa7WnLcgnl3oQZfxfyIhWLqDG2LPKr/mBZhqU98h/jxuxl2/GvpnPn -XeE4YePge2WULztMc/g67YL69y8oxekzz95C4tLACVg7x3f2k+Ri8qPogCFjimcV -ZhboOAk8b9Z7N5hOKyRopkd1j3Afzo8t55jmT8u60Rggj2jyUWs= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/consul.boulder/cert.pem b/test/grpc-creds/consul.boulder/cert.pem deleted file mode 100644 index e781adc395f..00000000000 --- a/test/grpc-creds/consul.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDFTCCAf2gAwIBAgIIRC1Y1hKKzsowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMDUxOTIwNDgzM1oXDTI1MDYx -ODIwNDgzM1owGTEXMBUGA1UEAxMOY29uc3VsLmJvdWxkZXIwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzmWPETAwj/uX9k6QQJzCEnBJ6khU595Q60gIS -/KFYp5XOHHZtIXkoJDQsLAgit1Pu954x386nYslcsD9mTbYNn9JS0LQdU972fUxJ -46eOcazSBrlodkOCzXcw2F5bqxZD0UO/QmsZ2au9MBWlL8fkjiRNHvbtRKx7zSWe -kfN+tLzUqD/CZpw3OgYxk4JCNSqDPJZS8IEDCZKHK7rh40MDeipomWxWFplKus2z -ScTbMB+WDPY03K92BeWFSzM489ikhCrwRd3JnngrpUaN2A4FKhNsjs6LS81/Pc3C -oeAi8Ri07IcImo0uBoBNz96ciLLh4eI5Nx00gW4Ls+TdpPw/AgMBAAGjWjBYMA4G -A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD -VR0TAQH/BAIwADAZBgNVHREEEjAQgg5jb25zdWwuYm91bGRlcjANBgkqhkiG9w0B -AQsFAAOCAQEADYSDjhevQvxsVO2mBsyxSSnH9zk8Lrlx3a0CBSaiOcfP4yVUM8UL -Z9ZLVfIt53H3gGabLrXngCoHdE4H4OVxbvQpaHFSDsg0/hET770vhgw+5s0AnKKp -cxC8GmyMbRm0Svn50Ym79MFyqx+rzIApDja7x8+n84DBGDab+MeBkiUtPt7oeoG0 -Tcb1IkSApaWxOznJid9ARN7sVY0LBeoaHaXPZfJ6ZooBrTJOpxkz7PD39G7On9K/ -4S4we5FnBZ8moFt2Dt1fnBUvdvPX+765RUs//0RLf2l0vH0mUQselxcbipkAXQOU -Cwiel9a3p436EBvFmMaJ1msIJNPGqkPPdg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/consul.boulder/key.pem b/test/grpc-creds/consul.boulder/key.pem deleted file mode 100644 index 872d524af2e..00000000000 --- a/test/grpc-creds/consul.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAs5ljxEwMI/7l/ZOkECcwhJwSepIVOfeUOtICEvyhWKeVzhx2 -bSF5KCQ0LCwIIrdT7veeMd/Op2LJXLA/Zk22DZ/SUtC0HVPe9n1MSeOnjnGs0ga5 -aHZDgs13MNheW6sWQ9FDv0JrGdmrvTAVpS/H5I4kTR727USse80lnpHzfrS81Kg/ -wmacNzoGMZOCQjUqgzyWUvCBAwmShyu64eNDA3oqaJlsVhaZSrrNs0nE2zAflgz2 -NNyvdgXlhUszOPPYpIQq8EXdyZ54K6VGjdgOBSoTbI7Oi0vNfz3NwqHgIvEYtOyH -CJqNLgaATc/enIiy4eHiOTcdNIFuC7Pk3aT8PwIDAQABAoIBAQCMsuhTyffg4zou -c9GdzfXWjaZ0W6lBZlG72vZBBaUpHPDhLa8hQ431ApfU2xHskI6ysU4/aEQvIdb6 -RCEG9m5fMgvFUTcpmqEbnYF8iVqk3y0yxI3P5oZxHKH5pCgXzGp+6pwWY+QftkUy -y07JwCrrROfvewibTKeLvWVxWonVglZAqquECeyz/JgVCQY26MI2ekPaKRNjVXYw -uQfIwFERoNdaSKo8Q3gOPUxQYit8EEXz9MGcop14YFtq3U166UxV/cgG1S5zRA8B -x8BBiDDlebIYRod9j+TfYIuWdxhxyRJOX1ozpwggs0pVFIP0fVZU2hpYSdOSsmBW -ySi67OdBAoGBANohyWtCEk1kDAX0oAKqeyn+qj+8DjJA3UQebSN1zxtZeFFh8H3s -83sx89/uZrZcF068Wcm4GSQMmLgMbg0hxGa86DxMdtogYyENP2cc752hWRKZodqm -oFjqIb1eQKkku7pswcNiwOlVJxygrQH0uZXKbiNPkzncep17LBosQSYPAoGBANLH -IS9lSYEQ5urwY1JwMPyF02VqiEohGHa023gHxDUjEmgsYpqPAO5H5kyMPdr/hZ+8 -RyfQOKOo3IUVQasUpgKG9OKo9+Jw4rHeLBpU0Es5gsMqQqBTFirSF+klWeP9IkVS -6z9epDgjISv4Dd1wNO/n7od8A2x9qZkaQs42dnbRAoGBAJQaVpiVnrmfES7F/hJx -T/ieaVemxnjGY7VJd06ZQYpPQAr5lYDabiKaMvw68NAmTMjvx4LXlXJNfy+PePU/ -lQswffna7OODE+swBHltQx/imgiv+R3s/ngAV/IsWXi+cRvNle2kUljasRiV24G1 -eIBElm0xLUQe972PEM2geIdvAoGAHGYUBIzDEI60bichWrQfBYcKanmmD0bSQvwv -LcbuGrK1AjAowOZPm8s4Lkwe8WjIGjOF6slVOEfCHnQ0utY3X9PLHtbhPzMyeACV -NJ8EyX3gLmd9PpizPeW8rv8HU36BpZF8fLdFrQKer4vmYlWB7Gj1bG+7Dl0IAsbV -BW+1GmECgYBelHOPAdwkAZIImqhmXeuGcELQoryNfEx6rMaHpt5oosQit6WDc94i -z3iu4NUrOlx0Gtxq28gt+10dXH7+ZZ+nPJ48mBgfjxBjAQInTUvMzV/rGIjOTlnn -vm16iQjQkQ7hxOtynDCgVGX1PSbUSZiv4ARvKcxPOe3IIcZ0qHlEag== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/creds-test/cert.pem b/test/grpc-creds/creds-test/cert.pem deleted file mode 100644 index 58c22800226..00000000000 --- a/test/grpc-creds/creds-test/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIIY96sx6DAQ9gwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTI0MDQyOTE3NTMzOFoXDTI2MDUy -OTE3NTMzOFowFTETMBEGA1UEAxMKY3JlZHMtdGVzdDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAPQdDqPPEpNOPY9zyjq9bDASdQ6GtueKY/t7cOURLAlI -VeEO0dFw+n/zRSM4D6ZDC6p0JvYf+hwOoQQc8pfmJBcG9KO2DWWTX1mrJRsOVkG1 -TdMe00BlIkDK08so5x0kW1dnmh93zU7vkxNzUkzzW89FcqTw9gBfsnwTBp1/KVYH -31AzIugUeI6oaxw6HVPVRSgiQwGdxucHDO4HJ48uGdhSpQrlHocCJfISIHN/DfiQ -7JoDzyvdaT4OrlTHjItDYR9CjY+3NhUO2yvuVyrUa7MeZ9l9YPcTYVSQivqu0XGV -Xpe0P7E/Neitg7rX0SGV1K6I9HKB4LoItbR5lBwA/30CAwEAAaNcMFowDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMBsGA1UdEQQUMBKCCmNyZWRzLXRlc3SHBH8AAAEwDQYJKoZIhvcNAQEL -BQADggEBADeewOU9nIHcMRXcVsoTxBbvXLziWQOKMg0kzQFcIdSPRzHtOPdw4Qum -hekG5GZzkEIUmmZDuuuPE1PqblGnHQMXLqGa5i1uLBPo3/w96HJrm1UE1hID1bIj -+N8v5q4gYU4i2RSf8m5w6iXkXs3oeXd1A+0yfrvohtJ0PBrJ0IDfhosxr281v2PJ -Yjl+eXZrMqmjY/eXJTWAMvyNs7GOXg6qDA3BG+mZk5CJ9p4+jXFSGYmPOlLp4Bfc -eB9FDNLSjSd0TlxqdvCISj1Uuj9iV4xo5FRc66kmAS1b1SPsCV8TG87yyNJMhJbj -BGOoynUe/jFrGjmoDpH3fZJvn+x0DGA= ------END CERTIFICATE----- diff --git a/test/grpc-creds/creds-test/key.pem b/test/grpc-creds/creds-test/key.pem deleted file mode 100644 index 08c3dabaf02..00000000000 --- a/test/grpc-creds/creds-test/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA9B0Oo88Sk049j3PKOr1sMBJ1Doa254pj+3tw5REsCUhV4Q7R -0XD6f/NFIzgPpkMLqnQm9h/6HA6hBBzyl+YkFwb0o7YNZZNfWaslGw5WQbVN0x7T -QGUiQMrTyyjnHSRbV2eaH3fNTu+TE3NSTPNbz0VypPD2AF+yfBMGnX8pVgffUDMi -6BR4jqhrHDodU9VFKCJDAZ3G5wcM7gcnjy4Z2FKlCuUehwIl8hIgc38N+JDsmgPP -K91pPg6uVMeMi0NhH0KNj7c2FQ7bK+5XKtRrsx5n2X1g9xNhVJCK+q7RcZVel7Q/ -sT816K2DutfRIZXUroj0coHgugi1tHmUHAD/fQIDAQABAoIBABGqtK+IQfjlNbFX -GPCtWtIT0+LsPvp82oWNxnrdhklZsdVq5CZ7PbXa3ksROJi4y3RXmaZAZDJ5oI+S -pL/3iO8dssDSYR/TzZfIuhO+MuHohCxeU72aVCNKSo+ucyN5yR6HQfE7E2G+Fu/W -bcNh7WgPx59GTRdz1ZADNHxbgptWLFOoBQzL20//mIsB5Zl2DB7/7w8940QF+EH0 -jFn82/32Cvq3xQu2Zlovc1HIRVwewV3JXwBtTtn4+WhHwbfh9mjyYrh45xj99Nvm -b35iriTvgiTJoi09F3Dl6dOaoTgnRCF3f9EZsCGugl+YSj2+2bpXtJIv7pY/6FBU -sHMVuaUCgYEA/mTjhHSe/rBhVMQKIsDtZAXdhLrWRGq8tNGMgz5Dc/JL3uhPMBJL -RwWS2t8BQd9c6VUIdib2Qp9Nk0VXY888ZNuad8JYpuK+TuowA2omaXHymeTYzC2p -8IESdljbDHth5YXdj3iRSnTkwfXHLmMtfKFz62GjpE860rikMQSfA9MCgYEA9aeN -+Z+daUCEDIrmRWq2yQ8M/BFLLfdybpGPTCWr/Ci8ndRIVEeDiaq2kXSPjBBYXXw2 -MO1aepbGiV63rNQ5mPTde9I/VNskrMHO++Rmu/JjLYcx8Rb1W/4c8RbRnrSmbDz7 -6lHACuY6o8EknXPPaMXQD5pCbKkQWkEHRWrs7W8CgYBamzhlvtu6PrwL4t7xTeG/ -VE93rMwQBiw8Ar6XKCACNfRL6lX5+yoQm62YgwEBozqGaKDg5DOluvN4VqQvimoq -SgUUToYgunWpycNcE/ymZc1Qfq+w2TrDzFT1DeTG51MQ2sL1DK5C5KttYcqVfQGA -eEi/N0F/jjCXSOhCBTFVvQKBgGlwy+3TZxtgR82iaQhur5pJTYd8XMqUJZfz/o/u -s41+ZsdP8OPL9lfG4Ko6X8r80RD/WbtShb2MrhcUgr46MabHo7GcIvbnQSyt24wf -E0Gk3pESMIuNES+1OPL6mmsGm1BmNLL09/s1qwHSy0aSCPqtvYqU6eH+BzjWJKrV -JHEdAoGBALQ9UFgVG3e8GNvD6OZJKHbmzd7XOuHC+bDYP0JxDMhO0jza86YPMSQB -Mc76VJ+drA7+GFma+7RvVCMnInqiMwPB0R4ztHGXF8quAIC7dMkx+292+xkyrZPH -U0xUzCcBmJXYE4iWEYk8w/U5v3/b1Cjpwzq6FCtj9zJn5kPKwnaL ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/crl-storer.boulder/cert.pem b/test/grpc-creds/crl-storer.boulder/cert.pem deleted file mode 100644 index 797e90ff70f..00000000000 --- a/test/grpc-creds/crl-storer.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHTCCAgWgAwIBAgIIRi8x7X7lZdQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHTEbMBkGA1UEAxMSY3JsLXN0b3Jlci5ib3VsZGVyMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHM -veqwVBlJm77XRX9Jdj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74 -ZN1D/RkrSr23sXFJ+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg -4WRxAoEcMPNnbU8seWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG -9nNh2+2AZry4of8B2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7 -OGC4dG8zIA6BUtflNBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABo14w -XDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC -MAwGA1UdEwEB/wQCMAAwHQYDVR0RBBYwFIISY3JsLXN0b3Jlci5ib3VsZGVyMA0G -CSqGSIb3DQEBCwUAA4IBAQCPSvQ7FfZ3/n/yBK1njRsLS3HTbLQ0O+WnfFapkK+3 -gieFts1wiFTN8KgE05QvFGfsSPqh6p4UqRw7XzOUoq4Zz1FCE9j2dnF7sTNpCyjv -Yb2FU0Rz4PiINL5YHG1Wn8lnn+EamznphNVBOOoeDXIReEPrQExRXwVTv0I767J6 -N9HAZ93mF98yEZwIJSYXE2w1iEng+kBLj3EtBUgh5x/HXApKaW8CLibGuxkIQG8D -Pjm8KcSRyr8n318rjjZHmBHAC7KMfGZR2cM6Y4oVJs5fy8nI/OqT9MrAYkFaxEuG -SNx3VccoJKTdHJJnUloiYJO5mmt0jZHP59Zflkz13aqO ------END CERTIFICATE----- diff --git a/test/grpc-creds/crl-storer.boulder/key.pem b/test/grpc-creds/crl-storer.boulder/key.pem deleted file mode 100644 index 3868dd7e3d5..00000000000 --- a/test/grpc-creds/crl-storer.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHMveqwVBlJm77XRX9J -dj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74ZN1D/RkrSr23sXFJ -+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg4WRxAoEcMPNnbU8s -eWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG9nNh2+2AZry4of8B -2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7OGC4dG8zIA6BUtfl -NBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABAoIBAH6A+AV4ldhyAv0y -D8Zp+E231n4/G1z7BHXWPVo2kqiZHobze64UMPoyuYul+pUSnhmdlGxDyVV68EVy -ChdGC81m5nQaFn6r5c/H/8Z6D9cJwqztLQktGctYSxTaTFo90foLXKnGzbsewg27 -OQUs2cEmiOatEonPNizn6KbOxD+xsrcwloK4zD7YXsIhR4QTBBS3TulvCsh6+UTf -CY8z5Ne/lRJJEKfUZviBFtQlheMm4ChweDcZiX051ko7McahfYNKOuNp62tYVM4n -1GLGBOEFzZKcN5WYsuL91UksNdpjxbyJkibTyTqzuLR9XnM/iCsZ1lUIQeFoOnsj -Av6p8rECgYEAxfR2sP3yU773YP8ZJOPjdhrhLU6SqQRI2KiCum2o0yM+1hUZ7UUn -rm4aeSUbcO7Z4VYjaupuHzWz2hqmCEKjozKEaQrwIHVxitPzQKWcwIIMefRSijbL -HlzKd/46hJl5tmvbKWwV5p8vqWz3LZ387bC5UoUSgnGz/xMuCx4MEIMCgYEAwhUg -1xLDqBGnJhL4I0LmOEI9U851gkF4K2ejCCGuv1NqWR0ez3usgRIb02fUx8ycpuRZ -Jr/RTNjy3lpRznjK5S6ZexMZA5XLjoX5DvyinvQIdiASXKsSD1/BrlhFoz+MGmX6 -WAIIwyIl/WJ118kpg2cJqfBnsUpepq2y6ajSzwkCgYBR1ac/siv8zQSNl8f4RTGi -gKg4R7Q/pSLMVpV8pprVdkuiyyRlv2IRLTlKfbmjbUqraiXILFQMGPJaJwwefBYU -AG1W04vDj2m5/7cfMZfkyZ6IyCVbOB2uVqPpCTN938i+TkZTEHjZV1On0gE5XYfT -Z2ylnZeyT3ke6Pnu5KQOKwKBgF+6ViFfEvxiAKTJ9HRH+g/DtEYS7mjZ6/DUxFgt -bOjXtvvPXjQOly5uhSUH8K6/4IB83vA66nxSAbDksbb6Y3EZRACtkcfv6aAZupfG -yltGmKnS9duZUWYd4AUjau2zWWJn7EvebP36aOyK1P8jLIOwndahSjPrL7ZctIOF -jr0pAoGBALeYsldPCwFLUAUWc4uo+6qjVigZIwO8ZjRAmZ99qwtC2aMODayOK1w+ -P3kygVFZXXlF0XvO7zcr6g4oHgLoaJGL4AUTQGhdXhSlSWlaFn+70m4o/afToDh8 -0atWXDRfLgGnJ+VamriqSUaOdilJz2n+R5mkpB/Aw7cIPMjNG46e ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/crl-updater.boulder/cert.pem b/test/grpc-creds/crl-updater.boulder/cert.pem deleted file mode 100644 index 0e49ec6438a..00000000000 --- a/test/grpc-creds/crl-updater.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHzCCAgegAwIBAgIIOk8TVvubJDYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHjEcMBoGA1UEAxMTY3JsLXVwZGF0ZXIuYm91bGRlcjCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKSOlusPKKWYKIxf3UW+VVlnk6J3sGP -t6zTIPbuZsFe50mZ5aYU0hLKpXc59Re+L0pth2NqPBhEKzicALcfYuXab50spqY0 -Bb5YEale6Exo95uK+c3ciFtg0SCxDNd4sIfoyRZMUjl/7KQnet55Irgd2RKCH450 -5F6u4Ag+PFIQ/lQyuwgeGqZvdzNvQ208Kur2VFhFL4gcn3OZg4GRxySniM8hfv9D -ufKNYdpQPN5aczfhxs6eK15oPsatV9DNQNYrzKDaTM2T0AI7HQtxtAjdfNR1l0SA -Sqzwxzo/bWHFk8vSNdtsdEaZTLA+oEgex24gAXLmqaPWpwO9m6fkjBMCAwEAAaNf -MF0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWCE2NybC11cGRhdGVyLmJvdWxkZXIw -DQYJKoZIhvcNAQELBQADggEBAKy8E1kQUTQWCIVtPCgraZYpudjGk0PETM1MQXz7 -FgTEE4cVpKIWFwWdD+XyfL42V4tjdGJX5iBNFDRgR/rA44QUgrKp9AE8tmhV8B3p -FIgdWDtdsBlSQanvMzG35Zmut7Ew5bUlxREWNqt41TAvFrV0NuXvFHcVDYkQ6MH4 -oaVssPYUmMyCF4/uRXJTVrb5z+jeroIQoCmoQdRvKdVubcb0y7Nq7Of4VQvcdAfi -5uB/7a6k2/n2c+4ZTZYyw94ZUjhiWwPxZQYhs0E/0NfrLJXVqDLo7gfavvoLa8D1 -B85C5GXB0af+FSuEBNGQsfakoZ1F3J6S90VaveebUEA5kYk= ------END CERTIFICATE----- diff --git a/test/grpc-creds/crl-updater.boulder/key.pem b/test/grpc-creds/crl-updater.boulder/key.pem deleted file mode 100644 index 066f0e7e897..00000000000 --- a/test/grpc-creds/crl-updater.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAwpI6W6w8opZgojF/dRb5VWWeTonewY+3rNMg9u5mwV7nSZnl -phTSEsqldzn1F74vSm2HY2o8GEQrOJwAtx9i5dpvnSympjQFvlgRqV7oTGj3m4r5 -zdyIW2DRILEM13iwh+jJFkxSOX/spCd63nkiuB3ZEoIfjnTkXq7gCD48UhD+VDK7 -CB4apm93M29DbTwq6vZUWEUviByfc5mDgZHHJKeIzyF+/0O58o1h2lA83lpzN+HG -zp4rXmg+xq1X0M1A1ivMoNpMzZPQAjsdC3G0CN181HWXRIBKrPDHOj9tYcWTy9I1 -22x0RplMsD6gSB7HbiABcuapo9anA72bp+SMEwIDAQABAoIBAQCjMjVCmPeOw6Sv -xeaLFkbxSrd6VoeBQIMlsTxwAUwsmuZRxIRrRgFhg5k/pFwfmwRdX/rz9rILBHpg -E/FBp1CzTADcCwyIURAUNBg0QIeFN3Gfg/S8p2Gzi0Q9MGN+AxvGEwk+66r30YVx -ti+HlID7fwWIUZ4YRZEanYEJSPIdPeyBYD0Xl100aDAP87haNgW1piyfMrrOATET -4EPZZ/O4zQriJd+bk6GNFL+I9MVcp4Kw0Zx35IPREIuRVP5eW4NxpYwL1/2SnYZG -Ab/vwkzUZ8Lj1IlMGTNOl1Sa+HRLOQ4j5iAAj5VdLHaNU/jDJHdK4KiPmLrQduRE -NlocoBuJAoGBAPvjA1+7R2PDjMRqWx2HDgZsgJyYIFOyXqbvaEMk1Cihq8iqfz47 -E1Nyj1TY4LcXgihnIriZNVSqwmbwv7J6U2RbLbth3nIf7lfNcMAVLCkVA5dtyml7 -0qsX5/fnZdi1GjnmVeeuyUUKDKOem4aFn98NrhNqaT718jaZTPchgbHPAoGBAMW/ -nOjklMimWFwPGauHFD6Q/JHNXTJOTC+3rjMt6e1J8YeP76bSTcgphENPQWpDzVF/ -Njn70t18C0+C9BtTWNHOMo9MwnF+SFE96ezPcGZlJxeL9Oa4ylB2ZFTnYqwzCVEz -ouUoGT+xAekes+OpWcFlBfS4PHdFd0pPcbUpFCZ9AoGAeC8bHwRWzc0yT02H6BDW -qk3/F7imRAkpjHFSyCa8bB6nvnlLeT/qurhAl3Vb00CORATh1j6T6bAITeG1Nc2U -GKBAs9XAs6d0q8REdgIkLf3u1sP1/lqsbCJd9jUcrUfMGbBDcOY+9ogS+8bj4k3D -uEPouS7exMHJLi/7PzdnkJUCgYBzg3HaTaRn7VvSMvPw0dBOmA0h8o/NUhWJDkgR -F3H9reMMKFV64oCTO0VKuGJi+8ZVI/V+O4862DoXMUz9JVvN+yBnuxQejgEajAs4 -zRhAiDgkthnSKQHtrKsBOcTXCF0Z9Qrjx9+v5+tQzSGSDJwkr6miAXk4xvhfDTdD -9wIRVQKBgBSmjPtg0RS3GE84DvUp7zDliMXqLxvd9u16FrPjMuoEb7KZ1+BZQSye -I2rPIJS+34SVeIoVITvpGCholkQ2246JT7gdAP+9x6b6f94At9aODHYhq+9T23XY -3wEXd6w1vB42OR3cK4z0MtqFIVZ6/LmIDFc+nbvKpGbJn78QZXHH ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/expiration-mailer.boulder/cert.pem b/test/grpc-creds/expiration-mailer.boulder/cert.pem deleted file mode 100644 index 7027a481ef9..00000000000 --- a/test/grpc-creds/expiration-mailer.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDKzCCAhOgAwIBAgIIAwDeEDu+pKcwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owJDEiMCAGA1UEAxMZZXhwaXJhdGlvbi1tYWlsZXIuYm91bGRlcjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTY5ZaPHTBrrSA5WBTHIlv8 -3w1vhQ1S9cXJDehc7VoAaiCOOLRO5WCr5s67UxxKlKk59puxsvYOeJPkfqsnM/Tl -4GKCs177ywHdQkNQ9hVdVV+urs4yrRg7Mk7Fbx2NEBQytRQDAzYKP5Uyj0lkfgUw -KLXIkC9P9RICCavasfmWbDQqsjdqbMCc+QgPvpIU62tMbhPiobqOBTkoI6OxFU0G -gYrefaIS5bRU5ogsJVxNx9sG2QA6bAuRUPEzsag/OnhYjPCRsQKvEdb4l5d7RzOt -QSy0YvgrXZJdJSbXMKi01mmPh744MDTBXv5vQd69s2pVYXPIuWIE+KbOq0ITJ30C -AwEAAaNlMGMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMCQGA1UdEQQdMBuCGWV4cGlyYXRpb24tbWFp -bGVyLmJvdWxkZXIwDQYJKoZIhvcNAQELBQADggEBADkL+csPuxJNgtpI0vVeaFrS -h8buV44QiPz6pn5qrmT0gNlsUn5ecv4MnVqFL3cSPlRT3lghBOkpe0KGuUsnjB+/ -HvY7drb4DxAMW1CJuL6xCvGTHA1d5ueBNjUXSSpqWNTAOvovUJNS7whMaDAatqNK -OuZ+cnGJpFVPuFLUJ5Xj0d7oJmOoqvRTh0UY/jBsriPkufA+I59oPUsesxt7vExn -H1y4W/gvqNX0SnmHObYySO5JiwEb/ZjL4eOTUCTZ/xm4qgGAuBLGM76p5BVvTNwv -5ySWNuAE1yWmdDctiSY74kAKUl+h0dHFuwxTLQLHeGTpq+ohEAEMhoNVo7W45n4= ------END CERTIFICATE----- diff --git a/test/grpc-creds/expiration-mailer.boulder/key.pem b/test/grpc-creds/expiration-mailer.boulder/key.pem deleted file mode 100644 index 462d2755d08..00000000000 --- a/test/grpc-creds/expiration-mailer.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAxNjllo8dMGutIDlYFMciW/zfDW+FDVL1xckN6FztWgBqII44 -tE7lYKvmzrtTHEqUqTn2m7Gy9g54k+R+qycz9OXgYoKzXvvLAd1CQ1D2FV1VX66u -zjKtGDsyTsVvHY0QFDK1FAMDNgo/lTKPSWR+BTAotciQL0/1EgIJq9qx+ZZsNCqy -N2pswJz5CA++khTra0xuE+Khuo4FOSgjo7EVTQaBit59ohLltFTmiCwlXE3H2wbZ -ADpsC5FQ8TOxqD86eFiM8JGxAq8R1viXl3tHM61BLLRi+Ctdkl0lJtcwqLTWaY+H -vjgwNMFe/m9B3r2zalVhc8i5YgT4ps6rQhMnfQIDAQABAoIBAGOo3DPpqQGGwlP6 -NFnwp7iiwdrvhxFD2yKTs/LceV6DrzdkSdkfyIm0/lnUBTPhnno+2lfhE5X3pZxa -prbIVkm6yGuXeHCyUglTl+S07KHMaxjSO7Yxeek2rzWqR6NSc72GHp9PFyUY8y/6 -NQkXU6YUx8ehDz6k4JKJbZQQWOLfHfYB85pkguITFtZwe2wFKLyrOLK740m7iZm2 -Q5zkY4vi25RAg1vkmM2kJUhsEpxRMC6v6Lb537xbQPYPlDEu8y2n/Djo2GgKHWUQ -gB6BT/CArU1MO6D/DsDs9Kr+aDa2e4HCB5BHCsxk8wkcvVqK8zX1FtbW5w+9mlqk -dP+zWQECgYEA5TrCJYlrG5ivg9JNINVvsM64K40iwBSjrdhLngjT/FFAcWQFkSH0 -kHzL5g2DNWU0fDk5Y71MtjAtMhfnS6vX4ICBMqDZOm2z/is6mX1Vwd67nIbOFTKY -2lvSDrjVxF7cEyqh8fQZDNsTfKTDFSv0yrKHyc5tywl8wGVYvNWsdNECgYEA29YC -qWjVtIrbFoOBut3hGGcIsQcpYgV5HSm+NIl9BVpopeafdjv5wY5XsVg9BUHJTCB1 -mUFNw0PGKKcc2oPNQT42hD70S15OBdH3K7Fj19e7b4T1Q8NUW8WHbwECG6saU8VC -Iv7/ukzvaJV8Gn7Pl7LFMReXvsxKS2NjG7pDYu0CgYEAhBWGd2CmcgFZ6ShNvwSd -VhDXeGjbxDhgVDTU5ZwKolIjQvMybf1V0cfHKalRmHvXcVj746fZQwWhlULGyQic -3MTPLWAXq54439UC8ByTRKHWEwxuRTKhdvj/ofIJYxyRzQ18wVE4+fpmUSUTL+jj -JcUXj0Y+Z4bw9l+vcSfiNnECgYEAjxgv5Vvy9zEHSRFSyXMRyROQKcMyobZUTrJU -N9hiw7BEu/BxTcHeYaoo1KxOE/TtdZsPUTGbz4V3IBEfC/GNEnHPhKeB1ulMuicg -z5UJG382Z3HRQEmNyKq77Hpoh+AJJAwbb7IyfW8Eyzu6a3it4d2g08K6qJxLo+TO -p0bIBEUCgYEAyIixytnbC3n31nKDdzP6gcs429JCcFw4+/Sg62LGSTUDUdifnrgG -rm4lkOLDwm8gv7I6L8Ye7KJGyG3mdqOgEMP1S8V2URXTWehifOAW3ePk/7ib+s71 -T3LVEGGZGaFTmeRnJ8HL+iPhsqDCMofNZx30sFX3joy4qarl77VSUG4= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/generate.sh b/test/grpc-creds/generate.sh deleted file mode 100755 index 2d2815e0f7b..00000000000 --- a/test/grpc-creds/generate.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -e -set -o xtrace - -cd "$(realpath -- $(dirname -- "$0"))" - -# Check that `minica` is installed -command -v minica >/dev/null 2>&1 || { - echo >&2 "No 'minica' command available."; - echo >&2 "Check your GOPATH and run: 'go get github.com/jsha/minica'."; - exit 1; -} - -for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \ - wfe akamai-purger bad-key-revoker crl-updater crl-storer \ - health-checker; do - minica -domains "${SERVICE}.boulder" -done - -for SERVICE in publisher nonce ra ca sa va rva ; do - minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" -done - -minica -ip-addresses 10.77.77.77,10.88.88.88 - -# grpc/creds/creds.go: -minica -domains "creds-test" -ip-addresses "127.0.0.1" - -# minica sets restrictive directory permissions, but we don't want that -chmod -R go+rX . diff --git a/test/grpc-creds/health-checker.boulder/cert.pem b/test/grpc-creds/health-checker.boulder/cert.pem deleted file mode 100644 index 9a6d8dfd689..00000000000 --- a/test/grpc-creds/health-checker.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIIHywaCXTL2qgwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowITEfMB0GA1UEAxMWaGVhbHRoLWNoZWNrZXIuYm91bGRlcjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1xITHFefqqfd0uZyJvFJMWzWZS -Bekou7m2YKYxl61esBNzYZxcSh83vn84+s8dkB51/Z8IpzX5xTr5Ogwlkg2EnxVB -WLsFjbBsfdK/cJmvs2mjEVyHoxjAZjUgddo++AAXIallVWKV5nEY+BmY+pw4Sdvk -gRleGMfj7yNlyNq7RvjBgGBpg/hzrVkVgcreGeEwhFSvjAHZIzgzjjIOKBd6W4SY -1w41B5bBnwN+izyd0AlKEig/sWbGXCFR9IMjBgFp7dogDbwCGETdbMeusbwBEHUS -98t90/WBOj7kN6a4MUfKWNpz3/UdeT0doRF8hfVRAeydMmQ4NTc9WVr1R6MCAwEA -AaNiMGAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMBAf8EAjAAMCEGA1UdEQQaMBiCFmhlYWx0aC1jaGVja2VyLmJv -dWxkZXIwDQYJKoZIhvcNAQELBQADggEBAIu8JfyFBvWWRGw4baAh0ArZU7nPAsqL -phJTO1O2thn9qbCnEOAXBBZlnmEMRS6vQpIjt/d003LVKqMjQ8ocym58qa8MMksQ -BHs1S33XJWkmw6/qPMfbbyP/n1SlicD920Eqsnv/jAY3AqofMaB4f0dmCdyhjIkW -jkI2Y/M9nG4KDgSelu0aL00NXdNvFG9gJrLjH22v85i7xCPpfz8zFmho5igW0OCg -a4Xmsoo0YxV8KJQ1z7rVIuX4qmYxQ7cdQ2i626EaI6+2/YTH2eA73O3YI0i/x87y -bFA5+7DKcwNTuPW2wNtPExsdtbvKkyJjWCMArEoWRaamqESszo95jUw= ------END CERTIFICATE----- diff --git a/test/grpc-creds/health-checker.boulder/key.pem b/test/grpc-creds/health-checker.boulder/key.pem deleted file mode 100644 index a4ccb5a7d34..00000000000 --- a/test/grpc-creds/health-checker.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzXEhMcV5+qp93S5nIm8UkxbNZlIF6Si7ubZgpjGXrV6wE3Nh -nFxKHze+fzj6zx2QHnX9nwinNfnFOvk6DCWSDYSfFUFYuwWNsGx90r9wma+zaaMR -XIejGMBmNSB12j74ABchqWVVYpXmcRj4GZj6nDhJ2+SBGV4Yx+PvI2XI2rtG+MGA -YGmD+HOtWRWByt4Z4TCEVK+MAdkjODOOMg4oF3pbhJjXDjUHlsGfA36LPJ3QCUoS -KD+xZsZcIVH0gyMGAWnt2iANvAIYRN1sx66xvAEQdRL3y33T9YE6PuQ3prgxR8pY -2nPf9R15PR2hEXyF9VEB7J0yZDg1Nz1ZWvVHowIDAQABAoIBAFj20IUZGwVtpyuM -2KSUrbg0e6X/hwe81+5IB/pwJ1qwUldZ878eSArUvO2i4xmll69ZMQcZXC+Hhd1P -588yxdiMwccWkTIL6Zuon6QPutcSuwLX1sDXC83AI4KGGAL2mbaQTcdpVlxmxW/c -fDO5h2z3AyTyAuXVVa3aCsitXxk4kVn7MxBkU8h5jeG8mAuZlb5MmyLpXH8F0+3x -sTaOEfelw0ohA1Eud1XWI7KEketI8KoKgRR0+ZAYnK/AgAO9mgmAttn1nk0fYoJU -l60hVWbsWlak8ef2zWKF7VfFRw83rqh3cFOuRLHI5wZGzVONRKO/5yffvc8bmqRx -nbwMVIECgYEA8PQsHDcLfbNrIg29QXwgeNCMSZ8eoJFOELnpcNfiUk5SWyjPGwA+ -ACMUAjEY9bgd0G52Gjn9oZ3ND28vpqpUrfON+Wt+CUr7Gploj4jrEYU0rYeMfQLa -mvyMGtU08aLeVhrvTUTPNiEfrwqp6GLtj8g+oXvv3IOk3wRwinGYI1MCgYEA2kVF -7gicTM1fzfrS8vuOvzG+TbFN0B9NYcRYe5h0bUcMQ52rqlrNkQdiMBoERIPu15Aw -/sJvr9WCulhQ2gW2lgz36julJ3PBGpeC6wNK1l7VUsWykQm5APYvd9V5KVNZtoPL -Mr2+Ijt+2NFNseCUlrHPx5mRUiKXppaQUMp1kHECgYEAnHCLqw36AfTZW9S7yaaD -lq0gSDRtOCbfHnD2JXOk13dOdS07ufYgSwp7VSj3YaHWiZsORtzb1XCU0K6Jq5Xv -QLletk+aFwJ9obl0b6yfolJv7zKQfiG6OOI7PLislS3/WLxIHkzMlAJRhd5Qjjac -srt6HnJPO0alZr6FKv2xn00CgYAXSWy8iI6kYwTlpOz8n3oLS/NRtqjmm3BWDeyi -wxEo13unexrlgeqMno0LNLtf0/OXa/rOM1BXIiBgYSu/Fvzz5U5N3y8vllnzzFZb -XG6PkG6R9iWm87KZN6q4zj2u+wWHQ2hacYPngxF1cF8pqxwvN6lDUk7+xFIJo+ah -t/fzAQKBgQDmrWrejfSE8H/kYFrLJCMRM6LTcIeKlqBoAFp6Y5hkn2FhNrW4QNdm -qZAfTXnfaXcxj3gpD4t/hh6o60/p00KYJhewewL/A7wnnli1xt2TgIIDwUHRTzYD -tJA5WQCwPBGQ3BdNog2kuLQv8YcTRVKMan0tSGhgDx7A6AR9lZeeKg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/minica-key.pem b/test/grpc-creds/minica-key.pem deleted file mode 100644 index b4d642b2dd7..00000000000 --- a/test/grpc-creds/minica-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsxASAD9JV/1ZkEgFZHH+De5bxniQpVrDvDETHRg6AmqOl1hO -9nVQSNgPFcKjpyCgvBuqf/qawoKXQePzHcm+l+Imk6UrAN4Rk1pax55FyrxRA52r -hiwz3JXKOFd3pgReemDguIotRfNwLw66q7JxQ65eVQHwJ2MgiMPanw78vz6nRrpY -W4tPsdWNZ2r1qdA20OxHPTVCtDCxNgx/5y+Db7c2DMG88LqLjZE58IWIeeP0pFRZ -DAUxX9ggQLWT8+P0NkGomb7yWClUNsigmkrbYaG3J+VM/jw8XyXAEejGtbbs7KdL -AW7Y2QHCmR1GmxRUZpR5xP/ZFhOeZwd6Hpa4ZwIDAQABAoIBAQCgWYPFNOc5JGdQ -DS7HBE29q/YDhXQCn4UowcmcBFXuU/3dCfesPOHoWZMoqWRkBZPq39uPP5vXE5rg -JoFP65oB6UMidIZOAI88pW0l1VYqdvkVg9xWCr9mibzNN4at5Lu2W4rhtttUCOwt -N8NyfhlvwnY3KcUlgF9iGgFs7r7ngnRRpDjraPZfri0lfIg3Ri8yAJKRO4DWhcNJ -X+OQoMb+kvWi/rzmsThDt8QcZ3PX7BL6inF1p9XVFkeJFU2TuoUPa64L8HlR353R -ICQmNg4WUfDrsOxPqhMt6Yaoq4XhYxKL92tADd+o4xItUR3CoXeTYdJjAlCxHi3M -woF54lwBAoGBANTQKtdM9l1+YgxRq2O5Kezt+M4SZm9YcZ4QZJhfWa3HIbo5zsfu -+4eJ/LGAy084puGbNL8m70yj/3bRxTW+0BoHp1RFYpcxT/uG3tFkTeyftl2TxIpm -5G+wqXarGjkglWyzoaCjkpQIThb9v/7Zjp6Hhose2VxhPP9PkZp7X0ppAoGBANdm -im7Xt2p8b0K+dxC8qTETChD1bMH4nJ/IidZKHphiHpuxf8yklLnNfZtVBCIWG2L9 -RRjq1ni1O6SM9rCpvF0R6i71B76Gxm8WYMh7qqDQk2EgZ0kmLlSIiFdH4Q3x6o6I -0lYYGP1jQTtO/ya6RGjeYqKxgYz0AXqcsY3bLHJPAoGBALCh8tzuURF6g3DMHF/R -4N15CugnV4QVOYBDBOt/QJS+0dyafGlvjq+JtQWy64xebgyU4KvDah0HhVKee3vH -WzwvnA+S42iwEj2nTKspAJBkY1259wgUrIeTbqRDEanWxI8LbRxCh7d8SSxGAqRI -+FnWDLLNsQU+4/zYkvZQbd/5AoGAZchWcboNOYxDJs7JhGchq8bLYugV1DKeEAK6 -3z925Zq3y+o78X9zp7iqOdQad+DqYAQ9umB9p9w7qq3Rg/kwwOnONxIh7q3Q5n00 -joehQQxOF/8vzyjzi45YnqWgeu5tX5zXh0crx9A26seRWcN6v/MVuLsX9Hr4l++j -Ft0SS5ECgYAmkCkfEzId0YgwCZ6LnJC1K0IYb59iaACuUxGyEbIceR6hF/a2nNDg -IjF4dwdzQeeMaSEcjkF1fMPyoZRhulp+jkVPS5DdMLajJCGcKIfeZ1dhjQxNiR3K -EGW5GxZ3/MMB0vVIkWz1V1r9HxrcjA7zjLH7sww8yoYcD/hiaQrPaw== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/minica.pem b/test/grpc-creds/minica.pem deleted file mode 100644 index f57f06f9724..00000000000 --- a/test/grpc-creds/minica.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDCTCCAfGgAwIBAgIIO4ssrd6kNBYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMCAXDTE2MTEwNDIxMTY0OVoYDzIxMTYx -MTA0MjIxNjQ5WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAzYjhiMmMwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzEBIAP0lX/VmQSAVkcf4N7lvG -eJClWsO8MRMdGDoCao6XWE72dVBI2A8VwqOnIKC8G6p/+prCgpdB4/Mdyb6X4iaT -pSsA3hGTWlrHnkXKvFEDnauGLDPclco4V3emBF56YOC4ii1F83AvDrqrsnFDrl5V -AfAnYyCIw9qfDvy/PqdGulhbi0+x1Y1navWp0DbQ7Ec9NUK0MLE2DH/nL4NvtzYM -wbzwuouNkTnwhYh54/SkVFkMBTFf2CBAtZPz4/Q2QaiZvvJYKVQ2yKCaStthobcn -5Uz+PDxfJcAR6Ma1tuzsp0sBbtjZAcKZHUabFFRmlHnE/9kWE55nB3oelrhnAgMB -AAGjRTBDMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAFwZS -o7hfeK1sUKoXJeqrw6fIuwJsM0Hpa+j5VW+pJIA1J0Ntb1e0JI8StnE3hxYoQ30m -pZ9ZMRPov8AqU97l1aBbNYu9CwQsSMmFwJNuAQKw0PZ8U+dPgt2JE++z4349QDz0 -EWAAH8sFU1bXiAWHJLNpiLf+IKYyCETYwlFkWAUyZtWTbsmW+iJD8qZ44ehydGqZ -3e4NzpJUjN0IK8c1BpSjDqbjiTxhlJKXyAR3vAvhXa7V3SkHly5SFpggZi1KgumD -jVJRk88vTo95Tqsrer0ouyyFwst8ZPmUt/vqbwhU6Z3DgX9jYcS9ON5KVGbC1KO9 -JNrFIxoQe9I3x5w6kw== ------END CERTIFICATE----- diff --git a/test/grpc-creds/nonce.boulder/cert.pem b/test/grpc-creds/nonce.boulder/cert.pem deleted file mode 100644 index 29ac591b5bc..00000000000 --- a/test/grpc-creds/nonce.boulder/cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMzCCAhugAwIBAgIIPsEnAENFCoowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowGDEWMBQGA1UEAxMNbm9uY2UuYm91bGRlcjCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAMPsPkNpldjDPoFwtVUqA7uQyfn1rEHOJrl68Fyo -U1O0z65T33vdblQWdNDbMN8DtuR2Zpcs+M3n1cM+HzgZqo1tLlUryrVULBmtAjTQ -HyoBq8RGx9rPmiU7yZzaFwpCRvu7dfK5QtoXxA70NlGdY9ffoEb5xqPUgY7WefmU -uaI86Mb4SJYTVD7P7IfePLws+aFgBh2GljlcOcdf1KOEGf8fDFsi+feQZVqsF4SN -u3l7z/XZ3d0k1bryuh0K4RBDci3oGPddX1Vzh4E0ZDjInOQ4jGY5t5shw/QGWQib -CdqNtvW8kBGCXRy7J5o37pFmuPQD2mKqJRDKimt9sMNvKR0CAwEAAaN5MHcwDgYD -VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV -HRMBAf8EAjAAMDgGA1UdEQQxMC+CDW5vbmNlLmJvdWxkZXKCDm5vbmNlMS5ib3Vs -ZGVygg5ub25jZTIuYm91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAeaZuUfBfq5QP -hrbMmh2VtecgdgfhLEYuXuwD2G/hCX3yH1lpOu22CrBOmGoQblyeLR5FsRB41vZV -iybAVN2hfXKl6Yrh017bMwJUSlncQsUQVXDCIQ07HgdNgyc1orARtH6OGZfypNMY -bDBgitlgS4F3TSjA1W/dj7b7nJIAkbgrfCIGn11t0xBTI7FHpdDp1UHZTVEUEnJ8 -btlqJREF52L9Z+MVw9I0LeaUHx8uuBbeKERfR+9/BV2eov2MAZMpeCCLWDhk/6gk -n6RR/5u/nWwNcepVtlS+XmddgmQgP1eAR07AyUvLisuO5leRa7aLJdUUpyJ0eFre -geYixYjT/w== ------END CERTIFICATE----- diff --git a/test/grpc-creds/nonce.boulder/key.pem b/test/grpc-creds/nonce.boulder/key.pem deleted file mode 100644 index 1f35b588d3e..00000000000 --- a/test/grpc-creds/nonce.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAw+w+Q2mV2MM+gXC1VSoDu5DJ+fWsQc4muXrwXKhTU7TPrlPf -e91uVBZ00Nsw3wO25HZmlyz4zefVwz4fOBmqjW0uVSvKtVQsGa0CNNAfKgGrxEbH -2s+aJTvJnNoXCkJG+7t18rlC2hfEDvQ2UZ1j19+gRvnGo9SBjtZ5+ZS5ojzoxvhI -lhNUPs/sh948vCz5oWAGHYaWOVw5x1/Uo4QZ/x8MWyL595BlWqwXhI27eXvP9dnd -3STVuvK6HQrhEENyLegY911fVXOHgTRkOMic5DiMZjm3myHD9AZZCJsJ2o229byQ -EYJdHLsnmjfukWa49APaYqolEMqKa32ww28pHQIDAQABAoIBAFUWTlwciNVgxc6V -UkswOfrFgNIrnanei/bVq3myKK4bwm4lQtOacQXX0te5udnA1TcXLKrO/yb9Xlqy -qgBFNUrCdfLLV/e0HIryFhk1obMukphlXPpsWrd85axXEtaDviwpV6oYRy5MT/tm -mAiN4ASqvALXCyuvaKzN/J8lthD8vFpjy8jzqY0JR/5Ee6ODUbd0/pceYEcXWafD -WgRYyjF+Lv4oXesp4jwlOMUwIuQhuGO3ybPBE8OxtXQ/wRw9IjypQXJq5smEfMUO -CAJqjRlrga5pcnrWKy2R61DamAZCNYmtzhy1EdS66+/fJIKDgAEldQRT1vbaoAqR -4l39GYkCgYEA4hwMCvjOSHtATfS9Kw13FogVGyyuMfn2pbMvIa7SHzZ63b/a0yGH -5aWKACoOW/1SGAYH/59vwwnF5AEpaYcCDgVXaU6gTQin3XZyCk12Aq/1DusgPj3T -1fjdFmfTE8CHt480VecL8eihvS1GBkt89nekniomVUATZtTv2cb9bScCgYEA3dKf -ewDzf20d65t0KR89jF4KMXlohilYgwPv7EoG/YP5bVSuYcWccejo/HlywxZN6FBh -8kjoSq9BTCJq9jtltOBhWz18UZArpoCY5S9scFOF2/ouULBjqPpgtkoqVa/ebIWt -RKqx3gKtUH8WBo0vX0DVZyBP5vX0wswNwBr56hsCgYEAsjqfd4qVt+aHUqum7SfJ -BlawJGJ80OIS/JwYe7l84aOlB+RyDdixcWCiPezosrQkoNEoPuOjSh8LAOW1ifwk -r36gX17d1rsK7vOtgtd6PTYLuf22xbkgoNpxE3c1l608jYFxJIFiFgZkb2UffFjG -oNTASvg4jRxb7sPMaGKFYyMCgYAGsCsO0mCFHw0f5XgDJWX9rXgxNa/pG6YHjT7W -qQS88BW9Lihz2jl1VchwlFjZePqwXnwVig0280HMwdznv7K5WWqWDayJ6Qbn5ki1 -4FAsstf+YfSzih33IlV4KZRNMRhLvVwUDfF++CWxn6NSXz9mZ9YHXfoKxK+0j+J6 -QFX4sQKBgAD1ceQgk4DvQ//9Jl7JAWBxsGLYUhyWZMTEPllIGNa70eHw+zp8c4yu -E7VH23hgIx+0WgUgnDSK1gPvrVigdhUN8tBsK9VQPrS2mEsLzAFpqfhW/rEqCJw0 -wooS8SJ+LDbpVSz16EdgXOf3U1a89+8fOedsHf56n+1T6wC9R6K1 ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ocsp-responder.boulder/cert.pem b/test/grpc-creds/ocsp-responder.boulder/cert.pem deleted file mode 100644 index 12d03f21982..00000000000 --- a/test/grpc-creds/ocsp-responder.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIIGbRbbhhHh30wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owITEfMB0GA1UEAxMWb2NzcC1yZXNwb25kZXIuYm91bGRlcjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOb+um4aNDDnoph8IGZ1S0kPcM7 -hhKZP0XGDFherOL7ZqE3c7z9FItnjXZPcH4RnwzhcmvpohSj3N3csdZrjHVmMDcQ -XgMHtWTNfISXZGzZpkUOHJ6z8RbHkmL1usX3qbSC6yhyZUgEn2PRGAeVXr8t7nwZ -jQDHS5fxxzoINsHX3p+0PKHV/ssusxC24FAgWCsK5gIoRG3Ga+mwg4SsUUMt48dY -7pzMhXzIjdPOLsQUvtU38/5iNj7Mcx78lNih38u2I74d3aKXiqEf8YkCLoiMT16e -3kep0PNgUKKyE8d9rnZtf5GbgMLfWt2k2Dv6Rjsvj6a2+rfgTUoNDs439gUCAwEA -AaNiMGAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMBAf8EAjAAMCEGA1UdEQQaMBiCFm9jc3AtcmVzcG9uZGVyLmJv -dWxkZXIwDQYJKoZIhvcNAQELBQADggEBADsewkGsg9vJuY/XnuMJyD4Y6BZ3/gba -rfmHcVe0ZGGPhTfNYNZ3RfAZKyn1HxAIt2uBCqnK58e3G+RDxBg97Gqst8+IFU0y -wGXZzVoTTSIFElUq56SD6G11+b77zMFRcP4+RjBxXPz/Qn5BdHePC8BhMK6+psMZ -1SK9n36u6SahJ+ceggO2hrLqQ+SY1sv5TNBZdH7oK6Vm7NrpnnuKzSilil2I0TU9 -PGLlBOLAJqwzZ1biizRkY+1N7x4RbLKoAKMOYksUdfLSdWW9EZdATYT3RKlQVbym -Y0Y1Vn14vF/R5ArJ3GJoC0TBOrMTEp9Z7RYQSqVJ6muAX2wZZ2hvFoo= ------END CERTIFICATE----- diff --git a/test/grpc-creds/ocsp-responder.boulder/key.pem b/test/grpc-creds/ocsp-responder.boulder/key.pem deleted file mode 100644 index 68c035e7577..00000000000 --- a/test/grpc-creds/ocsp-responder.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAs5v66bho0MOeimHwgZnVLSQ9wzuGEpk/RcYMWF6s4vtmoTdz -vP0Ui2eNdk9wfhGfDOFya+miFKPc3dyx1muMdWYwNxBeAwe1ZM18hJdkbNmmRQ4c -nrPxFseSYvW6xfeptILrKHJlSASfY9EYB5Vevy3ufBmNAMdLl/HHOgg2wdfen7Q8 -odX+yy6zELbgUCBYKwrmAihEbcZr6bCDhKxRQy3jx1junMyFfMiN084uxBS+1Tfz -/mI2PsxzHvyU2KHfy7Yjvh3dopeKoR/xiQIuiIxPXp7eR6nQ82BQorITx32udm1/ -kZuAwt9a3aTYO/pGOy+Pprb6t+BNSg0Ozjf2BQIDAQABAoIBAEvhklg7+Mx6WPjN -9/ZJL68qqI1bEIG7DOhFi+Gp3hDndayW6ObnZU6gKTvaxAP/HdsrRFQjGL7vm9h/ -7QJR3b2btrMMzysojpJP3lOGQn9aVMzH8X97NlgRaN82Qfpxb9k7lm44JmIO0egx -5p0NlkHe/eqgQNobWOyQ0ULLRZcPDyxXhebvwb/uXy9ihdr/AsFTEO+d2nnKzTfw -1rNDVVDTbPFkGAhM3lBQoXR+vRnz8Vw9iyCJtslejcV3XKi1+VPEM1JaKekUoMTr -DLwkwnwSSdVU1Bo851iYZM0uo8HqyKPzaksoiDg81AdRs/DhPVXMVhX+iFH67POT -TCSxegECgYEA4YU1c5mHoe9uIj6DqmCG9/kot/I/aSep8gih3Cf5pTRom1rIz6Ov -RtI+VfhOlUJLTpEd+BtYBcPMqm2UXgtZS4wegsgNwdjoG0W5n1YoXviZyiOLYsGv -M/DcBmsLnEbPV98Ns6HjtRzsuIsQXDm3Bbm61b1Xjg4uKnlCRgPfvNECgYEAy+JK -1vPWwGvD1BPw40OBuiK9i5sNhlzrE0LvAifd3Q81JEia+yHmFANiVWWX2Jgwcatx -kRifBHEJxwdPMYyvmKubaNVkih3fkgiFcijs6C+GLZVUCuFRqGyDkwX8jkeEmOCj -WEPdyIjVAf9jVxNNGylFksLw7uoEZbIX70DcovUCgYB3dHHdq6M2WXbC2M4xPzP+ -wZGZ7c08y++u7ned/+ayZVJLiAj6Qz+iidbO/tnRIe51zVRMiV9UnmQYmjaOogBI -jg3TRFhVJ6m6WHJ8PczgkVoUwkMgqms9XgWNuMHLo45Mgy/kyImu84VIMxEVaNTT -SY/3i3WHH2fAw74hDAhFIQKBgBSZ0vIRRVvAB9OACFEOWydRp1FZ4232KZKSqs/O -824IwVffNjm13Sech+0VDNjH1+1EY39Du52ZRmGj7W6WRo/olxVqqnQCPLrmvYUh -eX6kfqxQcGOBDN01yb2rVy+RLma8HAUpJlnC6bL/+SutOZdK/kqsA+hAIR2ddymn -piOZAoGAC9UHq0CtvI1FSGpPahJl/vcSPHzq6zkRL8dQtZiOs5I66F+wPg/Tqdx8 -RbTqjTq358gW63fq0smh7AR2yd1YykxppWdbjnkQGwRtl21AdR256F3CMSUQ0jNP -GaiXP00l7Z1+2qK73Wtnf2wBr0EMNOLOBY/oHuVRHhisU4TYwzQ= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ocsp-updater.boulder/cert.pem b/test/grpc-creds/ocsp-updater.boulder/cert.pem deleted file mode 100644 index 0b3c6149efc..00000000000 --- a/test/grpc-creds/ocsp-updater.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDITCCAgmgAwIBAgIIFteoADe2xfkwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw -MjE4MzI0M1owHzEdMBsGA1UEAxMUb2NzcC11cGRhdGVyLmJvdWxkZXIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMkzkF6Rg6d70oTgMiomXHl8tI/82S -Kg2mwyZHcEwhYhPVoBl+5PzCcqiwj+4bMSjYGlC8wcF6S6TmCu+KNvZCTMYZDhAL -eDnHJpsZw7QYyf7e9K8KwVBoEPU/5/8LU/J56PfUWEfvFKumdyZu6EjxEQwemIMu -Ary0e0p2QDqS0OUUPFlJ20xw0zqPWt36VZhW139N799GZub8xwmYqbZUiBoLYpj3 -1tfFn9DwO/PwbIpMdvf/KyIFUQzXsH4mo14GlkS5yW/s8asLQ7TdO2hSqHveDbK6 -j6E9/3nsNaMeIrDK0wZmQl66/Zq4VqnMG9R1BSlrLNVBC42+5kcGnWiDAgMBAAGj -YDBeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwDAYDVR0TAQH/BAIwADAfBgNVHREEGDAWghRvY3NwLXVwZGF0ZXIuYm91bGRl -cjANBgkqhkiG9w0BAQsFAAOCAQEAYkxNTb2ffBCOOtu3KVI2cbs32mVYWq0lA/iV -4yPaRQt/sVqiKMK4DlzJS+UWhrc2NAmBgB/eZ+oDnMUAUyFi0vgWzVDU3Hs+8BuT -6EdtEGMOJrxWk/qi3BOoBcJGKyDeHiOG+SfACwuyVDkPDzERYUk2lbJdco0PT3kZ -sSL9ZvC2sPwImoCponXlg7h0kBpE+Lr569BNX/Jlyhl7nAFyMoxyKzGmQjSpFAc9 -KiBe0R6XndotW5AkZ54rB3D6f0q1olKBf57FiECUxGHuH3Njc/ZeSGx2HUvp7+83 -kuJjDQgXecYroYZgmaaWciaGDYkWdXaSZdbO92ZiLfNqOJtcPg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ocsp-updater.boulder/key.pem b/test/grpc-creds/ocsp-updater.boulder/key.pem deleted file mode 100644 index 2c5e9f002ce..00000000000 --- a/test/grpc-creds/ocsp-updater.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzJM5BekYOne9KE4DIqJlx5fLSP/NkioNpsMmR3BMIWIT1aAZ -fuT8wnKosI/uGzEo2BpQvMHBekuk5grvijb2QkzGGQ4QC3g5xyabGcO0GMn+3vSv -CsFQaBD1P+f/C1Pyeej31FhH7xSrpncmbuhI8REMHpiDLgK8tHtKdkA6ktDlFDxZ -SdtMcNM6j1rd+lWYVtd/Te/fRmbm/McJmKm2VIgaC2KY99bXxZ/Q8Dvz8GyKTHb3 -/ysiBVEM17B+JqNeBpZEuclv7PGrC0O03TtoUqh73g2yuo+hPf957DWjHiKwytMG -ZkJeuv2auFapzBvUdQUpayzVQQuNvuZHBp1ogwIDAQABAoIBAH2+hI9gflb54JgU -k5LHVV5ArGBbc6VDGg8F5tKEcRcX7O8jMGiyIbb3uT6FyaqHJf7m9fd/9QfR1TLd -R+2h6O5JuH4QCcazCHij/zPv+hQ+nN24cptexaihu82jMT5qRCGxFBw+g0CuaO+y -Tzpepu8eNl/cCM3QOuOI4PUcd6RjjsolFMUkdn24b3X3BKO8BBk+2hf5V6/qpJVj -g3+mu0qoObWiK6at6UW1YzNv/2woblmaziEy1MwjbiTmIkdRQRIpT1N4JEq//qWv -kBYg0dESJBkr50LZMPedNwy9ZscnHi2HiHoZ/+TUgVCncbYeyY8J3qy/o3J6uRJs -PVD8S4kCgYEA26xCn7HTe+HKU06H5OSVQKlTntjXFUlDaM29dKpd7qFNL8ULTm/g -qsClai01n5Pcr3l6qavznxbhRMDXQ/XAzwphMUd/EYk5zx1ncFfYHW4ql7Ae49dK -xbayh5AIebo9lOtDOvu/Xkp/I6XG/xz8iHxvTSEPB4yUCGUVJ8mHbcUCgYEA7mfO -AluN8+rAS74uOJyLPAgehkSPhbiq2H63XgqUsRlgsyouvOJ1zExVrEy8tRJRI9mE -fwEvrpwZbXOcfBb/XqvqVM2VgX7VVMwySnioyQWNCmjLDu3XRB1XhGyvFk8R9exZ -kSfH4k4PU8nPbKyj/5QG4v16oV13H5YxseEzaacCgYEAzFPzeJUwkJdZ2Zk/QAH6 -bjXSCPvLPAp0gCR25/CcBJ3WrOtMc/4ObOVaN2Or8C3Z5QJKvU2rAryGdqwkzxrk -5+/QrcTCBe6tbd/82ftrkxxo08VHRkh4TWV9tCieKZO5Oi6Gz3Ng8nS6w86sRZmR -r+aGpKhuUWhKPXDAd8y1gr0CgYEAutRwllpnaVJ7th/pGwZa+wWl3jUWgIXSpWzQ -iIskMZGgvWd+TxntlNfxf+B3NjOPkNeixOEKG/1K1AJ5DKn9IJT7Q9AErQHXbufD -NadPJpIKELFFCIMNYtzXu/hsUcBPY/j/zAhv1YK08kXCHvlAYEcCCpr4okKb2w4a -DbtdThsCgYB7YJFyUK4bB4CsHvOl0oi92qFblk1E34dGpVnkaUgz5z4UMjnyAAeG -Um3Z2YI+oYpZJeZiYBG9/PB9S5MzndsCZP+hijv3R59x+wi/AeXe6tYXb/sSLWxD -Xf1U8QAP+TOQmxEC00ZlRD38LswpD+/htVyDhsBp+9Gko6axCeZnIA== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/publisher.boulder/cert.pem b/test/grpc-creds/publisher.boulder/cert.pem deleted file mode 100644 index ff976141d39..00000000000 --- a/test/grpc-creds/publisher.boulder/cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDRTCCAi2gAwIBAgIIL/764uMwhtQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowHDEaMBgGA1UEAxMRcHVibGlzaGVyLmJvdWxkZXIwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwACKJtGWmsibDlKUT1FcYkJSFIiq7gg+W -GLvLOzWzO2mFkdwqzECrOu61LVp1HaFT0hgbrsenKKg8mV0jdRDj9Lx3xZUB/F/3 -fIy6Jh3zxat2iFwJNGsd4m24lmqhaAt/n0PFAZlX7SToDAOW3ONUM+IZYWzwIWsL -RqYOji8rWq2WGgbz5pX0pj4OtiU/44ktWgnBgnCHSkcrQ+Eu/LRSmFaN4vyHog7q -+VMaX1U/bXKjl/k8kNPXZxLGgTDxe0pCZZVFwWCw176i3fDupx9n+ZwaVekf9iVy -Os5crCEZItHZRnw5+9HTPV0ojN8JEOoPcNve2kuXJZL1Yn+opEi/AgMBAAGjgYYw -gYMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMEQGA1UdEQQ9MDuCEXB1Ymxpc2hlci5ib3VsZGVyghJw -dWJsaXNoZXIxLmJvdWxkZXKCEnB1Ymxpc2hlcjIuYm91bGRlcjANBgkqhkiG9w0B -AQsFAAOCAQEAqzM2NTtZPB461lbNXKkBotr48P0Q9kzT1oBi99hD+PIHh8yiO/Le -s6Ak2IRz9IsEfZ8Bc7A23V0apQTSa1vCMEZ5HtoBw6uF5oFqdTy2DGktItMKEo/9 -2Jj9AD9W1qDUSzDBpt7tW3DBEcGrCtGN2HLitYaWKuPJUMdm97s5fPN2qvI73+j4 -NzF49DNB56+tpcKa2J6C8MpJSJB/mBuYMuTBi0liAqOzAEMmZPHcz7qNElFSO/w8 -oz6qGWZU7xCRVmAGyRjV70hfhQ2sCdR7aVKQzYasDn2D9/8S5DulswZSdpxpGFaQ -gnunuoIri1tQw9fby0jbNt8IGyBkeOYnbg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/publisher.boulder/key.pem b/test/grpc-creds/publisher.boulder/key.pem deleted file mode 100644 index 7fe377f49d4..00000000000 --- a/test/grpc-creds/publisher.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsAAiibRlprImw5SlE9RXGJCUhSIqu4IPlhi7yzs1sztphZHc -KsxAqzrutS1adR2hU9IYG67HpyioPJldI3UQ4/S8d8WVAfxf93yMuiYd88Wrdohc -CTRrHeJtuJZqoWgLf59DxQGZV+0k6AwDltzjVDPiGWFs8CFrC0amDo4vK1qtlhoG -8+aV9KY+DrYlP+OJLVoJwYJwh0pHK0PhLvy0UphWjeL8h6IO6vlTGl9VP21yo5f5 -PJDT12cSxoEw8XtKQmWVRcFgsNe+ot3w7qcfZ/mcGlXpH/YlcjrOXKwhGSLR2UZ8 -OfvR0z1dKIzfCRDqD3Db3tpLlyWS9WJ/qKRIvwIDAQABAoIBACzS6/jsQ9NPngXD -rsM9Gi18bQb3K7Dzr+qHRBS/cK7EG9zTyCHyQSoa6T6lXVtkf3jskg1C10BgX3CH -kqv8HaAg7XsHjCqkTwCl7OVf3dL+7etTUTVa70j+KPmQ/Xk8GWmYc1cSUC6PjA25 -OZTLju4cBKJ4KJmDuVJ23MXqOmMs2YKL9fBctxzKYv74Df7WBmaRKGf/RXN5mjCv -QQpqNtegpWf8TpgmVn3KbWVot8IuXpNNqQwEryWIQu1OoFWQtbunWRHjtrUgeOzs -prhvqk7IAvPHaYyrWjX2fYno0kNK68EYMkZ4/ZbN9xPG2mi1qB1zam9eGkLtzs8H -/fUnRykCgYEA5Zo68MIU1PNQK+BcA3LfYaFNBVN3GaXGu8wxN7c7YLfBhtNb+E04 -vAYkTK5qfMG2DDdbzroECYc1gaKcUTH+bgE+MWFTAJ2Gh/1jExPr+yKJl0QLvXJw -p3M8RNg+TG5VEn8SOZpl5U3Ugj70E+9dIIDGiVQSMd06RLzNtl0NZs0CgYEAxDxE -TrVvyQy5clenzV52YqYtdO3H5J6gL1N0nLZEcZ96meojxfc/w69GQoBqQKKOLSRQ -OObM+cO10OusWFg7+kuY+Cwy+pqzFPlp8HkSEFdBRiHp8+i19foyvRtcY6SDMM3t -WUwlHWe89+eO2gvCaCGTfIowyQzJhVTd5p5Y9bsCgYABzP3dWYhUSzw7u9y84i/C -UkOKYScz+kreujFAoJ1EmuxXpFy6S9DAGMQ8HboUFGjbG6wKqQbTFE5lH+Nd96hp -MHVOadb+0D1335LhWWymYZT2rL/y0mzzw0GbwJ5sdwkPxhNchEt8Sun5w4iih2QR -lzD3bsNdxMBqPZjXb09lmQKBgQDBdzlQ8Af5ixX56PmCu7Kzp2oBcbw1ZT4/6mN5 -bSklbDmPLQt/zTeMUW1PexNGDf1l+/srXkCPrae/Bdqwbq0TIxz473qDH6mW8B7F -+lcYzS2JWz4wPinHDJihYCxCAJtmrl9mPnAJAZGIRz7LMfTEfPXPPt7CGF1Fmln7 -V/oUqQKBgQCBjll5uxw/tb2xNp7udBQ9Zaa8+mD+mVRLFI0Dc96Xs1Xr6A7+PmmX -Znn+kKDYgDCwuq9Fj0bJg55ZJ8oyTsNVjnJBgfIV1Oirp5iZ1BrLeXlna3dh03l2 -vp9TIEnhxn3yjGFpV2nGeFtdmFHY3xHz1cmNe8r6NFrIwhMqhJzjhg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/ra.boulder/cert.pem b/test/grpc-creds/ra.boulder/cert.pem deleted file mode 100644 index 9594c155087..00000000000 --- a/test/grpc-creds/ra.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIfxNBlyjHA3wwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw -MjE4MzI0NFowFTETMBEGA1UEAxMKcmEuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKsTrhnhiHgTppDXNCI2AK9bktYEj3JlnJtnEtXknULI -y2mBjdiwI9n/olQjhK9pt6dTk9rdPjTt4eOYMJE1x7TiPgETp7umw+NFruG8jYD4 -i8sHt6JoKcT6x0AwWwvGtpbBO7ru2Z5HFjFZJwylQuUWt6fcc02qa0A3drjIbLnL -akcyAKc5IT1Hne24Xa6onwFFbjhUsO3iRn2HCbR1bwQljwwEIAI8a1bZjAEb/kTO -tEoNZIGX2DeZg7CBF3FQxXWHR5Wv+WVUVv79RkItRvnOr/MooSRg5PgiGvvC2Kdq -EvDBXB1Sww0T03OWMwL9ohHviqEF43bEAndllAquovUCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnJhLmJvdWxkZXKCC3JhMS5ib3VsZGVyggtyYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEALFHAoEfVZbolb1oWN5Rv/IeXbyxt -9oKIJOjL8+Qiu9Y1/AG493dkahnTIiu+GLQhrRm+arQnM6N1rB2kKefcl4YGaukT -pZG9BS2G+qJJT33XZo3O0wMB7pb6K0FzreLcb9NpG0z90xZ22t9+zLeG/i71f5cg -0c/YKjnA/gweVYnIeMeup5YVgwgY0sOTWGIPlqld8xPHZz2ru0/NETFHEBGqdzhZ -JODT441NtjVTmJo1bNun4GOUzZ+yAh1EThS/982qiFa9czTaUF8zLafAeiqjyPW2 -HDhJG53CG24q9YkFhfpCUkwTwcsW3pEfV7gfP890RK/JusZ1fCKOi1rsEA== ------END CERTIFICATE----- diff --git a/test/grpc-creds/ra.boulder/key.pem b/test/grpc-creds/ra.boulder/key.pem deleted file mode 100644 index 30a8d2135a4..00000000000 --- a/test/grpc-creds/ra.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqxOuGeGIeBOmkNc0IjYAr1uS1gSPcmWcm2cS1eSdQsjLaYGN -2LAj2f+iVCOEr2m3p1OT2t0+NO3h45gwkTXHtOI+AROnu6bD40Wu4byNgPiLywe3 -omgpxPrHQDBbC8a2lsE7uu7ZnkcWMVknDKVC5Ra3p9xzTaprQDd2uMhsuctqRzIA -pzkhPUed7bhdrqifAUVuOFSw7eJGfYcJtHVvBCWPDAQgAjxrVtmMARv+RM60Sg1k -gZfYN5mDsIEXcVDFdYdHla/5ZVRW/v1GQi1G+c6v8yihJGDk+CIa+8LYp2oS8MFc -HVLDDRPTc5YzAv2iEe+KoQXjdsQCd2WUCq6i9QIDAQABAoIBACgZH8ifLT5/1J3E -Y0rVf4manCsfvIOiv3dJTIfn4thhehQLsrSkbHLPUTwJazM2Qz6r/07gZpE/ZJ/U -7yVKBromAUR9V+ZK60Uc8yWj7ULafuGiuG8PnSK3aPZpnx1+gROKzTY+f7FylggR -Dm8PWUOa9Icay8fbdvIBTgl3qMxPOCgLyXNXNJHcKIPb71L1T5EL2H9Z5vHF9tFy -TnbpeK0GlmBHIeseVaFzruin3sqxjRftVEgTL5XhTq/9uY3EUutq8SGRoidbpp/+ -cr0I1IpFcrJVmJHKdfJkdRI2u3LtMKS3bpqJU7MKn1DRzvQatdSQwn/V8wU3iG8o -04dus60CgYEA3IBOLJRfMFgj6LbMSySoP8JIzVvnBHIMXGd7mzuYUlV2GjVO5oD2 -nh4Q3eGDT2TZ1GbaGGHLhpCXIx87oSXHZz+vw+sDh+WHEApLKZMRZLMxAbNcsPQL -fhcmaQVkfxaV78rrt8TYuLDIU//bOTwGJ48Maj92RT1z5hOOiBkdQe8CgYEAxp5p -Au9kiJFEIgHVtEN+1qHfnwZJI0xOkDfsd+a1J6PZLimHAfiYETAHfJq1cMC4Mt/G -4l/WDqwcWXI/9A/gN7NRv0miQ+tDyVHntohaGoU+0hm6QfXag6VloWs/X8mlzCeu -46AXAni4lbW9nNWwImEL1uSC/Oo5vB45OpHR/VsCgYAivfyTPZV58olF43dw54ey -9BOwd6iApM+Zx5xMKymm31xKaNfTrcIty6LwstWTrto7gzEd4lrFCwclO4iTrXYr -qHczMVZPFTUgq96H4Go/KZSxJeeW4fzlkxQ0O+tHsvFQ5PIa9GMJRqFpyshpzjFS -DlHwc6tY4YPfXnl4rCxV9QKBgAsrwbA+kqLzuKdI/yICYdHkjNU+30Iy+oA2BQDB -YxL1rjNgdo1v0+2zi9hAQ1AyJqoF2APHbByrJXUKbfpmIjA/z6s4kv3K76cVCjlD -9f1j3SKn+8fV8hJRbSPlCk1y4/ZVjQqUaHblH0ycSivWAPAOEUJm288pxVGFSaa3 -qN3dAoGBAIGSn1PSjIVqypCQBBydedS4WDjqwkLoL0bOOZRLxgk+dtfD2l8wKqWp -Helyqym23d58QPb0ZwMU3g/0pZXDqX+w+bnUvAvjfADmFNe6T1nWYiu9Mn5YHAyO -G5s2aHfB8aSIqQSRASlWgFEmftfpuapRGAmOyZr2JYZuaELkvPmP ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/rva.boulder/cert.pem b/test/grpc-creds/rva.boulder/cert.pem deleted file mode 100644 index f68dad1d4ba..00000000000 --- a/test/grpc-creds/rva.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDKzCCAhOgAwIBAgIIN3GC8lNGBqYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFjEUMBIGA1UEAxMLcnZhLmJvdWxkZXIwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDYOJmNC27+V5L6ODXokt9dQiVCscVhjC2aHNvw/KEt -EfzUTkfOAkZR1FbRVcZtUci2CIxVTPHQBUPfZiz98LkMCR3YJBv7QZvdBiinEExo -Lzn4LP7vRNohDWl0QLw+aZH8Y5IUh7GITPLBDF62F/6DaCva+k26dmlYdmVMM3Q3 -LjPlwJI1Li9nqE0ZgOtzIHtx0hTHlW8rd8rx93QXVZDfk2TKCZBPJ0BAzW3jpPGz -39mdullWQMOEA5svr+pRBvsXHdwIzGFdZY3ixRCqOwDdOHIubo8wSWjMuX0JspSW -oIG5w6tZcF3szvgRUDKIEyQdXEwMK+k24VL1Rj/Ojsu9AgMBAAGjczBxMA4GA1Ud -DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T -AQH/BAIwADAyBgNVHREEKzApggtydmEuYm91bGRlcoIMcnZhMS5ib3VsZGVyggxy -dmEyLmJvdWxkZXIwDQYJKoZIhvcNAQELBQADggEBADLh+7f2NMNj5ZGXQYmsfSh2 -9wUxCVs84hzIDLn3f2wybRc3nYg92mTzJmihy1J1b3NKGKhosHcZA3dQ5/z6TLCZ -8WZvEw/9zfIw63pX9r18/jTnmKPoaSumnS99hilEGtbbpsvn9nAfEM0wMoMprygk -h5c7gOena+TxiClAnWNkv8YMEUT9nd/OvdMx/9o9yH2VxQ2Vh1/aP9gBOAUPpmP3 -jjuNBH3uD0rm4/WQTH4Ok4Q0okuGB7xH3lKns4LcnNuL5d9k0YWpQkamcS4AKn1G -bZ+uXinfsQneSMJI1CZ/OtZJB1fOKLK1ifd4dAVwuLJ9hlIHWfwuixm+bnnD38A= ------END CERTIFICATE----- diff --git a/test/grpc-creds/rva.boulder/key.pem b/test/grpc-creds/rva.boulder/key.pem deleted file mode 100644 index ed78588b4df..00000000000 --- a/test/grpc-creds/rva.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2DiZjQtu/leS+jg16JLfXUIlQrHFYYwtmhzb8PyhLRH81E5H -zgJGUdRW0VXGbVHItgiMVUzx0AVD32Ys/fC5DAkd2CQb+0Gb3QYopxBMaC85+Cz+ -70TaIQ1pdEC8PmmR/GOSFIexiEzywQxethf+g2gr2vpNunZpWHZlTDN0Ny4z5cCS -NS4vZ6hNGYDrcyB7cdIUx5VvK3fK8fd0F1WQ35NkygmQTydAQM1t46Txs9/ZnbpZ -VkDDhAObL6/qUQb7Fx3cCMxhXWWN4sUQqjsA3ThyLm6PMElozLl9CbKUlqCBucOr -WXBd7M74EVAyiBMkHVxMDCvpNuFS9UY/zo7LvQIDAQABAoIBAQC9PXRu9NXVN7KE -21ObVYi3J6BS6iI1ySlUW/PHzGQIfVjKPCUuUeFX1z+RAcCkh1Lit0KTmb9+cE1C -Jjw0mU5sEUKUnK38zyRqYuyLo4EsIkFbS45ovdsn2IQ2Yj4fZeiGfGMrIsQn5ikE -+x2dxAxW2IKhqjcDfoWfDiiEc/hAHcwK7WIez8pkY3sgyzhms5IzFBqAWX5DSaXV -t2I8A1kQbw6JdWr+jIVSLqRgB3ojvhewHLkbcPrBLt7/Zx3U9Xy56pw2j9VneqV9 -yaBpZTXhYk6VxNZM7bqP7EHHVJ1NSEgwBn8YDeMS0wyeEwoucYSdt8hz8DjWUHS7 -NUH+PsdFAoGBANqBg6P8bbuXTObRAdLsQ5BDGIqNIRUM25o8id9dnQZ40F27wr90 -n7kBNSTgnimaaMA0tx2ZBgdTE0Q/r/Y2LMhoi+JXUHXIJlHvXd2HiKyS3Y8URo7B -hW+svTTDy6yhf8SP50gCq8Url5ZxR+6HFDAouti34WapUctOQQDETs2/AoGBAP1S -t+cTSxADaCBE3vC+MBpL+GDJSIIR5klSOIvDAq59vMeB8WhXR7qGyUY8uxYeRoMH -a5WkvEa4nonsRclyMbLlhek10dy5UDCQPbSLJg1ebMHw3JH528SvUuP1F0v+jAMo -QEkVnGkDmaccYXkqmRT+uFGaS+huICgzgrVECz2DAoGANVlDy8j4/cEuHHjRSi83 -O8S1/DYC6sHN6DV5sBiKGydqMEiEfvw5dxENaaiR1TSG+M6mGsrexvEIljQ6gRGv -E2s7JBMPaQJqIL0hnNHXk9Lz11gq9fXX33E8bOKVGtv/dv1viYxlZemDxE56Mom2 -ax+2pu0WUltqxgmgI1DKsL8CgYEA3IWUuCCweGkuzOCHXvWBdHLr7n1qlGg2m19r -ACer/vBQVTEGUPmh5HuPXYhiqNeENG5SNnuotrvir1gyTDIPl5d84k5KuaXMa+o0 -/SUg5ARuEsq1iJIEwYyKUQ070Zjuk5UHmVepyDUtHi9znwH5LzCqjccPC3BKqBRn -VZq9WjcCgYBTWn1sTDlAX6ZaFKEQXiZqVLCrmkobLI4wICyuYtVWpnReQo3MHW4C -AE27gK+ttH6oQfVoG9jD7TQjJOcJJW7rqBTCFVF6yNZERxUkgLVJ5kFnQTcvisKT -hlq8X7g55lrx+MTMhpZ8B7tcoL9F29ZR8yHrfni6+ofGsmjnjlLg5A== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/sa.boulder/cert.pem b/test/grpc-creds/sa.boulder/cert.pem deleted file mode 100644 index 660f87dda07..00000000000 --- a/test/grpc-creds/sa.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIHd2y4LvorWYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKc2EuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANVOyR1/2onOWzBLOfgGSHVqsna8UkOpbc5iy5S6jsKT -yqcQdRag9SSVDhFjmUMlreX99OH1d5el4Q26JVb1duI0kWXdznyNN85LezpxHp5Q -TG2P7Z8RuyYvTJEqTYYkWnjGzojvUP+kSeFyjaSKNBwobem67sn9Os0yEx+2avYN -/4wcWMcKYkVVmaq0rkGhvmMShrdOdbzeWpS+ISKSX6KQBpXZj4eI3ePEH+uxLNX0 -Bcw+vocISZNWoNzVye+mq+fAANtyAEOnIIgnGUvB8j2z/DPJN7PZQRXQdU+JzFNb -xBjiP+RDBW1nTKcPN148z3tjdo/MsqB/yV+Tbx/mdbsCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnNhLmJvdWxkZXKCC3NhMS5ib3VsZGVyggtzYTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAXT4c/CQmq7vGWzGJjxJPEUvvE241 -Bld6rX3ZuqB7opBuVi7dfNY1YjLy0zCwAAUyYwGoQQ5nNUkhJL8mkXmY+mqn1Ya9 -UgfzpY2KxE87fRflxyLiElgWQB5R2BHlV9cuvDS6e2TjUsoLKHkVWWWZnxUu0sNd -3L6dtg3AJbn83IVg8BY+xLLHjGazyfRBoLUAKeJNyT9JjlSZFUtG5a+mfG7V2SU0 -7A10quBMoa9cvLnbE0OnlGsDSpJQ2DjT6muoyxGKRK1r7/mMLQ25DLw0LHI5raUe -9jI23H7akLJQLjwDZ83IRcBeIGXk7lHz6PfSPjRoTaliVfGnedcdZYUJgg== ------END CERTIFICATE----- diff --git a/test/grpc-creds/sa.boulder/key.pem b/test/grpc-creds/sa.boulder/key.pem deleted file mode 100644 index 3884fd9fe5a..00000000000 --- a/test/grpc-creds/sa.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA1U7JHX/aic5bMEs5+AZIdWqydrxSQ6ltzmLLlLqOwpPKpxB1 -FqD1JJUOEWOZQyWt5f304fV3l6XhDbolVvV24jSRZd3OfI03zkt7OnEenlBMbY/t -nxG7Ji9MkSpNhiRaeMbOiO9Q/6RJ4XKNpIo0HCht6bruyf06zTITH7Zq9g3/jBxY -xwpiRVWZqrSuQaG+YxKGt051vN5alL4hIpJfopAGldmPh4jd48Qf67Es1fQFzD6+ -hwhJk1ag3NXJ76ar58AA23IAQ6cgiCcZS8HyPbP8M8k3s9lBFdB1T4nMU1vEGOI/ -5EMFbWdMpw83XjzPe2N2j8yyoH/JX5NvH+Z1uwIDAQABAoIBAGZKdd+TpHVZZBlw -ucfbG3xTQmn2PWz9Hw9OCVq1bCibPx+GoN/NKEH2yNxF6wVsWExm0LxbPpKWlapD -jgx5gh1QIDm9eHv6LLzdLacFAC3jTANudgFGO31ASXOD2dFuNYSdsgWw3iL54gQf -LxWswPiP2sWvQzvSGBS24rzeecSsabBneQzxbyxGzTUDTc+1z1J8zMEruAANpajs -BG5ub74LCpPuUYm+F+pbrQebrsLGjy6+SS8vEUYhfW2Gu91mCoWDWbZZRfRXZrS/ -juCd98YX38tscUVbZgXplTWzPQ2nzoP25vm1P5kB9EO/SQ1viC9twR8dnmmVKDa4 -sLx3z2ECgYEA7FNIG3JN+PVvdpG/UFV8Yrz6EbUQKuN7Fl/uP/Ti4sb2rBS29Nsx -WPJMOlIkraDvyO+yVF5wF4DBGE408vGJCFLOkpCLKTKHPJHLC/el6a1Ys1qpcPwG -8kpN+1CaKc6y0fwtgFJt2iWvD8QufXx9k+DTOTGEJuVUZ5bMk275Zy8CgYEA5xDw -UFK6bENfCdCnaCD3EPeuT0t8F3fz83I3Wa5MKKk0NnGvDhRhaS3pe/DdJtLVwl+l -7WN4CHSBG5wNCOAPLE0dv8zIkY4yiQ5jD3HqX+q14YCg3LJPRDHrXdFh2Kmy+tBB -lACDaL6qWO0DvuTFvHFtuv+9Twle6adnsHo3NzUCgYAFAycuXdhFhX8dtq2mGIoQ -1g0/vuVe44BC0zoMZTdCtBGbSL0wqE19o3X2brOUcytiyaKwo2ghN3vg9hetZ24O -nSMAfMxWzVmM8VKrKE9+i0ysUSny2YWUMftBb041wMqOJZkZdaYa0F3MKc8Knk9T -iZsxRVmWMZr+r3YbUmk7xQKBgEtkDHS4uVivlqe2K5jfAJ3Jolb+8wsZOUBaKNMa -+oBdzMpix1IZtjrCHycwTIfpTJNx78qHpNdlY+alQN9/c5PpyWYWI+7R7Y0oY4vb -iDQpeZSNCm9XwmMmwnvG4Fz36YzKPEtU64tWgnAnTQyQyi+U9s+Ht7W9AfnMhBlh -lvhtAoGAa3JjxWAwmx/hfqnIpUWYuFFXiCBrhofQf3O7rvEIAeXidFbpvlhOpCD2 -r7Iyi3xJ8F8DK7GfZUY9nv5xr43EAAtHXMh6e1UTRofvJZth8NwTAKzLlwWuwA9G -oxrhpo4NWZNtyiDkQyzexRS82h7kTEOleKQnEcsb71d4GQLxEog= ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/va.boulder/cert.pem b/test/grpc-creds/va.boulder/cert.pem deleted file mode 100644 index 48196fb10e4..00000000000 --- a/test/grpc-creds/va.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDJzCCAg+gAwIBAgIIWBOEDIXyek8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw -MjE4MzI0NVowFTETMBEGA1UEAxMKdmEuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMX9cDpvSMyj/gwiWbj7NXWqjkKl4UMPkZrJWrTZQcV+ -f+2GKiopgraEQnwUES35I6pI+5BdMnJWUmsd7Q508C+sgEXeSbtLZIrH7iFEfEKJ -pUv7BGfyOmz8wZys4qJyeHQPngrTlbcr7R6gPAyxearVEF3O4hEfVVdCd6p0WDsK -THFp5AQRP8oYHc2YR9PDHGrtegD34lGq4DUhRqXK8/FN81VU7wrpf4bEnzm5t8tM -HrIbugBjIF1zOdO/s/mvSLiwrqE1ypd7wf4P0+aXIl54EQ5SBR34eKuoj52m9jPh -2euDlMzLDXe5xOpg29A2WgKTj3bQNB4yFWdRz27FjFsCAwEAAaNwMG4wDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMC8GA1UdEQQoMCaCCnZhLmJvdWxkZXKCC3ZhMS5ib3VsZGVyggt2YTIu -Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAVlz0sP8plCkJo1V2N3SfYAdQJmG5 -plFqcHhAbG+ifhVknkDQVz+1H76AH628r4K8nhy6TgdzftsgRA45evkTZbnyVEsV -20VTWiYeo11HVBHd58CAsYbCQjiSeEjCsPpV1cLXtOGcKvINYvU/8+HoNYQ7ALXq -2DYLNyVIrNz5iR8Q2n79Poyr4QG6qYuh1W+eWJ9v1o9OVjp3QBmvQOJ7rZ6n2M2v -5ugRmL6HsO4F+B1+SJwz9km6RPXqIz2JhnMg/NwcGp5fuQRL6Iw5Bah/BU+wEaRt -gMRiFD3IjV1CaiVWA2ceSyG0kr6U6jf238+ddDUU409RO8KQlWqpy+chIA== ------END CERTIFICATE----- diff --git a/test/grpc-creds/va.boulder/key.pem b/test/grpc-creds/va.boulder/key.pem deleted file mode 100644 index d6e71ec3c96..00000000000 --- a/test/grpc-creds/va.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxf1wOm9IzKP+DCJZuPs1daqOQqXhQw+RmslatNlBxX5/7YYq -KimCtoRCfBQRLfkjqkj7kF0yclZSax3tDnTwL6yARd5Ju0tkisfuIUR8QomlS/sE -Z/I6bPzBnKzionJ4dA+eCtOVtyvtHqA8DLF5qtUQXc7iER9VV0J3qnRYOwpMcWnk -BBE/yhgdzZhH08Mcau16APfiUargNSFGpcrz8U3zVVTvCul/hsSfObm3y0weshu6 -AGMgXXM507+z+a9IuLCuoTXKl3vB/g/T5pciXngRDlIFHfh4q6iPnab2M+HZ64OU -zMsNd7nE6mDb0DZaApOPdtA0HjIVZ1HPbsWMWwIDAQABAoIBAF3JyZEUyFKQWLbc -ys3Syic8LPmrZIME6/975KkIxZxNaUJWLMEeOtpE2s22H9E8VMXEns5rJ4t8ErzF -R1dy05hxya3PN/QuKamIPeiqbYaDd7b/aL3ow/5+2SRjzVQQj7jC8SXFxwUnHMNG -Okv1AmKHXaJibzqXMjEMvm0Tgfws9m8IEMHnRCGK5Z9kZ1PTgEgRfaENxs8mSNHU -BMzaQU34p+t/daHYy21qby5g5OwlC9clFrYj4asaUnhJr7Lt1ZhMxn15UIhJTXx0 -fWigk7/LhgAgc5QWJZ50FXW0HL7lxieUup6/c4KPXcKKyDT42e/1tRozIsiSWeKO -PDiUunkCgYEA4fRed6Asd3vRG7nSOPiZ8tYjQJsrratCKrIhYPVhsY6iLh7DMRDm -G0puKzIL2v3g5lu3zK4VoZ50OFZCu5wtH3ZhENCCnhR9vKB0/vzu5eH0Ct0gBSff -dFWlO+Znw/HLxc9nQ4ejvjsLqwYKAQJUoqOlvNQ1g51r5KLkUDo5fVUCgYEA4FEj -Z5/NJhtO22aSjiQS/N/bI7KbUNG90TWcgHpEUMXjaFxh/OZopKCxnfzX2WFFhOBK -VRSI2iEiCevA70GqTIBxOJWJKPPh9hzEFoi/ytG0MPnNdSibePr0Lf3etH8ztu8r -nMA+DvEwJ+k7pQiRlNzKxKRu1CDph4zKUzSjYu8CgYEA0N02xZWGBRyq+toV/Ruw -Eszm4T2Oboa0Lwth12J738ldGQzOmXhpfCidFci5NMEhN07o44a38CGshLcYEJwZ -CdA/gW98jeubHtWj0GC15EGteK1Wf+2PnNXeWzRsDrBgEIXbiozDS4EBFCIM9UnW -OlDTT21J2lOV/E6mhZKMudECgYEAuZopI0qT4h3iR6M9TCMJGvbWSVk1Lc/9sScc -0SlZcUPrf6RA55J1rxHPJRvaNWFItkMm/fK5sVKM6YyJ3O2GTTpRdDI2hQ4WPx9a -GBMaLmUJJSTsHS52RcnPVGakaNB/J7QJb++Y6aAi6kMPOOQ4IOX3WHF9ykNZNvEF -T4dUUT0CgYBeCD16H6sfNL1VbrXPKUhHUszL1QZF7FH5Zs14UvbELg4hVF0kAl2c -+fN3X6oN1aAhZrZLm35daRVayK1pZJeezT093L2RvtJPNJq0B5uWCyBZKDGu9zcK -1ynpx333QpxY+HuV0WNwrIei9jaE0VjyHjo1YZO9Dn38+9n5SPxIQg== ------END RSA PRIVATE KEY----- diff --git a/test/grpc-creds/wfe.boulder/cert.pem b/test/grpc-creds/wfe.boulder/cert.pem deleted file mode 100644 index 2d354ed2c6c..00000000000 --- a/test/grpc-creds/wfe.boulder/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDjCCAfagAwIBAgIHUOfHgEZrxzANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQD -ExVtaW5pY2Egcm9vdCBjYSAzYjhiMmMwHhcNMjIxMDAzMTgzMjQ0WhcNMjQxMTAy -MTgzMjQ0WjAWMRQwEgYDVQQDEwt3ZmUuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBALoS6N2oOw2vkkE5Dw9lSF6LA75ejXOP7EZ8xf59I7Tf -/u887GL82NpwYHbtds8c2yn7Yb+tH3OPHt0SRYQfEx1mANrD1XLYwZGTCpqbXuGH -k+u+InfwbbViA1qwCVh3XMQWn2JS2PqYqMHmWC2qWW/ktgidAN5KvxvmS9CIfFY6 -F9tCLdxmA1Fi8pOm6G73EgC6CvpttQWsk27JApTt5YJhc2Qi1D/B9Ak87+DU+tsT -NP8ALknPbEQYNK52CF88O7ANooYuEMwSwIa8qo+iJqU73qKAe3SMLXce3H91qu6O -1i3vdW5+VgUuKNcU/lIXuP7o9fjdiOohtgTRoNoU+l8CAwEAAaNXMFUwDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB -Af8EAjAAMBYGA1UdEQQPMA2CC3dmZS5ib3VsZGVyMA0GCSqGSIb3DQEBCwUAA4IB -AQB7zLro1glDeLh7rh/DJ7obOcpoyIFYmv95I8eEiW1EyRoOp6AwbZucJI22Rrw2 -PU+Hto3DB1qbhUAZx4ZdUafvKT5FonBGJYF3gS6nX1kZ0Z/2Vk71x+z7wyNgrhiz -VS4uT862XEQTi3R4J8G7IAINVm+keQX1y210ERBJ+AQg88nAxKT/wusSyulwnLEU -k0JHa0jZ1Fg6fhUdutK79RTNQAF28sR3eBeK/+aIR4t1kSG9sCHHejwc1YWvHLOY -jjGBB4xRM0qCHXvmNc7cHlNECkbcipXfNwaOOGv7b+thfON1hNfaTsbLJL4EK+F9 -1QajfT6206hjLKBRChftWZ/M ------END CERTIFICATE----- diff --git a/test/grpc-creds/wfe.boulder/key.pem b/test/grpc-creds/wfe.boulder/key.pem deleted file mode 100644 index 647d1f03c94..00000000000 --- a/test/grpc-creds/wfe.boulder/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuhLo3ag7Da+SQTkPD2VIXosDvl6Nc4/sRnzF/n0jtN/+7zzs -YvzY2nBgdu12zxzbKfthv60fc48e3RJFhB8THWYA2sPVctjBkZMKmpte4YeT674i -d/BttWIDWrAJWHdcxBafYlLY+pioweZYLapZb+S2CJ0A3kq/G+ZL0Ih8VjoX20It -3GYDUWLyk6bobvcSALoK+m21BayTbskClO3lgmFzZCLUP8H0CTzv4NT62xM0/wAu -Sc9sRBg0rnYIXzw7sA2ihi4QzBLAhryqj6ImpTveooB7dIwtdx7cf3Wq7o7WLe91 -bn5WBS4o1xT+Uhe4/uj1+N2I6iG2BNGg2hT6XwIDAQABAoIBAHjxM4RnBUMm+/QC -x0Qle71fs+Y3hM85G8TQ8swvwFafRQ9w1OCeIcERS9HhFNkXk2gdKXKxbwDoZJIi -fyaaIA16sFGA+iq0slQRc9H77NbADagrpDG7B0Pe2flG9DwZESWu4pfA66EuOnoV -YvkDgTBWQu8kRV02zjKvJFX9cHuGF6PQrz5L0y9BWK9aOSTRHuNNUkUAVkKxxGzU -NIk0WWYFPeRqoYNs0iuROmPCgB5A1uB3PeWIFnVxXedg/fl1Nu6YtVuiAdtjcP8j -oRi/BeFp0HR1qFDtc8GQ+mGhbALlRjdirgGjlVkm7wLJz9TxC+AUxUEGnoBELd14 -y+FQfmkCgYEA8eowwd1iX5f40ofR8I4aPmBwB0rtRkX5ruFeYSZQyA+pf60c05st -EHcbu98dBaTSaVFYWJBngLeUBTrGuPhfqQ/lF3xmfbr5CFcMJUgzBF/FWpdb/5Op -xmLJ1SRyGK48UgN2P/Ljo8DATrE/Nm1AqSxYmEKFyy6s473UkqEQnRMCgYEAxOhk -2Yf3JfTZMWFdNrkFn4Afk19KhFqZ/9n1sICSXakmzz5RuHb3EVPDc0i7L5SpWPkk -5yRc2BX/dOD3xjy1KHah+kim7R2OmJPC3HSDVD8O7nOdzirUnK5LCm3LuWjHVyFj -I3anl+8TeDarbQuIMKvf+FP09GXwSUSGyU0wkwUCgYA6bsz0JttaJ8UsZS4qosho -BLdKq6iAbuqOeVVote6RRGc2tcPewP6zmXGTgaLq+BLy6Xkje03k43LXiIjzqNrC -ZVp6v8up1v3MK+p9HuFjzxZGeYT5SNubVcVWvITqvTtIvBlV/P9LUIWi/GE+bklO -E64aqQbUOyP7pqCwAkOXDQKBgQCHlp8bS4zcDiYg4rKVJALDOi6EBHIDgX/ZtfSA -fYhMBlY7Duam5wRqYguMLuD2ep/CLI1EvL1R7pPhn6f+UX9NRaNz/OM1E81FMzpT -I8frEyDtAaAAf224FiyGGeTW31ekn9DscqAk9vOpK7wPcoltOm0XSni6chdr3EwU -AZsZIQKBgQDNkpWknCwijkvzhkLmY0K628GDDMSU04cf4IjovwS/Eh0mFwp5YlhV -pR/aqz1qkq9/gih9nC4ov4LwckDrVbH4UtHwfIQz5O0uAyqb/hePN+EyBRQOvRdF -zyhMYtd2zCdkd4ksXjSOLL94kzf2ObQO6zWBuPwUnKt3TuAUMJ7HxA== ------END RSA PRIVATE KEY----- diff --git a/test/helpers.py b/test/helpers.py index b0ad43146ce..3a7e38615cc 100644 --- a/test/helpers.py +++ b/test/helpers.py @@ -86,7 +86,7 @@ def ocsp_verify(cert_file, issuer_file, ocsp_response): '-issuer', issuer_file, '-cert', cert_file, '-verify_other', issuer_file, - '-CAfile', '/hierarchy/root-rsa.cert.pem', + '-CAfile', 'test/certs/webpki/root-rsa.cert.pem', '-respin', f.name], stderr=subprocess.STDOUT).decode() # OpenSSL doesn't always return non-zero when response verify fails, so we # also look for the string "Response Verify Failure" diff --git a/test/integration-test.py b/test/integration-test.py index 8b3d22c5d53..af4aa386051 100644 --- a/test/integration-test.py +++ b/test/integration-test.py @@ -68,9 +68,6 @@ def main(): if not startservers.install(race_detection=race_detection): raise(Exception("failed to build")) - # Setup issuance hierarchy - startservers.setupHierarchy() - if not args.test_case_filter: now = datetime.datetime.utcnow() diff --git a/test/integration/akamai_purger_drain_queue_test.go b/test/integration/akamai_purger_drain_queue_test.go index 670e9d865f5..3c885cd1a03 100644 --- a/test/integration/akamai_purger_drain_queue_test.go +++ b/test/integration/akamai_purger_drain_queue_test.go @@ -38,9 +38,9 @@ func setup() (*exec.Cmd, *bytes.Buffer, akamaipb.AkamaiPurgerClient, error) { } tlsConfig, err := (&cmd.TLSConfig{ - CACertFile: "test/grpc-creds/minica.pem", - CertFile: "test/grpc-creds/ra.boulder/cert.pem", - KeyFile: "test/grpc-creds/ra.boulder/key.pem", + CACertFile: "test/certs/ipki/minica.pem", + CertFile: "test/certs/ipki/ra.boulder/cert.pem", + KeyFile: "test/certs/ipki/ra.boulder/key.pem", }).Load(metrics.NoopRegisterer) if err != nil { sigterm() diff --git a/test/integration/testdata/akamai-purger-queue-drain-config.json b/test/integration/testdata/akamai-purger-queue-drain-config.json index dea1509801c..0a09d857e1b 100644 --- a/test/integration/testdata/akamai-purger-queue-drain-config.json +++ b/test/integration/testdata/akamai-purger-queue-drain-config.json @@ -13,9 +13,9 @@ "accessToken": "idk-how-this-is-different-from-client-token-but-okay", "v3Network": "staging", "tls": { - "caCertfile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem", - "keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem" + "caCertfile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem", + "keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem" }, "grpc": { "address": ":9199", diff --git a/test/integration/testdata/nonce-client.json b/test/integration/testdata/nonce-client.json index 9a4a92a5d90..90e84706b02 100644 --- a/test/integration/testdata/nonce-client.json +++ b/test/integration/testdata/nonce-client.json @@ -1,9 +1,9 @@ { "notwfe": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "getNonceService": { "dnsAuthority": "consul.service.consul", diff --git a/test/integration/testdata/srv-resolver-config.json b/test/integration/testdata/srv-resolver-config.json index 1de1b4b3d9b..fa312514d55 100644 --- a/test/integration/testdata/srv-resolver-config.json +++ b/test/integration/testdata/srv-resolver-config.json @@ -1,9 +1,9 @@ { "webFooEnd": { "tls": { - "caCertFile": "test/grpc-creds/minica.pem", - "certFile": "test/grpc-creds/wfe.boulder/cert.pem", - "keyFile": "test/grpc-creds/wfe.boulder/key.pem" + "caCertFile": "test/certs/ipki/minica.pem", + "certFile": "test/certs/ipki/wfe.boulder/cert.pem", + "keyFile": "test/certs/ipki/wfe.boulder/key.pem" }, "caseOne": { "dnsAuthority": "consul.service.consul", diff --git a/test/startservers.py b/test/startservers.py index fcfdc942308..1516e055723 100644 --- a/test/startservers.py +++ b/test/startservers.py @@ -42,7 +42,7 @@ None), Service('aia-test-srv', 4502, None, None, - ('./bin/aia-test-srv', '--addr', ':4502', '--hierarchy', '/hierarchy'), None), + ('./bin/aia-test-srv', '--addr', ':4502', '--hierarchy', 'test/certs/webpki/'), None), Service('ct-test-srv', 4600, None, None, ('./bin/ct-test-srv', '--config', 'test/ct-test-srv/ct-test-srv.json'), None), @@ -168,17 +168,6 @@ def _service_toposort(services): # to run the load-generator). challSrvProcess = None -def setupHierarchy(): - """Set up the issuance hierarchy. Must have called install() before this.""" - e = os.environ.copy() - e.setdefault("GOBIN", "%s/bin" % os.getcwd()) - try: - subprocess.check_output(["go", "run", "test/cert-ceremonies/generate.go"], env=e) - except subprocess.CalledProcessError as e: - print(e.output) - raise - - def install(race_detection): # Pass empty BUILD_TIME and BUILD_ID flags to avoid constantly invalidating the # build cache with new BUILD_TIMEs, or invalidating it on merges with a new @@ -282,8 +271,8 @@ def startChallSrv(): '-defaultIPv6', '', '--dns01', ':8053,:8054', '--doh', ':8343,:8443', - '--doh-cert', 'test/grpc-creds/10.77.77.77/cert.pem', - '--doh-cert-key', 'test/grpc-creds/10.77.77.77/key.pem', + '--doh-cert', 'test/certs/ipki/10.77.77.77/cert.pem', + '--doh-cert-key', 'test/certs/ipki/10.77.77.77/key.pem', '--management', ':8055', '--http01', '10.77.77.77:80', '-https01', '10.77.77.77:443', diff --git a/test/test-ee.key b/test/test-ee.key deleted file mode 100644 index 51ffc2f6a51..00000000000 --- a/test/test-ee.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA7osPikqizKCDMB1EvJ66sJB8a0Cah2odQzBuRV6joENKvi/A -vRJqSSEBqq8mBWRd1EcYkxrUuoXPBaQIBeFt5+NlzbMrO4R/LaOfubJWvppVMyml -aTgc5vfI/psECyd9v6Cw29dvjnK553vTIevJeukn4ASbJT43zQeWspjQL0fJzOnd -SJgruJtRmZNr/kHVAG34/acc7U/Z03q58MGsm5gfuMIztCi+4s5sZWeo+Yd69yji -WnMIMuO3ggbznnEkzMl4K8QDhnolAoCjDBCOdBDMvyydjOSgtrGqUr8agN0Uel9u -XgOYlg3RqPw5VHpbLu6sEoUqEBXdDRjsNiIHyQIDAQABAoIBADP6CQDREngT4YHy -Xq/axkMCuJmGEiW/cXDadKyY2n5pKzgVn6GTCaW1k29liptSKz+93hTvm7qovVs1 -Sqo9XH1ShzQy/hCR5kRDiuIjgdM2PapQQMKUf3e0Ng+EJ3VmvXerw92jK6OWS/us -d2zEu7oUY6PkXQnYbMA4DxYLRhGG3zijCkqCT4NDUn1p+pg+XycSY1P5h77/dK9R -Vg6nnPaotCFyEGaTFydwCyI+apyFBcsjytncfFhB9qTUho+9XwRHFQhKt2sq05m4 -FhynoT/iK9I0G2AynufybD5UcrB6JfgNKpsQ85zNb59DBtGo+J7Vnz6F2RWBxBpR -I3lR8yECgYEA9l9iZ1nE4TMtsbYiBPEAKz1VGnWqZvpKB8W6zxq9sqAKAhIDWNOD -vsC7/7qogvKeEpeUiALtRxBR6/c/sjgHqV14DeozyxCgNBv7q1Mqpyhkojr6aJpv -hyXg0EQ86gteNEZ2Ye/w6uEN2ozW8ezo8rK83xiwFrT9sA8EeO0QzmMCgYEA991a -qXaz2LD57VIUwTix04rZlEU2As/BoZnCsHcdcJ6pmhleTVApIO4rVT+6wkyegJuk -mFcap2DXzW2bmIV2jjFlU5t9lNvsm3xTD7s7tGQitLE6/6l+cCTMeWE/e2DBvHPR -ewAmx9louVszp7JvhVDFRKe00FHdWISnotscwuMCgYA2uk2Do79GPzYhSdIYwuhE -sqUa8ZRet66GN3gd1VTaPw66EwJHUwTq9KlOT0prfDV878sAw5WtuYRZJF0z25po -Fuk6PhIvQ4wyxxyKnDjXVPO1zeAeKGAp51IfMWlOnCPa/OQDMWeU5VVMfQiqSPQe -JXIrJLLI+H96Anv92Lto/QKBgQCh4S1/FAltclgoSL1JXG+3Sy3DCli2CV3a3wMq -IQFXNihqfjr6n2ndGe+vI4ojr8qtD/m1jN3ZhwQqJHXEbRX61APrUNf5ypCDE/Vj -htL9g5CvFjkEFHyBXWc1tu+w8oZVQAcGIBkz2KfutsPLuFvhY9kSd709eNnpH+ok -EJp+JQKBgDQIODOnkv0j2K+Obr/9rKs5LyTCFhlDq7dDjeQv5CRnoQtYq0yzgbcw -EHv0uhAvHmX+2PJnZf3CAjv3kIbQ8JAAJw6AHUnCCcZZKpJy9VIB5jErDS5zXmxT -8W6q22bI/f7hrOo6LzLxIBfafMFhTtUq7YnW/aQWDFitSygyemrd ------END RSA PRIVATE KEY----- diff --git a/test/test-ee.pem b/test/test-ee.pem deleted file mode 100644 index 37f0509a31f..00000000000 --- a/test/test-ee.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDLTCCAhWgAwIBAgIIT2/BuP/jeiMwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UE -AwwUaDJwcHkgaDJja2VyIGZha2UgQ0EwHhcNMjEwMTE0MDE1NjU5WhcNMjMwMjEz -MDE1NjU5WjAVMRMwEQYDVQQDEwpleGFtcGxlLmVlMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA7osPikqizKCDMB1EvJ66sJB8a0Cah2odQzBuRV6joENK -vi/AvRJqSSEBqq8mBWRd1EcYkxrUuoXPBaQIBeFt5+NlzbMrO4R/LaOfubJWvppV -MymlaTgc5vfI/psECyd9v6Cw29dvjnK553vTIevJeukn4ASbJT43zQeWspjQL0fJ -zOndSJgruJtRmZNr/kHVAG34/acc7U/Z03q58MGsm5gfuMIztCi+4s5sZWeo+Yd6 -9yjiWnMIMuO3ggbznnEkzMl4K8QDhnolAoCjDBCOdBDMvyydjOSgtrGqUr8agN0U -el9uXgOYlg3RqPw5VHpbLu6sEoUqEBXdDRjsNiIHyQIDAQABo3cwdTAOBgNVHQ8B -Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB -/wQCMAAwHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwFQYDVR0RBA4w -DIIKZXhhbXBsZS5lZTANBgkqhkiG9w0BAQsFAAOCAQEAgA/UhJlg3x8jpyIMDVC3 -7Y0WKrOZjXQpkmsN2kmdh7sLE2EktmPdcyFXDiQ88jRht8OfFTm+k2CkeZdxregm -vJcKixWbAlk02Ezt0tAgICbLdw0BVlCVKOnLaFpPEyKZX+2PqQ1L5h1qpTKNTPf7 -up5RpayFC7IUd8UeYCxzKCfBSVyZ/6Lw/H8vaQAdUWcsUOG4xAquhvGkw5WyeLAg -HuxQPlNvc9XnJMtGwHZmre4g1D4asN+vBIyfofVyBUe4js5sJ07Awgm3xOTs/f62 -IY0QSlAMv1cma8D2JYxn1Fw+KG97HA5mVl7As5HwtxiMlUfXs8KtKvTj1d7Y66X8 -oA== ------END CERTIFICATE----- diff --git a/test/test-example.key b/test/test-example.key deleted file mode 100644 index 5cef3c804c4..00000000000 --- a/test/test-example.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCe8pK/MXIjOmb2 -WJ1VkjxhT/q0Ms6X9juUZNvWotnlJfWduNTtY+xQeMs4ZK/+GVrH2BLIYNz+J8Ph -3HqYoZ0Vrjs8VtKZY1oy//Rqipfp35ZT9PM4RZpCM4AueEv6JK0NNWCG8qOa3zap -7PAjm1wWOCkZ5fphZYTo1gxIsQUc8kBlEHGSDJXG1raprAuZ2znOXbEhruK2djXW -c1avE6SdP7NgsI3uygfQQVyjaJXcy+1DvRS06zxtBE8jTLH7L9knefaorGoWHG1g -Q88jmkPMBultDII5R2MDxtJgyiOWriRqZ/Tr4X1Fxvwo15w7wVxoZdgswpHiX5yu -RtvPdv6mmWY0I3I4exlyHhDZLuRic9DMT/IZFLPqvptIyWy5HChadHFmyc4tn+0t -Sfk87v4bDrDuqcu9La3CPNP7lP+U+b5u2AmWjbvc+2tclzJf2rlhVT9DsYKgK2U3 -s/0Ar0Eyp7MZpUTSPNiddJ62PngLubwMYIQ6YHTM5JSyXoHP+isGOH8bPmP+HMHn -Q5XT0MX+qsbaxKclk+2jnS66fJOhrbcqwPAn/hJe9UFczc5evKMr65oxptwCc7qS -Z89wHaRiItcDqJW5zONG9lNc1zcNkf1Qnq3ePon2YECjJ2/+B98W9EOq/8RaCb7d -OBWeiXpdCGODGMT7ZljDZlnjwf8zQwIDAQABAoICACfBdILt0yaMjQRA1dl5YjDU -2FgJ/TJ1HCHZuELPKMDv5ac1e8yEma7nB61rQbnEjbg+izQjRiMrvwrXIrLaeXfa -xGYrMTG8b+shqficAbM1gVwugEcq4ZJ9XypAXICMe9w55ZLbTaCHBB0sbkP5r+a+ -1UjtBNsnkT7LivcDj8vVq9Wbb0ygaTX6rmVx6tToyGSdeph6LaqFlqG055GS0DGk -pTEh994qGho0vv8AQbugJhAzUuKNk+eQlFq37Cxvo1kEYHV/6mjtY04Yp8633w1B -DVGBN3EsMc/YAvbCmHQvylvy9IerNrIlOxzcEO/BRWO3VYKch/CfCYltn70cfkS4 -Rqnw2vAekc2dQ8CVIXJqD2Tc0QODGpqpDc9V7svVx2TrQ0JOI9C2mPL2S1952E+U -9qj+JO0iJoBzPz3uZGssKuQidbQn1Lz0pPBWLb2akfqKaXyrmjyKSqHYioFz4RTW -4BoZGcejDOScf2kRDwMNVsZ75pc8hxQoW89nIg6s9Ix8S84qZf/Ey3w+jcosgtiw -tmacE+zzJDsAesN6BpL5rV0dJFLNqkmLVubjhsvHWy7C8OpqVbuv6jSuxNUFOq7S -NzT5RadBsFiWyNE6X3pS4JJY6VqXH20d+LE/Kd1ea1OuO/WzIU5CTfa6mJ6/0AUW -BhKaBoRkMDNToi1ogbcBAoIBAQDTCC8HATATmUeMxjG2h9WuPXUoFkMofcEql3/e -R6N3PU5GWDIWTXMNOtmuuPV4TF5CvdCnexP6uZNH+s/7RuTLHN4rdEKXIKlanhTE -p/MyeyiskIkHFk/RxngwEhtgjTtU6tvfutZHR3ZXOtzE6npandv75+YCUrQHBGgK -g6ohObVwcDqZJR4CQlFv5zj+FNMYA7E5EwHgGjXinZ82DWtjK1176poi+rI05OAD -1WL7+w1AYXEbF6D2BTqjorlzDvRWzN/FuPsjFtXOhvt2JFob1fqS/a2GCM/LxPqn -q5ULxko9z6zyljFk9nF+nwg62nMB/ifEpB53lWb1A1EP9k7xAoIBAQDA0S3ZRenl -SMDCPxGHkofYKcio1DWPyUAikBXSj6FBKplx0AeTjD24pu7K4PxLOAZNqe9U7qhW -wSruWzahzkc5Z/aqbj5jKg6f5dDU8dCagZvKulzhycQZCiGK+JueX972ABLmFmd0 -zyC4oFunZ4WvLN9EDBnY+Xszhayb71B3kJcb4zxA+r/zV3avawBcy9NvizNAc2Ov -jz2tu6YiApK9/AQUJeoHnb8njc22JLkQYk7ssdv7Vdc4Zm89V4Io5tNrvhCjWize -p2yr1kAYePPkrfBSeImrerZs6V3pqroQ02z8LLc5rJNJAwBEp8rGVd+vg5UMhVa0 -uD/FlgaYz41zAoIBAQCkICdDEV9svrdw+uvLBFXhz5aAeN/+a9+B2pXuMFUn9Zwd -BZbe1Zl3Xp/STbNLvklJKwtOVmCxjQbI4n5C9V4XwfngXek0VIiiG3QXhm+UgUie -/UI1KtslUXBEIrD8JJtSbd5XYJ4qjZ+yM+tjkuFZ/JAMmMzAXcX59ylblA8LDDDa -o85PMRjntOBVYcVnhpauhKCevPOmcXwbJW+fwEwWsrFgIJOEROm4TZEUKi9zvksO -GTq4UWY0MNjsTzBgFe9eWrRmuHlJTwc2OrDzr04NfBwHmhgMuGm0FxzCrqWapLs0 -24GsobcEyM54JgNmkmMD18DiJKo1YxLR16SB/5RhAoIBAQCal9w7xOtIEzHBTBHA -8gIKlU211xbuprvOOlnUzaXLet02PEWmzh06bFUuwn5lzJB5OlOSdBryG8RRAT7n -Ml02sJ07flJ07WZ2Wys5YHwRNPN08kDAIyYfsVi9dKBItbMs51g/tBzUsbEZdjCm -IsEzdzW2+EDNDxHxeC6xg4mvo3UUPfe0XZcDAtA8yvyqah2m5CN+fEWjn6QjJD2K -LSf8PRAEG3XtD1QQ4Yfajsz2TuvaqKuocuWw6agstXm9U3yVePkcD5PEHNZrW8de -F7PsWG1DojM3Epcq8VyDmYe/L9TExxFMo4ofUtGnOiTBKl7C+SvKsymWkddHkwbN -BDPzAoIBAGizq8iKh3E1Hpkz4bXBfTHoYDSqIYH/yyl4ZOL9q/VRKptxmQiOnJbv -3zsHjm/NyKpRjuFh971+2Y7/QAUL3Z4IHDXIyfcUJt3SDK4ZSMf6r68KjiBGh7JM -w00bEhcNg47TVVFBrIbeDNplD/A1gaY9s9qQ8IF2G2CP4X6WfhXNMViL1z7uG6jx -SvWUNpqrykqWfFHqC+l06r00A8AAW70HGIsA0lpwbQbWm1qHx1/A26ppfce83CJI -mKh4XR7eHZ9vparNclHZ3cmB5QLUJcedeTLKx8xQstBcofrvFJzAHAXwopprbAKg -BwglSdDubVd9v6VVrjmSg6lqnbmBXY0= ------END PRIVATE KEY----- diff --git a/test/test-example.pem b/test/test-example.pem deleted file mode 100644 index 1d817daba8e..00000000000 --- a/test/test-example.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFDDCCAvSgAwIBAgIJAMlbGcMCsKOdMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV -BAMMD3d3dy5leGFtcGxlLmNvbTAgFw0xODA1MTQxMzIzMzFaGA8yMTE4MDQyMDEz -MjMzMVowGjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAnvKSvzFyIzpm9lidVZI8YU/6tDLOl/Y7lGTb1qLZ -5SX1nbjU7WPsUHjLOGSv/hlax9gSyGDc/ifD4dx6mKGdFa47PFbSmWNaMv/0aoqX -6d+WU/TzOEWaQjOALnhL+iStDTVghvKjmt82qezwI5tcFjgpGeX6YWWE6NYMSLEF -HPJAZRBxkgyVxta2qawLmds5zl2xIa7itnY11nNWrxOknT+zYLCN7soH0EFco2iV -3MvtQ70UtOs8bQRPI0yx+y/ZJ3n2qKxqFhxtYEPPI5pDzAbpbQyCOUdjA8bSYMoj -lq4kamf06+F9Rcb8KNecO8FcaGXYLMKR4l+crkbbz3b+pplmNCNyOHsZch4Q2S7k -YnPQzE/yGRSz6r6bSMlsuRwoWnRxZsnOLZ/tLUn5PO7+Gw6w7qnLvS2twjzT+5T/ -lPm+btgJlo273PtrXJcyX9q5YVU/Q7GCoCtlN7P9AK9BMqezGaVE0jzYnXSetj54 -C7m8DGCEOmB0zOSUsl6Bz/orBjh/Gz5j/hzB50OV09DF/qrG2sSnJZPto50uunyT -oa23KsDwJ/4SXvVBXM3OXryjK+uaMabcAnO6kmfPcB2kYiLXA6iVuczjRvZTXNc3 -DZH9UJ6t3j6J9mBAoydv/gffFvRDqv/EWgm+3TgVnol6XQhjgxjE+2ZYw2ZZ48H/ -M0MCAwEAAaNTMFEwHQYDVR0OBBYEFFO1zLflE61aqAvRiN4PQu4FaKzdMB8GA1Ud -IwQYMBaAFFO1zLflE61aqAvRiN4PQu4FaKzdMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KoZIhvcNAQELBQADggIBAAsP13Ejo09QdJbrBa0qd3vmMXQJ84/LaR5vI7cWZ0W1 -fG7UJvivMpB3vhA2buTI2EGTqC2/uc8m0GD/UhW2zQvmPSt0BvbUjjWlQNd0hamw -IafJfbRT5eiYYgsHbYcU9wfjDs7fad5/29qJ5FdI96eefuJIjtrdq8sUXDg3q929 -cH6t3dxuxUMjRZXBXTTZw7WkMnc1zvd6/1RSYSixkccZUlTrOjox19tPmmkwVFKH -n7cnB9omZzRpAklYM7Tjx/tYxId3CL3lZzF9/yiVRotUIeTHTCyfY6oOS50Cf/8V -pxl+xRNs2YguwblJOtS3yxgdiwbRK0vUKkcUJs73qZexIKYAMJU1VxZRSIQuNDAq -/eL7lN+ZLzL3Q4vKjUaRZAS4qClwv6CFaBxUyK1gSFRU9OHYhW6mRYXpqGIN1GPb -YAZwVb4pxwCMmIgLXW7BF6ykmx4o6sZsBLdiuQNrzAEkKbr8jgy/uTbKg2MHyzKa -xcn0N74BiLhzYvnQAdZ7MKZmEI0PXUw/wou8SMSdCPGjXjKlB3zRzqZrgr7FofSc -zSDC4MurJv3XLOpAIpJjQs2aewFKYMHxynfO1aco3OfPc8fFYempfcJJqtG9RhQQ -tTetpbWjbW0YyNQUkYoxhG0qWpy8tVMX70SPNSZH5ASBOMxKGBpFmPwVk+em8ssd ------END CERTIFICATE----- diff --git a/test/test-root.der b/test/test-root.der deleted file mode 100644 index 8bdddbdecb27d96cd83ddd86e898c0cb36f4b8e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 799 zcmXqLVwN^&Vq#vv%*4pV#K~~h@cbh)=d+~-ylk9WZ60mkc^MhGSs4tp4K)qa*_cCF zn0XYE6O*%ZGV{_El8Y(}O7hc-5(_d?ixkolvr`p<{QW}=?9(Ol2T ztFIKja}5q`Fg!VX>&c66e={8MOZ2RLX7%@%qfC*`j-(UYR)t7q{o!A9(IQc+Cd`ce z{+18#Zf<^Vb-^(OzC-(cps`7@3+h;Zi zY%@)2{CVrljtjxI8|$OP_7oc!%RXN7YR#4s$zYiqr(fs4_9bE)uU976 zOkSp^(l>n-awr3%92m-s4B8tMHeBAjAiJ#V{cU5Nq_RA%uWu)nHq?K(T=cQReDWEK z555y0zLWg@CB%GJXqBU!s-^TrGuNvY_owb&>?!C~yF2mJ>Z41KZNIr~0@t;d?`*Hv z?K3JYe7xiFWUmVUew`P`XX#H0)tU1#se9ek$un1lW=v-Gw|*~utgb=tWk;xU^EH!3 z^KG`vn67wdeYTzz_iRqk4Nm)tcNgBA-MT)SWk>!yyQiyIq7){-ll<1%6*@hTch9qL z-$WQKSW<5WS7*m;F9>Dj-5j}ni+i@d(t|Z0YmT^U>ev1C%;xcUeaLptUFP=NkN*pt gdG$PF?Fa5@5)T}&zn!`9#a^M8>R~|^heS-$01FmcAOHXW diff --git a/test/test-root.key b/test/test-root.key deleted file mode 100644 index 2946300aa6a..00000000000 --- a/test/test-root.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD5Nu9qUddBg7oa -ElQlkjmYXaTj6dkMi+pbKuPD7aT35QBx6S4so+lJyW71oFG9SCDDdcUcBb3mpboO -/b7mC+KdSZOr1HLuRVNRgDHJm7XJ0e37AMROYUl95jr9+kEcciy4Ysi2qlQaavwP -otE4YSp8VjYH37Tw7tmz4W58NGAsdYS8tN2k+SvN4Mmz06jqDfyN9P1vj70CGz4W -+/Cqd4CRt5mAELY1YoH52sy40FM9sX9bVrxzMDMd46zqrLR0GVMc2Mvrb+j1xEo2 -Ip7cirAcl13TVXVotJSAht7Yes/0QLV2OdRdZHePHe6uxoq3s9MqwLnZQmRGqdqL -zQzNCPRbAgMBAAECggEBAPY6wPJbSkMA069OzLUSdLWGUJSfSESNOVA6YDAFbSlA -qd/idCzHBohQ7cDiVeCek0CL6+R0B90LgXmuXB8PPygIuk7b6XJiLKAp+QcpQcPW -FzwY1dxbYzFxeHfX+t0QMf88GvPf9pjje4g3ZmA+IKwYwemlrjEezRpdcbxmQ1+o -Cgm2jNieexTpn/sttNA9OccaCcxUPB4PZ3EnYa2rXCOEIb89L/bsr0R6Xw6Cwqbq -v/CrUdohGhgQS0UTa06OxRmFYwi7ARFg5NIQuqVfMLgrL3uF+aFkrIo3lQ/B06aO -UlEIv9xmaskMlRQeWwI3U0mvsD3ABUFjW6r7ZIrcKAECgYEA/qehThgYazhTp76p -dvztHCpqhocJdb7n5hM5psP3VXAn1/zyfTGJGs4LQTNLrJ7gfQ+1YxVVyfpHEHtq -BxHVoDuA8v342l9xP/NJL4HMagoUyhBlJ3EOIEIqtiiF3xlq8QQlRP1s9jVF3b06 -kPsV0Ck/I6U8I3v9U61vFrETwRsCgYEA+ofyxJAPKwgnZX8zPaML9lJiGmbbIrDn -yyPFgOntoIpAGEl+0aMklz3dMcnUCJEZmcAKmSvOL3naViKZNgK0+iNHSaiWE8ne -8IECP6KAMd1Dm0MzpxEmPahMeV+4U9GHSz+OxL5B/kj9FCq3oEodAm69IqSvAprR -WphwwCBiDcECgYAPLWp9vw3lhgvmWYS8JML1BMoojm/P5rrniYnMGK3rF64oP1ks -gQFM6a7eCfKerTFwArmq2CCu0w3dO53MIhH7ZNCAqwZj7YBQcW2ROUk3oLYwfN2q -hiBzZ74n8S5ZZ6hqCPc3r2sJGY+6cYbGEVDxgSPUOgrlioREsneGgLNOtQKBgBRV -Sk/HvWNpswDa1QbQn9zrDMlFxc1H/FgRXCs9USrxbYhLFr7e9c5MmBI9ZjcXx7Mh -0fpigsZ5pk3NWw/2IkgW6udAhoWuoah1YABYKP1jDuSgDKYnjyn76dEEAsrSu59Q -1j6Djomb1OZ5HRQmT7pt0G3qXcXhWNJ4gtYlCrBBAoGBAL+pAZQ4nDhb3KviCb9P -hlwgULkLwvlDycQEeRcZ6hW0jzvAABVL0v4fogCsIb+eCkVtCK9lfAFxEhoiSSqS -5mW0wdRU6RoRXE6WmWU/InjWEeNkw2NYKBdKOHWOO00GdYI2WhAOREAngLfa/wqf -r2J9yZi/JwN3TmIbPXEXK01A ------END PRIVATE KEY----- diff --git a/test/test-root.key.der b/test/test-root.key.der deleted file mode 100644 index 941dcb401dd1a078acd9f3501ba214642bc65aa4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1192 zcmV;Z1Xueof&`=j0RRGm0RaH{Ht%Xt*Fl528WL0`k~x@Nq~qz?42$YpD&xcLr1#|j zap^8Bqv=V>ZuOv1y+|O#b;TS7z2>F54*kC73*wzgldIHn?nP5kfHBFNwaL-#`vAmF zVM%@FI{o@V9C9qUV#v0tR2pjh52DdHVJdu9HV5Cd@b1~O;ck31U@UcnytLh<`76!f z$+Od_>J9vj^!;y-y#gCP7W?q3cYu+%nSc?^ zbQx0|*vsp0==H=(HX@$fim)7)UDH){Xtb1ohThnE&-6gGb~)5tWOt7p?ykm)x3kkK zz`5B%WJamli_Hwp2=rS50|5X50)hbn0QNe-@>@zn0MoBd%(W79wT4iXpGZWFIZ!%a zFa>QXK&jv2bS%dPh*0go;#J_DlR%5>!cz*ZSQMG5CykFVXdoNBZMKpJumj`uS9xZ4uZm_>c8--QQ9FI z7!XTE6KhV6#TkWT2)h9hVC2#ex}{$*xGOJvh54amtco|455d!>j#5zwzuabO$qbbg z9$Nx8Q%SF|J-`J)V_T~GWQyD<0Rn-60RE?;P8b+#I8&#-sdoJB94cythY5AQ=jIbR zro;DDa3|ON@_jLh8qNzrGfS+V;C&CZV-;1&`bQ9ZY6lV3pgVx_{rK8naX<4(FM-Tz z3KYr^WhZeCAVMm(D23k{YViamMEz{`HAUUMI*|Jn&?!G7r92~h{Zp-P7O@k-8v=oW z0Q!gW#E=gw2q$HKGd-gV_EKURX4@jL=gT9-fa&d^ia;1ie$k^Omp$Dv$PYnKlBn`Xfh4sFoAS-td6}Kcav!-9wv0Gp7+IJ*Z51U$|4zhf6<>#J)lP zNc|Klx1dTL0&cw`q^|;+(OQ^rz#w7`!2*GR4=rkazYXPv3+7pbyd=W)1j;CmZ_nns z=ZT5T7_I9Ut|&iQEP(+`>8{=h@}8|Ra00oi*dVUc4c$AP%pwu{WYB=C24n4jP;qUM zIY~F5wlI9%s)itQXTB%#E?H-&Y6$l?uWJbzkGgS&#t~5Qfg{v93gwD~M6!2=fU{1u z0)c=ORZ36Cy<=&!0NT|C(4XAv49P{s%}4xL5nL-hQ7Z9mh)Wi}-u2E*m=Zl^Hy6jV zA<_C`g2s8KP0d>m_993Y>gPa)g|4BfbzlHkDE(s&CprN%F?@^P}V+! zj)|Mp=6M|yCQrI;&~55n#o<`ec!Jg?3a~)}fq?+OsR5KYoH$$DtKtd2Plj9|P`L}j z`9sOX1bG)3>J_w)JHP-HOVa)yq5!NRzn%(3Z3wSrd;xJ18X`$5lICT!!PHdg8WCJh zmYHQgB6!vj<7C5QSSS}tICYLYO$K#>Hd+u4L_jBix7z;-pRZzl$(X+<19whh8$EFs GD@{OpZ!^;X diff --git a/test/test-root.pem b/test/test-root.pem deleted file mode 100644 index 2a5e4ab8f51..00000000000 --- a/test/test-root.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDGzCCAgOgAwIBAgIJAM0xz+I2Q811MA0GCSqGSIb3DQEBCwUAMCsxKTAnBgNV -BAMMIGNhY2tsaW5nIGNyeXB0b2dyYXBoZXIgZmFrZSBST09UMB4XDTE1MTAyMTIw -MTE1MloXDTIwMTAxOTIwMTE1MlowKzEpMCcGA1UEAwwgY2Fja2xpbmcgY3J5cHRv -Z3JhcGhlciBmYWtlIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQD5Nu9qUddBg7oaElQlkjmYXaTj6dkMi+pbKuPD7aT35QBx6S4so+lJyW71oFG9 -SCDDdcUcBb3mpboO/b7mC+KdSZOr1HLuRVNRgDHJm7XJ0e37AMROYUl95jr9+kEc -ciy4Ysi2qlQaavwPotE4YSp8VjYH37Tw7tmz4W58NGAsdYS8tN2k+SvN4Mmz06jq -DfyN9P1vj70CGz4W+/Cqd4CRt5mAELY1YoH52sy40FM9sX9bVrxzMDMd46zqrLR0 -GVMc2Mvrb+j1xEo2Ip7cirAcl13TVXVotJSAht7Yes/0QLV2OdRdZHePHe6uxoq3 -s9MqwLnZQmRGqdqLzQzNCPRbAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTppD/unqXm8tXXeWA8k6YuJI6XqjANBgkq -hkiG9w0BAQsFAAOCAQEAK7AgsNO9oGt2iu/bMyxidm4q9e2SdYB/8NNy8Xg3k8w4 -8E2R4e4Z+/RUN7pVekEeJTkb0TZF1TjflbujSRFKfbthyqvFpca32baQCtbp7j3X -fr4ycXHjuOOTSnhPjyzox5ovklUsnPFii67Vk5mqVWiTA0877xvGfoAu6YhVQ4PW -NIE3tj2mAtRLavM7ml7mnFLYCT947tDszbWvWwS4b+4+5aoEWiCT7hn2iYpVl1EN -vOb29hQBOARl2VN7a1y3cFUFDbNZt7RHay8i4KzxfMRHKS9+/UlrDEjrwj283QOH -2+P/EMzq52it8AuWGOBB1+2Zsei9EuknVlI4whQ0Zg== ------END CERTIFICATE----- diff --git a/test/test-root.pubkey.pem b/test/test-root.pubkey.pem deleted file mode 100644 index 9e535a73174..00000000000 --- a/test/test-root.pubkey.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+TbvalHXQYO6GhJUJZI5 -mF2k4+nZDIvqWyrjw+2k9+UAcekuLKPpSclu9aBRvUggw3XFHAW95qW6Dv2+5gvi -nUmTq9Ry7kVTUYAxyZu1ydHt+wDETmFJfeY6/fpBHHIsuGLItqpUGmr8D6LROGEq -fFY2B9+08O7Zs+FufDRgLHWEvLTdpPkrzeDJs9Oo6g38jfT9b4+9Ahs+FvvwqneA -kbeZgBC2NWKB+drMuNBTPbF/W1a8czAzHeOs6qy0dBlTHNjL62/o9cRKNiKe3Iqw -HJdd01V1aLSUgIbe2HrP9EC1djnUXWR3jx3ursaKt7PTKsC52UJkRqnai80MzQj0 -WwIDAQAB ------END PUBLIC KEY----- diff --git a/test/test-root2.key b/test/test-root2.key deleted file mode 100644 index 99f4d209296..00000000000 --- a/test/test-root2.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC9x/+2MZam+0f9 -lwLLEMAMPwFCf491hrLXWMRClgFp4rWgZ0pnuytSYhljwzkFS0YS/CZL/m/6P9Qp -bZjxJbKbAI85oJiyMOB96CDXyFV3Wx9Xi28clgIGE5EfPNPQjQy/H7ZmyQsRoOyv -qqbMzssvrnGPDW2GrcVQ0AVuyA1xTwg3gxTKKXkiCsN+XFMtyeWJT9JcJ6wXuzjf -tQT2SYZVlSETrJdSYGX/DYfxQFh0Vv8d/AVX245bqaHIEjl5gSsUcz3cDdlEp8vm -iU2i4e7ILWhijfwEvxH2bYFXbqZQw9sBxBYgcbekSK0UjqxWeHA+mGGq5joJdtDi -SSho5l6tAgMBAAECggEBAKlhYzy9LXSDOVGAAiIzJPTJFtq+9s8yFVRWCXRUZZaX -nPs4tRO33YZ9v6NmjfHHqRcwrQ2OXWrApR8EjkhMGQh2i14nk6EWNoapMwbj6kPI -tERyUgz1ZYD+3bs/ktzDxuid6TH7pUFqm1R9vrl0p6w6yWef2G0nkr/5qZ+iNT02 -ft6FDcwsyTd7Ghus6Kw8MEi9AR6oTf0ECrB/LeA7pcMZnu7A4jLSxEM5KfxCDjqg -5N4IG0RXXfMjPy82mxhm/RQYiuGRrsN7ZM928bRZB5I5MrJdOnDNLiMglQTtZFIq -xkfCU3Dv6kJemDyNqsa+ghiBUbvPjkfQNBTwHx+WOBECgYEA2Hrc+6TgyjkR6V0L -rx39U2Cak09pjjNHwvj4vDyEeS54nVN92ZndzWRdHl7899J5KhgtaaFUWIBL3YIx -1SiDdw6GNn88Z6avku9oFf+T2NcRsPRHulmyhOERisCbWuKXuRvPSbBIsi+AQGyb -CJdA2sTlRrwnhPReXCAlUyJM34sCgYEA4G1hA/mGAMUicOKptpilG89UsFq6hms+ -VEBKmlglWMl9CZrk6UvOmLfU2yGAqE01R7asM7Q0rIYNEXvt5ZuB/p+BOihdnkV/ -vYfkugfZ8mOZN8GtMTP4Z9PxQmvjcqWwo2+/omPtB4wHLKfJK+CCWeeOeLGAQH2i -bTU+0//DAacCgYEAuVWW06p4+Sia+Ru74RTfyP4v2GZojGHC0l2tNhrpn4X1pVvR -pvZgOnPudQ4FrXX4Xd2NI54HRC2yxdWtLD0fMFKy/P05jdPbBQUKK6s/vKmEb+bz -cctRVwoJpqz3VHwiQUxZz1CpLEQWnRFeOaCk2acwU7rKar17+4tZ6S64ebkCgYEA -tyDpihnA+73glaaO/51dFO1AWMsf6vF1ob/4YCtPBj0bl4vaAHhIM5vFx6110190 -+3iW2XXRiXm1DjBG9hXHpGK5SyCHC9AAJULPI/GmKUCWVMXoMf8LUoXCFwX8SZ/k -G+jiwXqyfncHn6ul3vTKyNvHCLsmQPmDYYOSKeFIWX8CgYEAq6lUwM2vwkHc5Byi -u5wwP7Z5ySzWAycQRpe6c5xaQu4j//Ffk4OdS4YhiRSRgT4f0HvivMr/TfGQhmY3 -nqgvUFwkqpbuy8vqHe94Wk8zqepJ/60HHxbfZWAEJp8u5BtpS43xCrWaBLwZV6A4 -NzPaKLFwbLKWd3uZ4k/2Zqv1pcA= ------END PRIVATE KEY----- diff --git a/test/test-root2.pem b/test/test-root2.pem deleted file mode 100644 index 0f9a16661aa..00000000000 --- a/test/test-root2.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDIzCCAgugAwIBAgIRAO/xiDmGzMbLK9FFkPi4RngwDQYJKoZIhvcNAQELBQAw -KzEpMCcGA1UEAxMgYzJja2xpbmcgY3J5cHRvZ3IycGhlciBmMmtlIFJPT1QwHhcN -MjAwMzIwMDUxMjQ4WhcNMjUwMzIwMDUxMjQ4WjArMSkwJwYDVQQDEyBjMmNrbGlu -ZyBjcnlwdG9ncjJwaGVyIGYya2UgUk9PVDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL3H/7Yxlqb7R/2XAssQwAw/AUJ/j3WGstdYxEKWAWnitaBnSme7 -K1JiGWPDOQVLRhL8Jkv+b/o/1CltmPElspsAjzmgmLIw4H3oINfIVXdbH1eLbxyW -AgYTkR8809CNDL8ftmbJCxGg7K+qpszOyy+ucY8NbYatxVDQBW7IDXFPCDeDFMop -eSIKw35cUy3J5YlP0lwnrBe7ON+1BPZJhlWVIROsl1JgZf8Nh/FAWHRW/x38BVfb -jlupocgSOXmBKxRzPdwN2USny+aJTaLh7sgtaGKN/AS/EfZtgVduplDD2wHEFiBx -t6RIrRSOrFZ4cD6YYarmOgl20OJJKGjmXq0CAwEAAaNCMEAwDgYDVR0PAQH/BAQD -AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKRrjKoDLPHlFsWK6KGp7Wn2 -IkX+MA0GCSqGSIb3DQEBCwUAA4IBAQBOIa4+jF7TwdK+IADJOCxk03HDpjWtzouB -iJvo36KB8fvpUmjpXIEP7sImREwDDxEAeCd4CFCdiRlU8PKTuA5ftjAVWLxgRglT -Nuo9+BozkWbwXY7RD6YjVqXTJCLA5XpvlhikCQNUAPq2IyilNykPOH7OxbHNqA1r -UkeAzYVP1+OlT+MDiaW91bjqSqmgJ6zrMUhVGQqEPf+zvWwHBcA3P9bAxzCs8BdZ -1lshzl4eWR6O2Yt2YIQ59Z2c4Y2YLZAZWA6lIWwyLrve/WGvmx2wK9aQGteuLG2j -hP5nvZQS4oCa4swVkwcEzh+rXAYSWn6+v95htYqzwwaP7NrTCy8F ------END CERTIFICATE----- diff --git a/test/v2_integration.py b/test/v2_integration.py index 095263c9176..2889b3fcde6 100644 --- a/test/v2_integration.py +++ b/test/v2_integration.py @@ -679,7 +679,7 @@ def test_revoke_by_account_unspecified(): reset_akamai_purges() client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") verify_akamai_purge() def test_revoke_by_account_with_reason(): @@ -693,7 +693,7 @@ def test_revoke_by_account_with_reason(): # Requesting revocation for keyCompromise should work, but not block the # key. client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() @@ -712,7 +712,7 @@ def test_revoke_by_authz(): # Even though we requested reason 1 ("keyCompromise"), the result should be # 5 ("cessationOfOperation") due to the authorization method. client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "cessationOfOperation") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "cessationOfOperation") verify_akamai_purge() @@ -755,7 +755,7 @@ def test_revoke_by_privkey(): # Even though we requested reason 0 ("unspecified"), the result should be # 1 ("keyCompromise") due to the authorization method. revoke_client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() @@ -797,7 +797,7 @@ def test_double_revocation(): # First revoke for any reason. sub_client.revoke(josepy.ComparableX509(cert), 0) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked") verify_akamai_purge() # Re-revocation for anything other than keyCompromise should fail. @@ -812,7 +812,7 @@ def test_double_revocation(): # via the cert key to demonstrate said compromise. reset_akamai_purges() cert_client.revoke(josepy.ComparableX509(cert), 1) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() # A subsequent attempt should fail, because the cert is already revoked @@ -1229,7 +1229,7 @@ def test_auth_deactivation_v2(): def test_ocsp(): cert_file = temppath('test_ocsp.pem') chisel2.auth_and_issue([random_domain()], cert_output=cert_file.name) - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "good") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "good") def test_ct_submission(): hostname = random_domain() @@ -1307,7 +1307,7 @@ def ocsp_exp_unauth_setup(): # isn't, we'll get an expired OCSP response. Just check that it exists; # don't do the full verification (which would fail). lastException = None - for issuer_file in glob.glob("/hierarchy/int-rsa-*.cert.pem"): + for issuer_file in glob.glob("test/certs/webpki/int-rsa-*.cert.pem"): try: check_ocsp_basic_oid(cert_file.name, issuer_file, "http://localhost:4002") global ocsp_exp_unauth_setup_data @@ -1326,7 +1326,7 @@ def test_ocsp_exp_unauth(): last_error = "" while tries < 5: try: - verify_ocsp(cert_file, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "XXX") + verify_ocsp(cert_file, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "XXX") raise(Exception("Unexpected return from verify_ocsp")) except subprocess.CalledProcessError as cpe: last_error = cpe.output @@ -1597,7 +1597,7 @@ def test_admin_revoker_cert(): "-reason", "keyCompromise"]) # Wait for OCSP response to indicate revocation took place - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "keyCompromise") verify_akamai_purge() def test_admin_revoker_batched(): @@ -1622,7 +1622,7 @@ def test_admin_revoker_batched(): "-parallelism", "2"]) for cert_file in cert_files: - verify_ocsp(cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "unspecified") + verify_ocsp(cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002", "revoked", "unspecified") def test_sct_embedding(): order = chisel2.auth_and_issue([random_domain()]) @@ -1694,7 +1694,7 @@ def ocsp_resigning_setup(): client.revoke(josepy.ComparableX509(cert), 5) ocsp_response, reason = get_ocsp_response_and_reason( - cert_file.name, "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002") + cert_file.name, "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002") global ocsp_resigning_setup_data ocsp_resigning_setup_data = { 'cert_file': cert_file.name, @@ -1710,7 +1710,7 @@ def test_ocsp_resigning(): tries = 0 while tries < 5: resp, reason = get_ocsp_response_and_reason( - ocsp_resigning_setup_data['cert_file'], "/hierarchy/int-rsa-*.cert.pem", "http://localhost:4002") + ocsp_resigning_setup_data['cert_file'], "test/certs/webpki/int-rsa-*.cert.pem", "http://localhost:4002") if resp != ocsp_resigning_setup_data['response']: break tries += 1 diff --git a/tn.sh b/tn.sh index 6fdb3da7098..f44939184ae 100755 --- a/tn.sh +++ b/tn.sh @@ -7,4 +7,10 @@ if type realpath >/dev/null 2>&1 ; then cd "$(realpath -- $(dirname -- "$0"))" fi +# Generate the test keys and certs necessary for the integration tests. +docker compose up bsetup + +# Use a predictable name for the container so we can grab the logs later +# for use when testing logs analysis tools. +docker rm boulder_tests exec docker compose -f docker-compose.yml -f docker-compose.next.yml run boulder ./test.sh "$@"