From 04d7a271c4f226a46ca379e077d0e8845da589aa Mon Sep 17 00:00:00 2001 From: Pauline Vos Date: Tue, 26 Aug 2025 13:34:50 +0200 Subject: [PATCH 1/4] Remove `.evergreen/ocsp` directory As it seems to be covered by the `drivers-evergreen-tools` submodule, which is loaded in evergreen functions and GH actions (added in PR `#1584`) --- .evergreen/ocsp/README.md | 34 - .evergreen/ocsp/certs.yml | 169 ----- .evergreen/ocsp/ecdsa/ca.crt | 13 - .evergreen/ocsp/ecdsa/ca.key | 5 - .evergreen/ocsp/ecdsa/ca.pem | 18 - .../ocsp/ecdsa/mock-delegate-revoked.sh | 8 - .evergreen/ocsp/ecdsa/mock-delegate-valid.sh | 7 - .evergreen/ocsp/ecdsa/mock-revoked.sh | 10 - .evergreen/ocsp/ecdsa/mock-valid.sh | 7 - .evergreen/ocsp/ecdsa/ocsp-responder.crt | 15 - .evergreen/ocsp/ecdsa/ocsp-responder.key | 5 - .evergreen/ocsp/ecdsa/rename.sh | 10 - .../server-mustStaple-singleEndpoint.pem | 21 - .evergreen/ocsp/ecdsa/server-mustStaple.pem | 22 - .../ocsp/ecdsa/server-singleEndpoint.pem | 21 - .evergreen/ocsp/ecdsa/server.pem | 22 - .../ocsp/mock-ocsp-responder-requirements.txt | 3 - .evergreen/ocsp/mock_ocsp_responder.py | 614 ------------------ .evergreen/ocsp/ocsp_mock.py | 48 -- .evergreen/ocsp/rsa/ca.crt | 21 - .evergreen/ocsp/rsa/ca.key | 28 - .evergreen/ocsp/rsa/ca.pem | 49 -- .evergreen/ocsp/rsa/mock-delegate-revoked.sh | 8 - .evergreen/ocsp/rsa/mock-delegate-valid.sh | 7 - .evergreen/ocsp/rsa/mock-revoked.sh | 8 - .evergreen/ocsp/rsa/mock-valid.sh | 7 - .evergreen/ocsp/rsa/ocsp-responder.crt | 21 - .evergreen/ocsp/rsa/ocsp-responder.key | 28 - .../rsa/server-mustStaple-singleEndpoint.pem | 52 -- .evergreen/ocsp/rsa/server-mustStaple.pem | 53 -- .evergreen/ocsp/rsa/server-singleEndpoint.pem | 52 -- .evergreen/ocsp/rsa/server.pem | 53 -- .github/workflows/tests.yml | 2 +- 33 files changed, 1 insertion(+), 1440 deletions(-) delete mode 100644 .evergreen/ocsp/README.md delete mode 100755 .evergreen/ocsp/certs.yml delete mode 100644 .evergreen/ocsp/ecdsa/ca.crt delete mode 100644 .evergreen/ocsp/ecdsa/ca.key delete mode 100644 .evergreen/ocsp/ecdsa/ca.pem delete mode 100755 .evergreen/ocsp/ecdsa/mock-delegate-revoked.sh delete mode 100755 .evergreen/ocsp/ecdsa/mock-delegate-valid.sh delete mode 100755 .evergreen/ocsp/ecdsa/mock-revoked.sh delete mode 100755 .evergreen/ocsp/ecdsa/mock-valid.sh delete mode 100644 .evergreen/ocsp/ecdsa/ocsp-responder.crt delete mode 100644 .evergreen/ocsp/ecdsa/ocsp-responder.key delete mode 100755 .evergreen/ocsp/ecdsa/rename.sh delete mode 100644 .evergreen/ocsp/ecdsa/server-mustStaple-singleEndpoint.pem delete mode 100644 .evergreen/ocsp/ecdsa/server-mustStaple.pem delete mode 100644 .evergreen/ocsp/ecdsa/server-singleEndpoint.pem delete mode 100644 .evergreen/ocsp/ecdsa/server.pem delete mode 100644 .evergreen/ocsp/mock-ocsp-responder-requirements.txt delete mode 100755 .evergreen/ocsp/mock_ocsp_responder.py delete mode 100755 .evergreen/ocsp/ocsp_mock.py delete mode 100644 .evergreen/ocsp/rsa/ca.crt delete mode 100644 .evergreen/ocsp/rsa/ca.key delete mode 100644 .evergreen/ocsp/rsa/ca.pem delete mode 100755 .evergreen/ocsp/rsa/mock-delegate-revoked.sh delete mode 100755 .evergreen/ocsp/rsa/mock-delegate-valid.sh delete mode 100755 .evergreen/ocsp/rsa/mock-revoked.sh delete mode 100755 .evergreen/ocsp/rsa/mock-valid.sh delete mode 100644 .evergreen/ocsp/rsa/ocsp-responder.crt delete mode 100644 .evergreen/ocsp/rsa/ocsp-responder.key delete mode 100644 .evergreen/ocsp/rsa/server-mustStaple-singleEndpoint.pem delete mode 100644 .evergreen/ocsp/rsa/server-mustStaple.pem delete mode 100644 .evergreen/ocsp/rsa/server-singleEndpoint.pem delete mode 100644 .evergreen/ocsp/rsa/server.pem diff --git a/.evergreen/ocsp/README.md b/.evergreen/ocsp/README.md deleted file mode 100644 index 845d64996..000000000 --- a/.evergreen/ocsp/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# Generating Test Certificates - -The test certificates here were generating using a fork of the server -team's -[`mkcert.py`](https://github.com/mongodb/mongo/blob/master/jstests/ssl/x509/mkcert.py) -tool. - -In order to generate a fresh set of certificates, clone this branch of -a fork of the -[`mongo` repository](https://github.com/vincentkam/mongo/tree/mkcert-ecdsa) and -run the following command from the root of the `mongo` repository: - -`python3 jstests/ssl/x509/mkcert.py --config ../drivers-evergreen-tools/.evergreen/ocsp/certs.yml` - -Passing a certificate ID as the final parameter will limit certificate -generation to that certificate and all its leaves. Note: if -regenerating ECDSA leaf certificates, ``ecsda/ca.pem`` will need to be -temporarily renamed back to ``ecdsa-ca-ocsp.pem``. - -The ECDSA certificates will be output into the folder specified by the -`global.output_path` option in the `certs.yml` file, which defaults to -`ecsda` directory contained in this directory. The RSA certificate -definitions override this value on a per certificate basis and are -output into the `rsa` directory. The default configuration also -assumes that the `mongo` repository and the `driver-evergreen-tools` -repository have the same parent directory. - -After generating the RSA root certificate, one must manually split the -`rsa/ca.pem` file, which contains both the private key and the public -certificate, into two files. `rsa/ca.crt` should contain the public -certificate, and `ras/ca.key` should contain the private certificate. - -When generating ECDSA certificates, one must normalize the ECDSA -certificate names by running `ecdsa/rename.sh`. diff --git a/.evergreen/ocsp/certs.yml b/.evergreen/ocsp/certs.yml deleted file mode 100755 index 3fa364da3..000000000 --- a/.evergreen/ocsp/certs.yml +++ /dev/null @@ -1,169 +0,0 @@ - -global: - # All subject names will have these elements automatically, - # unless `explicit_subject: true` is specified. - output_path: '../drivers-evergreen-tools/.evergreen/ocsp/ecdsa/' # See README.md if customizing this path - Subject: - C: 'US' - ST: 'New York' - L: 'New York City' - O: 'MongoDB' - OU: 'Kernel' - -certs: - -### -# OCSP Tree -### -- name: 'ca.pem' - description: >- - Primary Root Certificate Authority - Most Certificates are issued by this CA. - Subject: {CN: 'Kernel Test CA'} - Issuer: self - include_header: false - output_path: '../drivers-evergreen-tools/.evergreen/ocsp/rsa' - extensions: - basicConstraints: - critical: true - CA: true - -- name: 'server.pem' - description: >- - Certificate with OCSP for the mongodb server. - Subject: - CN: 'localhost' - C: US - ST: NY - L: OCSP-1 - Issuer: 'ca.pem' - include_header: false - output_path: '../drivers-evergreen-tools/.evergreen/ocsp/rsa' - extensions: - basicConstraints: {CA: false} - subjectAltName: - DNS: localhost - IP: 127.0.0.1 - authorityInfoAccess: 'OCSP;URI:http://localhost:9001/power/level,OCSP;URI:http://localhost:8100/status' - subjectKeyIdentifier: hash - keyUsage: [digitalSignature, keyEncipherment] - extendedKeyUsage: [serverAuth, clientAuth] - -- name: 'server-mustStaple.pem' - description: >- - Certificate with Must Staple OCSP for the mongodb server. - Subject: - CN: 'localhost' - C: US - ST: NY - L: OCSP-1 - Issuer: 'ca.pem' - include_header: false - output_path: '../drivers-evergreen-tools/.evergreen/ocsp/rsa' - extensions: - basicConstraints: {CA: false} - subjectAltName: - DNS: localhost - IP: 127.0.0.1 - authorityInfoAccess: 'OCSP;URI:http://localhost:9001/power/level,OCSP;URI:http://localhost:8100/status' - mustStaple: true - subjectKeyIdentifier: hash - keyUsage: [digitalSignature, keyEncipherment] - extendedKeyUsage: [serverAuth, clientAuth] - -- name: 'server-singleEndpoint.pem' - description: >- - Certificate with a single OCSP endpoint for the mongodb server. - Subject: - CN: 'localhost' - C: US - ST: NY - L: OCSP-1 - Issuer: 'ca.pem' - include_header: false - output_path: '../drivers-evergreen-tools/.evergreen/ocsp/rsa' - extensions: - basicConstraints: {CA: false} - subjectAltName: - DNS: localhost - IP: 127.0.0.1 - authorityInfoAccess: 'OCSP;URI:http://localhost:8100/status' - subjectKeyIdentifier: hash - keyUsage: [digitalSignature, keyEncipherment] - extendedKeyUsage: [serverAuth, clientAuth] - -- name: 'server-mustStaple-singleEndpoint.pem' - description: >- - Certificate with Must Staple OCSP and one OCSP endpoint for the mongodb server. - Subject: - CN: 'localhost' - C: US - ST: NY - L: OCSP-1 - Issuer: 'ca.pem' - include_header: false - output_path: '../drivers-evergreen-tools/.evergreen/ocsp/rsa' - extensions: - basicConstraints: {CA: false} - subjectAltName: - DNS: localhost - IP: 127.0.0.1 - authorityInfoAccess: 'OCSP;URI:http://localhost:8100/status' - mustStaple: true - subjectKeyIdentifier: hash - keyUsage: [digitalSignature, keyEncipherment] - extendedKeyUsage: [serverAuth, clientAuth] - -- name: 'ocsp-responder.crt' - description: Certificate and key for the OCSP responder - Subject: - CN: 'localhost' - C: US - ST: NY - L: OCSP-3 - Issuer: 'ca.pem' - include_header: false - keyfile: 'ocsp-responder.key' - output_path: '../drivers-evergreen-tools/.evergreen/ocsp/rsa' - extensions: - basicConstraints: {CA: false} - keyUsage: [nonRepudiation, digitalSignature, keyEncipherment] - extendedKeyUsage: [OCSPSigning] - #noCheck: true - -### -# ECDSA tree -### - -# These are all special cases handled internally by mkcert.py -# Do NOT change the names - -- name: 'ecdsa-ca-ocsp.pem' - description: Root of ECDSA tree for OCSP testing - Issuer: self - tags: [ecdsa] - -- name: 'ecdsa-server-ocsp.pem' - description: ECDSA server certificate w/OCSP - Issuer: 'ecdsa-ca-ocsp.pem' - tags: [ecdsa, ocsp] - -- name: 'ecdsa-server-ocsp-mustStaple.pem' - description: ECDSA server certificate w/OCSP + must-staple - Issuer: 'ecdsa-ca-ocsp.pem' - tags: [ecdsa, ocsp, must-staple] - -- name: 'ecdsa-ocsp-responder.crt' - description: ECDSA certificate and key for OCSP responder - Issuer: 'ecdsa-ca-ocsp.pem' - tags: [ecdsa, ocsp, responder ] - -- name: 'ecdsa-server-ocsp-singleEndpoint.pem' - description: ECDSA server certificate w/OCSP + one OCSP endpoint - Issuer: 'ecdsa-ca-ocsp.pem' - tags: [ecdsa, ocsp, single-ocsp-endpoint] - -- name: 'ecdsa-server-ocsp-mustStaple-singleEndpoint.pem' - description: ECDSA server certificate w/OCSP + must-staple + one OCSP endpoint - Issuer: 'ecdsa-ca-ocsp.pem' - tags: [ecdsa, ocsp, must-staple, single-ocsp-endpoint] diff --git a/.evergreen/ocsp/ecdsa/ca.crt b/.evergreen/ocsp/ecdsa/ca.crt deleted file mode 100644 index 623739ecb..000000000 --- a/.evergreen/ocsp/ecdsa/ca.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB9jCCAZygAwIBAgIERIhZ3jAKBggqhkjOPQQDAjB6MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UEAwwUS2VybmVsIFRl -c3QgRVNDREEgQ0EwHhcNMjAwMzE3MTk0NjU5WhcNNDAwMzEyMTk0NjU5WjB6MQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UE -AwwUS2VybmVsIFRlc3QgRVNDREEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC -AAT1rsrbhlZEQAubaPkS23tOfSEdWNd+u7N5kV4nxKQDNxPcScnSGrb41tBEINdG -LQ/SopWZx9O8UJSrh8sqaV1AoxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMC -A0gAMEUCIDEvg1FnzNQNnLDxyOthbOqpX58A0YfLjgGb8xAvvdr4AiEAtvF2jMt6 -/o4HVXXKdohjBJbETbr7XILEvnZ4Zt7QNl8= ------END CERTIFICATE----- diff --git a/.evergreen/ocsp/ecdsa/ca.key b/.evergreen/ocsp/ecdsa/ca.key deleted file mode 100644 index 05935962b..000000000 --- a/.evergreen/ocsp/ecdsa/ca.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMzE6ziHkSWt+sE2O -RMFZ9wqjOg88cWTuMMYrKXXL1UWhRANCAAT1rsrbhlZEQAubaPkS23tOfSEdWNd+ -u7N5kV4nxKQDNxPcScnSGrb41tBEINdGLQ/SopWZx9O8UJSrh8sqaV1A ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/ecdsa/ca.pem b/.evergreen/ocsp/ecdsa/ca.pem deleted file mode 100644 index b5037745c..000000000 --- a/.evergreen/ocsp/ecdsa/ca.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB9jCCAZygAwIBAgIERIhZ3jAKBggqhkjOPQQDAjB6MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UEAwwUS2VybmVsIFRl -c3QgRVNDREEgQ0EwHhcNMjAwMzE3MTk0NjU5WhcNNDAwMzEyMTk0NjU5WjB6MQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UE -AwwUS2VybmVsIFRlc3QgRVNDREEgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC -AAT1rsrbhlZEQAubaPkS23tOfSEdWNd+u7N5kV4nxKQDNxPcScnSGrb41tBEINdG -LQ/SopWZx9O8UJSrh8sqaV1AoxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMC -A0gAMEUCIDEvg1FnzNQNnLDxyOthbOqpX58A0YfLjgGb8xAvvdr4AiEAtvF2jMt6 -/o4HVXXKdohjBJbETbr7XILEvnZ4Zt7QNl8= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMzE6ziHkSWt+sE2O -RMFZ9wqjOg88cWTuMMYrKXXL1UWhRANCAAT1rsrbhlZEQAubaPkS23tOfSEdWNd+ -u7N5kV4nxKQDNxPcScnSGrb41tBEINdGLQ/SopWZx9O8UJSrh8sqaV1A ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/ecdsa/mock-delegate-revoked.sh b/.evergreen/ocsp/ecdsa/mock-delegate-revoked.sh deleted file mode 100755 index 1e40fba5a..000000000 --- a/.evergreen/ocsp/ecdsa/mock-delegate-revoked.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ocsp-responder.crt \ - --ocsp_responder_key ocsp-responder.key \ - -p 8100 \ - -v \ - --fault revoked diff --git a/.evergreen/ocsp/ecdsa/mock-delegate-valid.sh b/.evergreen/ocsp/ecdsa/mock-delegate-valid.sh deleted file mode 100755 index 5074a7eca..000000000 --- a/.evergreen/ocsp/ecdsa/mock-delegate-valid.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env sh -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ocsp-responder.crt \ - --ocsp_responder_key ocsp-responder.key \ - -p 8100 \ - -v diff --git a/.evergreen/ocsp/ecdsa/mock-revoked.sh b/.evergreen/ocsp/ecdsa/mock-revoked.sh deleted file mode 100755 index a6bf2ef02..000000000 --- a/.evergreen/ocsp/ecdsa/mock-revoked.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env sh -# Use the CA as the OCSP responder -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ca.crt \ - --ocsp_responder_key ca.key \ - -p 8100 \ - -v \ - --fault revoked - diff --git a/.evergreen/ocsp/ecdsa/mock-valid.sh b/.evergreen/ocsp/ecdsa/mock-valid.sh deleted file mode 100755 index c89ce9e95..000000000 --- a/.evergreen/ocsp/ecdsa/mock-valid.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env sh -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ca.crt \ - --ocsp_responder_key ca.key \ - -p 8100 \ - -v diff --git a/.evergreen/ocsp/ecdsa/ocsp-responder.crt b/.evergreen/ocsp/ecdsa/ocsp-responder.crt deleted file mode 100644 index 4d3f3e929..000000000 --- a/.evergreen/ocsp/ecdsa/ocsp-responder.crt +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICVTCCAfygAwIBAgIEfpRhITAKBggqhkjOPQQDAjB6MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UEAwwUS2VybmVsIFRl -c3QgRVNDREEgQ0EwHhcNMjAwMzE3MTk0NzAwWhcNNDAwMzEyMTk0NzAwWjBsMQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEPMA0GA1UE -AwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERca9Bv0PDLkCULyx -axwx8nyPqonFF88MQiZpY7wK7atBfWkpZ9B/ukq5p+xVDXxS49huEIQUWOZ5xosF -frma96N+MHwwCQYDVR0TBAIwADAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEw -HQYDVR0OBBYEFNQUc8MKrQDR4wAFZZ2o9PNLAiUHMAsGA1UdDwQEAwIF4DAnBgNV -HSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMAoGCCqGSM49BAMC -A0cAMEQCIBQs56OofXC3Io6DjP4ccgpkX8cLHpMRb3jfZ6MxulniAiBVLoXo8K23 -YmpwoWKLFBKBdtGU+WDdD01Mb8X4iQ1gYg== ------END CERTIFICATE----- diff --git a/.evergreen/ocsp/ecdsa/ocsp-responder.key b/.evergreen/ocsp/ecdsa/ocsp-responder.key deleted file mode 100644 index 9e7eaa64e..000000000 --- a/.evergreen/ocsp/ecdsa/ocsp-responder.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxxFxGTsPETczP0SW -69vnqYXZIgk+qG61j6JKElHa6duhRANCAARFxr0G/Q8MuQJQvLFrHDHyfI+qicUX -zwxCJmljvArtq0F9aSln0H+6Srmn7FUNfFLj2G4QhBRY5nnGiwV+uZr3 ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/ecdsa/rename.sh b/.evergreen/ocsp/ecdsa/rename.sh deleted file mode 100755 index cf72559c0..000000000 --- a/.evergreen/ocsp/ecdsa/rename.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash -[ ! -f ecdsa-ca-ocsp.pem ] || mv ecdsa-ca-ocsp.pem ca.pem -[ ! -f ecdsa-ca-ocsp.crt ] || mv ecdsa-ca-ocsp.crt ca.crt -[ ! -f ecdsa-ca-ocsp.key ] || mv ecdsa-ca-ocsp.key ca.key -[ ! -f ecdsa-server-ocsp.pem ] || mv ecdsa-server-ocsp.pem server.pem -[ ! -f ecdsa-server-ocsp-mustStaple.pem ] || mv ecdsa-server-ocsp-mustStaple.pem server-mustStaple.pem -[ ! -f ecdsa-server-ocsp-singleEndpoint.pem ] || mv ecdsa-server-ocsp-singleEndpoint.pem server-singleEndpoint.pem -[ ! -f ecdsa-server-ocsp-mustStaple-singleEndpoint.pem ] || mv ecdsa-server-ocsp-mustStaple-singleEndpoint.pem server-mustStaple-singleEndpoint.pem -[ ! -f ecdsa-ocsp-responder.crt ] || mv ecdsa-ocsp-responder.crt ocsp-responder.crt -[ ! -f ecdsa-ocsp-responder.key ] || mv ecdsa-ocsp-responder.key ocsp-responder.key diff --git a/.evergreen/ocsp/ecdsa/server-mustStaple-singleEndpoint.pem b/.evergreen/ocsp/ecdsa/server-mustStaple-singleEndpoint.pem deleted file mode 100644 index c2d3caa3d..000000000 --- a/.evergreen/ocsp/ecdsa/server-mustStaple-singleEndpoint.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICmzCCAkGgAwIBAgIEK6+qITAKBggqhkjOPQQDAjB6MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UEAwwUS2VybmVsIFRl -c3QgRVNDREEgQ0EwHhcNMjAwNDE3MjIwNzM4WhcNNDAwNDEyMjIwNzM4WjBsMQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEPMA0GA1UE -AwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQp0AXlVttI8EFDhm -YZZTGT0W9XZvUwk+HCVvTyRruyFI/VRW6PvLuCrMpFiXrM6kSoDQDDwcIH4jBv6u -y5mhYaOBwjCBvzAJBgNVHRMEAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA -ATAdBgNVHQ4EFgQUHnyVeKPYHhZOYzAfQW+C48W+mQowCwYDVR0PBAQDAgWgMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA4BggrBgEFBQcBAQQsMCowKAYI -KwYBBQUHMAGGHGh0dHA6Ly9sb2NhbGhvc3Q6ODEwMC9zdGF0dXMwEQYIKwYBBQUH -ARgEBTADAgEFMAoGCCqGSM49BAMCA0gAMEUCIHiAly+9pDK3z4shFjqQZILGcvaP -/71l3WSdKAjfKd1LAiEA9CpCiaGR1a5D8qSvr518WZtqOVB+YsEk63aJs/2PtM0= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgniP9x8ixUXWk16LR -EKiL5dqh2aH/ON6EmULoaReDLTKhRANCAARCnQBeVW20jwQUOGZhllMZPRb1dm9T -CT4cJW9PJGu7IUj9VFbo+8u4KsykWJeszqRKgNAMPBwgfiMG/q7LmaFh ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/ecdsa/server-mustStaple.pem b/.evergreen/ocsp/ecdsa/server-mustStaple.pem deleted file mode 100644 index b539779ef..000000000 --- a/.evergreen/ocsp/ecdsa/server-mustStaple.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICyjCCAnCgAwIBAgIEA54uVTAKBggqhkjOPQQDAjB6MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UEAwwUS2VybmVsIFRl -c3QgRVNDREEgQ0EwHhcNMjAwMzI2MTU1NzU1WhcNNDAwMzIxMTU1NzU1WjBsMQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEPMA0GA1UE -AwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJjAN/Hd2R/RRBoAu -YouPhTbS/y2DiD47YQaUu1TlnrvABcvIgkMKYfbeNIhBfu44KzF2sKsmKrG6T6rs -NdJ3pqOB8TCB7jAJBgNVHRMEAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA -ATAdBgNVHQ4EFgQUvHVMhH4zuedQN+9sQJ8LN7jvy3owCwYDVR0PBAQDAgWgMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBggrBgEFBQcBAQRbMFkwLQYI -KwYBBQUHMAGGIWh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS9wb3dlci9sZXZlbDAoBggr -BgEFBQcwAYYcaHR0cDovL2xvY2FsaG9zdDo4MTAwL3N0YXR1czARBggrBgEFBQcB -GAQFMAMCAQUwCgYIKoZIzj0EAwIDSAAwRQIgDiL8zqWkCR5Rc/YoAgV81qryUMrK -BQoP7fb1M0KKarECIQDPa5q1pFu+5UZ8gn7CP4/9xDcBiG6tQYK5N0FHAZXzEg== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1IHezsqNUk0tfGOS -E2RcM7R00ue1/E8/pBBUGSt7RW2hRANCAAQmMA38d3ZH9FEGgC5ii4+FNtL/LYOI -PjthBpS7VOWeu8AFy8iCQwph9t40iEF+7jgrMXawqyYqsbpPquw10nem ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/ecdsa/server-singleEndpoint.pem b/.evergreen/ocsp/ecdsa/server-singleEndpoint.pem deleted file mode 100644 index fb2cfc596..000000000 --- a/.evergreen/ocsp/ecdsa/server-singleEndpoint.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICiTCCAi6gAwIBAgIELzCNWTAKBggqhkjOPQQDAjB6MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UEAwwUS2VybmVsIFRl -c3QgRVNDREEgQ0EwHhcNMjAwNDE3MjIwNzQ0WhcNNDAwNDEyMjIwNzQ0WjBsMQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEPMA0GA1UE -AwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESvwx4QUCP0f5Dr8N -MMfO40epXIcain4+XEVy8hcAtR0nYD0QpnFJSX7E4b5eY7A/Lr7UEKx64Qg3qYEl -FgbezaOBrzCBrDAJBgNVHRMEAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA -ATAdBgNVHQ4EFgQUfOg4eUnUTje/rTmAHnZ3XzdyStIwCwYDVR0PBAQDAgWgMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA4BggrBgEFBQcBAQQsMCowKAYI -KwYBBQUHMAGGHGh0dHA6Ly9sb2NhbGhvc3Q6ODEwMC9zdGF0dXMwCgYIKoZIzj0E -AwIDSQAwRgIhAKT+d/zTlhzZnOeU05Gi6hJAC0W9Fq4K2Sh04Cdys9kgAiEAyEla -DrZl0P+kGIJN49CUTHBiXN1t6nSRflNrkFiPFmI= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqD1jXcZlgcRjdj1l -i2i0L0+hE4YmhdetvKwZ8REk8jqhRANCAARK/DHhBQI/R/kOvw0wx87jR6lchxqK -fj5cRXLyFwC1HSdgPRCmcUlJfsThvl5jsD8uvtQQrHrhCDepgSUWBt7N ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/ecdsa/server.pem b/.evergreen/ocsp/ecdsa/server.pem deleted file mode 100644 index d120e1852..000000000 --- a/.evergreen/ocsp/ecdsa/server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICtzCCAl2gAwIBAgIEP6OYOTAKBggqhkjOPQQDAjB6MQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAOBgNV -BAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEdMBsGA1UEAwwUS2VybmVsIFRl -c3QgRVNDREEgQ0EwHhcNMjAwMzI2MTU1ODA2WhcNNDAwMzIxMTU1ODA2WjBsMQsw -CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3Jr -IENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEPMA0GA1UE -AwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK4FR+soHPeGhF5c+ -bPBX9/+gm+RimTqlXQAkHQHopLETOVexyt0eAVJe/euPAdKx3JvQ2fx2YOaBZK2U -D98UoKOB3jCB2zAJBgNVHRMEAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA -ATAdBgNVHQ4EFgQU2JCna5G/Yd+Hd9hkAoWXxSjQ7acwCwYDVR0PBAQDAgWgMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBggrBgEFBQcBAQRbMFkwLQYI -KwYBBQUHMAGGIWh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS9wb3dlci9sZXZlbDAoBggr -BgEFBQcwAYYcaHR0cDovL2xvY2FsaG9zdDo4MTAwL3N0YXR1czAKBggqhkjOPQQD -AgNIADBFAiEA3F6MCGLS+gBDMl3+GTAVxYYuxLbhW92CQLwh/FbDozYCIHQzJ2G/ -ht6PGW9nKueW0yDfppBVlxBmlKody9ugpcpO ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgp33qfUjflX1C7ROa -e5F/RNyIhLE9hnxg4eFQQTqdxUqhRANCAAQrgVH6ygc94aEXlz5s8Ff3/6Cb5GKZ -OqVdACQdAeiksRM5V7HK3R4BUl79648B0rHcm9DZ/HZg5oFkrZQP3xSg ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/mock-ocsp-responder-requirements.txt b/.evergreen/ocsp/mock-ocsp-responder-requirements.txt deleted file mode 100644 index 0344252b6..000000000 --- a/.evergreen/ocsp/mock-ocsp-responder-requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -asn1crypto==1.3.0 -flask==1.1.1 -oscrypto==1.2.0 diff --git a/.evergreen/ocsp/mock_ocsp_responder.py b/.evergreen/ocsp/mock_ocsp_responder.py deleted file mode 100755 index 6274e97ac..000000000 --- a/.evergreen/ocsp/mock_ocsp_responder.py +++ /dev/null @@ -1,614 +0,0 @@ -# -# This file has been modified in 2019 by MongoDB Inc. -# - -# OCSPBuilder is derived from https://github.com/wbond/ocspbuilder -# OCSPResponder is derived from https://github.com/threema-ch/ocspresponder - -# Copyright (c) 2015-2018 Will Bond - -# Permission is hereby granted, free of charge, to any person obtaining a copy of -# this software and associated documentation files (the "Software"), to deal in -# the Software without restriction, including without limitation the rights to -# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -# of the Software, and to permit persons to whom the Software is furnished to do -# so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in all -# copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - -# Copyright 2016 Threema GmbH - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import unicode_literals, division, absolute_import, print_function - -import logging -import base64 -import inspect -import re -import enum -import sys -import textwrap -from datetime import datetime, timezone, timedelta -from typing import Callable, Tuple, Optional - -from asn1crypto import x509, keys, core, ocsp -from asn1crypto.ocsp import OCSPRequest, OCSPResponse -from oscrypto import asymmetric -from flask import Flask, request, Response - -__version__ = '0.10.2' -__version_info__ = (0, 10, 2) - -logger = logging.getLogger(__name__) - -if sys.version_info < (3,): - byte_cls = str -else: - byte_cls = bytes - -def _pretty_message(string, *params): - """ - Takes a multi-line string and does the following: - - dedents - - converts newlines with text before and after into a single line - - strips leading and trailing whitespace - :param string: - The string to format - :param *params: - Params to interpolate into the string - :return: - The formatted string - """ - - output = textwrap.dedent(string) - - # Unwrap lines, taking into account bulleted lists, ordered lists and - # underlines consisting of = signs - if output.find('\n') != -1: - output = re.sub('(?<=\\S)\n(?=[^ \n\t\\d\\*\\-=])', ' ', output) - - if params: - output = output % params - - output = output.strip() - - return output - - -def _type_name(value): - """ - :param value: - A value to get the object name of - :return: - A unicode string of the object name - """ - - if inspect.isclass(value): - cls = value - else: - cls = value.__class__ - if cls.__module__ in set(['builtins', '__builtin__']): - return cls.__name__ - return '%s.%s' % (cls.__module__, cls.__name__) - -def _writer(func): - """ - Decorator for a custom writer, but a default reader - """ - - name = func.__name__ - return property(fget=lambda self: getattr(self, '_%s' % name), fset=func) - - -class OCSPResponseBuilder(object): - - _response_status = None - _certificate = None - _certificate_status = None - _revocation_date = None - _certificate_issuer = None - _hash_algo = None - _key_hash_algo = None - _nonce = None - _this_update = None - _next_update = None - _response_data_extensions = None - _single_response_extensions = None - - def __init__(self, response_status, certificate_status_list=[], revocation_date=None): - """ - Unless changed, responses will use SHA-256 for the signature, - and will be valid from the moment created for one week. - :param response_status: - A unicode string of OCSP response type: - - "successful" - when the response includes information about the certificate - - "malformed_request" - when the request could not be understood - - "internal_error" - when an internal error occured with the OCSP responder - - "try_later" - when the OCSP responder is temporarily unavailable - - "sign_required" - when the OCSP request must be signed - - "unauthorized" - when the responder is not the correct responder for the certificate - :param certificate_list: - A list of tuples with certificate serial number and certificate status objects. - certificate_status: - A unicode string of the status of the certificate. Only required if - the response_status is "successful". - - "good" - when the certificate is in good standing - - "revoked" - when the certificate is revoked without a reason code - - "key_compromise" - when a private key is compromised - - "ca_compromise" - when the CA issuing the certificate is compromised - - "affiliation_changed" - when the certificate subject name changed - - "superseded" - when the certificate was replaced with a new one - - "cessation_of_operation" - when the certificate is no longer needed - - "certificate_hold" - when the certificate is temporarily invalid - - "remove_from_crl" - only delta CRLs - when temporary hold is removed - - "privilege_withdrawn" - one of the usages for a certificate was removed - - "unknown" - the responder doesn't know about the certificate being requested - :param revocation_date: - A datetime.datetime object of when the certificate was revoked, if - the response_status is "successful" and the certificate status is - not "good" or "unknown". - """ - self._response_status = response_status - self._certificate_status_list = certificate_status_list - self._revocation_date = revocation_date - - self._key_hash_algo = 'sha1' - self._hash_algo = 'sha256' - self._response_data_extensions = {} - self._single_response_extensions = {} - - @_writer - def nonce(self, value): - """ - The nonce that was provided during the request. - """ - - if not isinstance(value, byte_cls): - raise TypeError(_pretty_message( - ''' - nonce must be a byte string, not %s - ''', - _type_name(value) - )) - - self._nonce = value - - @_writer - def certificate_issuer(self, value): - """ - An asn1crypto.x509.Certificate object of the issuer of the certificate. - This should only be set if the OCSP responder is not the issuer of - the certificate, but instead a special certificate only for OCSP - responses. - """ - - if value is not None: - is_oscrypto = isinstance(value, asymmetric.Certificate) - if not is_oscrypto and not isinstance(value, x509.Certificate): - raise TypeError(_pretty_message( - ''' - certificate_issuer must be an instance of - asn1crypto.x509.Certificate or - oscrypto.asymmetric.Certificate, not %s - ''', - _type_name(value) - )) - - if is_oscrypto: - value = value.asn1 - - self._certificate_issuer = value - - @_writer - def next_update(self, value): - """ - A datetime.datetime object of when the response may next change. This - should only be set if responses are cached. If responses are generated - fresh on every request, this should not be set. - """ - - if not isinstance(value, datetime): - raise TypeError(_pretty_message( - ''' - next_update must be an instance of datetime.datetime, not %s - ''', - _type_name(value) - )) - - self._next_update = value - - def build(self, responder_private_key=None, responder_certificate=None): - """ - Validates the request information, constructs the ASN.1 structure and - signs it. - The responder_private_key and responder_certificate parameters are onlystr - required if the response_status is "successful". - :param responder_private_key: - An asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey - object for the private key to sign the response with - :param responder_certificate: - An asn1crypto.x509.Certificate or oscrypto.asymmetric.Certificate - object of the certificate associated with the private key - :return: - An asn1crypto.ocsp.OCSPResponse object of the response - """ - if self._response_status != 'successful': - return ocsp.OCSPResponse({ - 'response_status': self._response_status - }) - - is_oscrypto = isinstance(responder_private_key, asymmetric.PrivateKey) - if not isinstance(responder_private_key, keys.PrivateKeyInfo) and not is_oscrypto: - raise TypeError(_pretty_message( - ''' - responder_private_key must be an instance ofthe c - asn1crypto.keys.PrivateKeyInfo or - oscrypto.asymmetric.PrivateKey, not %s - ''', - _type_name(responder_private_key) - )) - - cert_is_oscrypto = isinstance(responder_certificate, asymmetric.Certificate) - if not isinstance(responder_certificate, x509.Certificate) and not cert_is_oscrypto: - raise TypeError(_pretty_message( - ''' - responder_certificate must be an instance of - asn1crypto.x509.Certificate or - oscrypto.asymmetric.Certificate, not %s - ''', - _type_name(responder_certificate) - )) - - if cert_is_oscrypto: - responder_certificate = responder_certificate.asn1 - - if self._certificate_status_list is None: - raise ValueError(_pretty_message( - ''' - certificate_status_list must be set if the response_status is - "successful" - ''' - )) - - def _make_extension(name, value): - return { - 'extn_id': name, - 'critical': False, - 'extn_value': value - } - - responses = [] - for serial, status in self._certificate_status_list: - response_data_extensions = [] - single_response_extensions = [] - for name, value in self._response_data_extensions.items(): - response_data_extensions.append(_make_extension(name, value)) - if self._nonce: - response_data_extensions.append( - _make_extension('nonce', self._nonce) - ) - - if not response_data_extensions: - response_data_extensions = None - - for name, value in self._single_response_extensions.items(): - single_response_extensions.append(_make_extension(name, value)) - - if self._certificate_issuer: - single_response_extensions.append( - _make_extension( - 'certificate_issuer', - [ - x509.GeneralName( - name='directory_name', - value=self._certificate_issuer.subject - ) - ] - ) - ) - - if not single_response_extensions: - single_response_extensions = None - - responder_key_hash = getattr(responder_certificate.public_key, self._key_hash_algo) - - if status == 'good': - cert_status = ocsp.CertStatus( - name='good', - value=core.Null() - ) - elif status == 'unknown': - cert_status = ocsp.CertStatus( - name='unknown', - value=core.Null() - ) - else: - reason = status if status != 'revoked' else 'unspecified' - cert_status = ocsp.CertStatus( - name='revoked', - value={ - 'revocation_time': self._revocation_date, - 'revocation_reason': reason, - } - ) - - issuer = self._certificate_issuer if self._certificate_issuer else responder_certificate - - produced_at = datetime.now(timezone.utc).replace(microsecond=0) - - if self._this_update is None: - self._this_update = produced_at - - if self._next_update is None: - self._next_update = (self._this_update + timedelta(days=7)).replace(microsecond=0) - - response = { - 'cert_id': { - 'hash_algorithm': { - 'algorithm': self._key_hash_algo - }, - 'issuer_name_hash': getattr(issuer.subject, self._key_hash_algo), - 'issuer_key_hash': getattr(issuer.public_key, self._key_hash_algo), - 'serial_number': serial, - }, - 'cert_status': cert_status, - 'this_update': self._this_update, - 'next_update': self._next_update, - 'single_extensions': single_response_extensions - } - responses.append(response) - - response_data = ocsp.ResponseData({ - 'responder_id': ocsp.ResponderId(name='by_key', value=responder_key_hash), - 'produced_at': produced_at, - 'responses': responses, - 'response_extensions': response_data_extensions - }) - - signature_algo = responder_private_key.algorithm - if signature_algo == 'ec': - signature_algo = 'ecdsa' - - signature_algorithm_id = '%s_%s' % (self._hash_algo, signature_algo) - - if responder_private_key.algorithm == 'rsa': - sign_func = asymmetric.rsa_pkcs1v15_sign - elif responder_private_key.algorithm == 'dsa': - sign_func = asymmetric.dsa_sign - elif responder_private_key.algorithm == 'ec': - sign_func = asymmetric.ecdsa_sign - - if not is_oscrypto: - responder_private_key = asymmetric.load_private_key(responder_private_key) - signature_bytes = sign_func(responder_private_key, response_data.dump(), self._hash_algo) - - certs = None - if self._certificate_issuer and getattr(self._certificate_issuer.public_key, self._key_hash_algo) != responder_key_hash: - certs = [responder_certificate] - - return ocsp.OCSPResponse({ - 'response_status': self._response_status, - 'response_bytes': { - 'response_type': 'basic_ocsp_response', - 'response': { - 'tbs_response_data': response_data, - 'signature_algorithm': {'algorithm': signature_algorithm_id}, - 'signature': signature_bytes, - 'certs': certs, - } - } - }) - -# Enums - -class ResponseStatus(enum.Enum): - successful = 'successful' - malformed_request = 'malformed_request' - internal_error = 'internal_error' - try_later = 'try_later' - sign_required = 'sign_required' - unauthorized = 'unauthorized' - - -class CertificateStatus(enum.Enum): - good = 'good' - revoked = 'revoked' - key_compromise = 'key_compromise' - ca_compromise = 'ca_compromise' - affiliation_changed = 'affiliation_changed' - superseded = 'superseded' - cessation_of_operation = 'cessation_of_operation' - certificate_hold = 'certificate_hold' - remove_from_crl = 'remove_from_crl' - privilege_withdrawn = 'privilege_withdrawn' - unknown = 'unknown' - - -# API endpoints -FAULT_REVOKED = "revoked" -FAULT_UNKNOWN = "unknown" - -app = Flask(__name__) -class OCSPResponder: - - def __init__(self, issuer_cert: str, responder_cert: str, responder_key: str, - fault: str, next_update_seconds: int): - """ - Create a new OCSPResponder instance. - - :param issuer_cert: Path to the issuer certificate. - :param responder_cert: Path to the certificate of the OCSP responder - with the `OCSP Signing` extension. - :param responder_key: Path to the private key belonging to the - responder cert. - :param validate_func: A function that - given a certificate serial - - will return the appropriate :class:`CertificateStatus` and - - depending on the status - a revocation datetime. - :param cert_retrieve_func: A function that - given a certificate serial - - will return the corresponding certificate as a string. - :param next_update_seconds: The ``nextUpdate`` value that will be written - into the response. Default: 9 hours. - - """ - # Certs and keys - self._issuer_cert = asymmetric.load_certificate(issuer_cert) - self._responder_cert = asymmetric.load_certificate(responder_cert) - self._responder_key = asymmetric.load_private_key(responder_key) - - # Next update - self._next_update_seconds = next_update_seconds - - self._fault = fault - - def _fail(self, status: ResponseStatus) -> OCSPResponse: - builder = OCSPResponseBuilder(response_status=status.value) - return builder.build() - - def parse_ocsp_request(self, request_der: bytes) -> OCSPRequest: - """ - Parse the request bytes, return an ``OCSPRequest`` instance. - """ - return OCSPRequest.load(request_der) - - def validate(self): - time = datetime(2018, 1, 1, 1, 00, 00, 00, timezone.utc) - if self._fault == FAULT_REVOKED: - return (CertificateStatus.revoked, time) - elif self._fault == FAULT_UNKNOWN: - return (CertificateStatus.unknown, None) - elif self._fault != None: - raise NotImplemented('Fault type could not be found') - return (CertificateStatus.good, time) - - def _build_ocsp_response(self, ocsp_request: OCSPRequest) -> OCSPResponse: - """ - Create and return an OCSP response from an OCSP request. - """ - # Get the certificate serial - tbs_request = ocsp_request['tbs_request'] - request_list = tbs_request['request_list'] - if len(request_list) < 1: - logger.warning('Received OCSP request with no requests') - raise NotImplemented('Empty requests not supported') - - single_request = request_list[0] # TODO: Support more than one request - req_cert = single_request['req_cert'] - serial = req_cert['serial_number'].native - - # Check certificate status - try: - certificate_status, revocation_date = self.validate() - except Exception as e: - logger.exception('Could not determine certificate status: %s', e) - return self._fail(ResponseStatus.internal_error) - - certificate_status_list = [(serial, certificate_status.value)] - - # Build the response - builder = OCSPResponseBuilder(**{ - 'response_status': ResponseStatus.successful.value, - 'certificate_status_list': certificate_status_list, - 'revocation_date': revocation_date, - }) - - # Parse extensions - for extension in tbs_request['request_extensions']: - extn_id = extension['extn_id'].native - critical = extension['critical'].native - value = extension['extn_value'].parsed - - # This variable tracks whether any unknown extensions were encountered - unknown = False - - # Handle nonce extension - if extn_id == 'nonce': - builder.nonce = value.native - - # That's all we know - else: - unknown = True - - # If an unknown critical extension is encountered (which should not - # usually happen, according to RFC 6960 4.1.2), we should throw our - # hands up in despair and run. - if unknown is True and critical is True: - logger.warning('Could not parse unknown critical extension: %r', - dict(extension.native)) - return self._fail(ResponseStatus.internal_error) - - # If it's an unknown non-critical extension, we can safely ignore it. - elif unknown is True: - logger.info('Ignored unknown non-critical extension: %r', dict(extension.native)) - - # Set certificate issuer - builder.certificate_issuer = self._issuer_cert - - # Set next update date - now = datetime.now(timezone.utc) - builder.next_update = (now + timedelta(seconds=self._next_update_seconds)).replace(microsecond=0) - - return builder.build(self._responder_key, self._responder_cert) - - def build_http_response(self, request_der: bytes) -> Response: - global app - response_der = self._build_ocsp_response(request_der).dump() - resp = app.make_response((response_der, 200)) - resp.headers['content_type'] = 'application/ocsp-response' - return resp - - -responder = None - -def init_responder(issuer_cert: str, responder_cert: str, responder_key: str, fault: str, next_update_seconds: int): - global responder - responder = OCSPResponder(issuer_cert=issuer_cert, responder_cert=responder_cert, responder_key=responder_key, fault=fault, next_update_seconds=next_update_seconds) - -def init(port=8080, debug=False): - logger.info('Launching %sserver on port %d', 'debug' if debug else '', port) - app.run(port=port, debug=debug) - -@app.route('/', methods=['GET']) -def _handle_root(): - return 'ocsp-responder' - -@app.route('/status/', defaults={'u_path': ''}, methods=['GET']) -@app.route('/status/', methods=['GET']) -def _handle_get(u_path): - global responder - """ - An OCSP GET request contains the DER-in-base64 encoded OCSP request in the - HTTP request URL. - """ - der = base64.b64decode(u_path) - ocsp_request = responder.parse_ocsp_request(der) - return responder.build_http_response(ocsp_request) - -@app.route('/status', methods=['POST']) -def _handle_post(): - global responder - """ - An OCSP POST request contains the DER encoded OCSP request in the HTTP - request body. - """ - ocsp_request = responder.parse_ocsp_request(request.data) - return responder.build_http_response(ocsp_request) diff --git a/.evergreen/ocsp/ocsp_mock.py b/.evergreen/ocsp/ocsp_mock.py deleted file mode 100755 index 04963b385..000000000 --- a/.evergreen/ocsp/ocsp_mock.py +++ /dev/null @@ -1,48 +0,0 @@ -#! /usr/bin/env python3 -""" -Python script to interface as a mock OCSP responder. -""" - -import argparse -import logging -import sys -import os - -sys.path.append(os.path.join(os.getcwd() ,'src', 'third_party', 'mock_ocsp_responder')) - -import mock_ocsp_responder - -def main(): - """Main entry point""" - parser = argparse.ArgumentParser(description="MongoDB Mock OCSP Responder.") - - parser.add_argument('-p', '--port', type=int, default=8080, help="Port to listen on") - - parser.add_argument('--ca_file', type=str, required=True, help="CA file for OCSP responder") - - parser.add_argument('-v', '--verbose', action='count', help="Enable verbose tracing") - - parser.add_argument('--ocsp_responder_cert', type=str, required=True, help="OCSP Responder Certificate") - - parser.add_argument('--ocsp_responder_key', type=str, required=True, help="OCSP Responder Keyfile") - - parser.add_argument('--fault', choices=[mock_ocsp_responder.FAULT_REVOKED, mock_ocsp_responder.FAULT_UNKNOWN, None], default=None, type=str, help="Specify a specific fault to test") - - parser.add_argument('--next_update_seconds', type=int, default=32400, help="Specify how long the OCSP response should be valid for") - - args = parser.parse_args() - if args.verbose: - logging.basicConfig(level=logging.DEBUG) - - print('Initializing OCSP Responder') - mock_ocsp_responder.init_responder(issuer_cert=args.ca_file, responder_cert=args.ocsp_responder_cert, responder_key=args.ocsp_responder_key, fault=args.fault, next_update_seconds=args.next_update_seconds) - - if args.verbose: - mock_ocsp_responder.init(args.port, debug=True) - else: - mock_ocsp_responder.init(args.port) - - print('Mock OCSP Responder is running on port %s' % (str(args.port))) - -if __name__ == '__main__': - main() diff --git a/.evergreen/ocsp/rsa/ca.crt b/.evergreen/ocsp/rsa/ca.crt deleted file mode 100644 index ee6dc5a65..000000000 --- a/.evergreen/ocsp/rsa/ca.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDeTCCAmGgAwIBAgIEZLtwgzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO -BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwMjA2MjAxMzExWhcNNDAwMjA4MjAxMzExWjB0MQswCQYD -VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp -dHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwO -S2VybmVsIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0 -D1mnIrh7RRrCUEocNYLMZ2azo6c6NUTqSAMQyDDvRUsezil2NCqKo0ptMRtmb8Ws -yuaRUkjFhh9M69kiuj89GKRALXxExHjWX7e8iS1NTGL+Uakc1J23Z5FvlUyVLucC -fcAZ6MvcC7n6qpzUxkqz1u/27Ze9nv2mleLYBVWbGpjSHAUDuZzMCBs5Q/QrUwL7 -4cIxNsS0iHpYI3aee67cmFoK4guN9LBOtviyXUTP22kJLXe41HDjdWh01+FxcuwH -rGmeGQwiSlw48wkdoC0M51SwpHEq+K91BqGsTboC5mshqKA88OPf5JK9ied/OsNX -+K6p5v3RVHn89VaWiTorAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAd1jj1GECUEJMH00IX3VFgb2RpJ4Qi8TKAZgMMHdE7Cyv4M -p4w/zvQC1F6i54n+TWucq3I+c33lEj63ybFdJO5HOWoGzC/f5qO7z0gYdP2Ltdxg -My2uVZNQS+B8hF9MhGUeFnOpzAbKW2If3KN1fn/m2NDYGEK/Z2t7ZkpOcpEW5Lib -vX+BBG/s4DeyhRXy+grs0ASU/z8VOhZYSJpgdbvXsY4RXXloTDcWIlNqra5K6+3T -nVEkBDm0Qw97Y6FsqBVxk4kgWC6xNxQ4Sp+Sg4wthMQ70iFGlMin0kYRo7kAIUF9 -M+v2vMwTFWkcl0BT5LobE39kWVbQKEVPH7nkItE= ------END CERTIFICATE----- diff --git a/.evergreen/ocsp/rsa/ca.key b/.evergreen/ocsp/rsa/ca.key deleted file mode 100644 index 9d10cb2db..000000000 --- a/.evergreen/ocsp/rsa/ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0D1mnIrh7RRrC -UEocNYLMZ2azo6c6NUTqSAMQyDDvRUsezil2NCqKo0ptMRtmb8WsyuaRUkjFhh9M -69kiuj89GKRALXxExHjWX7e8iS1NTGL+Uakc1J23Z5FvlUyVLucCfcAZ6MvcC7n6 -qpzUxkqz1u/27Ze9nv2mleLYBVWbGpjSHAUDuZzMCBs5Q/QrUwL74cIxNsS0iHpY -I3aee67cmFoK4guN9LBOtviyXUTP22kJLXe41HDjdWh01+FxcuwHrGmeGQwiSlw4 -8wkdoC0M51SwpHEq+K91BqGsTboC5mshqKA88OPf5JK9ied/OsNX+K6p5v3RVHn8 -9VaWiTorAgMBAAECggEBAJ7umazMGdg80/TGF9Q0a2JutplDj5zyXgUJUSNkAMWB -/V+Qi8pZG1/J6CzfVpche3McmU2WOsOWslQcLUnY6W7NLFW1kGXGof5e+HgDASik -jxB6FfJrvVagpR+/wZxAjQmG46Q69o4hD6SxKcMpz9BTnPXxG6n1B2EeFd+lPb2r -zf/C4uXBczWn5rFXkj0DZGq81ZXewcnUNnxjQnccVCuYW+hqYxznSxqWTCD6hsvg -sGceqv0Ppp6TqMSECCIIJ+kVlbiAC2i6mnoertheFVrNUdwDb8nRn6fs8T+F0ShW -PdxIfSvAaBKqvseJqqueVpuwVcdSl+moJYlCdMb4cUECgYEA30AIHvMQq/s33ipV -62xOKXcEZ7tKaJrAbJvG4cx934wNiQ0tLwRNlonGbuTjsUaPRvagVeJND/UPIsfH -ZwoY1Uw25fZNaveoQtU8LQBAG53R5yaMiUH48JWVvKRdfG09zr6EFCM/k2loHS1W -/CiDlaIl59B8REnihyn0wvkiaIsCgYEAznlZRhlruk+n2sWklierav4M8GEK22+/ -A/UP1eUnlcHgSaFZoM0sukSrisZnj6zu/BAfFEVN5czra3ARrLClLQteFREr2BMF -9XymrjNG99QkBAall7BGpfkDW/D2DFZa4G5R6AMG+pYZHCU84U4QT5ZKyfdhTUbQ -uTYx2F31COECgYAIUm+7D56AerXjbzqSsw/a1dfxMfcdHR+tLMVmJ2RNz/+1KyuT -BBsMUIh4G8otEo9GuuzRJsVuodj1l/Lj8WlpkhS9z8elBCRekWpT1x2Mqf5oGnTE -rRPli/3v8USW3c+fBFUSFxpImXZLGCSU88Gr80ZsdMYdGY/7L+Iy3myc7wKBgQC1 -uHeqCpWV1KWXFnxU63UjJZWdussjdqZXhUf6qUS9uXT9WNTZgbrr9aRE73oWKc3s -awPvg0+cAU7xsCDeLFoz2t1jDUnZUmTcOmk4yEidtkg8gt0bNDn5ucALG3hyQ06Y -WIAeAwwRYCmZa+y5H0ubwFryhpdMvBbX66rTE16mAQKBgC5PJd9zLEzyLj/jUfZ0 -xOwXubu9GejOuCiVwKMTn73nvdi57zFBOrDxSl9yVCRhve61L5fcJixRDiwx8qtd -VGclRMxbVPKVfKpAyKjpsmZXk3IPHjXjJb3fYLXAnzRHk6v+yjVn4fy2Z93pW/cF -wBgQNqXLNTGrBzrFi469oc1s ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/rsa/ca.pem b/.evergreen/ocsp/rsa/ca.pem deleted file mode 100644 index afa468f04..000000000 --- a/.evergreen/ocsp/rsa/ca.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDeTCCAmGgAwIBAgIEZLtwgzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO -BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwMjA2MjAxMzExWhcNNDAwMjA4MjAxMzExWjB0MQswCQYD -VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp -dHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwO -S2VybmVsIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0 -D1mnIrh7RRrCUEocNYLMZ2azo6c6NUTqSAMQyDDvRUsezil2NCqKo0ptMRtmb8Ws -yuaRUkjFhh9M69kiuj89GKRALXxExHjWX7e8iS1NTGL+Uakc1J23Z5FvlUyVLucC -fcAZ6MvcC7n6qpzUxkqz1u/27Ze9nv2mleLYBVWbGpjSHAUDuZzMCBs5Q/QrUwL7 -4cIxNsS0iHpYI3aee67cmFoK4guN9LBOtviyXUTP22kJLXe41HDjdWh01+FxcuwH -rGmeGQwiSlw48wkdoC0M51SwpHEq+K91BqGsTboC5mshqKA88OPf5JK9ied/OsNX -+K6p5v3RVHn89VaWiTorAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAd1jj1GECUEJMH00IX3VFgb2RpJ4Qi8TKAZgMMHdE7Cyv4M -p4w/zvQC1F6i54n+TWucq3I+c33lEj63ybFdJO5HOWoGzC/f5qO7z0gYdP2Ltdxg -My2uVZNQS+B8hF9MhGUeFnOpzAbKW2If3KN1fn/m2NDYGEK/Z2t7ZkpOcpEW5Lib -vX+BBG/s4DeyhRXy+grs0ASU/z8VOhZYSJpgdbvXsY4RXXloTDcWIlNqra5K6+3T -nVEkBDm0Qw97Y6FsqBVxk4kgWC6xNxQ4Sp+Sg4wthMQ70iFGlMin0kYRo7kAIUF9 -M+v2vMwTFWkcl0BT5LobE39kWVbQKEVPH7nkItE= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0D1mnIrh7RRrC -UEocNYLMZ2azo6c6NUTqSAMQyDDvRUsezil2NCqKo0ptMRtmb8WsyuaRUkjFhh9M -69kiuj89GKRALXxExHjWX7e8iS1NTGL+Uakc1J23Z5FvlUyVLucCfcAZ6MvcC7n6 -qpzUxkqz1u/27Ze9nv2mleLYBVWbGpjSHAUDuZzMCBs5Q/QrUwL74cIxNsS0iHpY -I3aee67cmFoK4guN9LBOtviyXUTP22kJLXe41HDjdWh01+FxcuwHrGmeGQwiSlw4 -8wkdoC0M51SwpHEq+K91BqGsTboC5mshqKA88OPf5JK9ied/OsNX+K6p5v3RVHn8 -9VaWiTorAgMBAAECggEBAJ7umazMGdg80/TGF9Q0a2JutplDj5zyXgUJUSNkAMWB -/V+Qi8pZG1/J6CzfVpche3McmU2WOsOWslQcLUnY6W7NLFW1kGXGof5e+HgDASik -jxB6FfJrvVagpR+/wZxAjQmG46Q69o4hD6SxKcMpz9BTnPXxG6n1B2EeFd+lPb2r -zf/C4uXBczWn5rFXkj0DZGq81ZXewcnUNnxjQnccVCuYW+hqYxznSxqWTCD6hsvg -sGceqv0Ppp6TqMSECCIIJ+kVlbiAC2i6mnoertheFVrNUdwDb8nRn6fs8T+F0ShW -PdxIfSvAaBKqvseJqqueVpuwVcdSl+moJYlCdMb4cUECgYEA30AIHvMQq/s33ipV -62xOKXcEZ7tKaJrAbJvG4cx934wNiQ0tLwRNlonGbuTjsUaPRvagVeJND/UPIsfH -ZwoY1Uw25fZNaveoQtU8LQBAG53R5yaMiUH48JWVvKRdfG09zr6EFCM/k2loHS1W -/CiDlaIl59B8REnihyn0wvkiaIsCgYEAznlZRhlruk+n2sWklierav4M8GEK22+/ -A/UP1eUnlcHgSaFZoM0sukSrisZnj6zu/BAfFEVN5czra3ARrLClLQteFREr2BMF -9XymrjNG99QkBAall7BGpfkDW/D2DFZa4G5R6AMG+pYZHCU84U4QT5ZKyfdhTUbQ -uTYx2F31COECgYAIUm+7D56AerXjbzqSsw/a1dfxMfcdHR+tLMVmJ2RNz/+1KyuT -BBsMUIh4G8otEo9GuuzRJsVuodj1l/Lj8WlpkhS9z8elBCRekWpT1x2Mqf5oGnTE -rRPli/3v8USW3c+fBFUSFxpImXZLGCSU88Gr80ZsdMYdGY/7L+Iy3myc7wKBgQC1 -uHeqCpWV1KWXFnxU63UjJZWdussjdqZXhUf6qUS9uXT9WNTZgbrr9aRE73oWKc3s -awPvg0+cAU7xsCDeLFoz2t1jDUnZUmTcOmk4yEidtkg8gt0bNDn5ucALG3hyQ06Y -WIAeAwwRYCmZa+y5H0ubwFryhpdMvBbX66rTE16mAQKBgC5PJd9zLEzyLj/jUfZ0 -xOwXubu9GejOuCiVwKMTn73nvdi57zFBOrDxSl9yVCRhve61L5fcJixRDiwx8qtd -VGclRMxbVPKVfKpAyKjpsmZXk3IPHjXjJb3fYLXAnzRHk6v+yjVn4fy2Z93pW/cF -wBgQNqXLNTGrBzrFi469oc1s ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/rsa/mock-delegate-revoked.sh b/.evergreen/ocsp/rsa/mock-delegate-revoked.sh deleted file mode 100755 index adf026ce1..000000000 --- a/.evergreen/ocsp/rsa/mock-delegate-revoked.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ocsp_responder.crt \ - --ocsp_responder_key ocsp_responder.key \ - -p 8100 \ - -v \ - --fault revoked diff --git a/.evergreen/ocsp/rsa/mock-delegate-valid.sh b/.evergreen/ocsp/rsa/mock-delegate-valid.sh deleted file mode 100755 index 5074a7eca..000000000 --- a/.evergreen/ocsp/rsa/mock-delegate-valid.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env sh -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ocsp-responder.crt \ - --ocsp_responder_key ocsp-responder.key \ - -p 8100 \ - -v diff --git a/.evergreen/ocsp/rsa/mock-revoked.sh b/.evergreen/ocsp/rsa/mock-revoked.sh deleted file mode 100755 index 4a17926b9..000000000 --- a/.evergreen/ocsp/rsa/mock-revoked.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ca.crt \ - --ocsp_responder_key ca.key \ - -p 8100 \ - -v \ - --fault revoked diff --git a/.evergreen/ocsp/rsa/mock-valid.sh b/.evergreen/ocsp/rsa/mock-valid.sh deleted file mode 100755 index c89ce9e95..000000000 --- a/.evergreen/ocsp/rsa/mock-valid.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env sh -python3 ../ocsp_mock.py \ - --ca_file ca.pem \ - --ocsp_responder_cert ca.crt \ - --ocsp_responder_key ca.key \ - -p 8100 \ - -v diff --git a/.evergreen/ocsp/rsa/ocsp-responder.crt b/.evergreen/ocsp/rsa/ocsp-responder.crt deleted file mode 100644 index 58caba358..000000000 --- a/.evergreen/ocsp/rsa/ocsp-responder.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIEA0v5yzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO -BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwMjA2MjMyMjU4WhcNNDAwMjA4MjMyMjU4WjBiMRAwDgYD -VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxEjAQBgNVBAMMCWxvY2FsaG9z -dDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ8wDQYDVQQHDAZPQ1NQLTMwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiHYXGCSOK3gxlEmNSLepoFJbv -hfYxxaqAWEceiTQdRpN97YRr/ywPm0+932EsE6/gIjqVs8IOtsiFKK1lQ9sL/9f+ -ckS5gj9AR+Cta+FLDRP5plE+aao5no0kA8qMx2HHd47XFnuxKtUztRmgmTBNYbYh -PdY1kjBSRyuXXBn1V6TRaYhk6dsK56Zvhgo6Y3YqpjpldePa4E0XpUlBhY020QXt -K3iWFauEYKcKR2JI2oVjY0tR60zf3GHkMLCe7SdbofCdwkBHcCctLSp4xYb44JGb -JX1npM1mhxR4pnp80tbEXNvXQ4S3kmd7/QFUYE4IdXVkXNhkK6PtIdDKbLa9AgMB -AAGjLzAtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBMGA1UdJQQMMAoGCCsGAQUF -BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB5igUUQSzxzWvL+28TDYFuNnTB0hvqTnd7 -ZVyk8RVBiUkudxEmt5uFRWT6GOc7Y1H6w4igtuhhqxAeG9bUob+VQkCyc4GxaHSO -oBtl/Zu+ts+0gUUlm+Bs6wFnFsGhM0awV/vqigDADZT2jbqbHBm2lP99eq8fsi6L -kpohhbuTVWjLuViARYIOJLoBnNRpVXqwD5A8uNqwZI2OVGh1cQYNZcmfLJ1u2j5C -ycohoa+o8NGgkxEhG2QETdVodfHT2dUgzPDvO42CVa3MK7J0sovBU5DeuIDPV/hh -j+v5A8L8gMiNpkLClqt2TEiFH2GItWDNQjTgrLq9iFUgJnbwuj4F ------END CERTIFICATE----- diff --git a/.evergreen/ocsp/rsa/ocsp-responder.key b/.evergreen/ocsp/rsa/ocsp-responder.key deleted file mode 100644 index ab3001e7f..000000000 --- a/.evergreen/ocsp/rsa/ocsp-responder.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDiHYXGCSOK3gxl -EmNSLepoFJbvhfYxxaqAWEceiTQdRpN97YRr/ywPm0+932EsE6/gIjqVs8IOtsiF -KK1lQ9sL/9f+ckS5gj9AR+Cta+FLDRP5plE+aao5no0kA8qMx2HHd47XFnuxKtUz -tRmgmTBNYbYhPdY1kjBSRyuXXBn1V6TRaYhk6dsK56Zvhgo6Y3YqpjpldePa4E0X -pUlBhY020QXtK3iWFauEYKcKR2JI2oVjY0tR60zf3GHkMLCe7SdbofCdwkBHcCct -LSp4xYb44JGbJX1npM1mhxR4pnp80tbEXNvXQ4S3kmd7/QFUYE4IdXVkXNhkK6Pt -IdDKbLa9AgMBAAECggEBAMMYOe4OwI323LbwUKX9W/0Flt1/tlZneJ9Yi7R7KW4B -EQ1cPB96gafNl9X5wLvpGJzIq8ey28MaTpUl7cYr7/nAe7rdGRL+oFh0LBU1uaOp -2wxSRlMVlHw2owzqAH/LIECclbBbg8nvbRk6Lqx0wEpj/mNcGVELm4nCQohMPVGC -9/8GZ63r+tS35jry9SBG0X4R5jYKsNzgNgcjR+lgMv/2FfpuZDryk9TWIP9ApQoc -7/DpTfC6P34f/ermfo4f2GEmRJsTACphA0kkpQX/n88r35cUSGeO5M9jYICUeCFw -IK4L6KNQcTRVOknFYeVJembVrj0RYKtWT+oU84a4XPkCgYEA+k7fcXhU2K+NX8RN -7HUPbxBE/TfLTNHdLTuWCUI77j+J3LUPNQ4BUyue+pUaFxI7Huc6x1zvvD27EqJ8 -0ge5MkFNflTUdUotuU/FKg7GKOU7rfdEvthzU2MbAZrHc0SeF+9/YrpvWZ+ZMKQ5 -IBQhiloFLsVGpGFzzF/MjpFdYo8CgYEA50HQxDDmfzmvNnURRZZV0lQ203m9I4KF -DbL2x59q0DaJkUpFr3uyvghAoz4y/OD5vNIwbzHWbmDQEA06v7iFoJ6BcJFG1syc -7A7KTB3PNQK4+ASG6pC3tYJ78mWtJwK130hFpuVkS/VPhQZJ/21EcWj9V153SZpA -RUqv/L+lx/MCgYEAs7E7p3IDNyuQClgauM2wrsK3RDFxuUxPw9Eq/KqX64mhptg0 -epn7SYHfN3Uirb1gw+arw8NsN275hX8wrHbu9Kz8vNyZSTpfaNFjcbX5fBJUrab9 -qyQoZoyXLqe214FDHVvJz06X8Xcpukmq2OSaz3+giNsGw6tSPj3n09F3gPECgYBI -1NGK+FufdetYm0X1RIOC2kLqF00aAeElj1dpRyu8p3Br8ZhAzBRfBPpWbyBfw/rj -HM9kNa3y1Uqxw3jdKJ/tFf5uFVLaE1bYgU/06O55I4Jdmg9jkHBLGe0vShZeUtw0 -le5ZwaT0xy1kF7b2WtNTZF1lRrsK0ymqqPsD/teXQQKBgBTyYVxPEHKr86kEQqL5 -/OKByVpqAxA7LQ1lTLNV9lXMRawp848flv/Uc8pj43MitAIiYazfXkpeeC6gGntJ -kkRT9jraOzy51tVAIh2KXm3l6KY/gnYTO3UXrxZOZU4IA7OttP3BG7xKq/9HP+kV -5P1bAkqo+n3XNxKoSSeJteCd ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/rsa/server-mustStaple-singleEndpoint.pem b/.evergreen/ocsp/rsa/server-mustStaple-singleEndpoint.pem deleted file mode 100644 index 47112c02b..000000000 --- a/.evergreen/ocsp/rsa/server-mustStaple-singleEndpoint.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEFzCCAv+gAwIBAgIETUEXPjANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO -BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwNDIxMTkxNDA3WhcNNDAwNDIzMTkxNDA3WjBiMRAwDgYD -VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxEjAQBgNVBAMMCWxvY2FsaG9z -dDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ8wDQYDVQQHDAZPQ1NQLTEwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWuLtsdzYxDK//wc9VXyyQPlS -AmkRHrLrTH0OSSPBvXK0NSkHtOjh3gX4jzTN8jTpEVkbfYt1EInZnucWOcX7mRRP -LRp0Fcq7j1pCPJ15uNSZDqDnfEA8kiY2Qg9n9oAIR2yk3FFj/8raBB13EnzOHeq4 -27BXH7oOgOgvd8PyuOB1OmNKjCLf5laaRbB+/lyrGfPFwmNcgH2lxtkfeBhTM5kS -vDkbAFIX6KqeWtvaV+WRPcyooa0FvNXTfCiS26qtw4rMZnWNODG13pgJCPckDZt7 -kX9qM+cS4L4oj6Hm3NrWkTpJzOFOQwZMily0X6ee1IH9m0yaLS7vq3pKlr67AgMB -AAGjgcIwgb8wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQX4EjmQUUFCdz2ZKGKMHEPkkGHCDA4 -BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly9sb2NhbGhvc3Q6ODEw -MC9zdGF0dXMwEQYIKwYBBQUHARgEBTADAgEFMBoGA1UdEQQTMBGCCWxvY2FsaG9z -dIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAkZd/uV401ejVjqMaQ5ogkdo97Isz -Rjrx6dDY1Ll+5LzViqdRlXiAAc/bUq8NhYQkbjUC7b931meksIRRdtJUZx9zLt43 -npjjGKDdWEilLKKwT1IvKaAb2A7hmrT4WkwDtHZODvvpE+wvmEQ2LwthHDs+FwqN -2YDTuxdhO8mMePDXfK0Ch4WJQaJV/PT0sI34sYoeF7KC0TACWKwG08+qI9vawujq -qWw5fRwNTqxAj9X66wp6RdE6bJ3mWOrPmUppaDww3yRGVxdsWKCC8WoH3etNl8Km -iwDcp+WF+DmoOt2VAcvzoQsvsoUGdaMHYQ1MTJb5YsURr3BuGmcEUQI/yA== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDEWuLtsdzYxDK/ -/wc9VXyyQPlSAmkRHrLrTH0OSSPBvXK0NSkHtOjh3gX4jzTN8jTpEVkbfYt1EInZ -nucWOcX7mRRPLRp0Fcq7j1pCPJ15uNSZDqDnfEA8kiY2Qg9n9oAIR2yk3FFj/8ra -BB13EnzOHeq427BXH7oOgOgvd8PyuOB1OmNKjCLf5laaRbB+/lyrGfPFwmNcgH2l -xtkfeBhTM5kSvDkbAFIX6KqeWtvaV+WRPcyooa0FvNXTfCiS26qtw4rMZnWNODG1 -3pgJCPckDZt7kX9qM+cS4L4oj6Hm3NrWkTpJzOFOQwZMily0X6ee1IH9m0yaLS7v -q3pKlr67AgMBAAECggEBAJqjLUafJdt9IK6+TVhLZAoKS4//n/lAoQ3YTkCa71Mc -PSKZHzgXjLSdIzyuo5px3qOS6wdQZy0JmlbN4xZI55gO5cS5M7UqmGAANMgnbqm3 -G49yytujqf9J5lgizHlG02wxu+lWLa9AeuQaC46D+9BkFUACnCzxKplTgggoHSSg -fTm/AKPRg/ZxejoorqveHK3IGjwVxk/2b6aqcCsr0GCuR5ons7hCQ66clvAqR/AH -ejz77lM/Nn6jq29Dgq/KhX22uabjML1yHFxZW0gF58chpJWTP8Rn3FEDw2mgMdao -C5C9Im9WWHquy05GQZRP/V5bhPuAgg5E4X+nCyn4eTECgYEA7eXTp+zLsGYe6l4a -MvXohDKMCouDF8w40hyIvJ9lF5ikQEhnJRQLPzbM7qx1AeeQwZevtyNBchX0nVwJ -VRd9c5qsSFkar489vBvhjEJ4B57B7KNoE5BHaR0+tfzWsWwK6BxHl9PmeGSn59i/ -7UwBhIzaC6dyJpTowCu/Scv8LhMCgYEA00vR/qeC0L7YPSG+VjHwerFhzUCTfnbd -wFpJM+N6PMRZA4GRWQLLxGmzPohjSfzwWMgUCXjopWiWOnxTEUlvTQgCWLAceMlk -rbTnHBtlXPPpSHvlmgVEG0+U/CpqONY7upEYrbt1xPMxNponS/7Yl0BXB2Qx8Je4 -pXs2H7wTIbkCgYEAgFOxUKwTVBxCIPqR91tfCbCaijWniXbIT87Ek7sHtSrJr0Nf -IEknp/nPog+1LknTdBp21rtV2kytnxS+lAAP1ARjWsN1+a2zB32itR5F0RZ6VUPw -KF1zp+f2pAS3aw109LAMjoHnmJnzWMU7Aq41Q2MXW6H/mYBJ7R+sGArJBbECgYBY -Y1Qx+bLATcU5NV9gwT0+pesqqEPK2ECFEX+jxBnDR8OQsuexW3kP7cN8eiNGtRd5 -nCC9oaV4ZBrL1mwNRDHaAGqy3ODcKisCezVeTZuGWcYRezqdxmwqHI1POxL6Oav8 -rGutaUinna/Njoi3wqCqDNEbF2/InD8ygisu9UbviQKBgQCS4Mxw+uOl5WvXjrze -z6B8L69MkT4fidgGkqimfpjk+N5Yt49otfvlvFPjkrVqR3lMqrqjV2r0W4fTeoSo -SDE3vZFZC9mi6ptUbgrW+aYqLHYQGYsJQXmj48Nkm/9uhkN1YEE9o04uSau1yVg+ -fDqxV7pLZwfnUbvGnYGjBShkMQ== ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/rsa/server-mustStaple.pem b/.evergreen/ocsp/rsa/server-mustStaple.pem deleted file mode 100644 index 5c80602e4..000000000 --- a/.evergreen/ocsp/rsa/server-mustStaple.pem +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIERjCCAy6gAwIBAgIEJ++lZzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO -BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwMzE5MTU1NjIyWhcNNDAwMzIxMTU1NjIyWjBiMRAwDgYD -VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxEjAQBgNVBAMMCWxvY2FsaG9z -dDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ8wDQYDVQQHDAZPQ1NQLTEwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDykV3fTFJgaqjfAgbAC7TGPk9V -VVsRYRgLF8Zjh9GDRU/TQ6pGZG7qo64D11oQurW0WT2Zv/lqhXW4mWNFv8+qoS5L -9z2Dtmxr8CZbb6YftA0e22KPUuDCQ5nYhOY21A6SYFwqEZ6ZsrZAMkgfhx+TY1kZ -0jZM/jgkvRtpG9I8BbddHyF8eFATCJ41DnLOzjfNukd5zKSIdVxY6r+ZBOr29kii -dcNHkCAck7+WXl9/KSqH7jF5asU0S3x/68G2R/qdKAxki9b2fe70N3XGZE0P2WHi -lq2aJeE0eqjAv+hBGiEb4iJl0s8iheardrHFeL4EMbiiVfVdVCHKkp58wjB9AgMB -AAGjgfEwge4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTOLiS9HKGWpiVKx81nNuRlK+HAITBn -BggrBgEFBQcBAQRbMFkwLQYIKwYBBQUHMAGGIWh0dHA6Ly9sb2NhbGhvc3Q6OTAw -MS9wb3dlci9sZXZlbDAoBggrBgEFBQcwAYYcaHR0cDovL2xvY2FsaG9zdDo4MTAw -L3N0YXR1czARBggrBgEFBQcBGAQFMAMCAQUwGgYDVR0RBBMwEYIJbG9jYWxob3N0 -hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCg3NfTO8eCdhtmdDVF5WwP4/lXMYJY -5wn7PhYKMyUQI3rjUpQRIQwCVerHAJAiiflpgefxB8PD5spHPFq6RqAvH9SKpP5x -nyhiRdo51BmijCIl7VNdqyM5ZgDAN2fm2m56mDxpo9xqeTWg83YK8YY1xvBHl3jl -vQC+bBJzhaTp6SYXMc/70qIPcln0IElbuLN8vL4aG6xULkivtjiv7qBSZrNrBMSf -QJan9En4wcNGFt5ozrgJthZHTTX9pXOGVZe4LXbPCQSrBxZiBD9bITUyhtbeYhYR -4yfXjr7IeuoX+0g6+EEtxqrbWfIkJ3D7UaxAorZEsCt18GC7fap9/fzv ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDykV3fTFJgaqjf -AgbAC7TGPk9VVVsRYRgLF8Zjh9GDRU/TQ6pGZG7qo64D11oQurW0WT2Zv/lqhXW4 -mWNFv8+qoS5L9z2Dtmxr8CZbb6YftA0e22KPUuDCQ5nYhOY21A6SYFwqEZ6ZsrZA -Mkgfhx+TY1kZ0jZM/jgkvRtpG9I8BbddHyF8eFATCJ41DnLOzjfNukd5zKSIdVxY -6r+ZBOr29kiidcNHkCAck7+WXl9/KSqH7jF5asU0S3x/68G2R/qdKAxki9b2fe70 -N3XGZE0P2WHilq2aJeE0eqjAv+hBGiEb4iJl0s8iheardrHFeL4EMbiiVfVdVCHK -kp58wjB9AgMBAAECggEATA91Bf3insUTKspx32pMRxVmvvVC1xJA/cl4teDyu1zS -iQZgsC3x8bVdbWrrnO9O5rxM6pcd2F786OOAE3Dv5ysfX0apjVF4cegdvvIlfy9w -JcrY/uQYAhI8fX4+ydZ4s0Fv5OkdeEhniX26y9gM+KRgXg5iZIYaiLqbi7vjkloE -NBIDWGj8PCNKUVc2PSbZFVMMTc+7qZeUR0WRKr9CsaXBiEkWKfuw4MH1YUL0HJOs -uLd/oYg0l0eHPluUkKQW+KVq1GKsmr2sSc8NOcGtVTsUygSgX4hw36V7Vw3MfQRv -sNIgKp3RDEyynoXRoG3laHrib1GdYwDKRsHB2znKQQKBgQD+NAOOqoEx0lmlg/Wf -sNImv+3da0owE1TqTMHBWXriGo+DwqT+d9S+M5x3JMpmgH9vTEDlLOM2+qF8M3B3 -TLlu1k7F8D1G7YCdIZwMLUNCekCSHsqQcU9HMHlQqXd2cxFqWbyATk9tvJzj7xC9 -zMhaKGKvIS/EF0Ld8kIvrINmGQKBgQD0SExjk4yshv/DvWknxfJr8OupgQrriLHA -Hrk+n84Iv/4vzupgKsXJQE6VN0xM6e/ANhGATuxiaA3UE4p6K9wJNryHrw/wdnyf -I9AR0Cea9F4pa26BBCdLtQuyRqgl7dBZA1n3il7vKX6wB0MLoy/uYWYCedk4w+9d -acqh7S0CBQKBgBl8x5qHV/rR13E0AO2pAfkmp0fbGQ4m8g2n8olbWmnPNfKFEpv9 -EdScQiTkCHMskRpsr9kKniGGEajtU2pyw+jsDevkwZAaAho/I3FJHIRO06iS88Z1 -xfgiUReYVkUHFojuRGss7uPW1Hg6IRiWrsPzZqmejzZ/CpJMVvyGtIoJAoGAXmo7 -LBlxO5WJ8SuaIwc85T9etkrr35EbsnetfWjihzs9kVjV+YlOnLRAKygOU4PvaEj9 -hqv6bSZugdNzqDifeOgxAfhFntkM3a1H1DqxtBBS/ItLUI48aeR1utfYUaCS8HR9 -J1HR03okPwDvhuXxtp7qgHZ74JbKQz6KVP+Ib8kCgYEA7w0NnuOoZ0la17XuyQzA -UeTZZavgm0tNqqT4JcPiUV9zkR8WJsFQE704KQ8BjDyeYMWwe8EpfJaqsGqdJKGo -RnnxwNuwT4uSNb78MxXXVRG0fN/2iu70lNySKOl/DmA8siRc/weQj5JPsGbyZkjZ -IsaTqaZQUdtbZ7vRukyPo8Q= ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/rsa/server-singleEndpoint.pem b/.evergreen/ocsp/rsa/server-singleEndpoint.pem deleted file mode 100644 index 66849f535..000000000 --- a/.evergreen/ocsp/rsa/server-singleEndpoint.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEBDCCAuygAwIBAgIEZ0Q/vTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO -BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwNDEwMjA1NDEzWhcNNDAwNDEyMjA1NDEzWjBiMRAwDgYD -VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxEjAQBgNVBAMMCWxvY2FsaG9z -dDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ8wDQYDVQQHDAZPQ1NQLTEwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH3pCRRVSRghw0+55xvfRRWQx/ -5BO/M7XGtiLwAUU+R42FyQYdu8rgZQavtDLU/KQaws6xoIBvl0YezBGRTbEa4pM/ -ATeGSTz9Xdo5Zp9oQgb41yimdjVCxTrdMUAtocHi5UurkmuBJcyZ6UHLvQ11whgL -tZfGFO3drhLm8A/mDFr4o+9LX4q+9qh+cDFEWnTx5j16ZN2pWNR8lFF5pu/wsqPL -CJEC/dq95EuwQJoupjF+bC/faGx+b1/CLx2HyCR0pDSvNq9AlK9W0qw5br01qIhT -+mvv6+nPs8zzdixrguNlzHsEZN/pPnFZ3xBZii88F4xfxfPoPE+rfPO5M6DfAgMB -AAGjga8wgawwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRWLvOTPv7G74DYdxd+Lv/7DzLabDA4 -BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly9sb2NhbGhvc3Q6ODEw -MC9zdGF0dXMwGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEB -CwUAA4IBAQAJvPmDizmNplKTdBu4YsF2E7EsAfJREuN7TKAbLsiYtyAMuIu5BIv6 -Ma4pcxeJUvYML5czHoPwjXNC9+M7aTsb18q8ZRAJzY2kVhvzhT2lVH5YFC8vhJ92 -aeX8GTpoa+lslXuvVe8os+tGcQzqMtiVF2xZHbAYOiAno+fVQey9VSjU+pXIcKUT -7nF/b0rRHHo8ziPsfI+h3kKWttywB+iQ60Zlt3ajlfWgTuL1fdbt9GEFl68Rhhsy -6s1h8oXSSM0VIBzJKqrubJgziXH2kVN9p1XtQcCwW2lrZ3z0GQq5nLvIsgTQHwx6 -FsuONP/eS2esZIn7LwT2nSNa/Hfh9pq/ ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDH3pCRRVSRghw0 -+55xvfRRWQx/5BO/M7XGtiLwAUU+R42FyQYdu8rgZQavtDLU/KQaws6xoIBvl0Ye -zBGRTbEa4pM/ATeGSTz9Xdo5Zp9oQgb41yimdjVCxTrdMUAtocHi5UurkmuBJcyZ -6UHLvQ11whgLtZfGFO3drhLm8A/mDFr4o+9LX4q+9qh+cDFEWnTx5j16ZN2pWNR8 -lFF5pu/wsqPLCJEC/dq95EuwQJoupjF+bC/faGx+b1/CLx2HyCR0pDSvNq9AlK9W -0qw5br01qIhT+mvv6+nPs8zzdixrguNlzHsEZN/pPnFZ3xBZii88F4xfxfPoPE+r -fPO5M6DfAgMBAAECggEAR6QUR64FMR7lA2zJj1WaNGpp25GiLl/XoUF55nNeIYO+ -S50Rryi4AJTVv7cknUltfRYkxnCUeOtNPA7DoUSq3csnImdKQr0PunWgmgCZ1OIN -47YjoP8v+h3+Cnjz2ydm+vBbnkUeea1V2DlO1zuNjo8i1Vei7mJkHJift92GpVtY -DW5GrTZfntPJXHQQjz6nGn5mQxTlEi1WafPPyDoqykwAIonehIyhYd7UCDw/e62D -XMWk8Bo7YmX0Y3utQF2tuu1ih2zz5+NXwviycBqE9GL4eoHZgdKJrPBA/nRBsy5J -SqorCKxLODvl77EIdqPUDZsyGzvWlmoEyDtthsvsiQKBgQDtFaIQW+DizGqibfuT -6/z5+4G8ZAp+FVJU/0Z/SmOX/ro2LzYhlV0l71OWvMVKxCfp30zlYaYWNo+R8h40 -O6zSsKcSE7JLFNh53euPz49Ium+N5OFZ6Yez7HBD/5sjWEt+iGDUZAr9SlqMZAGN -PhUSu51QvFj1kqqVbXxmA3TkiwKBgQDX0NOCri8J4jqBk8TuY4AZS3zq/2lVmFYh -81itma43zXRG3z8hFFct/CBqxObGwi1MQAGZAG7EeOvnH6FPV/85Tej1Wd0VtV8f -ryWgjSvZDt3dATZBKVcVibTfazdkfeqze2wtYRjFqNPlAitSF7HN8iOC8B02dIMq -ec6UM9w7fQKBgA03CHqK9IUPyd3V7ZD4NXilqTycAu22OImeVQqhVd3SCAUfKpBC -qBeGOI2NZh3dwy/JD5s1jzFrxyLmcQKOVPrFd/qM+IIw3kQkt42jjyQJqFArctg1 -KShBRJy1sasNr9+UsHkGPoqRy2xJ4sBBtqD9ri4i4X6Gt1Vu7eEtziUzAoGAafd0 -Uz8Zg53cIlGfKXobpM/m9zAP1WJmMGdfDGZgH7A2vrHROnnVUJPyitpBgihHu5/V -6P1IZhoFosdqGh5YCBgUIZxNLOKQYWtLa2jFtd9R2rlEnXwh8UZbVDQ9z47wFc6t -UB7T3gHGgTSudrGBsWCKRTmG7n0JBmsmnqhUI7UCgYBb4nBED+kaMGFdzRdpq8Dv -+KgShSjWa+4U2S4QZ3MYtb+rIMsAoRO4K8S3VMqIsun3S7T5szyp72jBqAQTHiHA -eGlRTrirc9dR8x6CO66UUf5tGMG05P7qo23Qoip+t1/rcCgrBH7er68AhMIZbxfK -2dj9RqANXyIWWI320Y+VkA== ------END PRIVATE KEY----- diff --git a/.evergreen/ocsp/rsa/server.pem b/.evergreen/ocsp/rsa/server.pem deleted file mode 100644 index abf978ef8..000000000 --- a/.evergreen/ocsp/rsa/server.pem +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIET11AjzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO -BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs -IFRlc3QgQ0EwHhcNMjAwMzE5MTU1NjI1WhcNNDAwMzIxMTU1NjI1WjBiMRAwDgYD -VQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxEjAQBgNVBAMMCWxvY2FsaG9z -dDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ8wDQYDVQQHDAZPQ1NQLTEwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0usokl3+yXDtLeYquHQyAkXIw -lY4tukv8nEgLtUlK0kt9Q7P8EdZigzFUeJtL7piFCTIaLuv6e4UqLLDXbIANxD/J -NXXQPtBasOSzdgZ2ToUj5ANPv0QegsFubpYGq5LXsMdKTRE8uTB91PJBvRzxY2Nx -O1kdQcIrYpSYXqKsNgq/8iAPrmAdZ3y+S7OBuNyvlQJZqWoB1Y0ZWuR1QrcLMgdm -q2SdBzZT/3P+r/dbHMKdDZ5JdJ9Nm4ylOG7mhZkfb38JfdvWedzXDMu6TzS2W67o -yM90Cj9Lt+UyHLJ2jlcsZSZp4km6Oj5RBNVhd95SFckvPJxLzSyFlpjOIXsNAgMB -AAGjgd4wgdswCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTe7IMKaO1aQILcpoj5wLFgIRuPHzBn -BggrBgEFBQcBAQRbMFkwLQYIKwYBBQUHMAGGIWh0dHA6Ly9sb2NhbGhvc3Q6OTAw -MS9wb3dlci9sZXZlbDAoBggrBgEFBQcwAYYcaHR0cDovL2xvY2FsaG9zdDo4MTAw -L3N0YXR1czAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQEL -BQADggEBAFMVds6y5Qy7DlFsca0u8WE+ckoONa427bWBqNx8b/Hwaj3N3C58XQx/ -EZRNt9XVy/LoEHr+NmOWsCl69fINeVpx8Ftot8XPbFG9YxL/xbJ3lvWesPR6bwpm -PZqGiwfl1VrZvuobXADz0Rfru7B7LPkurpSxDiNBf/9JuLPYe9ffZwdFWQoehw07 -b9FKVaJ7mSHno/5f4Z/uKau91sL0kiKKG9Lo2JEIEmpp8HJ3OKCFh7DFkeDlRCDl -WyYxF4g/PfvJQm2Hd89cu8m3RX84rLa9jn1RGL/8bmxE0dxk4Di/t9gl5KGWIH9Q -LBeVRSQmH9GbI/WmldMLkGkvARYYTp8= ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC0usokl3+yXDtL -eYquHQyAkXIwlY4tukv8nEgLtUlK0kt9Q7P8EdZigzFUeJtL7piFCTIaLuv6e4Uq -LLDXbIANxD/JNXXQPtBasOSzdgZ2ToUj5ANPv0QegsFubpYGq5LXsMdKTRE8uTB9 -1PJBvRzxY2NxO1kdQcIrYpSYXqKsNgq/8iAPrmAdZ3y+S7OBuNyvlQJZqWoB1Y0Z -WuR1QrcLMgdmq2SdBzZT/3P+r/dbHMKdDZ5JdJ9Nm4ylOG7mhZkfb38JfdvWedzX -DMu6TzS2W67oyM90Cj9Lt+UyHLJ2jlcsZSZp4km6Oj5RBNVhd95SFckvPJxLzSyF -lpjOIXsNAgMBAAECggEAIjNe4YHR5nzRs7yyY7SXkxTzGQKUP08L5ifk8mJCFmip -ZHEVdFQjz8yn3yZbrQjfz/0ngBD1Exeg4ZRHetzLds92iqsVOm1InIDxJozlOCov -w9T4U3UMfQGdfTpsJaL+TNblP8hJxMX+yTEtDwesnHmEbf8fJAw3pGIpYJQ4EIJv -1uPzyB8EsrTjj23a5NPF/FGdzzO+HP5fhNNIUmP83pqonXLUSy0v5rsRFNxNMBn3 -SPRWq+Z779eLQXnRjW/6hKssSBFg6zAOi3Gc4oDbrDa2WEbZ0BEU+JW3XduN91bU -SsO3yQ+VL+CQn5wvXGIsc4EHH6wO8Bs0vXfD7zeLgQKBgQDrHOzPymI0p0PnxL2+ -8LrSU1x0WdedPZJugwwfUYMfn7sjKx+FyVLvM+7wuJ8zsMOAab2AHv3S0Nxkovhb -aa4lH9SUAHILcU+nb7M6E+mwSr65AemGspvGz4ZC6L52CGVzRfIcoBDD0T8OZGH0 -4IeiqOluqtvgCoW4UV1dyw0nPQKBgQDEyQwcim5ghEQ7V2eDefE5yxNlkNEnSVnG -DNubM8KURR8jehpDWkIlxQ4p2tLBWGB0YeOCG9NmwfLnQUStvSFE6/XjP5bBJlov -jT66T98NgFRfUeVkcCAiVT/LlDzXWXXPLyZSY+bxtn8UA1NYNu0pLCLDR9TlH1dK -FKwiomdgEQKBgEimcHqo4/23LeGBRsyooGH7hlchp+GbtBLYBbfrvSPZfL8aRSxX -EHx/xLa3peIYHeEhS4A6k15AUcn7HdlJZ5lrI4n0NUlZ4y4u8ufgXVavUg3jDGEl -8cLWP3uPZcMdRxP+qhi0UVng36Y32JkNhHv7y935h+XL+pQA+GPSKadVAoGAPPvp -SvcDmdmjo5hEthQWU8jBbBpjFv++WIgnjoON65E4QzBV70WLdlUJPKNZ6R1QVwD3 -Fp00+IVml5A8jnMsWkWd4B0WxSjzjgUByY9zGqYIf7nLk0LEUp+Es7xu1nYc8mY0 -RBg9u+7IlxUowQ/Uk4vgAhDCw3bhAE5Dwj/+NWECgYBWnBz5l+Uar9oT1ErRSbJW -RVYx3iIsqka1lox/zw5nme1Q/dv2uTQy6uZRn9U9ikqGwePuMEexQTR1csnMqeMM -4i3pDFpGBfTZXJAvH790ak6eZ0eBXqzJlTyEjll4r4zXHk+slm/tAgpIg0Ps3J9j -Sd+bTtG47gpb4sRbqEtQFQ== ------END PRIVATE KEY----- diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c40842d6b..fbfafd866 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -70,7 +70,7 @@ jobs: with: python-version: '3.13' - - name: "Setup MongoDB" + - name: "Set up MongoDB" id: setup-mongodb uses: ./tests/drivers-evergreen-tools with: From 114cf502d603aef70789dc009ac4e44bf971fd83 Mon Sep 17 00:00:00 2001 From: Pauline Vos Date: Tue, 26 Aug 2025 16:15:00 +0200 Subject: [PATCH 2/4] Clean up `.evergreen/orchestration` directory Its contents don't seem to be used --- .../configs/sharded_clusters/basic.json | 48 ------------------- 1 file changed, 48 deletions(-) delete mode 100644 .evergreen/orchestration/configs/sharded_clusters/basic.json diff --git a/.evergreen/orchestration/configs/sharded_clusters/basic.json b/.evergreen/orchestration/configs/sharded_clusters/basic.json deleted file mode 100644 index fd03f5686..000000000 --- a/.evergreen/orchestration/configs/sharded_clusters/basic.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "id": "shard_cluster_1", - "shards": [ - { - "id": "sh01", - "shardParams": { - "members": [ - { - "procParams": { - "ipv6": true, - "bind_ip": "127.0.0.1,::1", - "shardsvr": true, - "port": 27217 - } - }, - { - "procParams": { - "ipv6": true, - "bind_ip": "127.0.0.1,::1", - "shardsvr": true, - "port": 27218 - } - }, - { - "procParams": { - "ipv6": true, - "bind_ip": "127.0.0.1,::1", - "shardsvr": true, - "port": 27219 - } - } - ] - } - } - ], - "routers": [ - { - "ipv6": true, - "bind_ip": "127.0.0.1,::1", - "port": 27017 - }, - { - "ipv6": true, - "bind_ip": "127.0.0.1,::1", - "port": 27018 - } - ] -} From 6267bbca1a6a2c38453d8b185ba7fe29001c8c9d Mon Sep 17 00:00:00 2001 From: Pauline Vos Date: Tue, 26 Aug 2025 16:19:27 +0200 Subject: [PATCH 3/4] Clean up `.evergreen/auth_aws` It doesn't appear to be referenced locally anymore, only internally in the drivers-evergreen-tools submodule --- .evergreen/auth_aws/README.md | 4 - .evergreen/auth_aws/aws_e2e_assume_role.js | 49 --- .evergreen/auth_aws/aws_e2e_ec2.js | 58 --- .evergreen/auth_aws/aws_e2e_ecs.js | 44 -- .evergreen/auth_aws/aws_e2e_regular_aws.js | 23 -- .../lib/aws_assign_instance_profile.py | 102 ----- .evergreen/auth_aws/lib/aws_assume_role.py | 53 --- .evergreen/auth_aws/lib/aws_e2e_lib.js | 39 -- .evergreen/auth_aws/lib/container_tester.py | 385 ------------------ .evergreen/auth_aws/lib/ecs_hosted_test.js | 37 -- .evergreen/auth_aws/lib/ecs_hosted_test.sh | 16 - 11 files changed, 810 deletions(-) delete mode 100644 .evergreen/auth_aws/README.md delete mode 100644 .evergreen/auth_aws/aws_e2e_assume_role.js delete mode 100644 .evergreen/auth_aws/aws_e2e_ec2.js delete mode 100644 .evergreen/auth_aws/aws_e2e_ecs.js delete mode 100644 .evergreen/auth_aws/aws_e2e_regular_aws.js delete mode 100644 .evergreen/auth_aws/lib/aws_assign_instance_profile.py delete mode 100644 .evergreen/auth_aws/lib/aws_assume_role.py delete mode 100644 .evergreen/auth_aws/lib/aws_e2e_lib.js delete mode 100644 .evergreen/auth_aws/lib/container_tester.py delete mode 100644 .evergreen/auth_aws/lib/ecs_hosted_test.js delete mode 100644 .evergreen/auth_aws/lib/ecs_hosted_test.sh diff --git a/.evergreen/auth_aws/README.md b/.evergreen/auth_aws/README.md deleted file mode 100644 index 028e3d0f2..000000000 --- a/.evergreen/auth_aws/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Configuration Scripts for End-to-end Testing - -These scripts were taken from [mongo-enterprise-modules](https://github.com/10gen/mongo-enterprise-modules/tree/master/jstests/external_auth_aws) -and intended to simplify creating users, attaching roles to existing EC2 instances, launching an Amazon ECS container instance, etc. \ No newline at end of file diff --git a/.evergreen/auth_aws/aws_e2e_assume_role.js b/.evergreen/auth_aws/aws_e2e_assume_role.js deleted file mode 100644 index ae5169667..000000000 --- a/.evergreen/auth_aws/aws_e2e_assume_role.js +++ /dev/null @@ -1,49 +0,0 @@ -/** - * Verify the AWS IAM Auth works with temporary credentials from sts:AssumeRole - */ - -load("lib/aws_e2e_lib.js"); - -(function() { -"use strict"; - -const ASSUMED_ROLE = "arn:aws:sts::557821124784:assumed-role/authtest_user_assume_role/*"; - -function getAssumeCredentials() { - const config = readSetupJson(); - - const env = { - AWS_ACCESS_KEY_ID: config["iam_auth_assume_aws_account"], - AWS_SECRET_ACCESS_KEY: config["iam_auth_assume_aws_secret_access_key"], - }; - - const role_name = config["iam_auth_assume_role_name"]; - - const python_command = getPython3Binary() + - ` -u lib/aws_assume_role.py --role_name=${role_name} > creds.json`; - - const ret = runShellCmdWithEnv(python_command, env); - assert.eq(ret, 0, "Failed to assume role on the current machine"); - - const result = cat("creds.json"); - try { - return JSON.parse(result); - } catch (e) { - jsTestLog("Failed to parse: " + result); - throw e; - } -} - -const credentials = getAssumeCredentials(); -const admin = Mongo().getDB("admin"); -const external = admin.getMongo().getDB("$external"); - -assert(admin.auth("bob", "pwd123")); -assert.commandWorked(external.runCommand({createUser: ASSUMED_ROLE, roles:[{role: 'read', db: "aws"}]})); -assert(external.auth({ - user: credentials["AccessKeyId"], - pwd: credentials["SecretAccessKey"], - awsIamSessionToken: credentials["SessionToken"], - mechanism: 'MONGODB-AWS' -})); -}()); diff --git a/.evergreen/auth_aws/aws_e2e_ec2.js b/.evergreen/auth_aws/aws_e2e_ec2.js deleted file mode 100644 index a492db86d..000000000 --- a/.evergreen/auth_aws/aws_e2e_ec2.js +++ /dev/null @@ -1,58 +0,0 @@ -/** - * Verify the AWS IAM EC2 hosted auth works - */ -load("lib/aws_e2e_lib.js"); - -(function() { -"use strict"; - -// This varies based on hosting EC2 as the account id and role name can vary -const AWS_ACCOUNT_ARN = "arn:aws:sts::557821124784:assumed-role/authtest_instance_profile_role/*"; - -function assignInstanceProfile() { - const config = readSetupJson(); - - const env = { - AWS_ACCESS_KEY_ID: config["iam_auth_ec2_instance_account"], - AWS_SECRET_ACCESS_KEY: config["iam_auth_ec2_instance_secret_access_key"], - }; - - const instanceProfileName = config["iam_auth_ec2_instance_profile"]; - const python_command = getPython3Binary() + - ` -u lib/aws_assign_instance_profile.py --instance_profile_arn=${instanceProfileName}`; - - const ret = runShellCmdWithEnv(python_command, env); - if (ret == 2) { - print("WARNING: Request limit exceeded for AWS API"); - return false; - } - - assert.eq(ret, 0, "Failed to assign an instance profile to the current machine"); - return true; -} - -if (!assignInstanceProfile()) { - return; -} - -const admin = Mongo().getDB("admin"); -const external = admin.getMongo().getDB("$external"); - -assert(admin.auth("bob", "pwd123")); -assert.commandWorked(external.runCommand({createUser: AWS_ACCOUNT_ARN, roles:[{role: 'read', db: "aws"}]})); - -// Try the command line -const smoke = runMongoProgram("mongo", - "--host", - "localhost", - '--authenticationMechanism', - 'MONGODB-AWS', - '--authenticationDatabase', - '$external', - "--eval", - "1"); -assert.eq(smoke, 0, "Could not auth with smoke user"); - -// Try the auth function -assert(external.auth({mechanism: 'MONGODB-AWS'})); -}()); diff --git a/.evergreen/auth_aws/aws_e2e_ecs.js b/.evergreen/auth_aws/aws_e2e_ecs.js deleted file mode 100644 index 8efd8cb43..000000000 --- a/.evergreen/auth_aws/aws_e2e_ecs.js +++ /dev/null @@ -1,44 +0,0 @@ -/** - * Validate that MONGODB-AWS auth works from ECS temporary credentials. - */ -load("lib/aws_e2e_lib.js"); - -(function() { - 'use strict'; - - assert.eq(typeof mongo_binaries != 'undefined', true, "mongo_binaries must be set"); - assert.eq(typeof project_dir != 'undefined', true, "project_dir must be set"); - - const config = readSetupJson(); - - const base_command = getPython3Binary() + " -u lib/container_tester.py"; - const run_prune_command = base_command + ' -v remote_gc_services ' + - ' --cluster ' + config['iam_auth_ecs_cluster']; - - const run_test_command = base_command + ' -d -v run_e2e_test' + - ' --cluster ' + config['iam_auth_ecs_cluster'] + ' --task_definition ' + - config['iam_auth_ecs_task_definition'] + ' --subnets ' + - config['iam_auth_ecs_subnet_a'] + ' --subnets ' + - config['iam_auth_ecs_subnet_b'] + ' --security_group ' + - config['iam_auth_ecs_security_group'] + - ` --files ${mongo_binaries}/mongod:/root/mongod ${mongo_binaries}/mongo:/root/mongo ` + - " lib/ecs_hosted_test.js:/root/ecs_hosted_test.js " + - `${project_dir}:/root` + - " --script lib/ecs_hosted_test.sh"; - - // Pass in the AWS credentials as environment variables - // AWS_SHARED_CREDENTIALS_FILE does not work in evergreen for an unknown - // reason - const env = { - AWS_ACCESS_KEY_ID: config['iam_auth_ecs_account'], - AWS_SECRET_ACCESS_KEY: config['iam_auth_ecs_secret_access_key'], - }; - - // Prune other containers - let ret = runWithEnv(['/bin/sh', '-c', run_prune_command], env); - assert.eq(ret, 0, 'Prune Container failed'); - - // Run the test in a container - ret = runWithEnv(['/bin/sh', '-c', run_test_command], env); - assert.eq(ret, 0, 'Container Test failed'); -}()); diff --git a/.evergreen/auth_aws/aws_e2e_regular_aws.js b/.evergreen/auth_aws/aws_e2e_regular_aws.js deleted file mode 100644 index 1c4f2d032..000000000 --- a/.evergreen/auth_aws/aws_e2e_regular_aws.js +++ /dev/null @@ -1,23 +0,0 @@ -/** - * Validate that the server supports real credentials from AWS and can talk to a real AWS STS - * service - */ -load("lib/aws_e2e_lib.js"); - -(function() { -"use strict"; - -const admin = Mongo().getDB("admin"); -const external = admin.getMongo().getDB("$external"); -assert(admin.auth("bob", "pwd123")); - -const config = readSetupJson(); -assert.commandWorked( - external.runCommand({createUser: config["iam_auth_ecs_account_arn"], roles:[{role: 'read', db: "aws"}]})); - -assert(external.auth({ - user: config["iam_auth_ecs_account"], - pwd: config["iam_auth_ecs_secret_access_key"], - mechanism: 'MONGODB-AWS' -})); -}()); \ No newline at end of file diff --git a/.evergreen/auth_aws/lib/aws_assign_instance_profile.py b/.evergreen/auth_aws/lib/aws_assign_instance_profile.py deleted file mode 100644 index cb3ad154d..000000000 --- a/.evergreen/auth_aws/lib/aws_assign_instance_profile.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env python3 -""" -Script for assign an instance policy to the current machine. -""" - -import argparse -import urllib.request -import logging -import sys -import time - -import boto3 -import botocore - -LOGGER = logging.getLogger(__name__) - -def _get_local_instance_id(): - return urllib.request.urlopen('http://169.254.169.254/latest/meta-data/instance-id').read().decode() - -def _has_instance_profile(): - base_url = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" - try: - print("Reading: " + base_url) - iam_role = urllib.request.urlopen(base_url).read().decode() - except urllib.error.HTTPError as e: - print(e) - if e.code == 404: - return False - raise e - - try: - url = base_url + iam_role - print("Reading: " + url) - req = urllib.request.urlopen(url) - except urllib.error.HTTPError as e: - print(e) - if e.code == 404: - return False - raise e - - return True - -def _wait_instance_profile(): - retry = 60 - while not _has_instance_profile() and retry: - time.sleep(5) - retry -= 1 - - if retry == 0: - raise ValueError("Timeout on waiting for instance profile") - -def _assign_instance_policy(iam_instance_arn): - - if _has_instance_profile(): - print("IMPORTANT: Found machine already has instance profile, skipping the assignment") - return - - instance_id = _get_local_instance_id() - - ec2_client = boto3.client("ec2", 'us-east-1') - - #https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.associate_iam_instance_profile - try: - response = ec2_client.associate_iam_instance_profile( - IamInstanceProfile={ - 'Arn' : iam_instance_arn, - }, - InstanceId = instance_id) - - print(response) - - # Wait for the instance profile to be assigned by polling the local instance metadata service - _wait_instance_profile() - - except botocore.exceptions.ClientError as ce: - if ce.response["Error"]["Code"] == "RequestLimitExceeded": - print("WARNING: RequestLimitExceeded, exiting with error code 2") - sys.exit(2) - raise - -def main() -> None: - """Execute Main entry point.""" - - parser = argparse.ArgumentParser(description='IAM Assign Instance frontend.') - - parser.add_argument('-v', "--verbose", action='store_true', help="Enable verbose logging") - parser.add_argument('-d', "--debug", action='store_true', help="Enable debug logging") - - parser.add_argument('--instance_profile_arn', type=str, help="Name of instance profile") - - args = parser.parse_args() - - if args.debug: - logging.basicConfig(level=logging.DEBUG) - elif args.verbose: - logging.basicConfig(level=logging.INFO) - - _assign_instance_policy(args.instance_profile_arn) - - -if __name__ == "__main__": - main() diff --git a/.evergreen/auth_aws/lib/aws_assume_role.py b/.evergreen/auth_aws/lib/aws_assume_role.py deleted file mode 100644 index 6df1fc7ef..000000000 --- a/.evergreen/auth_aws/lib/aws_assume_role.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env python3 -""" -Script for assuming an aws role. -""" - -import argparse -import uuid -import logging - -import boto3 - -LOGGER = logging.getLogger(__name__) - -STS_DEFAULT_ROLE_NAME = "arn:aws:iam::579766882180:role/mark.benvenuto" - -def _assume_role(role_name): - sts_client = boto3.client("sts") - - response = sts_client.assume_role(RoleArn=role_name, RoleSessionName=str(uuid.uuid4()), DurationSeconds=900) - - creds = response["Credentials"] - - - print(f"""{{ - "AccessKeyId" : "{creds["AccessKeyId"]}", - "SecretAccessKey" : "{creds["SecretAccessKey"]}", - "SessionToken" : "{creds["SessionToken"]}", - "Expiration" : "{str(creds["Expiration"])}" -}}""") - - -def main() -> None: - """Execute Main entry point.""" - - parser = argparse.ArgumentParser(description='Assume Role frontend.') - - parser.add_argument('-v', "--verbose", action='store_true', help="Enable verbose logging") - parser.add_argument('-d', "--debug", action='store_true', help="Enable debug logging") - - parser.add_argument('--role_name', type=str, default=STS_DEFAULT_ROLE_NAME, help="Role to assume") - - args = parser.parse_args() - - if args.debug: - logging.basicConfig(level=logging.DEBUG) - elif args.verbose: - logging.basicConfig(level=logging.INFO) - - _assume_role(args.role_name) - - -if __name__ == "__main__": - main() diff --git a/.evergreen/auth_aws/lib/aws_e2e_lib.js b/.evergreen/auth_aws/lib/aws_e2e_lib.js deleted file mode 100644 index d38471ac8..000000000 --- a/.evergreen/auth_aws/lib/aws_e2e_lib.js +++ /dev/null @@ -1,39 +0,0 @@ - -function readSetupJson() { - let result; - try { - result = cat("aws_e2e_setup.json"); - } catch (e) { - jsTestLog( - "Failed to parse read aws_e2e_setup.json. See evergreen.yml for how to generate this file which contains evergreen secrets."); - throw e; - } - - try { - return JSON.parse(result); - } catch (e) { - jsTestLog("Failed to parse: aws_e2e_setup.json"); - throw e; - } -} - -function runWithEnv(args, env) { - const pid = _startMongoProgram({args: args, env: env}); - return waitProgram(pid); -} - -function runShellCmdWithEnv(argStr, env) { - if (_isWindows()) { - return runWithEnv(['cmd.exe', '/c', argStr], env); - } else { - return runWithEnv(['/bin/sh', '-c', argStr], env); - } -} - -function getPython3Binary() { - if (_isWindows()) { - return "python.exe"; - } - - return "python3"; -} diff --git a/.evergreen/auth_aws/lib/container_tester.py b/.evergreen/auth_aws/lib/container_tester.py deleted file mode 100644 index eb3703c8f..000000000 --- a/.evergreen/auth_aws/lib/container_tester.py +++ /dev/null @@ -1,385 +0,0 @@ -#!/usr/bin/env python3 -""" -Script for testing mongodb in containers. - -Requires ssh, scp, and sh on local and remote hosts. -Assumes remote host is Linux -""" - -import argparse -import datetime -import logging -import os -import pprint -import subprocess -import uuid - -import boto3 - -LOGGER = logging.getLogger(__name__) - - -############################################################################ -# Default configuration settings for working with a ECS cluster in a region -# - -# These settings depend on a cluster, task subnets, and security group already setup -ECS_DEFAULT_CLUSTER = "arn:aws:ecs:us-east-2:579766882180:cluster/tf-mcb-ecs-cluster" -ECS_DEFAULT_TASK_DEFINITION = "arn:aws:ecs:us-east-2:579766882180:task-definition/tf-app:2" -ECS_DEFAULT_SUBNETS = ['subnet-a5e114cc'] -# Must allow ssh from 0.0.0.0 -ECS_DEFAULT_SECURITY_GROUP = 'sg-051a91d96332f8f3a' - -# This is just a string local to this file -DEFAULT_SERVICE_NAME = 'script-test' - -# Garbage collection threshold for old/stale services -DEFAULT_GARBAGE_COLLECTION_THRESHOLD = datetime.timedelta(hours=1) - -############################################################################ - - -def _run_process(params, cwd=None): - LOGGER.info("RUNNING COMMAND: %s", params) - ret = subprocess.run(params, cwd=cwd) - return ret.returncode - -def _userandhostandport(endpoint): - user_and_host = endpoint.find("@") - if user_and_host == -1: - raise ValueError("Invalid endpoint, Endpoint must be user@host:port") - (user, host) = (endpoint[:user_and_host], endpoint[user_and_host + 1:]) - - colon = host.find(":") - if colon == -1: - return (user, host, "22") - return (user, host[:colon], host[colon + 1:]) - -def _scp(endpoint, src, dest): - (user, host, port) = _userandhostandport(endpoint) - cmd = ["scp", "-o", "StrictHostKeyChecking=no", "-P", port, src, "%s@%s:%s" % (user, host, dest)] - if os.path.isdir(src): - cmd.insert(5, "-r") - _run_process(cmd) - -def _ssh(endpoint, cmd): - (user, host, port) = _userandhostandport(endpoint) - cmd = ["ssh", "-o", "StrictHostKeyChecking=no", "-p", port, "%s@%s" % (user, host), cmd ] - ret = _run_process(cmd) - LOGGER.info("RETURN CODE: %s", ret) - return ret - -def _run_test_args(args): - run_test(args.endpoint, args.script, args.files) - -def run_test(endpoint, script, files): - """ - Run a test on a machine - - Steps - 1. Copy over a files which are tuples of (src, dest) - 2. Copy over the test script to "/tmp/test.sh" - 3. Run the test script and return the results - """ - LOGGER.info("Copying files to %s", endpoint) - - for file in files: - colon = file.find(":") - (src, dest) = (file[:colon], file[colon + 1:]) - _scp(endpoint, src, dest) - - LOGGER.info("Copying script to %s", endpoint) - _scp(endpoint, script, "/tmp/test.sh") - return_code = _ssh(endpoint, "/bin/bash -x /tmp/test.sh") - if return_code != 0: - LOGGER.error("FAILED: %s", return_code) - raise ValueError(f"test failed with {return_code}") - -def _get_region(arn): - return arn.split(':')[3] - - -def _remote_ps_container_args(args): - remote_ps_container(args.cluster) - -def remote_ps_container(cluster): - """ - Get a list of task running in the cluster with their network addresses. - - Emulates the docker ps and ecs-cli ps commands. - """ - ecs_client = boto3.client('ecs', region_name=_get_region(cluster)) - ec2_client = boto3.client('ec2', region_name=_get_region(cluster)) - - tasks = ecs_client.list_tasks(cluster=cluster) - - task_list = ecs_client.describe_tasks(cluster=cluster, tasks=tasks['taskArns']) - - #Example from ecs-cli tool - #Name State Ports TaskDefinition Health - #aa2c2642-3013-4370-885e-8b8d956e753d/sshd RUNNING 3.15.149.114:22->22/tcp sshd:1 UNKNOWN - - print("Name State Public IP Private IP TaskDefinition Health") - for task in task_list['tasks']: - - taskDefinition = task['taskDefinitionArn'] - taskDefinition_short = taskDefinition[taskDefinition.rfind('/') + 1:] - - private_ip_address = None - enis = [] - for b in [ a['details'] for a in task["attachments"] if a['type'] == 'ElasticNetworkInterface']: - for c in b: - if c['name'] == 'networkInterfaceId': - enis.append(c['value']) - elif c['name'] == 'privateIPv4Address': - private_ip_address = c['value'] - assert enis - assert private_ip_address - - eni = ec2_client.describe_network_interfaces(NetworkInterfaceIds=enis) - public_ip = [n["Association"]["PublicIp"] for n in eni["NetworkInterfaces"]][0] - - for container in task['containers']: - taskArn = container['taskArn'] - task_id = taskArn[taskArn.rfind('/')+ 1:] - name = container['name'] - task_id = task_id + "/" + name - lastStatus = container['lastStatus'] - - print("{:<43}{:<9}{:<25}{:<25}{:<16}".format(task_id, lastStatus, public_ip, private_ip_address, taskDefinition_short )) - -def _remote_create_container_args(args): - remote_create_container(args.cluster, args.task_definition, args.service, args.subnets, args.security_group) - -def remote_create_container(cluster, task_definition, service_name, subnets, security_group): - """ - Create a task in ECS - """ - ecs_client = boto3.client('ecs', region_name=_get_region(cluster)) - - resp = ecs_client.create_service(cluster=cluster, serviceName=service_name, - taskDefinition = task_definition, - desiredCount = 1, - launchType='FARGATE', - networkConfiguration={ - 'awsvpcConfiguration': { - 'subnets': subnets, - 'securityGroups': [ - security_group, - ], - 'assignPublicIp': "ENABLED" - } - } - ) - - pprint.pprint(resp) - - service_arn = resp["service"]["serviceArn"] - print(f"Waiting for Service {service_arn} to become active...") - - waiter = ecs_client.get_waiter('services_stable') - - waiter.wait(cluster=cluster, services=[service_arn]) - -def _remote_stop_container_args(args): - remote_stop_container(args.cluster, args.service) - -def remote_stop_container(cluster, service_name): - """ - Stop a ECS task - """ - ecs_client = boto3.client('ecs', region_name=_get_region(cluster)) - - resp = ecs_client.delete_service(cluster=cluster, service=service_name, force=True) - pprint.pprint(resp) - - service_arn = resp["service"]["serviceArn"] - - print(f"Waiting for Service {service_arn} to become inactive...") - waiter = ecs_client.get_waiter('services_inactive') - - waiter.wait(cluster=cluster, services=[service_arn]) - -def _remote_gc_services_container_args(args): - remote_gc_services_container(args.cluster) - -def remote_gc_services_container(cluster): - """ - Delete all ECS services over then a given treshold. - """ - ecs_client = boto3.client('ecs', region_name=_get_region(cluster)) - - services = ecs_client.list_services(cluster=cluster) - if not services["serviceArns"]: - return - - services_details = ecs_client.describe_services(cluster=cluster, services=services["serviceArns"]) - - not_expired_now = datetime.datetime.now().astimezone() - DEFAULT_GARBAGE_COLLECTION_THRESHOLD - - for service in services_details["services"]: - created_at = service["createdAt"] - - # Find the services that we created "too" long ago - if created_at < not_expired_now: - print("DELETING expired service %s which was created at %s." % (service["serviceName"], created_at)) - - remote_stop_container(cluster, service["serviceName"]) - -def remote_get_public_endpoint_str(cluster, service_name): - """ - Get an SSH connection string for the remote service via the public ip address - """ - ecs_client = boto3.client('ecs', region_name=_get_region(cluster)) - ec2_client = boto3.client('ec2', region_name=_get_region(cluster)) - - tasks = ecs_client.list_tasks(cluster=cluster, serviceName=service_name) - - task_list = ecs_client.describe_tasks(cluster=cluster, tasks=tasks['taskArns']) - - for task in task_list['tasks']: - - enis = [] - for b in [ a['details'] for a in task["attachments"] if a['type'] == 'ElasticNetworkInterface']: - for c in b: - if c['name'] == 'networkInterfaceId': - enis.append(c['value']) - assert enis - - eni = ec2_client.describe_network_interfaces(NetworkInterfaceIds=enis) - public_ip = [n["Association"]["PublicIp"] for n in eni["NetworkInterfaces"]][0] - break - - return f"root@{public_ip}:22" - -def remote_get_endpoint_str(cluster, service_name): - """ - Get an SSH connection string for the remote service via the private ip address - """ - ecs_client = boto3.client('ecs', region_name=_get_region(cluster)) - - tasks = ecs_client.list_tasks(cluster=cluster, serviceName=service_name) - - task_list = ecs_client.describe_tasks(cluster=cluster, tasks=tasks['taskArns']) - - for task in task_list['tasks']: - - private_ip_address = None - for b in [ a['details'] for a in task["attachments"] if a['type'] == 'ElasticNetworkInterface']: - for c in b: - if c['name'] == 'privateIPv4Address': - private_ip_address = c['value'] - assert private_ip_address - break - - return f"root@{private_ip_address}:22" - -def _remote_get_endpoint_args(args): - _remote_get_endpoint(args.cluster, args.service) - -def _remote_get_endpoint(cluster, service_name): - endpoint = remote_get_endpoint_str(cluster, service_name) - print(endpoint) - -def _get_caller_identity(args): - sts_client = boto3.client('sts') - - pprint.pprint(sts_client.get_caller_identity()) - - -def _run_e2e_test_args(args): - _run_e2e_test(args.script, args.files, args.cluster, args.task_definition, args.subnets, args.security_group) - -def _run_e2e_test(script, files, cluster, task_definition, subnets, security_group): - """ - Run a test end-to-end - - 1. Start an ECS service - 2. Copy the files over and run the test - 3. Stop the ECS service - """ - service_name = str(uuid.uuid4()) - - remote_create_container(cluster, task_definition, service_name, subnets, security_group) - - # The build account hosted ECS tasks are only available via the private ip address - endpoint = remote_get_endpoint_str(cluster, service_name) - if cluster == ECS_DEFAULT_CLUSTER: - # The test account hosted ECS tasks are the opposite, only public ip address access - endpoint = remote_get_public_endpoint_str(cluster, service_name) - - try: - run_test(endpoint, script, files) - finally: - remote_stop_container(cluster, service_name) - - -def main() -> None: - """Execute Main entry point.""" - - parser = argparse.ArgumentParser(description='ECS container tester.') - - parser.add_argument('-v', "--verbose", action='store_true', help="Enable verbose logging") - parser.add_argument('-d', "--debug", action='store_true', help="Enable debug logging") - - sub = parser.add_subparsers(title="Container Tester subcommands", help="sub-command help") - - run_test_cmd = sub.add_parser('run_test', help='Run Test') - run_test_cmd.add_argument("--endpoint", required=True, type=str, help="User and Host and port, ie user@host:port") - run_test_cmd.add_argument("--script", required=True, type=str, help="script to run") - run_test_cmd.add_argument("--files", type=str, nargs="*", help="Files to copy, each string must be a pair of src:dest joined by a colon") - run_test_cmd.set_defaults(func=_run_test_args) - - remote_ps_cmd = sub.add_parser('remote_ps', help='Stop Local Container') - remote_ps_cmd.add_argument("--cluster", type=str, default=ECS_DEFAULT_CLUSTER, help="ECS Cluster to target") - remote_ps_cmd.set_defaults(func=_remote_ps_container_args) - - remote_create_cmd = sub.add_parser('remote_create', help='Create Remote Container') - remote_create_cmd.add_argument("--cluster", type=str, default=ECS_DEFAULT_CLUSTER, help="ECS Cluster to target") - remote_create_cmd.add_argument("--service", type=str, default=DEFAULT_SERVICE_NAME, help="ECS Service to create") - remote_create_cmd.add_argument("--task_definition", type=str, default=ECS_DEFAULT_TASK_DEFINITION, help="ECS Task Definition to use to create service") - remote_create_cmd.add_argument("--subnets", type=str, nargs="*", default=ECS_DEFAULT_SUBNETS, help="EC2 subnets to use") - remote_create_cmd.add_argument("--security_group", type=str, default=ECS_DEFAULT_SECURITY_GROUP, help="EC2 security group use") - remote_create_cmd.set_defaults(func=_remote_create_container_args) - - remote_stop_cmd = sub.add_parser('remote_stop', help='Stop Remote Container') - remote_stop_cmd.add_argument("--cluster", type=str, default=ECS_DEFAULT_CLUSTER, help="ECS Cluster to target") - remote_stop_cmd.add_argument("--service", type=str, default=DEFAULT_SERVICE_NAME, help="ECS Service to stop") - remote_stop_cmd.set_defaults(func=_remote_stop_container_args) - - remote_gc_services_cmd = sub.add_parser('remote_gc_services', help='GC Remote Container') - remote_gc_services_cmd.add_argument("--cluster", type=str, default=ECS_DEFAULT_CLUSTER, help="ECS Cluster to target") - remote_gc_services_cmd.set_defaults(func=_remote_gc_services_container_args) - - get_caller_identity_cmd = sub.add_parser('get_caller_identity', help='Get the AWS IAM caller identity') - get_caller_identity_cmd.set_defaults(func=_get_caller_identity) - - remote_get_endpoint_cmd = sub.add_parser('remote_get_endpoint', help='Get SSH remote endpoint') - remote_get_endpoint_cmd.add_argument("--cluster", type=str, default=ECS_DEFAULT_CLUSTER, help="ECS Cluster to target") - remote_get_endpoint_cmd.add_argument("--service", type=str, default=DEFAULT_SERVICE_NAME, help="ECS Service to stop") - remote_get_endpoint_cmd.set_defaults(func=_remote_get_endpoint_args) - - run_e2e_test_cmd = sub.add_parser('run_e2e_test', help='Run Test') - run_e2e_test_cmd.add_argument("--script", required=True, type=str, help="script to run") - run_e2e_test_cmd.add_argument("--files", type=str, nargs="*", help="Files to copy, each string must be a pair of src:dest joined by a colon") - run_e2e_test_cmd.add_argument("--cluster", type=str, default=ECS_DEFAULT_CLUSTER, help="ECS Cluster to target") - run_e2e_test_cmd.add_argument("--task_definition", type=str, default=ECS_DEFAULT_TASK_DEFINITION, help="ECS Task Definition to use to create service") - run_e2e_test_cmd.add_argument("--subnets", type=str, nargs="*", default=ECS_DEFAULT_SUBNETS, help="EC2 subnets to use") - run_e2e_test_cmd.add_argument("--security_group", type=str, default=ECS_DEFAULT_SECURITY_GROUP, help="EC2 security group use") - run_e2e_test_cmd.set_defaults(func=_run_e2e_test_args) - - args = parser.parse_args() - - print("AWS_SHARED_CREDENTIALS_FILE: %s" % (os.getenv("AWS_SHARED_CREDENTIALS_FILE"))) - - if args.debug: - logging.basicConfig(level=logging.DEBUG) - elif args.verbose: - logging.basicConfig(level=logging.INFO) - - - args.func(args) - - -if __name__ == "__main__": - main() diff --git a/.evergreen/auth_aws/lib/ecs_hosted_test.js b/.evergreen/auth_aws/lib/ecs_hosted_test.js deleted file mode 100644 index 17d4b3703..000000000 --- a/.evergreen/auth_aws/lib/ecs_hosted_test.js +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Verify the AWS IAM ECS hosted auth works - */ - -(function() { -"use strict"; - -// This varies based on hosting ECS task as the account id and role name can vary -const AWS_ACCOUNT_ARN = "arn:aws:sts::557821124784:assumed-role/ecsTaskExecutionRole/*"; - -const conn = MongoRunner.runMongod({ - setParameter: { - "authenticationMechanisms": "MONGODB-AWS,SCRAM-SHA-256", - }, - auth: "", -}); - -const external = conn.getDB("$external"); -const admin = conn.getDB("admin"); - -assert.commandWorked(admin.runCommand({createUser: "admin", pwd: "pwd", roles: ['root']})); -assert(admin.auth("admin", "pwd")); - -assert.commandWorked(external.runCommand({createUser: AWS_ACCOUNT_ARN, roles:[{role: 'read', db: "aws"}]})); - -const uri = "mongodb://127.0.0.1:20000/aws?authMechanism=MONGODB-AWS"; -const program = "/root/src/.evergreen/run-mongodb-aws-ecs-test.sh"; - -// Try the command line -const smoke = runMongoProgram(program, uri); -assert.eq(smoke, 0, "Could not auth with smoke user"); - -// Try the auth function -assert(external.auth({mechanism: 'MONGODB-AWS'})); - -MongoRunner.stopMongod(conn); -}()); diff --git a/.evergreen/auth_aws/lib/ecs_hosted_test.sh b/.evergreen/auth_aws/lib/ecs_hosted_test.sh deleted file mode 100644 index 7dddbc80b..000000000 --- a/.evergreen/auth_aws/lib/ecs_hosted_test.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# A shell script to run in an ECS hosted task - -# The environment variable is always set during interactive logins -# But for non-interactive logs, ~/.bashrc does not appear to be read on Ubuntu but it works on Fedora -[[ -z "${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}" ]] && export $(strings /proc/1/environ | grep AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) - -env - -mkdir -p /data/db || true - -/root/mongo --verbose --nodb ecs_hosted_test.js - -RET_CODE=$? -echo RETURN CODE: $RET_CODE -exit $RET_CODE From e5c51ce379f4b4483830c38cc8f2e2d0afb24177 Mon Sep 17 00:00:00 2001 From: Pauline Vos Date: Tue, 26 Aug 2025 16:29:30 +0200 Subject: [PATCH 4/4] Clean up`.evergreen/x509gen` directory There's no need for it locally as it's covered by the `drivers-everygreen-tools` submodule --- .evergreen/x509gen/82e9b7a6.0 | 21 ---------- .evergreen/x509gen/altname.pem | 49 ---------------------- .evergreen/x509gen/ca.pem | 21 ---------- .evergreen/x509gen/client-private.pem | 27 ------------ .evergreen/x509gen/client-public.pem | 21 ---------- .evergreen/x509gen/client.pem | 48 --------------------- .evergreen/x509gen/commonName.pem | 48 --------------------- .evergreen/x509gen/crl.pem | 13 ------ .evergreen/x509gen/expired.pem | 49 ---------------------- .evergreen/x509gen/password_protected.pem | 51 ----------------------- .evergreen/x509gen/server.pem | 49 ---------------------- .evergreen/x509gen/wild.pem | 49 ---------------------- 12 files changed, 446 deletions(-) delete mode 100644 .evergreen/x509gen/82e9b7a6.0 delete mode 100644 .evergreen/x509gen/altname.pem delete mode 100644 .evergreen/x509gen/ca.pem delete mode 100644 .evergreen/x509gen/client-private.pem delete mode 100644 .evergreen/x509gen/client-public.pem delete mode 100644 .evergreen/x509gen/client.pem delete mode 100644 .evergreen/x509gen/commonName.pem delete mode 100644 .evergreen/x509gen/crl.pem delete mode 100644 .evergreen/x509gen/expired.pem delete mode 100644 .evergreen/x509gen/password_protected.pem delete mode 100644 .evergreen/x509gen/server.pem delete mode 100644 .evergreen/x509gen/wild.pem diff --git a/.evergreen/x509gen/82e9b7a6.0 b/.evergreen/x509gen/82e9b7a6.0 deleted file mode 100644 index 6ac86cfcc..000000000 --- a/.evergreen/x509gen/82e9b7a6.0 +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb -MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw -DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI -EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/ -bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+ -QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT -pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT -zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH -KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq -VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe -gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN -LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD -sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i -77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo= ------END CERTIFICATE----- \ No newline at end of file diff --git a/.evergreen/x509gen/altname.pem b/.evergreen/x509gen/altname.pem deleted file mode 100644 index ff0fd61e6..000000000 --- a/.evergreen/x509gen/altname.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAgyOELJgWP2akoidBdtchvdRF8gZrR8rwORDmST1tmH5aKiH2 -e/lkWf+pxmXnvmLXoOKk3HHGgyZ7v1sDDB0z7/rAimECqxnqJ90GFq8rGR60jCL/ -hs+30m0U9CNAvjzD5yFruaisPeCZuZXEA06QbTbTaSD4u/n7fgZVGSnj2m+DFel5 -S7dgL4Pa7Vh2nua8QPfczLLQI/uP9Ma5ZXjk2C2V+QBkmK64OanGY6yXn8+m5Lp1 -cKhhQUiXVVO1BgFHw65FapTrhG2zgyuaqvb5F062V+XGIwZhWhDz4cTgCx0dFKU+ -WQGXuEDDY3EzaOd6Ds3h6WkCRDs9cn2i0j4taQIDAQABAoIBAHeCTXkKXPQIia6Q -0dMIuWIy6k9nVCtIIWYQJZ3HUnJva6IL84IFxFNUcBczVV+m2lVvVsjjEwMAdjPs -MDnA/00LGp7BS9o8Mq2DeoH/vuoUlntDhdUIxcAJ0teurNjxraKcTX0T32xAnDeJ -6ekNlwdAuKeM+cDtTykJglH9X/324eOT8sEkpohkTJaszs3PEqgN9jrHttVatmft -KGT06aANBrEH61xr/nfBehd3R7WyVsIUmlihlIIBwbxyycdMSxHIiE1Qno252Ek7 -GJp/dPqO2pwIH47cop48SsZLFVosqaZs3jkEIDkQkyd7tvmVG69aFBPz5+PTvdRv -fufuvXUCgYEA1gTnvln9/PmC9mKFTDGdKLhFIypyOhKl1lUoDgcmCencjwu28yTA -+A2fKZQFupiHYvSg5kbvmr7FGVtKLNPJWocvr7jqPvrVLCzvs6l94LhGCTVyOmgn -e09xyDx3xQTuJmpg+4LD1jImL3OLO3fplbslwisip2CWzHZR6h3QRVMCgYEAnNy5 -F81xbimMVcubQve6LPzZq1pYaUM5ppkejNdBoEKR28+GP0NQ7YbN6iu2LXlbpWk/ -IrAyUmDUpnXFsiRDDWnPol6JzYTovzeZG+NCMJWkaQEOzm8BpUsC2UBvsX55ddxt -WM4CkLOxo7KXfQwYAMKc/H8tFE7DXloH82U7jtMCgYB+PuiBFc7IYlrJgjZFSuL8 -+S33X3uAHC3tL9Bv7fGXWXd8fhmOdfjKmiZwPVvfxUffrJQZInEGpE/Z9EreBJQ7 -LZGIo5iyS/5hj6RaI7oYTDssBXX7VCMuDx/8UQcJli3xRUEuO+XPvUdfKFZSXxrP -81SDpDRN7aEmvQj3BF0t9wKBgCgX5ptl4HtG1V7MhufMB+Md0ckRc42cKC0j8AIR -tu1udneXiHm9C/9aOGGFQLBI15rk1sVYAdS6eT/+1EQfLqBMDk0zGsfUE+VkIZdW -NAHVDcvlAFLVXrdP/+9ln+bfK85rQ+ux5Ef2Fg6ARGYq5Cu1koibPPt20krYejXF -Bz8PAoGBAKbCmptnjdu4QF+rGLfYyVnrtyUuRgN+Q0MCIag1dBTag6rC17xDYJ6g -3Txzzb9xAZ35pSHroB7TSr32vRUQVrAcfldW4mousr9A0pDoc/E2axtE1YmzSYwk -jqgu3PeWrtwBthUEoRXbQAed97bKW+gUU677u9IFRCS2YIfwDV5R ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDnTCCAoWgAwIBAgIDCRkUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIyMzQzNloXDTM5MDUyMjIyMzQzNlowcDES -MBAGA1UEAxMJbG9jYWxob3N0MRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdN -b25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9y -azELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCD -I4QsmBY/ZqSiJ0F21yG91EXyBmtHyvA5EOZJPW2YfloqIfZ7+WRZ/6nGZee+Yteg -4qTcccaDJnu/WwMMHTPv+sCKYQKrGeon3QYWrysZHrSMIv+Gz7fSbRT0I0C+PMPn -IWu5qKw94Jm5lcQDTpBtNtNpIPi7+ft+BlUZKePab4MV6XlLt2Avg9rtWHae5rxA -99zMstAj+4/0xrlleOTYLZX5AGSYrrg5qcZjrJefz6bkunVwqGFBSJdVU7UGAUfD -rkVqlOuEbbODK5qq9vkXTrZX5cYjBmFaEPPhxOALHR0UpT5ZAZe4QMNjcTNo53oO -zeHpaQJEOz1yfaLSPi1pAgMBAAGjNzA1MDMGA1UdEQQsMCqCCWxvY2FsaG9zdIcE -fwAAAYIXYWx0ZXJuYXRpdmUubW9uZ29kYi5jb20wDQYJKoZIhvcNAQELBQADggEB -AADOro10g1QReF0QVX2w+yVwCWy8FUzuksX0RI0RCFRJPo79SH7o2IZFGbLlBL8K -MMsgSrzRW/HcyE91fv0R2b7kvqfD3Eo1W1ocufjVg+3e4uuwm9k9SLjSI6mE4hEf -H6BeFoZhUdbrq9l/ez+NK+3ToHAl1bGLkipfnB522gRO1CjkpiY2knaaNQtjd/a9 -7QXqUs+KMJx42yqjBbVE6MdA2ypNMMIc8AgI5kRKEBGHpS4Z6VNZN4Pus1atGlRW -OwkjHK5pnT1TAKSODjfFw5VlXGztGTPKuJhM2/X7Qi0bO8b7NmH7cjDBATmZF5O8 -FAxIQ8+3qUPMXYkb1ipLOdQ= ------END CERTIFICATE----- diff --git a/.evergreen/x509gen/ca.pem b/.evergreen/x509gen/ca.pem deleted file mode 100644 index 6ac86cfcc..000000000 --- a/.evergreen/x509gen/ca.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIDB1MGMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIwMjMxMVoXDTM5MDUyMjIwMjMxMVoweTEb -MBkGA1UEAxMSRHJpdmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAw -DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI -EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCl7VN+WsQfHlwapcOpTLZVoeMAl1LTbWTFuXSAavIyy0W1Ytky1UP/ -bxCSW0mSWwCgqoJ5aXbAvrNRp6ArWu3LsTQIEcD3pEdrFIVQhYzWUs9fXqPyI9k+ -QNNQ+MRFKeGteTPYwF2eVEtPzUHU5ws3+OKp1m6MCLkwAG3RBFUAfddUnLvGoZiT -pd8/eNabhgHvdrCw+tYFCWvSjz7SluEVievpQehrSEPKe8DxJq/IM3tSl3tdylzT -zeiKNO7c7LuQrgjAfrZl7n2SriHIlNmqiDR/kdd8+TxBuxjFlcf2WyHCO3lIcIgH -KXTlhUCg50KfHaxHu05Qw0x8869yIzqbAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAEHuhTL8KQZcKCTSJbYA9MgZj7U32arMGBbc1hiq -VBREwvdVz4+9tIyWMzN9R/YCKmUTnCq8z3wTlC8kBtxYn/l4Tj8nJYcgLJjQ0Fwe -gT564CmvkUat8uXPz6olOCdwkMpJ9Sj62i0mpgXJdBfxKQ6TZ9yGz6m3jannjZpN -LchB7xSAEWtqUgvNusq0dApJsf4n7jZ+oBZVaQw2+tzaMfaLqHgMwcu1FzA8UKCD -sxCgIsZUs8DdxaD418Ot6nPfheOTqe24n+TTa+Z6O0W0QtnofJBx7tmAo1aEc57i -77s89pfwIJetpIlhzNSMKurCAocFCJMJLAASJFuu6dyDvPo= ------END CERTIFICATE----- \ No newline at end of file diff --git a/.evergreen/x509gen/client-private.pem b/.evergreen/x509gen/client-private.pem deleted file mode 100644 index 551a43a75..000000000 --- a/.evergreen/x509gen/client-private.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo -khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV -m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp -mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2 -5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4 -GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA -c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8 -Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y -/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe -wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt -EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc -DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN -3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502 -wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox -CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG -eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM -kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy -NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5 -BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T -PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w -UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH -Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb -cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF -IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh -IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA== ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/.evergreen/x509gen/client-public.pem b/.evergreen/x509gen/client-public.pem deleted file mode 100644 index 53e4e034f..000000000 --- a/.evergreen/x509gen/client-public.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/ -ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7 -Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST -X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h -G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi -rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H -Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ -wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG -Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE -YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y -kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns -p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY ------END CERTIFICATE----- \ No newline at end of file diff --git a/.evergreen/x509gen/client.pem b/.evergreen/x509gen/client.pem deleted file mode 100644 index 5b0700109..000000000 --- a/.evergreen/x509gen/client.pem +++ /dev/null @@ -1,48 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsNS8UEuin7/K29jXfIOLpIoh1jEyWVqxiie2Onx7uJJKcoKo -khA3XeUnVN0k6X5MwYWcN52xcns7LYtyt06nRpTG2/emoV44w9uKTuHsvUbiOwSV -m/ToKQQ4FUFZoqorXH+ZmJuIpJNfoW+3CkE1vEDCIecIq6BNg5ySsPtvSuSJHGjp -mc7/5ZUDvFE2aJ8QbJU3Ws0HXiEb6ymi048LlzEL2VKX3w6mqqh+7dcZGAy7qYk2 -5FZ9ktKvCeQau7mTyU1hsPrKFiKtMN8Q2ZAItX13asw5/IeSTq2LgLFHlbj5Kpq4 -GmLdNCshzH5X7Ew3IYM8EHmsX8dmD6mhv7vpVwIDAQABAoIBABOdpb4qhcG+3twA -c/cGCKmaASLnljQ/UU6IFTjrsjXJVKTbRaPeVKX/05sgZQXZ0t3s2mV5AsQ2U1w8 -Cd+3w+qaemzQThW8hAOGCROzEDX29QWi/o2sX0ydgTMqaq0Wv3SlWv6I0mGfT45y -/BURIsrdTCvCmz2erLqa1dL4MWJXRFjT9UTs5twlecIOM2IHKoGGagFhymRK4kDe -wTRC9fpfoAgyfus3pCO/wi/F8yKGPDEwY+zgkhrJQ+kSeki7oKdGD1H540vB8gRt -EIqssE0Y6rEYf97WssQlxJgvoJBDSftOijS6mwvoasDUwfFqyyPiirawXWWhHXkc -DjIi/XECgYEA5xfjilw9YyM2UGQNESbNNunPcj7gDZbN347xJwmYmi9AUdPLt9xN -3XaMqqR22k1DUOxC/5hH0uiXir7mDfqmC+XS/ic/VOsa3CDWejkEnyGLiwSHY502 -wD/xWgHwUiGVAG9HY64vnDGm6L3KGXA2oqxanL4V0+0+Ht49pZ16i8sCgYEAw+Ox -CHGtpkzjCP/z8xr+1VTSdpc/4CP2HONnYopcn48KfQnf7Nale69/1kZpypJlvQSG -eeA3jMGigNJEkb8/kaVoRLCisXcwLc0XIfCTeiK6FS0Ka30D/84Qm8UsHxRdpGkM -kYITAa2r64tgRL8as4/ukeXBKE+oOhX43LeEfyUCgYBkf7IX2Ndlhsm3GlvIarxy -NipeP9PGdR/hKlPbq0OvQf9R1q7QrcE7H7Q6/b0mYNV2mtjkOQB7S2WkFDMOP0P5 -BqDEoKLdNkV/F9TOYH+PCNKbyYNrodJOt0Ap6Y/u1+Xpw3sjcXwJDFrO+sKqX2+T -PStG4S+y84jBedsLbDoAEwKBgQCTz7/KC11o2yOFqv09N+WKvBKDgeWlD/2qFr3w -UU9K5viXGVhqshz0k5z25vL09Drowf1nAZVpFMO2SPOMtq8VC6b+Dfr1xmYIaXVH -Gu1tf77CM9Zk/VSDNc66e7GrUgbHBK2DLo+A+Ld9aRIfTcSsMbNnS+LQtCrQibvb -cG7+MQKBgQCY11oMT2dUekoZEyW4no7W5D74lR8ztMjp/fWWTDo/AZGPBY6cZoZF -IICrzYtDT/5BzB0Jh1f4O9ZQkm5+OvlFbmoZoSbMzHL3oJCBOY5K0/kdGXL46WWh -IRJSYakNU6VIS7SjDpKgm9D8befQqZeoSggSjIIULIiAtYgS80vmGA== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDAxOUMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIzNTU1NFoXDTM5MDUyMjIzNTU1NFowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDUvFBLop+/ -ytvY13yDi6SKIdYxMllasYontjp8e7iSSnKCqJIQN13lJ1TdJOl+TMGFnDedsXJ7 -Oy2LcrdOp0aUxtv3pqFeOMPbik7h7L1G4jsElZv06CkEOBVBWaKqK1x/mZibiKST -X6FvtwpBNbxAwiHnCKugTYOckrD7b0rkiRxo6ZnO/+WVA7xRNmifEGyVN1rNB14h -G+spotOPC5cxC9lSl98Opqqofu3XGRgMu6mJNuRWfZLSrwnkGru5k8lNYbD6yhYi -rTDfENmQCLV9d2rMOfyHkk6ti4CxR5W4+SqauBpi3TQrIcx+V+xMNyGDPBB5rF/H -Zg+pob+76VcCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAqRcLAGvYMaGYOV4HJTzNotT2qE0I9THNQ -wOV1fBg69x6SrUQTQLjJEptpOA288Wue6Jt3H+p5qAGV5GbXjzN/yjCoItggSKxG -Xg7279nz6/C5faoIKRjpS9R+MsJGlttP9nUzdSxrHvvqm62OuSVFjjETxD39DupE -YPFQoHOxdFTtBQlc/zIKxVdd20rs1xJeeU2/L7jtRBSPuR/Sk8zot7G2/dQHX49y -kHrq8qz12kj1T6XDXf8KZawFywXaz0/Ur+fUYKmkVk1T0JZaNtF4sKqDeNE4zcns -p3xLVDSl1Q5Gwj7bgph9o4Hxs9izPwiqjmNaSjPimGYZ399zcurY ------END CERTIFICATE----- diff --git a/.evergreen/x509gen/commonName.pem b/.evergreen/x509gen/commonName.pem deleted file mode 100644 index e8ebd4953..000000000 --- a/.evergreen/x509gen/commonName.pem +++ /dev/null @@ -1,48 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEArS94Vnpx+C+LwiCIyfZH45uwDbiEqCKr0hfWPVlJdoOQgaDO -av9nbxRvx+CnsiZ1yE6Kj1NYIX3FqOzO9YizwKtPaxCqFMjDzl1HZCJ8LTZZzMic -01K38wGfacsBwno/sNZn9jgnT+9JOasD6854IAs5T7dRCFH/nxV+RuZ4ueTWIcfH -jXzAZv9+wtu0sVmQKHV0J3S6ZdPqqDaYRdhOCyShBTO4RbUW1myIjooIqqy/xceV -TmXGWycqZjyDDronT1kj/yx6znqudOeDzj1PaEdnsqdXxQlI7MVdRf3nXdDXTpw5 -gPhqxqYc47vL6RvMxqief0BJnlc6PoZWoyTRPwIDAQABAoIBAQCYNMYwSsDrfO35 -mRpfVYHs+iGKjYaZNo+Hv8dcd6Jm9E4Gf0urIfjH2VA8fKclnUOa3dxNBtTH6n/T -bPyfMpu4U1cjI6w3RBNCxRw/V0eHfOMDZbTezS459k0ib3aGc2aShn0sGkICsKzM -cA6sKfPNRdACzXv8MgTUzdEDgv7LcGwNUKYzz/XWZxOX+XpeAGNSdXxv6ASvZNJ7 -u3Ba6LbOSAjxnKK24qdBDwCfuxRvD6ovenvI3+qIDSZSrEs/ofGhEEdKlQiyUAgS -m40kWqtoq9sC4/6cGxCLw9scuwXhwE0NNP19QRjh6Hsmr6qmu8LJAKugJi+5WyLg -1oHLs91xAoGBAO4oy6cdc57UdL7A2UbFDWJkBlySw0ChCK4I49Sfq/IISpd3mOfH -SxpZoh5IEnKTEYSqMi/kUUt8J/kQhjdAhqyA33GuNekfGPumUxyB8nKtowNNevyv -Ou6Y9FmzwEektvTLoku/4GxVbrgE262YEu/U1bMA700YK88knCtRWrtFAoGBALoo -qdUpb9s0NK0K4pGo8NYdtqVraOkXPAhKCCOY+hnl0yJERU7LLM9pYCMmR9m/TPcA -pXZTETPWcB6SDJoH3nCmje1Bt3xTxnSvt9P8lXYfvgVpKz8zBrvvnZqUDbMUjWe+ -vz9/jRKrarKgzG6KLnLgFV9sNbuSoOER4/h7MmCzAoGARP2qaUHd4Y/4Nd4V0yt4 -Qh1pvl2BlHJR2mCW51xN6jI+sXwi3lncRsjabt1AAtLZy02mdjs01aIkzkDcMJtP -qB85G2x1D5BDo3q+Ls7yFgh45ZcHXrXAY6gJeQbaV6a+nVF0NW9jKt7g0QwPO02H -htRoB4/owrOS1VHsr5vEpeUCgYAsWg/MZ2js8s0yBQvh5Dws5ztiwepmzlBRMUIr -KQE9NlJNMbLJiQKOD+8FsNMhf8BYgODrBfNtREPGJMm30PQgJq5dvnB2wIbhuhOz -/9OkJv/gziOtlPyfvgDwmSGCbv0ZoIp0GHGF5y0ujbznASj72YN+DovmupJ1zQth -YgionQKBgDGtSfvf3VpJxoabJ52tC0vJFDzkqdbOT0imuLjRHmUH4pSKuMvanvVk -kYcHXeQcfLOPjH18UUqTIgK5vXXjJraduq2bGyvdLcbd3xmj5guzfim3FP83Lh/U -OMAbRgBdq3rlylRqcZh0NqV05L0kJ0Wt1XIaV/eknpuFz5nD7O+y ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDcTCCAlmgAwIBAgIDB5VBMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIxMDUxNVoXDTM5MDUyMjIxMDUxNVowfTEf -MB0GA1UEAxMWY29tbW9uTmFtZS5tb25nb2RiLm9yZzEQMA4GA1UECxMHRHJpdmVy -czEQMA4GA1UEChMHTW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8G -A1UECBMITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEArS94Vnpx+C+LwiCIyfZH45uwDbiEqCKr0hfWPVlJdoOQgaDO -av9nbxRvx+CnsiZ1yE6Kj1NYIX3FqOzO9YizwKtPaxCqFMjDzl1HZCJ8LTZZzMic -01K38wGfacsBwno/sNZn9jgnT+9JOasD6854IAs5T7dRCFH/nxV+RuZ4ueTWIcfH -jXzAZv9+wtu0sVmQKHV0J3S6ZdPqqDaYRdhOCyShBTO4RbUW1myIjooIqqy/xceV -TmXGWycqZjyDDronT1kj/yx6znqudOeDzj1PaEdnsqdXxQlI7MVdRf3nXdDXTpw5 -gPhqxqYc47vL6RvMxqief0BJnlc6PoZWoyTRPwIDAQABMA0GCSqGSIb3DQEBCwUA -A4IBAQA34DUMfx0YaxsXnNlCmbkncwgb69VfwWTqtON2MabOlw9fQ0Z5YlwduBSD -DxkRosVURdqV+EcGxei6opnPkdoJ+1mkCDo360q+R/bJUFqjj7djB7GCwwK/Eud4 -Jjn//eLBChU+DlTjO1yL8haEQR70LyVz37sh28oIRqoTS3Nk2SZg7Gnor1qHwd6j -OljaM1WiTJfq6XCSZ9/3C5Ix0Vr7xZaP9Dn5lgQ86du6N6tmaKqVobCw3vjITmnr -eZTC7dKU4/O52d6lHZ1vv8GyvqrRCeiolTVzhW47GvO/n+snC0NMkXvoo7Rzv1S/ -FxHvlhiH5wCbaGnBx4uF5/boedV+ ------END CERTIFICATE----- diff --git a/.evergreen/x509gen/crl.pem b/.evergreen/x509gen/crl.pem deleted file mode 100644 index 733a0acdc..000000000 --- a/.evergreen/x509gen/crl.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN X509 CRL----- -MIIB6jCB0wIBATANBgkqhkiG9w0BAQsFADB5MRswGQYDVQQDExJEcml2ZXJzIFRl -c3RpbmcgQ0ExEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdvREIxFjAU -BgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYDVQQG -EwJVUxcNMTkwNTIyMjI0NTUzWhcNMTkwNjIxMjI0NTUzWjAVMBMCAncVFw0xOTA1 -MjIyMjQ1MzJaoA8wDTALBgNVHRQEBAICEAAwDQYJKoZIhvcNAQELBQADggEBACwQ -W9OF6ExJSzzYbpCRroznkfdLG7ghNSxIpBQUGtcnYbkP4em6TdtAj5K3yBjcKn4a -hnUoa5EJGr2Xgg0QascV/1GuWEJC9rsYYB9boVi95l1CrkS0pseaunM086iItZ4a -hRVza8qEMBc3rdsracA7hElYMKdFTRLpIGciJehXzv40yT5XFBHGy/HIT0CD50O7 -BDOHzA+rCFCvxX8UY9myDfb1r1zUW7Gzjn241VT7bcIJmhFE9oV0popzDyqr6GvP -qB2t5VmFpbnSwkuc4ie8Jizip1P8Hg73lut3oVAHACFGPpfaNIAp4GcSH61zJmff -9UBe3CJ1INwqyiuqGeA= ------END X509 CRL----- diff --git a/.evergreen/x509gen/expired.pem b/.evergreen/x509gen/expired.pem deleted file mode 100644 index 2d92be01a..000000000 --- a/.evergreen/x509gen/expired.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAw06nN1BoINnY/WJXvi+r0taDMphWQNoyeM85A6NIYKo+vWtN -fvf6f2JTpg/Q4NJ3txiZE/F6yZaMFC78l1KMoz+zIEPLpSJoIezCaXyl2+AQih8A -WmAOFAoiWYTiNfWoVM7t0Qzy6yS+rXifuET5Dg1mtWpA6xRFHZEqQTdKX4QzbT5G -RenoFIBT9wG7xUV+FG1/9s5nx4f5gZDbwMKA7mNq/Jr+rZZQV4lReeGtoYNx1I/Z -4yd4xswI3RfuB7QDZMNHWZazFxW1N6EP5NJBDZJkYLEkMX36r4Orr/73z4EA5GBx -zqdSKH9qHLRiBwesfZf7u8xb120u1S1X1J8a5QIDAQABAoIBAQC+Y9swWerYM2WL -RKYCWZhndQP6e3SBzfMrv951hGQXD38Pyh2Gq5h/O0wN8xcNQz6+t3TqcxnekCrH -tjI4FZnRvlQRHOXVeeAHSjUO/hr1Z8zXyHbgowi2Ula/64FVVr+cxQgiJTxdK7nR -g2g4Csy6/SdlrEnSoDTsKMoHPy36Q0GaLDBnthpKIc1Prhntf6vBCgQAHXVfLk6E -NwddYloL+mfEZESa3Qf2ZYeX/Ovq9agbuQ3cRE7M5FunSo9E7eXt+D+Ntk0usTKV -BaUEHLRYXV827fMDGc1vBN6WFVfthhYviIEgDdkALwOw4lfIiA2WM3fhCF6Ow9hJ -as3dpEHBAoGBAO+l4PdUXypWBYQNZKggH79kAFuAOWtLsMqEBO0ZaXXdvFdwdzhR -jbL7mhRrghgGYpXWIUaNkcbX0XPlkWl2dRzYQqRNjUSEGFabVAxdGZPfiYoupXVl -Lz/FIG3P6BnEYmczh9MxRpJyk4wlUCKppYPiBrR0Ei/qcbGvciOwLq5VAoGBANCi -PWG2izO2HuBFgZTuVIvnl7ixQXgG/tvbiEmYvDNYy1E+w1MWY10Ve/JtIncBIVHk -fEgJPL3hvipAez5ir9Qa1D4PlWxsIrbjuNcLaj+IsRhWBDjMKwRWgmTvvsimcyF5 -39Vs4FujR8cgXy8UnZhYDVRC13PyxmYfJrp4QCpRAoGAKV8nsUsdir+DAEMXp3a0 -RGRNM361avKMOMoF17DVZgW7qBTAYDakEcwh03ij4uXnSxrGb9ms2vkTLcDqE5zh -pvMmvhqtUrDDSuBR6DiCW+bxZaub4OJw/79WU97aoOgoXMymnC0bk9i35C/k37cN -3fC9W5XWNfNxYU16lPKrfGkCgYA14hD0UY72Fg03YvwqmLshPvkCbFU6SKQ96B70 -0wuYP1CTdSBBL0EOY2QVonYKQjJ20gn/GNOlPs48X1b1L8u1fhBezuuKiwsULRAq -Cfqw2f7TCDQi7ygVALrAkuK1M7f8Z1uV5X60bCE3nna21B43oFYg8vpuKb9v1I/O -DQyVYQKBgQCH/Kxq+7Or/5ciq15Vy6z+PJdsGV9FV9S7zkQOZqJ4PXJn0wG9PXnp -ugjvmU1iLx0bXs5llByRx792Q/QmdWnwMCohs6bkWaBCf36JJfTkDTzzbez43cCK -HcYi6gtbiBznWiLWekudRkWdhIFEGU6cSjimy1i4yvwIw85PlEQt/Q== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIDAYZJMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMDIyMzYzNVoXDTE5MDUyMTIyMzYzNVowcDES -MBAGA1UEAxMJbG9jYWxob3N0MRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdN -b25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9y -azELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD -Tqc3UGgg2dj9Yle+L6vS1oMymFZA2jJ4zzkDo0hgqj69a01+9/p/YlOmD9Dg0ne3 -GJkT8XrJlowULvyXUoyjP7MgQ8ulImgh7MJpfKXb4BCKHwBaYA4UCiJZhOI19ahU -zu3RDPLrJL6teJ+4RPkODWa1akDrFEUdkSpBN0pfhDNtPkZF6egUgFP3AbvFRX4U -bX/2zmfHh/mBkNvAwoDuY2r8mv6tllBXiVF54a2hg3HUj9njJ3jGzAjdF+4HtANk -w0dZlrMXFbU3oQ/k0kENkmRgsSQxffqvg6uv/vfPgQDkYHHOp1Iof2octGIHB6x9 -l/u7zFvXbS7VLVfUnxrlAgMBAAGjMDAuMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcE -fwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAgPh9C6Yi -6ykJYfaOETPEkggI9LlLQyQ0VhSJGrcw8DXGuPEkyd2xtczYoh0ijtYD3nlTQnh1 -u+5mEEP05nuMMURzG+v7WzZG8Qfz/SDBY1Lfvb/waI3w3RT/dcZ6jwz39jQhV+rU -o2F1vr37Hnh1Ehoa2igjKL1w1LmWdoFgHb0p09qQDAGtkP0gxl0t7iujDDRStLQn -OpWwfOpCaYhtzWwONJn/JIG+JCE/szcRbmc4XKw8t06ffS0mKR/yZBCoekZinnPD -XRVWAH/UF5XPs0mUlrvhFcT/vjgXSZvpi+UuVv3XL56xwPmXAgKsYUpqLlgbrVxv -jY93LTJ1azg+Sw== ------END CERTIFICATE----- diff --git a/.evergreen/x509gen/password_protected.pem b/.evergreen/x509gen/password_protected.pem deleted file mode 100644 index cc9e12470..000000000 --- a/.evergreen/x509gen/password_protected.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIC8as6PDVhwECAggA -MB0GCWCGSAFlAwQBAgQQTYOgCJcRqUI7dsgqNojv/ASCBNCG9fiu642V4AuFK34c -Q42lvy/cR0CIXLq/rDXN1L685kdeKex7AfDuRtnjY2+7CLJiJimgQNJXDJPHab/k -MBHbwbBs38fg6eSYX8V08/IyyTege5EJMhYxmieHDC3DXKt0gyHk6hA/r5+Mr49h -HeVGwqBLJEQ3gVIeHaOleZYspsXXWqOPHnFiqnk/biaJS0+LkDDEiQgTLEYSnOjP -lexxUc4BV/TN0Z920tZCMfwx7IXD/C+0AkV/Iqq4LALmT702EccB3indaIJ8biGR -radqDLR32Q+vT9uZHgT8EFiUsISMqhob2mnyTfFV/s9ghWwogjSz0HrRcq6fxdg7 -oeyT9K0ET53AGTGmV0206byPu6qCj1eNvtn+t1Ob+d5hecaTugRMVheWPlc5frsz -AcewDNa0pv4pZItjAGMqOPJHfzEDnzTJXpLqGYhg044H1+OCY8+1YK7U0u8dO+/3 -f5AoDMq18ipDVTFTooJURej4/Wjbrfad3ZFjp86nxfHPeWM1YjC9+IlLtK1wr0/U -V8TjGqCkw8yHayz01A86iA8X53YQBg+tyMGjxmivo6LgFGKa9mXGvDkN+B+0+OcA -PqldAuH/TJhnkqzja767e4n9kcr+TmV19Hn1hcJPTDrRU8+sSqQFsWN4pvHazAYB -UdWie+EXI0eU2Av9JFgrVcpRipXjB48BaPwuBw8hm+VStCH7ynF4lJy6/3esjYwk -Mx+NUf8+pp1DRzpzuJa2vAutzqia5r58+zloQMxkgTZtJkQU6OCRoUhHGVk7WNb1 -nxsibOSzyVSP9ZNbHIHAn43vICFGrPubRs200Kc4CdXsOSEWoP0XYebhiNJgGtQs -KoISsV4dFRLwhaJhIlayTBQz6w6Ph87WbtuiAqoLiuqdXhUGz/79j/6JZqCH8t/H -eZs4Dhu+HdD/wZKJDYAS+JBsiwYWnI3y/EowZYgLdOMI4u6xYDejhxwEw20LW445 -qjJ7pV/iX2uavazHgC91Bfd4zodfXIQ1IDyTmb51UFwx0ARzG6enntduO6xtcYU9 -MXwfrEpuZ/MkWTLkR0PHPbIPcR1MiVwPKdvrLk42Bzj/urtXYrAFUckMFMzEh+uv -0lix2hbq/Xwj4dXcY4w9hnC6QQDCJTf9S6MU6OisrZHKk0qZ2Vb4aU/eBcBsHBwo -X/QGcDHneHxlrrs2eLX26Vh8Odc5h8haeIxnfaa1t+Yv56OKHuAztPMnJOUL7KtQ -A556LxT0b5IGx0RcfUcbG8XbxEHseACptoDOoguh9923IBI0uXmpi8q0P815LPUu -0AsE47ATDMGPnXbopejRDicfgMGjykJn8vKO8r/Ia3Fpnomx4iJNCXGqomL+GMpZ -IhQbKNrRG6XZMlx5kVCT0Qr1nOWMiOTSDCQ5vrG3c1Viu+0bctvidEvs+LCm98tb -7ty8F0uOno0rYGNQz18OEE1Tj+E19Vauz1U35Z5SsgJJ/GfzhSJ79Srmdg2PsAzk -AUNTKXux1GLf1cMjTiiU5g+tCEtUL9Me7lsv3L6aFdrCyRbhXUQfJh4NAG8+3Pvh -EaprThBzKsVvbOfU81mOaH9YMmUgmxG86vxDiNtaWd4v6c1k+HGspJr/q49pcXZP -ltBMuS9AihstZ1sHJsyQCmNXkA== ------END ENCRYPTED PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDgzCCAmugAwIBAgIDBXUHMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMzAwMDEyOVoXDTM5MDUyMzAwMDEyOVowaTEP -MA0GA1UEAxMGY2xpZW50MRAwDgYDVQQLEwdEcml2ZXJzMQwwCgYDVQQKEwNNREIx -FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD -VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqCb0Lo4XsV -W327Wlnqc5rwWa5Elw0rFuehSfViRIcYfuFWAPXoOj3fIDsYz6d41G8hp6tkF88p -swlbzDF8Fc7mXDhauwwl2F/NrWYUXwCT8fKju4DtGd2JlDMi1TRDeofkYCGVPp70 -vNqd0H8iDWWs8OmiNrdBLJwNiGaf9y15ena4ImQGitXLFn+qNSXYJ1Rs8p7Y2PTr -L+dff5gJCVbANwGII1rjMAsrMACPVmr8c1Lxoq4fSdJiLweosrv2Lk0WWGsO0Seg -ZY71dNHEyNjItE+VtFEtslJ5L261i3BfF/FqNnH2UmKXzShwfwxyHT8o84gSAltQ -5/lVJ4QQKosCAwEAAaMkMCIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF -BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBOAlKxIMFcTZ+4k8NJv97RSf+zOb5Wu2ct -uxSZxzgKTxLFUuEM8XQiEz1iHQ3XG+uV1fzA74YLQiKjjLrU0mx54eM1vaRtOXvF -sJlzZU8Z2+523FVPx4HBPyObQrfXmIoAiHoQ4VUeepkPRpXxpifgWd/OCWhLDr2/ -0Kgcb0ybaGVDpA0UD9uVIwgFjRu6id7wG+lVcdRxJYskTOOaN2o1hMdAKkrpFQbd -zNRfEoBPUYR3QAmAKP2HBjpgp4ktOHoOKMlfeAuuMCUocSnmPKc3xJaH/6O7rHcf -/Rm0X411RH8JfoXYsSiPsd601kZefhuWvJH0sJLibRDvT7zs8C1v ------END CERTIFICATE----- diff --git a/.evergreen/x509gen/server.pem b/.evergreen/x509gen/server.pem deleted file mode 100644 index 7480f9644..000000000 --- a/.evergreen/x509gen/server.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAhNrB0E6GY/kFSd8/vNpu/t952tbnOsD5drV0XPvmuy7SgKDY -a/S+xb/jPnlZKKehdBnH7qP/gYbv34ZykzcDFZscjPLiGc2cRGP+NQCSFK0d2/7d -y15zSD3zhj14G8+MkpAejTU+0/qFNZMc5neDvGanTe0+8aWa0DXssM0MuTxIv7j6 -CtsMWeqLLofN7a1Kw2UvmieCHfHMuA/08pJwRnV/+5T9WONBPJja2ZQRrG1BjpI4 -81zSPUZesIqi8yDlExdvgNaRZIEHi/njREqwVgJOZomUY57zmKypiMzbz48dDTsV -gUStxrEqbaP+BEjQYPX5+QQk4GdMjkLf52LR6QIDAQABAoIBAHSs+hHLJNOf2zkp -S3y8CUblVMsQeTpsR6otaehPgi9Zy50TpX4KD5D0GMrBH8BIl86y5Zd7h+VlcDzK -gs0vPxI2izhuBovKuzaE6rf5rFFkSBjxGDCG3o/PeJOoYFdsS3RcBbjVzju0hFCs -xnDQ/Wz0anJRrTnjyraY5SnQqx/xuhLXkj/lwWoWjP2bUqDprnuLOj16soNu60Um -JziWbmWx9ty0wohkI/8DPBl9FjSniEEUi9pnZXPElFN6kwPkgdfT5rY/TkMH4lsu -ozOUc5xgwlkT6kVjXHcs3fleuT/mOfVXLPgNms85JKLucfd6KiV7jYZkT/bXIjQ+ -7CZEn0ECgYEA5QiKZgsfJjWvZpt21V/i7dPje2xdwHtZ8F9NjX7ZUFA7mUPxUlwe -GiXxmy6RGzNdnLOto4SF0/7ebuF3koO77oLup5a2etL+y/AnNAufbu4S5D72sbiz -wdLzr3d5JQ12xeaEH6kQNk2SD5/ShctdS6GmTgQPiJIgH0MIdi9F3v0CgYEAlH84 -hMWcC+5b4hHUEexeNkT8kCXwHVcUjGRaYFdSHgovvWllApZDHSWZ+vRcMBdlhNPu -09Btxo99cjOZwGYJyt20QQLGc/ZyiOF4ximQzabTeFgLkTH3Ox6Mh2Rx9yIruYoX -nE3UfMDkYELanEJUv0zenKpZHw7tTt5yXXSlEF0CgYBSsEOvVcKYO/eoluZPYQAA -F2jgzZ4HeUFebDoGpM52lZD+463Dq2hezmYtPaG77U6V3bUJ/TWH9VN/Or290vvN -v83ECcC2FWlSXdD5lFyqYx/E8gqE3YdgqfW62uqM+xBvoKsA9zvYLydVpsEN9v8m -6CSvs/2btA4O21e5u5WBTQKBgGtAb6vFpe0gHRDs24SOeYUs0lWycPhf+qFjobrP -lqnHpa9iPeheat7UV6BfeW3qmBIVl/s4IPE2ld4z0qqZiB0Tf6ssu/TpXNPsNXS6 -dLFz+myC+ufFdNEoQUtQitd5wKbjTCZCOGRaVRgJcSdG6Tq55Fa22mOKPm+mTmed -ZdKpAoGAFsTYBAHPxs8nzkCJCl7KLa4/zgbgywO6EcQgA7tfelB8bc8vcAMG5o+8 -YqAfwxrzhVSVbJx0fibTARXROmbh2pn010l2wj3+qUajM8NiskCPFbSjGy7HSUze -P8Kt1uMDJdj55gATzn44au31QBioZY2zXleorxF21cr+BZCJgfA= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgICdxUwDQYJKoZIhvcNAQELBQAweTEbMBkGA1UEAxMSRHJp -dmVycyBUZXN0aW5nIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdNb25n -b0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazEL -MAkGA1UEBhMCVVMwHhcNMTkwNTIyMjIzMjU2WhcNMzkwNTIyMjIzMjU2WjBwMRIw -EAYDVQQDEwlsb2NhbGhvc3QxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01v -bmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3Jr -MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAITa -wdBOhmP5BUnfP7zabv7fedrW5zrA+Xa1dFz75rsu0oCg2Gv0vsW/4z55WSinoXQZ -x+6j/4GG79+GcpM3AxWbHIzy4hnNnERj/jUAkhStHdv+3ctec0g984Y9eBvPjJKQ -Ho01PtP6hTWTHOZ3g7xmp03tPvGlmtA17LDNDLk8SL+4+grbDFnqiy6Hze2tSsNl -L5ongh3xzLgP9PKScEZ1f/uU/VjjQTyY2tmUEaxtQY6SOPNc0j1GXrCKovMg5RMX -b4DWkWSBB4v540RKsFYCTmaJlGOe85isqYjM28+PHQ07FYFErcaxKm2j/gRI0GD1 -+fkEJOBnTI5C3+di0ekCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/ -AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBol8+YH7MA -HwnIh7KcJ8h87GkCWsjOJCDJWiYBJArQ0MmgDO0qdx+QEtvLMn3XNtP05ZfK0WyX -or4cWllAkMFYaFbyB2hYazlD1UAAG+22Rku0UP6pJMLbWe6pnqzx+RL68FYdbZhN -fCW2xiiKsdPoo2VEY7eeZKrNr/0RFE5EKXgzmobpTBQT1Dl3Ve4aWLoTy9INlQ/g -z40qS7oq1PjjPLgxINhf4ncJqfmRXugYTOnyFiVXLZTys5Pb9SMKdToGl3NTYWLL -2AZdjr6bKtT+WtXyHqO0cQ8CkAW0M6VOlMluACllcJxfrtdlQS2S4lUIj76QKBdZ -khBHXq/b8MFX ------END CERTIFICATE----- diff --git a/.evergreen/x509gen/wild.pem b/.evergreen/x509gen/wild.pem deleted file mode 100644 index d41800748..000000000 --- a/.evergreen/x509gen/wild.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAlenyliMpkLM9aR51iOO7hdLS66pwgafsJlIbtsKAy6WxlcKA -yecs0yCQfw5z5j3BFgv88dzAFEF+jFG6o/EmAzqmK5uRCQX1EJbl2p8detbzToj9 -Ys1Z1peWE8FkJtZMKUdLdlRQQ57v2VUr0kwtFEUGlSNyVwf4pJ5coyqpukmoUdko -zrKeclshjydDVo44Ln6WYvN6odz/CZT808fHZ0CXcIEKyDV8zXIcHGX2OUL/ajtZ -+C2pIbAx64nin1BLtHGvDT0Pan1xKDiMCkOdc7va0gLh0qtPjGLsI4vc8iByviGJ -Kw7hVaj7ym0r2DFzeqghfvNNNHisGXSf+6EcPQIDAQABAoIBAGq/PVefDhfVKaNS -ZwrkbkDqT/ozUQ1hzwuyZ72JXkCkaYFkEGS0Ufy8MWfnmKuXyYezXZezQqqpwDyW -bboTGqgt+OkQSwQL0+bOLDmyF0HDEVkYvqS96HyfT+QdTv1AltbFx3woqUadQ9iT -hzKlv2uxgvBrXx2NtYUypnAhDt5wQQ4n1w46Kl1USb983qWDWyFtHfIQo6vF1JK/ -s6I6oA2tmORPTD3A7E2xT98UMM8B1c/v1F+owAiD+KNmgAN4oWSWBfRGEKg59fZA -aGWjQrwoWmQQJnMnTsHZc+2hT7waKnyOwOFq1NPXyfCw+4cSeI3B3rPxPyShBM4O -ZKfajIECgYEAz555nPHhk5GmMpXprryCODy66ChHWulA3fM9r0k/ObBgKqTirAOA -y0PmA8OxR8acV0V2lZImdwF5Lvnj+c8+fTFSnPKSQHpcZ/lbxo+m2rYwv7+BxUP9 -GJAWzA6xqBde6hNPULml8cNOqT7jwRnLt/DkwY+94Oeh3H5CRYb90Y0CgYEAuNkR -EieGwCn+TjgatkhMLhYqr234544p3ofL82CFlCcsOXtWqCma6POOi038eBlZiHV9 -EPBq4qQHCZMAPeApTZbiZ+Z8ezC3IxjGSX0jP5QK+gBrkk7nbp24nRMlHOrwizsL -/Sxu4Y6puZk5aTUZVufPLXokY6Iez0Kd07vyUXECgYBqWHFQi7EQ5nzr0lAVOee1 -qJ3QRrlt/qZESdCh1XH2Obq4fSbCFzVEaK4L5ZQMANaZ+TGpoWfkczPAdS1qCtam -R7paPAHf1w04EMkKpxA/XS0ROqXdBltA1qVmtmwXfokWeveYkM9IS9Mh6927TlxE -BrcV0mvfJKaLC30koeWnDQKBgEn1oBzxb7sHklbdn+J7Pu/Zsq6Kg+KyQRJmpzXz -0r6ahdlh/iQ+sVqvyML4KyIqkmZFDAtxBnM0ShSMmrYnMJ941ZHY6Mmpjj0etofE -6AuSQmoRLPlXVMYvmSRP+rN9VU2ADKX510usd0BpjE0KD99z1LNPgavTvBwVfWyw -cJ4hAoGBALgyVPMBPv1d8irbM1WHFe/I3vxjb4DWOY9xclbRWjkW69oZmkouGP07 -52ehzfBtBC87VPLwTEr/ERZqfICBqZvXYFypd2ydGhbDKjDswiUd6nACNKAx5ZPo -OVwQjVfjGqkKNThoHhvE1YU//+WtCe0YVUGqMA9dyZe1QO3HcqI8 ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDkzCCAnugAwIBAgIDCRU4MA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy -aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u -Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx -CzAJBgNVBAYTAlVTMB4XDTE5MDUyMjIyMzgxOVoXDTM5MDUyMjIyMzgxOVowcDES -MBAGA1UEAxMJbG9jYWxob3N0MRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdN -b25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9y -azELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV -6fKWIymQsz1pHnWI47uF0tLrqnCBp+wmUhu2woDLpbGVwoDJ5yzTIJB/DnPmPcEW -C/zx3MAUQX6MUbqj8SYDOqYrm5EJBfUQluXanx161vNOiP1izVnWl5YTwWQm1kwp -R0t2VFBDnu/ZVSvSTC0URQaVI3JXB/iknlyjKqm6SahR2SjOsp5yWyGPJ0NWjjgu -fpZi83qh3P8JlPzTx8dnQJdwgQrINXzNchwcZfY5Qv9qO1n4LakhsDHrieKfUEu0 -ca8NPQ9qfXEoOIwKQ51zu9rSAuHSq0+MYuwji9zyIHK+IYkrDuFVqPvKbSvYMXN6 -qCF+8000eKwZdJ/7oRw9AgMBAAGjLTArMCkGA1UdEQQiMCCCCWxvY2FsaG9zdIcE -fwAAAYINKi5tb25nb2RiLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAMCENVK+w+wP7 -T1XBytsScn7+Bh33sn+A+c7H/6BNOEdTxCQ67L3zBc0XrBFYtiHcAppNBKvvM8cV -ERWjXlU2nZ+A0WKOZE2nXYQL5lBnnXoIMwcdtJuTJuWw8r3MlVXDcP6bK8tNSQMG -WYK7PHQ3RNiWNABZejJV9GVP25nO6Wr2gt2xnEwYvUXTnCJtT+NsTE/fU4MlGuUL -a93Cec86Ij0XTMTcnj4nfZhct30nuqiU4wWBPHCN7BXxRQzIHu68aVHBpwDEAf6j -PAOKhucGY6DW+dyrW/1BjW6+ZOmJWxJ7GB+x0gjprQbGH67gIvRvTa9wW7NqWyS3 -Go/qT7H6FQ== ------END CERTIFICATE-----