Merge pull request #598 from kuba/pkgs_sep_prep

Separate packages

.dockerignore

@@ -1,11 +1,11 @@
 # this file uses slightly different syntax than .gitignore,
-# e.g. ".tox/" will not ignore .tox directory
+# e.g. "tox.cover/" will not ignore tox.cover directory
 
 # well, official docker build should be done on clean git checkout
 # anyway, so .tox should be empty... But I'm sure people will try to
 # test docker on their git working directories.
 
 .git
-.tox
+tox.cover
 venv
 docs

.gitignore

@@ -4,7 +4,7 @@
 build/
 dist/
 /venv/
-/.tox/
+/tox.venv/
 letsencrypt.log
 
 # coverage

.travis.yml

@@ -20,7 +20,7 @@ env:
 install: "travis_retry pip install tox coveralls"
 before_script: '[ "${TOXENV:0:2}" != "py" ] || ./tests/boulder-start.sh'
 # TODO: eliminate substring slice bashism
-script: 'travis_retry tox && ([ "${TOXENV:0:2}" != "py" ] || (source .tox/$TOXENV/bin/activate && ./tests/boulder-integration.sh))'
+script: 'travis_retry tox && ([ "${TOXENV:0:2}" != "py" ] || (source tox.venv/bin/activate && ./tests/boulder-integration.sh))'
 
 after_success: '[ "$TOXENV" == "cover" ] && coveralls'
 

Dockerfile

@@ -50,7 +50,11 @@ COPY letsencrypt_nginx /opt/letsencrypt/src/letsencrypt_nginx/
 
 # requirements.txt not installed!
 RUN virtualenv --no-site-packages -p python2 /opt/letsencrypt/venv && \
-    /opt/letsencrypt/venv/bin/pip install -e /opt/letsencrypt/src
+    /opt/letsencrypt/venv/bin/pip install \
+    -e /opt/letsencrypt/src/acme \
+    -e /opt/letsencrypt/src \
+    -e /opt/letsencrypt/src/letsencrypt_apache \
+    -e /opt/letsencrypt/src/letsencrypt_nginx
 
 # install in editable mode (-e) to save space: it's not possible to
 # "rm -rf /opt/letsencrypt/src" (it's stays in the underlaying image);

MANIFEST.in

@@ -1,15 +1,7 @@
+include requirements.txt
 include README.rst
 include CHANGES.rst
 include CONTRIBUTING.md
 include linter_plugin.py
 include letsencrypt/EULA
 recursive-include letsencrypt/tests/testdata *
-
-recursive-include acme/schemata *.json
-recursive-include acme/jose/testdata *
-
-recursive-include letsencrypt_apache/tests/testdata *
-include letsencrypt_apache/options-ssl-apache.conf
-
-recursive-include letsencrypt_nginx/tests/testdata *
-include letsencrypt_nginx/options-ssl-nginx.conf

Vagrantfile

@@ -10,7 +10,7 @@ cd /vagrant
 sudo ./bootstrap/ubuntu.sh
 if [ ! -d "venv" ]; then
   virtualenv --no-site-packages -p python2 venv
-  ./venv/bin/pip install -r requirements.txt -e .[dev,docs,testing]
+  ./venv/bin/pip install -r requirements.txt -e acme -e .[dev,docs,testing] -e letsencrypt_apache -e letsencrypt_nginx
 fi
 SETUP_SCRIPT
 

acme/MANIFEST.in

@@ -0,0 +1 @@
+recursive-include acme/testdata *

acme/acme/challenges_test.py

@@ -1,10 +1,6 @@
 """Tests for acme.challenges."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import mock
 import OpenSSL
 import requests
@@ -12,15 +8,11 @@ import urlparse
 
 from acme import jose
 from acme import other
+from acme import test_util
 
 
-CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'letsencrypt.tests', os.path.join('testdata', 'cert.pem'))))
-KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme.jose', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+CERT = test_util.load_cert('cert.pem')
+KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class ChallengeResponseTest(unittest.TestCase):

acme/acme/client_test.py

@@ -2,8 +2,6 @@
 import datetime
 import httplib
 import json
-import os
-import pkg_resources
 import unittest
 
 import mock
@@ -15,14 +13,12 @@ from acme import jose
 from acme import jws as acme_jws
 from acme import messages
 from acme import messages_test
+from acme import test_util
 
 
-CERT_DER = pkg_resources.resource_string(
-    'acme.jose', os.path.join('testdata', 'cert.der'))
-KEY = jose.JWKRSA.load(pkg_resources.resource_string(
-    'acme.jose', os.path.join('testdata', 'rsa512_key.pem')))
-KEY2 = jose.JWKRSA.load(pkg_resources.resource_string(
-    'acme.jose', os.path.join('testdata', 'rsa256_key.pem')))
+CERT_DER = test_util.load_vector('cert.der')
+KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))
+KEY2 = jose.JWKRSA.load(test_util.load_vector('rsa256_key.pem'))
 
 
 class ClientTest(unittest.TestCase):

acme/acme/jose/json_util_test.py

@@ -1,23 +1,18 @@
 """Tests for acme.jose.json_util."""
 import itertools
-import os
-import pkg_resources
 import unittest
 
 import mock
-import OpenSSL
+
+from acme import test_util
 
 from acme.jose import errors
 from acme.jose import interfaces
 from acme.jose import util
 
 
-CERT = util.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'letsencrypt.tests', os.path.join('testdata', 'cert.pem'))))
-CSR = util.ComparableX509(OpenSSL.crypto.load_certificate_request(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'letsencrypt.tests', os.path.join('testdata', 'csr.pem'))))
+CERT = test_util.load_cert('cert.pem')
+CSR = test_util.load_csr('csr.pem')
 
 
 class FieldTest(unittest.TestCase):

acme/acme/jose/jwa_test.py

@@ -1,19 +1,14 @@
 """Tests for acme.jose.jwa."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
+from acme import test_util
 
 from acme.jose import errors
-from acme.jose import jwk_test
 
 
-RSA1024_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        __name__, os.path.join('testdata', 'rsa1024_key.pem')),
-    password=None, backend=default_backend())
+RSA256_KEY = test_util.load_rsa_private_key('rsa256_key.pem')
+RSA512_KEY = test_util.load_rsa_private_key('rsa512_key.pem')
+RSA1024_KEY = test_util.load_rsa_private_key('rsa1024_key.pem')
 
 
 class JWASignatureTest(unittest.TestCase):
@@ -76,13 +71,13 @@ class JWARSTest(unittest.TestCase):
     def test_sign_no_private_part(self):
         from acme.jose.jwa import RS256
         self.assertRaises(
-            errors.Error, RS256.sign, jwk_test.RSA512_KEY.public_key(), 'foo')
+            errors.Error, RS256.sign, RSA512_KEY.public_key(), 'foo')
 
     def test_sign_key_too_small(self):
         from acme.jose.jwa import RS256
         from acme.jose.jwa import PS256
-        self.assertRaises(errors.Error, RS256.sign, jwk_test.RSA256_KEY, 'foo')
-        self.assertRaises(errors.Error, PS256.sign, jwk_test.RSA256_KEY, 'foo')
+        self.assertRaises(errors.Error, RS256.sign, RSA256_KEY, 'foo')
+        self.assertRaises(errors.Error, PS256.sign, RSA256_KEY, 'foo')
 
     def test_rs(self):
         from acme.jose.jwa import RS256
@@ -92,11 +87,10 @@ class JWARSTest(unittest.TestCase):
             '\xa4\x99\x1e\x19&\xd8\xc7\x99S\x97\xfc\x85\x0cOV\xe6\x07\x99'
             '\xd2\xb9.>}\xfd'
         )
-        self.assertEqual(RS256.sign(jwk_test.RSA512_KEY, 'foo'), sig)
-        self.assertTrue(RS256.verify(
-            jwk_test.RSA512_KEY.public_key(), 'foo', sig))
+        self.assertEqual(RS256.sign(RSA512_KEY, 'foo'), sig)
+        self.assertTrue(RS256.verify(RSA512_KEY.public_key(), 'foo', sig))
         self.assertFalse(RS256.verify(
-            jwk_test.RSA512_KEY.public_key(), 'foo', sig + '!'))
+            RSA512_KEY.public_key(), 'foo', sig + '!'))
 
     def test_ps(self):
         from acme.jose.jwa import PS256

acme/acme/jose/jwk_test.py

@@ -1,25 +1,15 @@
 """Tests for acme.jose.jwk."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
+from acme import test_util
 
 from acme.jose import errors
 from acme.jose import util
 
 
-DSA_PEM = pkg_resources.resource_string(
-    'letsencrypt.tests', os.path.join('testdata', 'dsa512_key.pem'))
-RSA256_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        __name__, os.path.join('testdata', 'rsa256_key.pem')),
-    password=None, backend=default_backend())
-RSA512_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        __name__, os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+DSA_PEM = test_util.load_vector('dsa512_key.pem')
+RSA256_KEY = test_util.load_rsa_private_key('rsa256_key.pem')
+RSA512_KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class JWKTest(unittest.TestCase):
@@ -73,8 +63,8 @@ class JWKRSATest(unittest.TestCase):
             'e': 'AQAB',
             'n': 'm2Fylv-Uz7trgTW8EBHP3FQSMeZs2GNQ6VRo1sIVJEk',
         }
-        self.jwk256_comparable = JWKRSA(key=util.ComparableRSAKey(
-            RSA256_KEY.public_key()))
+        # pylint: disable=protected-access
+        self.jwk256_not_comparable = JWKRSA(key=RSA256_KEY.public_key()._wrapped)
         self.jwk512 = JWKRSA(key=RSA512_KEY.public_key())
         self.jwk512json = {
             'kty': 'RSA',
@@ -96,9 +86,10 @@ class JWKRSATest(unittest.TestCase):
             'qi': 'oi45cEkbVoJjAbnQpFY87Q',
         })
 
-    def test_init_comparable(self):
-        self.assertTrue(isinstance(self.jwk256.key, util.ComparableRSAKey))
-        self.assertEqual(self.jwk256, self.jwk256_comparable)
+    def test_init_auto_comparable(self):
+        self.assertTrue(isinstance(
+            self.jwk256_not_comparable.key, util.ComparableRSAKey))
+        self.assertEqual(self.jwk256, self.jwk256_not_comparable)
 
     def test_equals(self):
         self.assertEqual(self.jwk256, self.jwk256)
@@ -110,9 +101,8 @@ class JWKRSATest(unittest.TestCase):
 
     def test_load(self):
         from acme.jose.jwk import JWKRSA
-        self.assertEqual(
-            self.private, JWKRSA.load(pkg_resources.resource_string(
-                __name__, os.path.join('testdata', 'rsa256_key.pem'))))
+        self.assertEqual(self.private, JWKRSA.load(
+            test_util.load_vector('rsa256_key.pem')))
 
     def test_public_key(self):
         self.assertEqual(self.jwk256, self.private.public_key())

acme/acme/jose/jws_test.py

@@ -1,28 +1,20 @@
 """Tests for acme.jose.jws."""
 import base64
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import mock
 import OpenSSL
 
+from acme import test_util
+
 from acme.jose import b64
 from acme.jose import errors
 from acme.jose import jwa
 from acme.jose import jwk
-from acme.jose import util
 
 
-CERT = util.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'letsencrypt.tests', 'testdata/cert.pem')))
-RSA512_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        __name__, os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+CERT = test_util.load_cert('cert.pem')
+KEY = jwk.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))
 
 
 class MediaTypeTest(unittest.TestCase):
@@ -112,7 +104,7 @@ class JWSTest(unittest.TestCase):
     """Tests for acme.jose.jws.JWS."""
 
     def setUp(self):
-        self.privkey = jwk.JWKRSA(key=RSA512_KEY)
+        self.privkey = KEY
         self.pubkey = self.privkey.public_key()
 
         from acme.jose.jws import JWS
@@ -209,8 +201,7 @@ class JWSTest(unittest.TestCase):
 class CLITest(unittest.TestCase):
 
     def setUp(self):
-        self.key_path = pkg_resources.resource_filename(
-            __name__, os.path.join('testdata', 'rsa512_key.pem'))
+        self.key_path = test_util.vector_path('rsa512_key.pem')
 
     def test_unverified(self):
         from acme.jose.jws import CLI

acme/acme/jose/util_test.py

@@ -1,31 +1,22 @@
 """Tests for acme.jose.util."""
 import functools
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-import OpenSSL
+from acme import test_util
 
 
 class ComparableX509Test(unittest.TestCase):
     """Tests for acme.jose.util.ComparableX509."""
 
     def setUp(self):
-        from acme.jose.util import ComparableX509
-        def _load(method, filename):  # pylint: disable=missing-docstring
-            return ComparableX509(method(
-                OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-                    'letsencrypt.tests', os.path.join('testdata', filename))))
+        # test_util.load_{csr,cert} return ComparableX509
+        self.req1 = test_util.load_csr('csr.pem')
+        self.req2 = test_util.load_csr('csr.pem')
+        self.req_other = test_util.load_csr('csr-san.pem')
 
-        self.req1 = _load(OpenSSL.crypto.load_certificate_request, 'csr.pem')
-        self.req2 = _load(OpenSSL.crypto.load_certificate_request, 'csr.pem')
-        self.req_other = _load(OpenSSL.crypto.load_certificate_request, 'csr-san.pem')
-
-        self.cert1 = _load(OpenSSL.crypto.load_certificate, 'cert.pem')
-        self.cert2 = _load(OpenSSL.crypto.load_certificate, 'cert.pem')
-        self.cert_other = _load(OpenSSL.crypto.load_certificate, 'cert-san.pem')
+        self.cert1 = test_util.load_cert('cert.pem')
+        self.cert2 = test_util.load_cert('cert.pem')
+        self.cert_other = test_util.load_cert('cert-san.pem')
 
     def test_eq(self):
         self.assertEqual(self.req1, self.req2)
@@ -56,19 +47,10 @@ class ComparableRSAKeyTest(unittest.TestCase):
     """Tests for acme.jose.util.ComparableRSAKey."""
 
     def setUp(self):
-        from acme.jose.util import ComparableRSAKey
-        backend = default_backend()
-        def load_key():  # pylint: disable=missing-docstring
-            return ComparableRSAKey(serialization.load_pem_private_key(
-                pkg_resources.resource_string(
-                    __name__, os.path.join('testdata', 'rsa256_key.pem')),
-                password=None, backend=backend))
-        self.key = load_key()
-        self.key_same = load_key()
-        self.key2 = ComparableRSAKey(serialization.load_pem_private_key(
-            pkg_resources.resource_string(
-                __name__, os.path.join('testdata', 'rsa512_key.pem')),
-            password=None, backend=backend))
+        # test_utl.load_rsa_private_key return ComparableRSAKey
+        self.key = test_util.load_rsa_private_key('rsa256_key.pem')
+        self.key_same = test_util.load_rsa_private_key('rsa256_key.pem')
+        self.key2 = test_util.load_rsa_private_key('rsa512_key.pem')
 
     def test_getattr_proxy(self):
         self.assertEqual(256, self.key.key_size)

acme/acme/jws_test.py

@@ -1,19 +1,12 @@
 """Tests for acme.jws."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-
 from acme import errors
 from acme import jose
+from acme import test_util
 
 
-RSA512_KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme.jose', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+KEY = jose.JWKRSA.load(test_util.load_vector('rsa512_key.pem'))
 
 
 class HeaderTest(unittest.TestCase):
@@ -46,7 +39,7 @@ class JWSTest(unittest.TestCase):
     """Tests for acme.jws.JWS."""
 
     def setUp(self):
-        self.privkey = jose.JWKRSA(key=RSA512_KEY)
+        self.privkey = KEY
         self.pubkey = self.privkey.public_key()
         self.nonce = jose.b64encode('Nonce')
 

acme/acme/messages_test.py

@@ -1,30 +1,16 @@
 """Tests for acme.messages."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import mock
-import OpenSSL
 
 from acme import challenges
 from acme import jose
+from acme import test_util
 
 
-CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
-        'acme.jose', os.path.join('testdata', 'cert.der'))))
-CSR = jose.ComparableX509(OpenSSL.crypto.load_certificate_request(
-    OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
-        'acme.jose', os.path.join('testdata', 'csr.der'))))
-KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme.jose', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
-CERT = jose.ComparableX509(OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
-        'acme.jose', os.path.join('testdata', 'cert.der'))))
+CERT = test_util.load_cert('cert.der')
+CSR = test_util.load_csr('csr.der')
+KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class ErrorTest(unittest.TestCase):

acme/acme/other_test.py

@@ -1,18 +1,11 @@
 """Tests for acme.sig."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-
 from acme import jose
+from acme import test_util
 
 
-KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        'acme.jose', os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 
 class SignatureTest(unittest.TestCase):

acme/acme/test_util.py

@@ -0,0 +1,57 @@
+# Symlinked in letsencrypt/tests/test_util.py, casues duplicate-code
+# warning that cannot be disabled locally.
+"""Test utilities.
+
+.. warning:: This module is not part of the public API.
+
+"""
+import os
+import pkg_resources
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+import OpenSSL
+
+from acme import jose
+
+
+def vector_path(*names):
+    """Path to a test vector."""
+    return pkg_resources.resource_filename(
+        __name__, os.path.join('testdata', *names))
+
+def load_vector(*names):
+    """Load contents of a test vector."""
+    # luckily, resource_string opens file in binary mode
+    return pkg_resources.resource_string(
+        __name__, os.path.join('testdata', *names))
+
+def _guess_loader(filename, loader_pem, loader_der):
+    _, ext = os.path.splitext(filename)
+    if ext.lower() == '.pem':
+        return loader_pem
+    elif ext.lower() == '.der':
+        return loader_der
+    else:  # pragma: no cover
+        raise ValueError("Loader could not be recognized based on extension")
+
+def load_cert(*names):
+    """Load certificate."""
+    loader = _guess_loader(
+        names[-1], OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1)
+    return jose.ComparableX509(OpenSSL.crypto.load_certificate(
+        loader, load_vector(*names)))
+
+def load_csr(*names):
+    """Load certificate request."""
+    loader = _guess_loader(
+        names[-1], OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_ASN1)
+    return jose.ComparableX509(OpenSSL.crypto.load_certificate_request(
+        loader, load_vector(*names)))
+
+def load_rsa_private_key(*names):
+    """Load RSA private key."""
+    loader = _guess_loader(names[-1], serialization.load_pem_private_key,
+                           serialization.load_der_private_key)
+    return jose.ComparableRSAKey(loader(
+        load_vector(*names), password=None, backend=default_backend()))

acme/acme/testdata/README

@@ -1,3 +1,7 @@
+In order for acme.test_util._guess_loader to work properly, make sure
+to use appropriate extension for vector filenames: .pem for PEM and
+.der for DER.
+
 The following command has been used to generate test keys:
 
   for x in 256 512 1024; do openssl genrsa -out rsa${k}_key.pem $k; done

acme/acme/testdata/cert-san.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgICBTkwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCE1pY2hpZ2FuMRIwEAYDVQQHDAlBbm4gQXJib3IxKzApBgNVBAoM
+IlVuaXZlcnNpdHkgb2YgTWljaGlnYW4gYW5kIHRoZSBFRkYxFDASBgNVBAMMC2V4
+YW1wbGUuY29tMB4XDTE0MTIxMTIyMzQ0NVoXDTE0MTIxODIyMzQ0NVowdzELMAkG
+A1UEBhMCVVMxETAPBgNVBAgMCE1pY2hpZ2FuMRIwEAYDVQQHDAlBbm4gQXJib3Ix
+KzApBgNVBAoMIlVuaXZlcnNpdHkgb2YgTWljaGlnYW4gYW5kIHRoZSBFRkYxFDAS
+BgNVBAMMC2V4YW1wbGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKx1c7RR
+7R/drnBSQ/zfx1vQLHUbFLh1AQQQ5R8DZUXd36efNK79vukFhN9HFoHZiUvOjm0c
++pVE6K+EdE/twuUCAwEAAaM2MDQwCQYDVR0TBAIwADAnBgNVHREEIDAeggtleGFt
+cGxlLmNvbYIPd3d3LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA0EASuvNKFTF
+nTJsvnSXn52f4BMZJJ2id/kW7+r+FJRm+L20gKQ1aqq8d3e/lzRUrv5SMf1TAOe7
+RDjyGMKy5ZgM2w==
+-----END CERTIFICATE-----

acme/acme/testdata/cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3jCCAYigAwIBAgICBTkwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCE1pY2hpZ2FuMRIwEAYDVQQHDAlBbm4gQXJib3IxKzApBgNVBAoM
+IlVuaXZlcnNpdHkgb2YgTWljaGlnYW4gYW5kIHRoZSBFRkYxFDASBgNVBAMMC2V4
+YW1wbGUuY29tMB4XDTE0MTIxMTIyMzQ0NVoXDTE0MTIxODIyMzQ0NVowdzELMAkG
+A1UEBhMCVVMxETAPBgNVBAgMCE1pY2hpZ2FuMRIwEAYDVQQHDAlBbm4gQXJib3Ix
+KzApBgNVBAoMIlVuaXZlcnNpdHkgb2YgTWljaGlnYW4gYW5kIHRoZSBFRkYxFDAS
+BgNVBAMMC2V4YW1wbGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKx1c7RR
+7R/drnBSQ/zfx1vQLHUbFLh1AQQQ5R8DZUXd36efNK79vukFhN9HFoHZiUvOjm0c
++pVE6K+EdE/twuUCAwEAATANBgkqhkiG9w0BAQsFAANBAC24z0IdwIVKSlntksll
+vr6zJepBH5fMndfk3XJp10jT6VE+14KNtjh02a56GoraAvJAT5/H67E8GvJ/ocNn
+B/o=
+-----END CERTIFICATE-----

acme/acme/testdata/csr-san.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBbjCCARgCAQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1pY2hpZ2FuMRIw
+EAYDVQQHDAlBbm4gQXJib3IxDDAKBgNVBAoMA0VGRjEfMB0GA1UECwwWVW5pdmVy
+c2l0eSBvZiBNaWNoaWdhbjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArHVztFHtH92ucFJD/N/HW9AsdRsUuHUBBBDlHwNlRd3f
+p580rv2+6QWE30cWgdmJS86ObRz6lUTor4R0T+3C5QIDAQABoDowOAYJKoZIhvcN
+AQkOMSswKTAnBgNVHREEIDAeggtleGFtcGxlLmNvbYIPd3d3LmV4YW1wbGUuY29t
+MA0GCSqGSIb3DQEBCwUAA0EAZGBM8J1rRs7onFgtc76mOeoT1c3v0ZsEmxQfb2Wy
+tmReY6X1N4cs38D9VSow+VMRu2LWkKvzS7RUFSaTaeQz1A==
+-----END CERTIFICATE REQUEST-----

acme/acme/testdata/csr.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBXTCCAQcCAQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE1pY2hpZ2FuMRIw
+EAYDVQQHDAlBbm4gQXJib3IxDDAKBgNVBAoMA0VGRjEfMB0GA1UECwwWVW5pdmVy
+c2l0eSBvZiBNaWNoaWdhbjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArHVztFHtH92ucFJD/N/HW9AsdRsUuHUBBBDlHwNlRd3f
+p580rv2+6QWE30cWgdmJS86ObRz6lUTor4R0T+3C5QIDAQABoCkwJwYJKoZIhvcN
+AQkOMRowGDAWBgNVHREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAANB
+AHJH/O6BtC9aGzEVCMGOZ7z9iIRHWSzr9x/bOzn7hLwsbXPAgO1QxEwL+X+4g20G
+n9XBE1N9W6HCIEut2d8wACg=
+-----END CERTIFICATE REQUEST-----

acme/acme/testdata/dsa512_key.pem

@@ -0,0 +1,14 @@
+-----BEGIN DSA PARAMETERS-----
+MIGdAkEAwebEoGBfokKQeALHHnAZMQwYU35ILEBdV8oUmzv7qpSVUoHihyqfn6GC
+OixAKSP8EJYcTilIqPbFbfFyOPlbLwIVANoFHEDiQgknAvKrG78pHzAJdQSPAkEA
+qfka5Bnl+CeEMpzVZGrOVqZE/LFdZK9eT6YtWjzqtIkf3hwXUVxJsTnBG4xmrfvl
+41pgNJpgu99YOYqPpS0g7A==
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIH5AgEAAkEAwebEoGBfokKQeALHHnAZMQwYU35ILEBdV8oUmzv7qpSVUoHihyqf
+n6GCOixAKSP8EJYcTilIqPbFbfFyOPlbLwIVANoFHEDiQgknAvKrG78pHzAJdQSP
+AkEAqfka5Bnl+CeEMpzVZGrOVqZE/LFdZK9eT6YtWjzqtIkf3hwXUVxJsTnBG4xm
+rfvl41pgNJpgu99YOYqPpS0g7AJATQ2LUzjGQSM6UljcPY5I2OD9THkUR9kH2tth
+zZd70UoI9btrVaTizgqYShuok94glSQNK0H92JgUk3scJPaAkAIVAMDn61h6vrCE
+mNv063So6E+eYaIN
+-----END DSA PRIVATE KEY-----

acme/setup.py

@@ -0,0 +1,29 @@
+from setuptools import setup
+from setuptools import find_packages
+
+
+install_requires = [
+    'argparse',
+    # load_pem_private/public_key (>=0.6)
+    # rsa_recover_prime_factors (>=0.8)
+    'cryptography>=0.8',
+    'mock<1.1.0',  # py26
+    'pyrfc3339',
+    'ndg-httpsclient',  # urllib3 InsecurePlatformWarning (#304)
+    'pyasn1',  # urllib3 InsecurePlatformWarning (#304)
+    'PyOpenSSL',
+    'pytz',
+    'requests',
+    'werkzeug',
+]
+
+setup(
+    name='acme',
+    packages=find_packages(),
+    install_requires=install_requires,
+    entry_points={
+        'console_scripts': [
+            'jws = acme.jose.jws:CLI.run',
+        ],
+    },
+)

docs/conf.py

@@ -36,6 +36,8 @@ with codecs.open(init_fn, encoding='utf8') as fd:
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
 sys.path.insert(0, os.path.abspath(os.path.join(here, '..')))
+for pkg in 'acme', 'letsencrypt_apache', 'letsencrypt_nginx':
+    sys.path.insert(0, os.path.abspath(os.path.join(here, '..', pkg)))
 
 # -- General configuration ------------------------------------------------
 

docs/contributing.rst

@@ -26,7 +26,7 @@ Install the development packages:
 
 .. code-block:: shell
 
-   pip install -r requirements.txt -e .[dev,docs,testing]
+   pip install -r requirements.txt -e acme -e .[dev,docs,testing] -e letsencrypt_apache -e letsencrypt_nginx
 
 .. note:: `-e` (short for `--editable`) turns on *editable mode* in
           which any source code changes in the current working

docs/using.rst

@@ -108,7 +108,7 @@ Installation
 .. code-block:: shell
 
    virtualenv --no-site-packages -p python2 venv
-   ./venv/bin/pip install -r requirements.txt .
+   ./venv/bin/pip install -r requirements.txt acme . letsencrypt_apache letsencrypt_nginx
 
 .. warning:: Please do **not** use ``python setup.py install``. Please
              do **not** attempt the installation commands as

letsencrypt/plugins/common_test.py

@@ -1,4 +1,5 @@
 """Tests for letsencrypt.plugins.common."""
+import os
 import pkg_resources
 import unittest
 
@@ -111,9 +112,9 @@ class DvsniTest(unittest.TestCase):
     """Tests for letsencrypt.plugins.common.DvsniTest."""
 
     rsa256_file = pkg_resources.resource_filename(
-        "acme.jose", "testdata/rsa256_key.pem")
+        "letsencrypt.tests", os.path.join("testdata", "rsa256_key.pem"))
     rsa256_pem = pkg_resources.resource_string(
-        "acme.jose", "testdata/rsa256_key.pem")
+        "letsencrypt.tests", os.path.join("testdata", "rsa256_key.pem"))
 
     auth_key = le_util.Key(rsa256_file, rsa256_pem)
     achalls = [

letsencrypt/plugins/disco.py

@@ -16,7 +16,11 @@ logger = logging.getLogger(__name__)
 class PluginEntryPoint(object):
     """Plugin entry point."""
 
-    PREFIX_FREE_DISTRIBUTIONS = ["letsencrypt"]
+    PREFIX_FREE_DISTRIBUTIONS = [
+        "letsencrypt",
+        "letsencrypt-apache",
+        "letsencrypt-nginx",
+    ]
     """Distributions for which prefix will be omitted."""
 
     # this object is mutable, don't allow it to be hashed!

letsencrypt/plugins/standalone/tests/authenticator_test.py

@@ -20,9 +20,9 @@ from letsencrypt.tests import acme_util
 
 
 KEY_PATH = pkg_resources.resource_filename(
-    "acme.jose", os.path.join("testdata", "rsa512_key.pem"))
+    "letsencrypt.tests", os.path.join("testdata", "rsa512_key.pem"))
 KEY_DATA = pkg_resources.resource_string(
-    "acme.jose", os.path.join("testdata", "rsa512_key.pem"))
+    "letsencrypt.tests", os.path.join("testdata", "rsa512_key.pem"))
 KEY = jose.JWKRSA(key=jose.ComparableRSAKey(serialization.load_pem_private_key(
     KEY_DATA, password=None, backend=default_backend())))
 PRIVATE_KEY = OpenSSL.crypto.load_privatekey(

letsencrypt/tests/account_test.py

@@ -1,7 +1,6 @@
 """Tests for letsencrypt.account."""
 import datetime
 import os
-import pkg_resources
 import shutil
 import stat
 import tempfile
@@ -15,9 +14,10 @@ from acme import messages
 
 from letsencrypt import errors
 
+from letsencrypt.tests import test_util
 
-KEY = jose.JWKRSA.load(pkg_resources.resource_string(
-    __name__, os.path.join("testdata", "rsa512_key.pem")))
+
+KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key_2.pem"))
 
 
 class AccountTest(unittest.TestCase):
@@ -61,7 +61,7 @@ class ReportNewAccountTest(unittest.TestCase):
     """Tests for letsencrypt.account.report_new_account."""
 
     def setUp(self):
-        self.config = mock.MagicMock(config_dir='/etc/letsencrypt')
+        self.config = mock.MagicMock(config_dir="/etc/letsencrypt")
         reg = messages.Registration.from_data(email="rhino@jungle.io")
         reg = reg.update(recovery_token="ECCENTRIC INVISIBILITY RHINOCEROS")
         self.acc = mock.MagicMock(regr=messages.RegistrationResource(

letsencrypt/tests/achallenges_test.py

@@ -1,17 +1,15 @@
 """Tests for letsencrypt.achallenges."""
-import os
-import pkg_resources
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import OpenSSL
 
 from acme import challenges
 from acme import jose
 
 from letsencrypt import crypto_util
+
 from letsencrypt.tests import acme_util
+from letsencrypt.tests import test_util
 
 
 class DVSNITest(unittest.TestCase):
@@ -21,11 +19,7 @@ class DVSNITest(unittest.TestCase):
         self.chall = acme_util.chall_to_challb(
             challenges.DVSNI(r="r_value", nonce="12345ABCDE"), "pending")
         self.response = challenges.DVSNIResponse()
-        key = jose.JWKRSA(key=jose.ComparableRSAKey(
-            serialization.load_pem_private_key(
-                pkg_resources.resource_string(
-                    "acme.jose", os.path.join("testdata", "rsa512_key.pem")),
-                password=None, backend=default_backend())))
+        key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
 
         from letsencrypt.achallenges import DVSNI
         self.achall = DVSNI(challb=self.chall, domain="example.com", key=key)

letsencrypt/tests/acme_util.py

@@ -1,21 +1,15 @@
 """ACME utilities for testing."""
 import datetime
 import itertools
-import os
-import pkg_resources
-
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 
 from acme import challenges
 from acme import jose
 from acme import messages
 
+from letsencrypt.tests import test_util
 
-KEY = serialization.load_pem_private_key(
-    pkg_resources.resource_string(
-        __name__, os.path.join('testdata', 'rsa512_key.pem')),
-    password=None, backend=default_backend())
+
+KEY = test_util.load_rsa_private_key('rsa512_key.pem')
 
 # Challenges
 SIMPLE_HTTP = challenges.SimpleHTTP(

letsencrypt/tests/client_test.py

@@ -1,7 +1,5 @@
 """Tests for letsencrypt.client."""
-import os
 import unittest
-import pkg_resources
 
 import configobj
 import OpenSSL
@@ -14,11 +12,11 @@ from letsencrypt import configuration
 from letsencrypt import errors
 from letsencrypt import le_util
 
+from letsencrypt.tests import test_util
 
-KEY = pkg_resources.resource_string(
-    __name__, os.path.join("testdata", "rsa512_key.pem"))
-CSR_SAN = pkg_resources.resource_string(
-    __name__, os.path.join("testdata", "csr-san.der"))
+
+KEY = test_util.load_vector("rsa512_key.pem")
+CSR_SAN = test_util.load_vector("csr-san.der")
 
 
 class RegisterTest(unittest.TestCase):

letsencrypt/tests/crypto_util_test.py

@@ -1,7 +1,5 @@
 """Tests for letsencrypt.crypto_util."""
 import logging
-import os
-import pkg_resources
 import shutil
 import tempfile
 import unittest
@@ -9,15 +7,13 @@ import unittest
 import OpenSSL
 import mock
 
+from letsencrypt.tests import test_util
 
-RSA256_KEY = pkg_resources.resource_string(
-    'acme.jose', os.path.join('testdata', 'rsa256_key.pem'))
-RSA512_KEY = pkg_resources.resource_string(
-    'acme.jose', os.path.join('testdata', 'rsa512_key.pem'))
-CERT = pkg_resources.resource_string(
-    'letsencrypt.tests', os.path.join('testdata', 'cert.pem'))
-SAN_CERT = pkg_resources.resource_string(
-    'letsencrypt.tests', os.path.join('testdata', 'cert-san.pem'))
+
+RSA256_KEY = test_util.load_vector('rsa256_key.pem')
+RSA512_KEY = test_util.load_vector('rsa512_key.pem')
+CERT = test_util.load_vector('cert.pem')
+SAN_CERT = test_util.load_vector('cert-san.pem')
 
 
 class InitSaveKeyTest(unittest.TestCase):
@@ -100,21 +96,17 @@ class ValidCSRTest(unittest.TestCase):
         from letsencrypt.crypto_util import valid_csr
         return valid_csr(csr)
 
-    def _call_testdata(self, name):
-        return self._call(pkg_resources.resource_string(
-            __name__, os.path.join('testdata', name)))
-
     def test_valid_pem_true(self):
-        self.assertTrue(self._call_testdata('csr.pem'))
+        self.assertTrue(self._call(test_util.load_vector('csr.pem')))
 
     def test_valid_pem_san_true(self):
-        self.assertTrue(self._call_testdata('csr-san.pem'))
+        self.assertTrue(self._call(test_util.load_vector('csr-san.pem')))
 
     def test_valid_der_false(self):
-        self.assertFalse(self._call_testdata('csr.der'))
+        self.assertFalse(self._call(test_util.load_vector('csr.der')))
 
     def test_valid_der_san_false(self):
-        self.assertFalse(self._call_testdata('csr-san.der'))
+        self.assertFalse(self._call(test_util.load_vector('csr-san.der')))
 
     def test_empty_false(self):
         self.assertFalse(self._call(''))
@@ -127,16 +119,17 @@ class CSRMatchesPubkeyTest(unittest.TestCase):
     """Tests for letsencrypt.crypto_util.csr_matches_pubkey."""
 
     @classmethod
-    def _call_testdata(cls, name, privkey):
+    def _call(cls, *args, **kwargs):
         from letsencrypt.crypto_util import csr_matches_pubkey
-        return csr_matches_pubkey(pkg_resources.resource_string(
-            __name__, os.path.join('testdata', name)), privkey)
+        return csr_matches_pubkey(*args, **kwargs)
 
     def test_valid_true(self):
-        self.assertTrue(self._call_testdata('csr.pem', RSA512_KEY))
+        self.assertTrue(self._call(
+            test_util.load_vector('csr.pem'), RSA512_KEY))
 
     def test_invalid_false(self):
-        self.assertFalse(self._call_testdata('csr.pem', RSA256_KEY))
+        self.assertFalse(self._call(
+            test_util.load_vector('csr.pem'), RSA256_KEY))
 
 
 class MakeKeyTest(unittest.TestCase):  # pylint: disable=too-few-public-methods
@@ -185,50 +178,42 @@ class GetSANsFromCertTest(unittest.TestCase):
         return get_sans_from_cert(*args, **kwargs)
 
     def test_single(self):
-        self.assertEqual([], self._call(pkg_resources.resource_string(
-            __name__, os.path.join('testdata', 'cert.pem'))))
+        self.assertEqual([], self._call(test_util.load_vector('cert.pem')))
 
     def test_san(self):
         self.assertEqual(
             ['example.com', 'www.example.com'],
-            self._call(pkg_resources.resource_string(
-                __name__, os.path.join('testdata', 'cert-san.pem'))))
+            self._call(test_util.load_vector('cert-san.pem')))
 
 
 class GetSANsFromCSRTest(unittest.TestCase):
     """Tests for letsencrypt.crypto_util.get_sans_from_csr."""
-    def test_extract_one_san(self):
+
+    @classmethod
+    def _call(cls, *args, **kwargs):
         from letsencrypt.crypto_util import get_sans_from_csr
-        csr = pkg_resources.resource_string(
-            __name__, os.path.join('testdata', 'csr.pem'))
-        self.assertEqual(get_sans_from_csr(csr), ['example.com'])
+        return get_sans_from_csr(*args, **kwargs)
+
+    def test_extract_one_san(self):
+        self.assertEqual(['example.com'], self._call(
+            test_util.load_vector('csr.pem')))
 
     def test_extract_two_sans(self):
-        from letsencrypt.crypto_util import get_sans_from_csr
-        csr = pkg_resources.resource_string(
-            __name__, os.path.join('testdata', 'csr-san.pem'))
-        self.assertEqual(get_sans_from_csr(csr), ['example.com',
-                                                  'www.example.com'])
+        self.assertEqual(['example.com', 'www.example.com'], self._call(
+            test_util.load_vector('csr-san.pem')))
 
     def test_extract_six_sans(self):
-        from letsencrypt.crypto_util import get_sans_from_csr
-        csr = pkg_resources.resource_string(
-            __name__, os.path.join('testdata', 'csr-6sans.pem'))
-        self.assertEqual(get_sans_from_csr(csr),
+        self.assertEqual(self._call(test_util.load_vector('csr-6sans.pem')),
                          ["example.com", "example.org", "example.net",
                           "example.info", "subdomain.example.com",
                           "other.subdomain.example.com"])
 
     def test_parse_non_csr(self):
-        from letsencrypt.crypto_util import get_sans_from_csr
-        self.assertRaises(OpenSSL.crypto.Error, get_sans_from_csr,
-                          "hello there")
+        self.assertRaises(OpenSSL.crypto.Error, self._call, "hello there")
 
     def test_parse_no_sans(self):
-        from letsencrypt.crypto_util import get_sans_from_csr
-        csr = pkg_resources.resource_string(
-            __name__, os.path.join('testdata', 'csr-nosans.pem'))
-        self.assertEqual([], get_sans_from_csr(csr))
+        self.assertEqual(
+            [], self._call(test_util.load_vector('csr-nosans.pem')))
 
 
 if __name__ == '__main__':

letsencrypt/tests/display/ops_test.py

@@ -1,6 +1,5 @@
 """Test letsencrypt.display.ops."""
 import os
-import pkg_resources
 import sys
 import tempfile
 import unittest
@@ -16,9 +15,10 @@ from letsencrypt import interfaces
 
 from letsencrypt.display import util as display_util
 
+from letsencrypt.tests import test_util
 
-KEY = jose.JWKRSA.load(pkg_resources.resource_string(
-    "letsencrypt.tests", os.path.join("testdata", "rsa512_key.pem")))
+
+KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
 
 
 class ChoosePluginTest(unittest.TestCase):

letsencrypt/tests/display/revocation_test.py

@@ -1,6 +1,4 @@
 """Test :mod:`letsencrypt.display.revocation`."""
-import os
-import pkg_resources
 import sys
 import unittest
 
@@ -9,15 +7,14 @@ import zope.component
 
 from letsencrypt.display import util as display_util
 
+from letsencrypt.tests import test_util
+
 
 class DisplayCertsTest(unittest.TestCase):
     def setUp(self):
         from letsencrypt.revoker import Cert
-        base_package = "letsencrypt.tests"
-        self.cert0 = Cert(pkg_resources.resource_filename(
-            base_package, os.path.join("testdata", "cert.pem")))
-        self.cert1 = Cert(pkg_resources.resource_filename(
-            base_package, os.path.join("testdata", "cert-san.pem")))
+        self.cert0 = Cert(test_util.vector_path("cert.pem"))
+        self.cert1 = Cert(test_util.vector_path("cert-san.pem"))
 
         self.certs = [self.cert0, self.cert1]
 
@@ -62,9 +59,7 @@ class MoreInfoCertTest(unittest.TestCase):
 class SuccessRevocationTest(unittest.TestCase):
     def setUp(self):
         from letsencrypt.revoker import Cert
-        base_package = "letsencrypt.tests"
-        self.cert = Cert(pkg_resources.resource_filename(
-            base_package, os.path.join("testdata", "cert.pem")))
+        self.cert = Cert(test_util.vector_path("cert.pem"))
 
     @classmethod
     def _call(cls, cert):
@@ -82,8 +77,7 @@ class SuccessRevocationTest(unittest.TestCase):
 class ConfirmRevocationTest(unittest.TestCase):
     def setUp(self):
         from letsencrypt.revoker import Cert
-        self.cert = Cert(pkg_resources.resource_filename(
-            "letsencrypt.tests", os.path.join("testdata", "cert.pem")))
+        self.cert = Cert(test_util.vector_path("cert.pem"))
 
     @classmethod
     def _call(cls, cert):

letsencrypt/tests/proof_of_possession_test.py

@@ -1,11 +1,8 @@
 """Tests for letsencrypt.proof_of_possession."""
 import os
-import pkg_resources
 import tempfile
 import unittest
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 import mock
 
 from acme import challenges
@@ -16,22 +13,15 @@ from letsencrypt import achallenges
 from letsencrypt import proof_of_possession
 from letsencrypt.display import util as display_util
 
+from letsencrypt.tests import test_util
 
-BASE_PACKAGE = "letsencrypt.tests"
-CERT0_PATH = pkg_resources.resource_filename(
-    "acme.jose", os.path.join("testdata", "cert.der"))
-CERT2_PATH = pkg_resources.resource_filename(
-    BASE_PACKAGE, os.path.join("testdata", "dsa_cert.pem"))
-CERT2_KEY_PATH = pkg_resources.resource_filename(
-    BASE_PACKAGE, os.path.join("testdata", "dsa512_key.pem"))
-CERT3_PATH = pkg_resources.resource_filename(
-    BASE_PACKAGE, os.path.join("testdata", "matching_cert.pem"))
-CERT3_KEY_PATH = pkg_resources.resource_filename(
-    BASE_PACKAGE, os.path.join("testdata", "rsa512_key.pem"))
-with open(CERT3_KEY_PATH) as cert3_file:
-    CERT3_KEY = serialization.load_pem_private_key(
-        cert3_file.read(), password=None,
-        backend=default_backend()).public_key()
+
+CERT0_PATH = test_util.vector_path("cert.der")
+CERT2_PATH = test_util.vector_path("dsa_cert.pem")
+CERT2_KEY_PATH = test_util.vector_path("dsa512_key.pem")
+CERT3_PATH = test_util.vector_path("matching_cert.pem")
+CERT3_KEY_PATH = test_util.vector_path("rsa512_key_2.pem")
+CERT3_KEY = test_util.load_rsa_private_key("rsa512_key_2.pem").public_key()
 
 
 class ProofOfPossessionTest(unittest.TestCase):

letsencrypt/tests/renewer_test.py

@@ -2,22 +2,20 @@
 import datetime
 import os
 import tempfile
-import pkg_resources
 import shutil
 import unittest
 
 import configobj
 import mock
-import OpenSSL
 import pytz
 
 from letsencrypt import configuration
 from letsencrypt.storage import ALL_FOUR
 
+from letsencrypt.tests import test_util
 
-CERT = OpenSSL.crypto.load_certificate(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        'letsencrypt.tests', os.path.join('testdata', 'cert.pem')))
+
+CERT = test_util.load_cert('cert.pem')
 
 
 def unlink_all(rc_object):
@@ -295,8 +293,7 @@ class RenewableCertTests(unittest.TestCase):
                 self.assertFalse(self.test_rc.has_pending_deployment())
 
     def _test_notafterbefore(self, function, timestamp):
-        test_cert = pkg_resources.resource_string(
-            "letsencrypt.tests", "testdata/cert.pem")
+        test_cert = test_util.load_vector("cert.pem")
         os.symlink(os.path.join("..", "..", "archive", "example.org",
                                 "cert12.pem"), self.test_rc.cert)
         with open(self.test_rc.cert, "w") as f:
@@ -319,8 +316,7 @@ class RenewableCertTests(unittest.TestCase):
     def test_time_interval_judgments(self, mock_datetime):
         """Test should_autodeploy() and should_autorenew() on the basis
         of expiry time windows."""
-        test_cert = pkg_resources.resource_string(
-            "letsencrypt.tests", "testdata/cert.pem")
+        test_cert = test_util.load_vector("cert.pem")
         for kind in ALL_FOUR:
             where = getattr(self.test_rc, kind)
             os.symlink(os.path.join("..", "..", "archive", "example.org",
@@ -561,8 +557,7 @@ class RenewableCertTests(unittest.TestCase):
     def test_renew(self, mock_c, mock_acc_storage, mock_pd):
         from letsencrypt import renewer
 
-        test_cert = pkg_resources.resource_string(
-            "letsencrypt.tests", "testdata/cert-san.pem")
+        test_cert = test_util.load_vector("cert-san.pem")
         for kind in ALL_FOUR:
             os.symlink(os.path.join("..", "..", "archive", "example.org",
                                     kind + "1.pem"),

letsencrypt/tests/revoker_test.py

@@ -1,7 +1,6 @@
 """Test letsencrypt.revoker."""
 import csv
 import os
-import pkg_resources
 import shutil
 import tempfile
 import unittest
@@ -13,10 +12,11 @@ from letsencrypt import errors
 from letsencrypt import le_util
 from letsencrypt.display import util as display_util
 
+from letsencrypt.tests import test_util
+
 
 KEY = OpenSSL.crypto.load_privatekey(
-    OpenSSL.crypto.FILETYPE_PEM, pkg_resources.resource_string(
-        __name__, os.path.join("testdata", "rsa512_key.pem")))
+    OpenSSL.crypto.FILETYPE_PEM, test_util.load_vector("rsa512_key.pem"))
 
 
 class RevokerBase(unittest.TestCase):  # pylint: disable=too-few-public-methods
@@ -98,8 +98,7 @@ class RevokerTest(RevokerBase):
     def test_revoke_by_wrong_key(self, mock_display, mock_acme):
         mock_display().confirm_revocation.return_value = True
 
-        key_path = pkg_resources.resource_filename(
-            "acme.jose", os.path.join("testdata", "rsa256_key.pem"))
+        key_path = test_util.vector_path("rsa256_key.pem")
 
         wrong_key = le_util.Key(key_path, open(key_path).read())
         self.revoker.revoke_from_key(wrong_key)
@@ -395,22 +394,14 @@ class CertTest(unittest.TestCase):
 
 def create_revoker_certs():
     """Create a few revoker.Cert objects."""
+    cert0_path = test_util.vector_path("cert.pem")
+    cert1_path = test_util.vector_path("cert-san.pem")
+    key_path = test_util.vector_path("rsa512_key.pem")
+
     from letsencrypt.revoker import Cert
-
-    base_package = "letsencrypt.tests"
-
-    cert0_path = pkg_resources.resource_filename(
-        base_package, os.path.join("testdata", "cert.pem"))
-
-    cert1_path = pkg_resources.resource_filename(
-        base_package, os.path.join("testdata", "cert-san.pem"))
-
     cert0 = Cert(cert0_path)
     cert1 = Cert(cert1_path)
 
-    key_path = pkg_resources.resource_filename(
-        base_package, os.path.join("testdata", "rsa512_key.pem"))
-
     return [cert0_path, cert1_path], [cert0, cert1], key_path
 
 

letsencrypt/tests/test_util.py

@@ -0,0 +1 @@
+../../acme/acme/test_util.py

letsencrypt/tests/testdata/rsa256_key.pem

@@ -0,0 +1,6 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIGrAgEAAiEAm2Fylv+Uz7trgTW8EBHP3FQSMeZs2GNQ6VRo1sIVJEkCAwEAAQIh
+AJT0BA/xD01dFCAXzSNyj9nfSZa3NpqzJZZn/eOm7vghAhEAzUVNZn4lLLBD1R6N
+E8TKNQIRAMHHyn3O5JeY36lwKwkUlEUCEAliRauN0L0+QZuYjfJ9aJECEGx4dru3
+rTPCyighdqWNlHUCEQCiLjlwSRtWgmMBudCkVjzt
+-----END RSA PRIVATE KEY-----

letsencrypt/tests/testdata/rsa512_key.pem

@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAPS2EXFRNza/qpXnnBHF/CcFQ543htV+7nLAmrLrmTNHtPXJmLlM
-8SJDIzv/ceAFXL110VzxFfi81lpH5E5c0TMCAwEAAQJBALmppYQ/JVARjWBcsEm/
-1/bXBJ127YLv4gQIY5baL4r6IdEE33OXMTTmD9wf+ajuq1eaH0htHkwhOvREu0sz
-bskCIQD/Cg+xhEVLcwK3pFp3afPIhj1IPFiL3Uy/nqyMZ6O/RQIhAPWiDBofp7Cp
-J4dGZs+hkRySq/IOeeRJlNK1Pq64nToXAiBZ7+te1100YSd5KT051SRB94zO13EG
-SZESFduVW8rz3QIgK+tLiqg6TYYRQUi/PUTAM4GuKNuZw828RGiPyqHLywUCIQCd
-pkZrNphL/y0D7HSbPIfZzD90M2V8tUjlK0BTqk1bHA==
+MIIBOgIBAAJBAKx1c7RR7R/drnBSQ/zfx1vQLHUbFLh1AQQQ5R8DZUXd36efNK79
+vukFhN9HFoHZiUvOjm0c+pVE6K+EdE/twuUCAwEAAQJAMbrEnJCrQe8YqAbw1/Bn
+elAzIamndfE3U8bTavf9sgFpS4HL83rhd6PDbvx81ucaJAT/5x048fM/nFl4fzAc
+mQIhAOF/a9o3EIsDKEmUl+Z1OaOiUxDF3kqWSmALEsmvDhwXAiEAw8ljV5RO/rUp
+Zu2YMDFq3MKpyyMgBIJ8CxmGRc6gCmMCIGRQzkcmhfqBrhOFwkmozrqIBRIKJIjj
+8TRm2LXWZZ2DAiAqVO7PztdNpynugUy4jtbGKKjBrTSNBRGA7OHlUgm0dQIhALQq
+6oGU29Vxlvt3k0vmiRKU4AVfLyNXIGtcWcNG46h/
 -----END RSA PRIVATE KEY-----

letsencrypt/tests/testdata/rsa512_key_2.pem

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAPS2EXFRNza/qpXnnBHF/CcFQ543htV+7nLAmrLrmTNHtPXJmLlM
+8SJDIzv/ceAFXL110VzxFfi81lpH5E5c0TMCAwEAAQJBALmppYQ/JVARjWBcsEm/
+1/bXBJ127YLv4gQIY5baL4r6IdEE33OXMTTmD9wf+ajuq1eaH0htHkwhOvREu0sz
+bskCIQD/Cg+xhEVLcwK3pFp3afPIhj1IPFiL3Uy/nqyMZ6O/RQIhAPWiDBofp7Cp
+J4dGZs+hkRySq/IOeeRJlNK1Pq64nToXAiBZ7+te1100YSd5KT051SRB94zO13EG
+SZESFduVW8rz3QIgK+tLiqg6TYYRQUi/PUTAM4GuKNuZw828RGiPyqHLywUCIQCd
+pkZrNphL/y0D7HSbPIfZzD90M2V8tUjlK0BTqk1bHA==
+-----END RSA PRIVATE KEY-----

letsencrypt_apache/MANIFEST.in

@@ -0,0 +1,2 @@
+recursive-include letsencrypt_apache/tests/testdata *
+include letsencrypt_apache/options-ssl-apache.conf