github.com/letsencrypt/boulder@v0.20251208.0/test/hierarchy/README.md

github.com/letsencrypt/boulder@v0.20251208.0/test/hierarchy/README.md (about)

     1  # Boulder Test Hierarchy
     2  
     3  This directory contains certificates which are analogues of Let's Encrypt's
     4  active hierarchy. These are useful for ensuring that our tests cover all of
     5  our actual situations, such as cross-signed intermediates, cross-signed roots,
     6  both RSA and ECDSA roots and intermediates, and having issuance chains with
     7  more than one intermediate in them. Also included are a selection of fake
     8  end-entity certificates, issued from each of the intermediates. This directory
     9  does not include private keys for the roots, as Boulder should never perform
    10  any operations which require access to root private keys.
    11  
    12  ## Usage
    13  
    14  These certificates (particularly their subject info and public key info) are
    15  subject to change at any time. Values derived from these certificates, such as
    16  their `Serial`, `IssuerID`, `Fingerprint`, or `IssuerNameID` should never be
    17  hard-coded in tests or mocks. If you need to assert facts about those values
    18  in a test, load the cert from disk and compute those values dynamically.
    19  
    20  In general, loading and using one of these certificates for a test might
    21  look like:
    22  
    23  ```go
    24  ee, _ := CA.IssuePrecertificate(...)
    25  cert, _ := issuance.LoadCertificate("test/hierarchy/int-e1.cert.pem")
    26  test.AssertEqual(t, issuance.GetIssuerNameID(ee), issuer.NameID())
    27  ```