1# Boulder Test Hierarchy
2
3This directory contains certificates which are analogues of Let's Encrypt's
4active hierarchy. These are useful for ensuring that our tests cover all of
5our actual situations, such as cross-signed intermediates, cross-signed roots,
6both RSA and ECDSA roots and intermediates, and having issuance chains with
7more than one intermediate in them. Also included are a selection of fake
8end-entity certificates, issued from each of the intermediates. This directory
9does not include private keys for the roots, as Boulder should never perform
10any operations which require access to root private keys.
11
12## Usage
13
14These certificates (particularly their subject info and public key info) are
15subject to change at any time. Values derived from these certificates, such as
16their `Serial`, `IssuerID`, `Fingerprint`, or `IssuerNameID` should never be
17hard-coded in tests or mocks. If you need to assert facts about those values
18in a test, load the cert from disk and compute those values dynamically.
19
20In general, loading and using one of these certificates for a test might
21look like:
22
23```go
24ee, _ := CA.IssuePrecertificate(...)
25cert, _ := issuance.LoadCertificate("test/hierarchy/int-e1.cert.pem")
26test.AssertEqual(t, issuance.GetIssuerNameID(ee), issuer.NameID())
27```
View as plain text