test: move test_[key|ca|cert] to fixtures/keys/

Lots of changes, but mostly just search/replace of fixtures.readSync(...) to fixtures.readKey([new key]...) Benchmarks modified to use fixtures.readKey(...): benchmark/tls/throughput.js benchmark/tls/tls-connect.js benchmark/tls/secure-pair.js Also be sure to review the change to L16 of test/parallel/test-crypto-sign-verify.js PR-URL: https://github.com/nodejs/node/pull/27962 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-05-29 11:43:44 -07:00 · 2019-05-29 11:43:44 -07:00 · 6326ced2de
commit 6326ced2de
parent 17c65d3344
46 changed files with 172 additions and 150 deletions
--- a/benchmark/tls/secure-pair.js
+++ b/benchmark/tls/secure-pair.js
@ -6,21 +6,19 @@ const bench = common.createBenchmark(main, {
  size: [2, 1024, 1024 * 1024]
 });

-const fs = require('fs');
+const fixtures = require('../../test/common/fixtures');
 const tls = require('tls');
 const net = require('net');
-const path = require('path');

-const cert_dir = path.resolve(__dirname, '../../test/fixtures');
 const REDIRECT_PORT = 28347;

 function main({ dur, size, securing }) {
  const chunk = Buffer.alloc(size, 'b');

  const options = {
-    key: fs.readFileSync(`${cert_dir}/test_key.pem`),
-    cert: fs.readFileSync(`${cert_dir}/test_cert.pem`),
-    ca: [ fs.readFileSync(`${cert_dir}/test_ca.pem`) ],
+    key: fixtures.readKey('rsa_private.pem'),
+    cert: fixtures.readKey('rsa_cert.crt'),
+    ca: fixtures.readKey('rsa_ca.crt'),
    ciphers: 'AES256-GCM-SHA384',
    isServer: true,
    requestCert: true,
--- a/benchmark/tls/throughput.js
+++ b/benchmark/tls/throughput.js
@ -6,9 +6,7 @@ const bench = common.createBenchmark(main, {
  size: [2, 1024, 1024 * 1024]
 });

-const path = require('path');
-const fs = require('fs');
-const cert_dir = path.resolve(__dirname, '../../test/fixtures');
+const fixtures = require('../../test/common/fixtures');
 var options;
 const tls = require('tls');

@ -32,9 +30,9 @@ function main({ dur, type, size }) {
  }

  options = {
-    key: fs.readFileSync(`${cert_dir}/test_key.pem`),
-    cert: fs.readFileSync(`${cert_dir}/test_cert.pem`),
-    ca: [ fs.readFileSync(`${cert_dir}/test_ca.pem`) ],
+    key: fixtures.readKey('rsa_private.pem'),
+    cert: fixtures.readKey('rsa_cert.crt'),
+    ca: fixtures.readKey('rsa_ca.crt'),
    ciphers: 'AES256-GCM-SHA384'
  };

--- a/benchmark/tls/tls-connect.js
+++ b/benchmark/tls/tls-connect.js
@ -1,6 +1,5 @@
 'use strict';
-const fs = require('fs');
-const path = require('path');
+const fixtures = require('../../test/common/fixtures');
 const tls = require('tls');

 const common = require('../common.js');
@ -18,11 +17,10 @@ var running = true;
 function main(conf) {
  dur = conf.dur;
  concurrency = conf.concurrency;
-  const cert_dir = path.resolve(__dirname, '../../test/fixtures');
  const options = {
-    key: fs.readFileSync(`${cert_dir}/test_key.pem`),
-    cert: fs.readFileSync(`${cert_dir}/test_cert.pem`),
-    ca: [ fs.readFileSync(`${cert_dir}/test_ca.pem`) ],
+    key: fixtures.readKey('rsa_private.pem'),
+    cert: fixtures.readKey('rsa_cert.crt'),
+    ca: fixtures.readKey('rsa_ca.crt'),
    ciphers: 'AES256-GCM-SHA384'
  };

--- a/test/async-hooks/test-graph.tls-write.js
+++ b/test/async-hooks/test-graph.tls-write.js
@ -20,8 +20,8 @@ hooks.enable();
 //
 const server = tls
  .createServer({
-    cert: fixtures.readSync('test_cert.pem'),
-    key: fixtures.readSync('test_key.pem')
+    cert: fixtures.readKey('rsa_cert.crt'),
+    key: fixtures.readKey('rsa_private.pem')
  })
  .on('listening', common.mustCall(onlistening))
  .on('secureConnection', common.mustCall(onsecureConnection))
--- a/test/async-hooks/test-tlswrap.js
+++ b/test/async-hooks/test-tlswrap.js
@ -24,8 +24,8 @@ tls.DEFAULT_MAX_VERSION = 'TLSv1.2';
 //
 const server = tls
  .createServer({
-    cert: fixtures.readSync('test_cert.pem'),
-    key: fixtures.readSync('test_key.pem')
+    cert: fixtures.readKey('rsa_cert.crt'),
+    key: fixtures.readKey('rsa_private.pem')
  })
  .on('listening', common.mustCall(onlistening))
  .on('secureConnection', common.mustCall(onsecureConnection))
--- a/test/fixtures/keys/Makefile
+++ b/test/fixtures/keys/Makefile
@ -41,6 +41,9 @@ all: \
 	rsa_private_pkcs8.pem \
 	rsa_private_pkcs8_bad.pem \
 	rsa_public.pem \
+	rsa_ca.crt \
+	rsa_cert.crt \
+	rsa_cert.pfx \
 	rsa_public_sha1_signature_signedby_rsa_private.sha1 \
 	rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1 \
 	rsa_private_b.pem \
@ -617,6 +620,15 @@ rsa_private_pkcs8_bad.pem: rsa_private_pkcs8.pem
 rsa_public.pem: rsa_private.pem
 	openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem

+rsa_cert.crt: rsa_private.pem
+	openssl req -new -x509 -key rsa_private.pem -config rsa_cert.cnf -out rsa_cert.crt
+
+rsa_cert.pfx: rsa_cert.crt
+	openssl pkcs12 -export -passout 'pass:sample' -inkey rsa_private.pem -in rsa_cert.crt -out rsa_cert.pfx
+
+rsa_ca.crt: rsa_cert.crt
+	cp rsa_cert.crt rsa_ca.crt
+
 rsa_public_sha1_signature_signedby_rsa_private.sha1: rsa_public.pem rsa_private.pem
 	openssl dgst -sha1 -sign rsa_private.pem -out rsa_public_sha1_signature_signedby_rsa_private.sha1 rsa_public.pem

--- a/test/fixtures/keys/rsa_ca.crt
+++ b/test/fixtures/keys/rsa_ca.crt
@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIUOLbA0Gyeqh/vqRSR98jmSKzv3aswDQYJKoZIhvcNAQEL
+BQAwgbAxCzAJBgNVBAYTAlVLMRQwEgYDVQQIDAtBY2tuYWNrIEx0ZDETMBEGA1UE
+BwwKUmh5cyBKb25lczEQMA4GA1UECgwHbm9kZS5qczEdMBsGA1UECwwUVGVzdCBU
+TFMgQ2VydGlmaWNhdGUxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls
+b2NhbGhvc3QxGzAZBgkqhkiG9w0BCQEWDGFsZXhAYXViLmRldjAeFw0xOTA1Mjky
+MDI5NTBaFw0xOTA2MjgyMDI5NTBaMIGwMQswCQYDVQQGEwJVSzEUMBIGA1UECAwL
+QWNrbmFjayBMdGQxEzARBgNVBAcMClJoeXMgSm9uZXMxEDAOBgNVBAoMB25vZGUu
+anMxHTAbBgNVBAsMFFRlc3QgVExTIENlcnRpZmljYXRlMRQwEgYDVQQLDAtFbmdp
+bmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxhbGV4
+QGF1Yi5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC33FiIiiex
+wLe/P8DZx5HsqFlmUO7/lvJ7necJVNwqdZ3ax5jpQB0p6uxfqeOvzcN3k5V7UFb/
+Am+nkSNZMAZhsWzCU2Z4Pjh50QYz3f0Hour7/yIGStOLyYY3hgLK2K8TbhgjQPhd
+kw9+QtKlpvbL8fLgONAoGrVOFnRQGcr70iFffsm79mgZhKVMgYiHPJqJgGHvCtkG
+g9zMgS7p63+Q3ZWedtFS2RhMX3uCBy/mH6EOlRCNBbRmA4xxNzyf5GQaki3T+Iz9
+tOMjdPP+CwV2LqEdylmBuik8vrfTb3qIHLKKBAI8lXN26wWtA3kN4L7NP+cbKlCR
+lqctvhmylLH1AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAFeDkFYcL1pcVA3q1LNWmpDi9MQAOajSyk3bNj0+ckyuOlqaXH2gVAdQh+XB
+LOFDXNwAAqMe7FEoyvIaQSFcatRhQnKFxQ9i0o1T8+6Aebjj5oo8lY5CGyOacQV8
+C6LMl4gd/duIoaWkjykiGjTH8SR6VXYhPTm03wQSMMX664E/8onsw6cLuz4COB9q
+dhWhkBXiVj3fF9kLOYMiBWc7Mb2Glfs3NLpu7TTltOwNNMWNfzE9XByR7Tg4WtIu
+8x45ibQKqUhHCh/jpWns2g/YZXXBrcvYREgakkvJZLV2Z+xeoV5oY071554BfMms
+YxLnHtl1YKNg++DSmxeUNK+NLZA=
+-----END CERTIFICATE-----
--- a/test/fixtures/keys/rsa_cert.cnf
+++ b/test/fixtures/keys/rsa_cert.cnf
@ -0,0 +1,23 @@
+[ req ]
+days                   = 99999
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+prompt                 = no
+x509_extensions        = v3_ca
+
+[ req_distinguished_name ]
+C                      = UK
+ST                     = Acknack Ltd
+L                      = Rhys Jones
+O                      = node.js
+0.OU                   = Test TLS Certificate
+1.OU                   = Engineering
+CN                     = localhost
+emailAddress           = alex@aub.dev
+
+[ req_attributes ]
+
+[ v3_ca ]
+basicConstraints = CA:TRUE
+
+[ x509_extensions ]
--- a/test/fixtures/keys/rsa_cert.crt
+++ b/test/fixtures/keys/rsa_cert.crt
@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIUOLbA0Gyeqh/vqRSR98jmSKzv3aswDQYJKoZIhvcNAQEL
+BQAwgbAxCzAJBgNVBAYTAlVLMRQwEgYDVQQIDAtBY2tuYWNrIEx0ZDETMBEGA1UE
+BwwKUmh5cyBKb25lczEQMA4GA1UECgwHbm9kZS5qczEdMBsGA1UECwwUVGVzdCBU
+TFMgQ2VydGlmaWNhdGUxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls
+b2NhbGhvc3QxGzAZBgkqhkiG9w0BCQEWDGFsZXhAYXViLmRldjAeFw0xOTA1Mjky
+MDI5NTBaFw0xOTA2MjgyMDI5NTBaMIGwMQswCQYDVQQGEwJVSzEUMBIGA1UECAwL
+QWNrbmFjayBMdGQxEzARBgNVBAcMClJoeXMgSm9uZXMxEDAOBgNVBAoMB25vZGUu
+anMxHTAbBgNVBAsMFFRlc3QgVExTIENlcnRpZmljYXRlMRQwEgYDVQQLDAtFbmdp
+bmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MRswGQYJKoZIhvcNAQkBFgxhbGV4
+QGF1Yi5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC33FiIiiex
+wLe/P8DZx5HsqFlmUO7/lvJ7necJVNwqdZ3ax5jpQB0p6uxfqeOvzcN3k5V7UFb/
+Am+nkSNZMAZhsWzCU2Z4Pjh50QYz3f0Hour7/yIGStOLyYY3hgLK2K8TbhgjQPhd
+kw9+QtKlpvbL8fLgONAoGrVOFnRQGcr70iFffsm79mgZhKVMgYiHPJqJgGHvCtkG
+g9zMgS7p63+Q3ZWedtFS2RhMX3uCBy/mH6EOlRCNBbRmA4xxNzyf5GQaki3T+Iz9
+tOMjdPP+CwV2LqEdylmBuik8vrfTb3qIHLKKBAI8lXN26wWtA3kN4L7NP+cbKlCR
+lqctvhmylLH1AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAFeDkFYcL1pcVA3q1LNWmpDi9MQAOajSyk3bNj0+ckyuOlqaXH2gVAdQh+XB
+LOFDXNwAAqMe7FEoyvIaQSFcatRhQnKFxQ9i0o1T8+6Aebjj5oo8lY5CGyOacQV8
+C6LMl4gd/duIoaWkjykiGjTH8SR6VXYhPTm03wQSMMX664E/8onsw6cLuz4COB9q
+dhWhkBXiVj3fF9kLOYMiBWc7Mb2Glfs3NLpu7TTltOwNNMWNfzE9XByR7Tg4WtIu
+8x45ibQKqUhHCh/jpWns2g/YZXXBrcvYREgakkvJZLV2Z+xeoV5oY071554BfMms
+YxLnHtl1YKNg++DSmxeUNK+NLZA=
+-----END CERTIFICATE-----
--- a/test/fixtures/keys/rsa_cert.pfx
+++ b/test/fixtures/keys/rsa_cert.pfx
--- a/test/fixtures/test_ca.pem
+++ b/test/fixtures/test_ca.pem
@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgIJAKL0UG+mRkSPMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
-BAYTAlVLMRQwEgYDVQQIEwtBY2tuYWNrIEx0ZDETMBEGA1UEBxMKUmh5cyBKb25l
-czEQMA4GA1UEChMHbm9kZS5qczEdMBsGA1UECxMUVGVzdCBUTFMgQ2VydGlmaWNh
-dGUxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wOTExMTEwOTUyMjJaFw0yOTExMDYw
-OTUyMjJaMH0xCzAJBgNVBAYTAlVLMRQwEgYDVQQIEwtBY2tuYWNrIEx0ZDETMBEG
-A1UEBxMKUmh5cyBKb25lczEQMA4GA1UEChMHbm9kZS5qczEdMBsGA1UECxMUVGVz
-dCBUTFMgQ2VydGlmaWNhdGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA8d8Hc6atq78Jt1HLp9agA/wpQfsFvkYUdZ1YsdvO
-kL2janjwHQgMMCy/Njal3FUEW0OLPebKZUJ8L44JBXSlVxU4zyiiSOWld8EkTetR
-AVT3WKQq3ud+cnxv7g8rGRQp1UHZwmdbZ1wEfAYq8QjYx6m1ciMgRo7DaDQhD29k
-d+UCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUL9miTJn+HKNuTmx/oMWlZP9cd4QwgbAG
-A1UdIwSBqDCBpYAUL9miTJn+HKNuTmx/oMWlZP9cd4ShgYGkfzB9MQswCQYDVQQG
-EwJVSzEUMBIGA1UECBMLQWNrbmFjayBMdGQxEzARBgNVBAcTClJoeXMgSm9uZXMx
-EDAOBgNVBAoTB25vZGUuanMxHTAbBgNVBAsTFFRlc3QgVExTIENlcnRpZmljYXRl
-MRIwEAYDVQQDEwlsb2NhbGhvc3SCCQCi9FBvpkZEjzAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBADRXXA2xSUK5W1i3oLYWW6NEDVWkTQ9RveplyeS9MOkP
-e7yPcpz0+O0ZDDrxR9chAiZ7fmdBBX1Tr+pIuCrG/Ud49SBqeS5aMJGVwiSd7o1n
-dhU2Sz3Q60DwJEL1VenQHiVYlWWtqXBThe9ggqRPnCfsCRTP8qifKkjk45zWPcpN
-----END CERTIFICATE-----
--- a/test/fixtures/test_cert.pem
+++ b/test/fixtures/test_cert.pem
@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgIJAKL0UG+mRkSPMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
-BAYTAlVLMRQwEgYDVQQIEwtBY2tuYWNrIEx0ZDETMBEGA1UEBxMKUmh5cyBKb25l
-czEQMA4GA1UEChMHbm9kZS5qczEdMBsGA1UECxMUVGVzdCBUTFMgQ2VydGlmaWNh
-dGUxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wOTExMTEwOTUyMjJaFw0yOTExMDYw
-OTUyMjJaMH0xCzAJBgNVBAYTAlVLMRQwEgYDVQQIEwtBY2tuYWNrIEx0ZDETMBEG
-A1UEBxMKUmh5cyBKb25lczEQMA4GA1UEChMHbm9kZS5qczEdMBsGA1UECxMUVGVz
-dCBUTFMgQ2VydGlmaWNhdGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA8d8Hc6atq78Jt1HLp9agA/wpQfsFvkYUdZ1YsdvO
-kL2janjwHQgMMCy/Njal3FUEW0OLPebKZUJ8L44JBXSlVxU4zyiiSOWld8EkTetR
-AVT3WKQq3ud+cnxv7g8rGRQp1UHZwmdbZ1wEfAYq8QjYx6m1ciMgRo7DaDQhD29k
-d+UCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUL9miTJn+HKNuTmx/oMWlZP9cd4QwgbAG
-A1UdIwSBqDCBpYAUL9miTJn+HKNuTmx/oMWlZP9cd4ShgYGkfzB9MQswCQYDVQQG
-EwJVSzEUMBIGA1UECBMLQWNrbmFjayBMdGQxEzARBgNVBAcTClJoeXMgSm9uZXMx
-EDAOBgNVBAoTB25vZGUuanMxHTAbBgNVBAsTFFRlc3QgVExTIENlcnRpZmljYXRl
-MRIwEAYDVQQDEwlsb2NhbGhvc3SCCQCi9FBvpkZEjzAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBADRXXA2xSUK5W1i3oLYWW6NEDVWkTQ9RveplyeS9MOkP
-e7yPcpz0+O0ZDDrxR9chAiZ7fmdBBX1Tr+pIuCrG/Ud49SBqeS5aMJGVwiSd7o1n
-dhU2Sz3Q60DwJEL1VenQHiVYlWWtqXBThe9ggqRPnCfsCRTP8qifKkjk45zWPcpN
-----END CERTIFICATE-----
--- a/test/fixtures/test_cert.pfx
+++ b/test/fixtures/test_cert.pfx
--- a/test/fixtures/test_key.pem
+++ b/test/fixtures/test_key.pem
@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDx3wdzpq2rvwm3Ucun1qAD/ClB+wW+RhR1nVix286QvaNqePAd
-CAwwLL82NqXcVQRbQ4s95splQnwvjgkFdKVXFTjPKKJI5aV3wSRN61EBVPdYpCre
-535yfG/uDysZFCnVQdnCZ1tnXAR8BirxCNjHqbVyIyBGjsNoNCEPb2R35QIDAQAB
-AoGBAJNem9C4ftrFNGtQ2DB0Udz7uDuucepkErUy4MbFsc947GfENjDKJXr42Kx0
-kYx09ImS1vUpeKpH3xiuhwqe7tm4FsCBg4TYqQle14oxxm7TNeBwwGC3OB7hiokb
-aAjbPZ1hAuNs6ms3Ybvvj6Lmxzx42m8O5DXCG2/f+KMvaNUhAkEA/ekrOsWkNoW9
-2n3m+msdVuxeek4B87EoTOtzCXb1dybIZUVv4J48VAiM43hhZHWZck2boD/hhwjC
-M5NWd4oY6QJBAPPcgBVNdNZSZ8hR4ogI4nzwWrQhl9MRbqqtfOn2TK/tjMv10ALg
-lPmn3SaPSNRPKD2hoLbFuHFERlcS79pbCZ0CQQChX3PuIna/gDitiJ8oQLOg7xEM
-wk9TRiDK4kl2lnhjhe6PDpaQN4E4F0cTuwqLAoLHtrNWIcOAQvzKMrYdu1MhAkBm
-Et3qDMnjDAs05lGT72QeN90/mPAcASf5eTTYGahv21cb6IBxM+AnwAPpqAAsHhYR
-9h13Y7uYbaOjvuF23LRhAkBoI9eaSMn+l81WXOVUHnzh3ZwB4GuTyxMXXNOhuiFd
-0z4LKAMh99Z4xQmqSoEkXsfM4KPpfhYjF/bwIcP5gOei
-----END RSA PRIVATE KEY-----
--- a/test/parallel/test-crypto-binary-default.js
+++ b/test/parallel/test-crypto-binary-default.js
@ -41,9 +41,9 @@ const DH_NOT_SUITABLE_GENERATOR = crypto.constants.DH_NOT_SUITABLE_GENERATOR;
 require('internal/crypto/util').setDefaultEncoding('latin1');

 // Test Certificates
-const certPem = fixtures.readSync('test_cert.pem', 'ascii');
-const certPfx = fixtures.readSync('test_cert.pfx');
-const keyPem = fixtures.readSync('test_key.pem', 'ascii');
+const certPem = fixtures.readKey('rsa_cert.crt');
+const certPfx = fixtures.readKey('rsa_cert.pfx');
+const keyPem = fixtures.readKey('rsa_private.pem');
 const rsaPubPem = fixtures.readKey('rsa_public.pem', 'ascii');
 const rsaKeyPem = fixtures.readKey('rsa_private.pem', 'ascii');

--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@ -11,8 +11,8 @@ const constants = crypto.constants;
 const fixtures = require('../common/fixtures');

 // Test certificates
-const certPem = fixtures.readSync('test_cert.pem', 'ascii');
-const keyPem = fixtures.readSync('test_key.pem', 'ascii');
+const certPem = fixtures.readKey('rsa_cert.crt');
+const keyPem = fixtures.readKey('rsa_private.pem');
 const rsaKeySize = 2048;
 const rsaPubPem = fixtures.readKey('rsa_public.pem', 'ascii');
 const rsaKeyPem = fixtures.readKey('rsa_private.pem', 'ascii');
--- a/test/parallel/test-crypto-sign-verify.js
+++ b/test/parallel/test-crypto-sign-verify.js
@ -11,9 +11,9 @@ const crypto = require('crypto');
 const fixtures = require('../common/fixtures');

 // Test certificates
-const certPem = fixtures.readSync('test_cert.pem', 'ascii');
-const keyPem = fixtures.readSync('test_key.pem', 'ascii');
-const modSize = 1024;
+const certPem = fixtures.readKey('rsa_cert.crt');
+const keyPem = fixtures.readKey('rsa_private.pem');
+const keySize = 2048;

 {
  const Sign = crypto.Sign;
@ -152,7 +152,7 @@ common.expectsError(
 {
  function testPSS(algo, hLen) {
    // Maximum permissible salt length
-    const max = modSize / 8 - hLen - 2;
+    const max = keySize / 8 - hLen - 2;

    function getEffectiveSaltLength(saltLength) {
      switch (saltLength) {
--- a/test/parallel/test-crypto-verify-failure.js
+++ b/test/parallel/test-crypto-verify-failure.js
@ -29,7 +29,7 @@ const crypto = require('crypto');
 const tls = require('tls');
 const fixtures = require('../common/fixtures');

-const certPem = fixtures.readSync('test_cert.pem', 'ascii');
+const certPem = fixtures.readKey('rsa_cert.crt');

 const options = {
  key: fixtures.readKey('agent1-key.pem'),
--- a/test/parallel/test-crypto.js
+++ b/test/parallel/test-crypto.js
@ -37,7 +37,7 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');

 // Test Certificates
-const certPfx = fixtures.readSync('test_cert.pfx');
+const certPfx = fixtures.readKey('rsa_cert.pfx');

 // 'this' safety
 // https://github.com/joyent/node/issues/6690
--- a/test/parallel/test-https-client-reject.js
+++ b/test/parallel/test-https-client-reject.js
@ -30,8 +30,8 @@ const assert = require('assert');
 const https = require('https');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const server = https.createServer(options, common.mustCall(function(req, res) {
@ -72,7 +72,7 @@ function rejectUnauthorized() {
 function authorized() {
  const options = {
    port: server.address().port,
-    ca: [fixtures.readSync('test_cert.pem')]
+    ca: [fixtures.readKey('rsa_cert.crt')]
  };
  options.agent = new https.Agent(options);
  const req = https.request(options, function(res) {
--- a/test/parallel/test-https-client-renegotiation-limit.js
+++ b/test/parallel/test-https-client-renegotiation-limit.js
@ -50,8 +50,8 @@ const LIMITS = [0, 1, 2, 3, 5, 10, 16];

 function test(next) {
  const options = {
-    cert: fixtures.readSync('test_cert.pem'),
-    key: fixtures.readSync('test_key.pem'),
+    cert: fixtures.readKey('rsa_cert.crt'),
+    key: fixtures.readKey('rsa_private.pem'),
  };

  const server = https.createServer(options, (req, res) => {
--- a/test/parallel/test-https-drain.js
+++ b/test/parallel/test-https-drain.js
@ -29,8 +29,8 @@ const assert = require('assert');
 const https = require('https');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const bufSize = 1024 * 1024;
--- a/test/parallel/test-https-pfx.js
+++ b/test/parallel/test-https-pfx.js
@ -30,7 +30,7 @@ const fixtures = require('../common/fixtures');
 const assert = require('assert');
 const https = require('https');

-const pfx = fixtures.readSync('test_cert.pfx');
+const pfx = fixtures.readKey('rsa_cert.pfx');

 const options = {
  host: '127.0.0.1',
--- a/test/parallel/test-https-unix-socket-self-signed.js
+++ b/test/parallel/test-https-unix-socket-self-signed.js
@ -10,8 +10,8 @@ tmpdir.refresh();
 const fixtures = require('../common/fixtures');
 const https = require('https');
 const options = {
-  cert: fixtures.readSync('test_cert.pem'),
-  key: fixtures.readSync('test_key.pem')
+  cert: fixtures.readKey('rsa_cert.crt'),
+  key: fixtures.readKey('rsa_private.pem')
 };

 const server = https.createServer(options, common.mustCall((req, res) => {
--- a/test/parallel/test-tls-async-cb-after-socket-end.js
+++ b/test/parallel/test-tls-async-cb-after-socket-end.js
@ -15,8 +15,8 @@ const tls = require('tls');

 const options = {
  secureOptions: SSL_OP_NO_TICKET,
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const server = tls.createServer(options, common.mustCall());
--- a/test/parallel/test-tls-client-abort.js
+++ b/test/parallel/test-tls-client-abort.js
@ -27,8 +27,8 @@ if (!common.hasCrypto)
 const tls = require('tls');
 const fixtures = require('../common/fixtures');

-const cert = fixtures.readSync('test_cert.pem');
-const key = fixtures.readSync('test_key.pem');
+const cert = fixtures.readKey('rsa_cert.crt');
+const key = fixtures.readKey('rsa_private.pem');

 const conn = tls.connect({ cert, key, port: 0 }, common.mustNotCall());
 conn.on('error', function() {});
--- a/test/parallel/test-tls-client-reject.js
+++ b/test/parallel/test-tls-client-reject.js
@ -29,8 +29,8 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const server = tls.createServer(options, function(socket) {
@ -80,7 +80,7 @@ function rejectUnauthorized() {
 function authorized() {
  console.log('connect authorized');
  const socket = tls.connect(server.address().port, {
-    ca: [fixtures.readSync('test_cert.pem')],
+    ca: [fixtures.readKey('rsa_cert.crt')],
    servername: 'localhost'
  }, common.mustCall(function() {
    console.log('... authorized');
--- a/test/parallel/test-tls-client-renegotiation-limit.js
+++ b/test/parallel/test-tls-client-renegotiation-limit.js
@ -49,8 +49,8 @@ const LIMITS = [0, 1, 2, 3, 5, 10, 16];

 function test(next) {
  const options = {
-    cert: fixtures.readSync('test_cert.pem'),
-    key: fixtures.readSync('test_key.pem'),
+    cert: fixtures.readKey('rsa_cert.crt'),
+    key: fixtures.readKey('rsa_private.pem'),
  };

  const server = tls.createServer(options, (conn) => {
--- a/test/parallel/test-tls-connect-given-socket.js
+++ b/test/parallel/test-tls-connect-given-socket.js
@ -30,8 +30,8 @@ const tls = require('tls');
 const net = require('net');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const server = tls.createServer(options, common.mustCall((socket) => {
--- a/test/parallel/test-tls-connect-memleak.js
+++ b/test/parallel/test-tls-connect-memleak.js
@ -35,8 +35,8 @@ const fixtures = require('../common/fixtures');
 // added using `once()`, i.e. can be gc'ed once that event has occurred.

 const server = tls.createServer({
-  cert: fixtures.readSync('test_cert.pem'),
-  key: fixtures.readSync('test_key.pem')
+  cert: fixtures.readKey('rsa_cert.crt'),
+  key: fixtures.readKey('rsa_private.pem')
 }).listen(0);

 let collected = false;
--- a/test/parallel/test-tls-connect-no-host.js
+++ b/test/parallel/test-tls-connect-no-host.js
@ -8,8 +8,8 @@ if (!common.hasCrypto)
 const tls = require('tls');
 const assert = require('assert');

-const cert = fixtures.readSync('test_cert.pem');
-const key = fixtures.readSync('test_key.pem');
+const cert = fixtures.readKey('rsa_cert.crt');
+const key = fixtures.readKey('rsa_private.pem');

 // https://github.com/nodejs/node/issues/1489
 // tls.connect(options) with no options.host should accept a cert with
--- a/test/parallel/test-tls-connect-stream-writes.js
+++ b/test/parallel/test-tls-connect-stream-writes.js
@ -9,9 +9,9 @@ const stream = require('stream');
 const net = require('net');
 const fixtures = require('../common/fixtures');

-const options = { key: fixtures.readSync('test_key.pem'),
-                  cert: fixtures.readSync('test_cert.pem'),
-                  ca: [ fixtures.readSync('test_ca.pem') ],
+const options = { key: fixtures.readKey('rsa_private.pem'),
+                  cert: fixtures.readKey('rsa_cert.crt'),
+                  ca: [ fixtures.readKey('rsa_ca.crt') ],
                  ciphers: 'AES256-GCM-SHA384' };
 const content = 'hello world';
 const recv_bufs = [];
--- a/test/parallel/test-tls-destroy-stream.js
+++ b/test/parallel/test-tls-destroy-stream.js
@ -18,9 +18,9 @@ tls.DEFAULT_MAX_VERSION = 'TLSv1.3';
 const CONTENT = 'Hello World';
 const tlsServer = tls.createServer(
  {
-    key: fixtures.readSync('test_key.pem'),
-    cert: fixtures.readSync('test_cert.pem'),
-    ca: [fixtures.readSync('test_ca.pem')],
+    key: fixtures.readKey('rsa_private.pem'),
+    cert: fixtures.readKey('rsa_cert.crt'),
+    ca: [fixtures.readKey('rsa_ca.crt')],
  },
  (socket) => {
    socket.on('close', common.mustCall());
--- a/test/parallel/test-tls-fast-writing.js
+++ b/test/parallel/test-tls-fast-writing.js
@ -28,9 +28,9 @@ const fixtures = require('../common/fixtures');
 const assert = require('assert');
 const tls = require('tls');

-const options = { key: fixtures.readSync('test_key.pem'),
-                  cert: fixtures.readSync('test_cert.pem'),
-                  ca: [ fixtures.readSync('test_ca.pem') ] };
+const options = { key: fixtures.readKey('rsa_private.pem'),
+                  cert: fixtures.readKey('rsa_cert.crt'),
+                  ca: [ fixtures.readKey('rsa_ca.crt') ] };

 const server = tls.createServer(options, onconnection);
 let gotChunk = false;
--- a/test/parallel/test-tls-handshake-exception.js
+++ b/test/parallel/test-tls-handshake-exception.js
@ -21,8 +21,8 @@ if (process.argv[2] === 'child') {
  const { Duplex } = require('stream');
  const { mustCall } = common;

-  const cert = fixtures.readSync('test_cert.pem');
-  const key = fixtures.readSync('test_key.pem');
+  const cert = fixtures.readKey('rsa_cert.crt');
+  const key = fixtures.readKey('rsa_private.pem');

  net.createServer(mustCall(onplaintext)).listen(0, mustCall(onlisten));

--- a/test/parallel/test-tls-hello-parser-failure.js
+++ b/test/parallel/test-tls-hello-parser-failure.js
@ -36,8 +36,8 @@ const tls = require('tls');
 const net = require('net');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const bonkers = Buffer.alloc(1024 * 1024, 42);
--- a/test/parallel/test-tls-inception.js
+++ b/test/parallel/test-tls-inception.js
@ -32,8 +32,8 @@ const tls = require('tls');
 const net = require('net');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const body = 'A'.repeat(40000);
--- a/test/parallel/test-tls-interleave.js
+++ b/test/parallel/test-tls-interleave.js
@ -30,9 +30,9 @@ const tls = require('tls');

 const fixtures = require('../common/fixtures');

-const options = { key: fixtures.readSync('test_key.pem'),
-                  cert: fixtures.readSync('test_cert.pem'),
-                  ca: [ fixtures.readSync('test_ca.pem') ] };
+const options = { key: fixtures.readKey('rsa_private.pem'),
+                  cert: fixtures.readKey('rsa_cert.crt'),
+                  ca: [ fixtures.readKey('rsa_ca.crt') ] };

 const writes = [
  'some server data',
--- a/test/parallel/test-tls-net-connect-prefer-path.js
+++ b/test/parallel/test-tls-net-connect-prefer-path.js
@ -29,8 +29,8 @@ function mkServer(lib, tcp, cb) {
  const args = [handler];
  if (lib === tls) {
    args.unshift({
-      cert: fixtures.readSync('test_cert.pem'),
-      key: fixtures.readSync('test_key.pem')
+      cert: fixtures.readKey('rsa_cert.crt'),
+      key: fixtures.readKey('rsa_private.pem')
    });
  }
  const server = lib.createServer(...args);
--- a/test/parallel/test-tls-no-sslv3.js
+++ b/test/parallel/test-tls-no-sslv3.js
@ -11,8 +11,8 @@ const tls = require('tls');
 const spawn = require('child_process').spawn;
 const fixtures = require('../common/fixtures');

-const cert = fixtures.readSync('test_cert.pem');
-const key = fixtures.readSync('test_key.pem');
+const cert = fixtures.readKey('rsa_cert.crt');
+const key = fixtures.readKey('rsa_private.pem');
 const server = tls.createServer({ cert, key }, common.mustNotCall());
 const errors = [];
 let stderr = '';
--- a/test/parallel/test-tls-pause.js
+++ b/test/parallel/test-tls-pause.js
@ -32,8 +32,8 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const bufSize = 1024 * 1024;
--- a/test/parallel/test-tls-securepair-fiftharg.js
+++ b/test/parallel/test-tls-securepair-fiftharg.js
@ -9,8 +9,8 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');

 const sslcontext = tls.createSecureContext({
-  cert: fixtures.readSync('test_cert.pem'),
-  key: fixtures.readSync('test_key.pem')
+  cert: fixtures.readKey('rsa_cert.crt'),
+  key: fixtures.readKey('rsa_private.pem')
 });

 const pair = tls.createSecurePair(sslcontext, true, false, false, {
--- a/test/parallel/test-tls-zero-clear-in.js
+++ b/test/parallel/test-tls-zero-clear-in.js
@ -28,8 +28,8 @@ if (!common.hasCrypto)
 const tls = require('tls');
 const fixtures = require('../common/fixtures');

-const cert = fixtures.readSync('test_cert.pem');
-const key = fixtures.readSync('test_key.pem');
+const cert = fixtures.readKey('rsa_cert.crt');
+const key = fixtures.readKey('rsa_private.pem');

 const server = tls.createServer({
  cert,
--- a/test/pummel/test-https-no-reader.js
+++ b/test/pummel/test-https-no-reader.js
@ -29,8 +29,8 @@ const https = require('https');
 const fixtures = require('../common/fixtures');

 const options = {
-  key: fixtures.readSync('test_key.pem'),
-  cert: fixtures.readSync('test_cert.pem')
+  key: fixtures.readKey('rsa_private.pem'),
+  cert: fixtures.readKey('rsa_cert.crt')
 };

 const buf = Buffer.allocUnsafe(1024 * 1024);
--- a/test/sequential/test-async-wrap-getasyncid.js
+++ b/test/sequential/test-async-wrap-getasyncid.js
@ -266,9 +266,9 @@ if (common.hasCrypto) { // eslint-disable-line node-core/crypto-check
  const { TCP, constants: TCPConstants } = internalBinding('tcp_wrap');
  const tcp = new TCP(TCPConstants.SOCKET);

-  const ca = fixtures.readSync('test_ca.pem', 'ascii');
-  const cert = fixtures.readSync('test_cert.pem', 'ascii');
-  const key = fixtures.readSync('test_key.pem', 'ascii');
+  const ca = fixtures.readKey('rsa_ca.crt');
+  const cert = fixtures.readKey('rsa_cert.crt');
+  const key = fixtures.readKey('rsa_private.pem');

  const credentials = require('tls').createSecureContext({ ca, cert, key });

--- a/test/sequential/test-tls-connect.js
+++ b/test/sequential/test-tls-connect.js
@ -33,8 +33,8 @@ const tls = require('tls');
 // https://github.com/joyent/node/issues/1218
 // uncatchable exception on TLS connection error
 {
-  const cert = fixtures.readSync('test_cert.pem');
-  const key = fixtures.readSync('test_key.pem');
+  const cert = fixtures.readKey('rsa_cert.crt');
+  const key = fixtures.readKey('rsa_private.pem');

  const options = { cert: cert, key: key, port: common.PORT };
  const conn = tls.connect(options, common.mustNotCall());
@ -47,8 +47,8 @@ const tls = require('tls');

 // SSL_accept/SSL_connect error handling
 {
-  const cert = fixtures.readSync('test_cert.pem');
-  const key = fixtures.readSync('test_key.pem');
+  const cert = fixtures.readKey('rsa_cert.crt');
+  const key = fixtures.readKey('rsa_private.pem');

  assert.throws(() => {
    tls.connect({