removed x509util

We use minimal namespaces instead of X509 certificates.

22 files changed, 0 insertions, 968 deletions

diff --git a/x509util/README.md b/x509util/README.md
deleted file mode 100644
index 3eaecaa..0000000
--- a/x509util/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-# x509util
-TODO: remove package
diff --git a/x509util/testdata/README.md b/x509util/testdata/README.md
deleted file mode 100644
index c9f03de..0000000
--- a/x509util/testdata/README.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# Create new certificate chains
-## Initial setup
-```
-$ touch index
-$ echo 1000 > serial
-```
-
-## Root certificate
-```
-$ openssl genpkey -algorithm ed25519 -out root.key
-$ openssl req -new -x509 -config ca.conf -extensions v3_ca -days 4096 -key root.key -out root.pem
-$ openssl x509 -in root.pem -text -noout
-```
-
-## Intermediate certificate
-```
-$ openssl genpkey -algorithm ed25519 -out intermediate.key
-$ openssl req -new -config ca.conf -extensions v3_intermediate_ca -key intermediate.key -out intermediate.csr
-$ openssl ca -config ca.conf -extensions v3_intermediate_ca -days 4096 -in intermediate.csr -notext -out intermediate.pem
-$ openssl x509 -in intermediate.pem -text -noout
-```
-
-## End-entity certificate
-```
-$ openssl genpkey -algorithm ed25519 -out end-entity.key
-$ openssl req -new -key end-entity.key -out end-entity.csr
-$ openssl x509 -req -days 4096 -CA intermediate.pem -CAkey intermediate.key -CAcreateserial -in end-entity.csr -out end-entity.pem
-$ openssl x509 -in end-entity.pem -text -noout
-```
-
-## Make chain
-```
-$ cat end-entity.pem > chain.pem
-$ cat intermediate.pem >> chain.pem
-```
diff --git a/x509util/testdata/anchors.pem b/x509util/testdata/anchors.pem
deleted file mode 100644
index c71feaa..0000000
--- a/x509util/testdata/anchors.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB
-uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW
-gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8
-NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu
-pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW
-gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n
-MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF
------END CERTIFICATE-----
diff --git a/x509util/testdata/ca.conf b/x509util/testdata/ca.conf
deleted file mode 100644
index 7889331..0000000
--- a/x509util/testdata/ca.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-[ca]
-default_ca = ca_settings
-
-[ ca_settings ]
-dir = .
-certs             = $dir
-crl_dir           = $dir
-new_certs_dir     = $dir
-database          = $dir/index
-serial            = $dir/serial
-
-private_key       = $dir/root.key
-certificate       = $dir/root.pem
-
-policy = ca_policy
-
-[ ca_policy ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-# Options for the `req` tool, `man req`
-[ req ]
-distinguished_name  = req_distinguished_name
-
-# Extensions for a typical CA, see `man x509v3_config`
-[ v3_ca ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true
-keyUsage = critical, digitalSignature, keyCertSign
-
-# Extensions for a typical intermediate CA, see `man x509v3_config`
-[ v3_intermediate_ca ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:0
-keyUsage = critical, digitalSignature, keyCertSign
-
-[ req_distinguished_name ]
-countryName            = Country Name (2 letter code)
-stateOrProvinceName    = State or Province Name
-localityName           = Locality Name
-0.organizationName     = Organization Name
-organizationalUnitName = Organizational Unit Name
-commonName             = Common Name
-emailAddress           = Email Address
-
-countryName_default            = NA
-stateOrProvinceName_default    = NA
-localityName_default           = NA
-0.organizationName_default     = NA
-organizationalUnitName_default = NA
-emailAddress_default           = NA
-commonName_default             = stfe testdata
diff --git a/x509util/testdata/chain.pem b/x509util/testdata/chain.pem
deleted file mode 100644
index 0ac66a0..0000000
--- a/x509util/testdata/chain.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
-wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
-I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz
-MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6
-P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
-sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES
-Vc510vi4dM8I+e/vcoBsmMQP
------END CERTIFICATE-----
diff --git a/x509util/testdata/chain2.pem b/x509util/testdata/chain2.pem
deleted file mode 100644
index 6ca2131..0000000
--- a/x509util/testdata/chain2.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFC4G5ep2NoHAmvFkmFID7y4U/BryMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTEyNTIxNTkwM1oXDTMyMDIxMjIxNTkwM1owRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
-H7O84kVFMAUGAytlcANBAJIUg3wQ5AvhOaITYB/9rT5cm5dcklOdEIwAqvmSOEXf
-vgCpSAz29bnKYJmjwp6mkXx3f31h39G41zr2wRjKnw8=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTI1
-MjE1NzU1WhcNMzIwMjEyMjE1NzU1WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
-uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQeeImH1qUrWk+pq3YOkwI8
-bWdEuTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQCoQvs8gPHZOH6VIuUGCcXVzf8D5+F6GZSoxMF880yYbdbUBVwwbJLFazwEn0uC
-PwMBM9nZj3g1ZSH8uP2sEo0F
------END CERTIFICATE-----
diff --git a/x509util/testdata/data.go b/x509util/testdata/data.go
deleted file mode 100644
index 67bb606..0000000
--- a/x509util/testdata/data.go
+++ /dev/null
@@ -1,262 +0,0 @@
-package testdata
-
-import (
-	"bytes"
-)
-
-var (
-	// EndEntityCertificate is a PEM-encoded end-entity certificate that is
-	// signed by IntermediateCertificate
-	EndEntityCertificate = []byte(`-----BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
-wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
-I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
------END CERTIFICATE-----`)
-	// EndEntityCertificateSerial is the serial number of EndEntityCertificate
-	EndEntityCertificateSerial = "318961541902906095038704399034602270237826065096"
-	// EndEntityPrivateKey is the PEM-encoded Ed25519 private key of EndEntityCertificate
-	EndEntityPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIDme3WaCwW2/FX095yh02yIIsn0D3vbvN5NsJzcdUwq1
------END PRIVATE KEY-----`)
-
-	// EndEntityCertificate2 is a PEM-encoded end-entity certificate that
-	// is signed by IntermediateCertificate2
-	EndEntityCertificate2 = []byte(`-----BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFC4G5ep2NoHAmvFkmFID7y4U/BryMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTEyNTIxNTkwM1oXDTMyMDIxMjIxNTkwM1owRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
-H7O84kVFMAUGAytlcANBAJIUg3wQ5AvhOaITYB/9rT5cm5dcklOdEIwAqvmSOEXf
-vgCpSAz29bnKYJmjwp6mkXx3f31h39G41zr2wRjKnw8=
------END CERTIFICATE-----`)
-	// EndEntityCertificateSerial2 is the serial number of EndEntityCertificate2
-	EndEntityCertificateSerial2 = "262767408425771953673235905171292083847897553650"
-	// EndEntityPrivateKey2 is the PEM-encoded Ed25519 private key of EndEntityCertificate2
-	EndEntityPrivateKey2 = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ
------END PRIVATE KEY-----`)
-
-	// IntermediateCertificate is a PEM-encoded intermediate certificate that is
-	// signed by RootCertificate
-	IntermediateCertificate = []byte(`-----BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz
-MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6
-P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
-sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES
-Vc510vi4dM8I+e/vcoBsmMQP
------END CERTIFICATE-----`)
-	// IntermediateCertificateSerial is the serial number of IntermediateCertificate
-	IntermediateCertificateSerial = "4096"
-	// IntermediatePrivateKey is the PEM-encoded Ed25519 private key of IntermediateCertificate
-	IntermediatePrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIEiZEO5PnjkbN4A+5r9LVTIZeVdPq/on5AzwnetZjszE
------END PRIVATE KEY-----`)
-	// IntermediateChain is a PEM-encoded certificate chain that is composed
-	// of an end-entity certificate and an intermediate certificate
-	IntermediateChain = bytes.Join([][]byte{
-		EndEntityCertificate,
-		IntermediateCertificate,
-	}, []byte("\n"))
-
-	// IntermediateCertificate2 is a PEM-encoded intermediate certificate that
-	// is signed by RootCertificate2
-	IntermediateCertificate2 = []byte(`-----BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTI1
-MjE1NzU1WhcNMzIwMjEyMjE1NzU1WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
-uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQeeImH1qUrWk+pq3YOkwI8
-bWdEuTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQCoQvs8gPHZOH6VIuUGCcXVzf8D5+F6GZSoxMF880yYbdbUBVwwbJLFazwEn0uC
-PwMBM9nZj3g1ZSH8uP2sEo0F
------END CERTIFICATE-----`)
-	// IntermediateCertificateSerial2 is the serial number of IntermediateCertificate2
-	IntermediateCertificateSerial2 = "4096"
-	// IntermediatePrivateKey2 is the PEM-encoded Ed25519 private key of IntermediateCertificate2
-	IntermediatePrivateKey2 = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIOo+qcT2GoWoAp0079ecz/ZyrCZ78Zqznv1xEoN96vT7
------END PRIVATE KEY-----`)
-	// IntermediateChain2 is a PEM-encoded certificate chain that is composed
-	// of an end-entity certificate and an intermediate certificate
-	IntermediateChain2 = bytes.Join([][]byte{
-		EndEntityCertificate2,
-		IntermediateCertificate2,
-	}, []byte("\n"))
-
-	// RootCertificate is a PEM-encoded root certificate
-	RootCertificate = []byte(`-----BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB
-uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW
-gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8
-NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI
------END CERTIFICATE-----`)
-	// RootCertificateSerial is the serial number of RootCertificate
-	RootCertificateSerial = "77126030260354546250480693976417574174523953375"
-	// RootPrivateKey is the PEM-encoded Ed25519 private key of RootCertificate
-	RootPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIPJGy4Tf9SwDv44lLCmVyEjsbUmwfTg+j/Xoyaunf1rx
------END PRIVATE KEY-----`)
-	// RootChain is a PEM-encoded certificate chain that contains an end-entity
-	// certificate, an intermediate certificate, and a root certificate.
-	RootChain = bytes.Join([][]byte{
-		EndEntityCertificate,
-		IntermediateCertificate,
-		RootCertificate,
-	}, []byte("\n"))
-
-	// RootCertificate2 is a PEM-encoded root certificate
-	RootCertificate2 = []byte(`-----BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu
-pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW
-gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n
-MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF
------END CERTIFICATE-----`)
-	// RootCertificateSerial2 is the serial number of RootCertificate2
-	RootCertificateSerial2 = "47489930858344783188475742157087612794308522072"
-	// RootPrivateKey2 is the PEM-encoded Ed25519 private key of RootCertificate2
-	RootPrivateKey2 = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIKQd3B84w9pB6zJLGljuDyGKfz9uPP6QBeLiFcw0EME4
------END PRIVATE KEY-----`)
-	// RootChain2 is a PEM-encoded certificate chain that contains an end-entity
-	// certificate, an intermediate certificate, and a root certificate.
-	RootChain2 = bytes.Join([][]byte{
-		EndEntityCertificate2,
-		IntermediateCertificate2,
-		RootCertificate2,
-	}, []byte("\n"))
-	
-	// TrustAnchors is composed of two PEM-encoded trust anchors, namely,
-	// RootCertificate and RootCertificate2.
-	TrustAnchors = bytes.Join([][]byte{
-		RootCertificate,
-		RootCertificate2,
-	}, []byte("\n"))
-	// NumTrustAnchors is the number of test trust anchors
-	NumTrustAnchors = 2
-
-	// LogPrivateKey is an Ed25519 signing key
-	LogPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIAhqlhKgY/TiEyTIe5BcZKLELGa2kODtJ3S+oMP4JwsA
------END PRIVATE KEY-----`)
-
-	// ExpiredCertificate is a PEM-encoded certificate that is always expired,
-	// i.e., `Not Before`=`Not After`.  It is signed by IntermediateCertificate.
-	ExpiredCertificate = []byte(`-----BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFFO1655aK8KvWIacn4KVPCo+3rgmMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTIwMjE2MzI0MloXDTIwMTIwMjE2MzI0MlowRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAFkRtny1XBNw3E7Bk8yE/dp1NfysaK9wevma
-UQUqtJrHMAUGAytlcANBABXlP0XMtPhBwbilzJ6riD2j49uXFUkdYxP8jTCXyHw7
-CrTlv9wj2MV3UJs7CQigEA21LJVENwYusMnGi2pTIQE=
------END CERTIFICATE-----`)
-	// ExpiredChain is an expired PEM-encoded certificate chain.  It is composed
-	// of two certificates: ExpiredCertificate and IntermediateCertificate.
-	ExpiredChain = bytes.Join([][]byte{
-		ExpiredCertificate,
-		IntermediateCertificate,
-	}, []byte("\n"))
-
-	// ChainBadIntermediate is a PEM-encoded certificate chain that contains
-	// an end-entity certificate, an intermediate certificate, and a root
-	// certificate.  However, the intermediate does not sign the end-entity.
-	ChainBadIntermediate = bytes.Join([][]byte{
-		EndEntityCertificate,
-		IntermediateCertificate2,
-		RootCertificate2,
-	}, []byte("\n"))
-
-	// ChainBadRoot is a PEM-encoded certificate chain that contains an
-	// end-entity certificate, an intermediate certificate, and a root
-	// certificate.  However, the root does not sign the intermediate.
-	ChainBadRoot = bytes.Join([][]byte{
-		EndEntityCertificate,
-		IntermediateCertificate,
-		RootCertificate2,
-	}, []byte("\n"))
-
-	// TruncatedCertificate is a truncated PEM-encoded certificate
-	TruncatedCertificate = []byte(`-----BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
------END CERTIFICATE-----`)
-
-	// NotACertificate is a PEM-encoded certificate block that contains an
-	// Ed25519 private key
-	NotACertificate = []byte(`-----BEGIN CERTIFICATE-----
-MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ
------END CERTIFICATE-----`)
-
-	// NotEd25519PrivateKey is a PEM-encoded ECDSA private key
-	NotEd25519PrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
-MIHcAgEBBEIAtxq7RExTFraqJYhyedPFppJiV05tXb1gxmn+9DGNsfmZ5aD2ZwDo
-PoIVDYudwj7gDL4MXzJj7LUh6WW0qALm4MugBwYFK4EEACOhgYkDgYYABAAcg0Y3
-WTBxfVuw/OPdLf65N6hmBoCGgW8DOhfRXtZNzqkf3u1LnNpWrt/Xva7K6uthvLRr
-A3djeuCmg8MlHdtFYQDa9QSsc0ZBhp6Lg7JSED8nopQIvKPocsUejqJVDqJ4ZK1E
-+2qB5BQl9vGLUpZ5HKkWvKvo8jpNbstVyeOFtvLfGg==
------END PRIVATE KEY-----`)
-
-	// TruncatedEd25519PrivateKey is a a PEM-encoded Ed25519 private key that
-	// has a truncated block
-	TruncatedEd25519PrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIH6
------END PRIVATE KEY-----`)
-
-	// DoubleEd25519PrivateKey is composed of two PEM-encoded Ed25519 private
-	// keys
-	DoubleEd25519PrivateKey = bytes.Join([][]byte{
-		EndEntityPrivateKey,
-		EndEntityPrivateKey2,
-	}, []byte("\n"))
-
-	// Ed25519PrivateKeyBadWhiteSpace is a PEM-encoded Ed25519 private key that
-	// contains unwanted white space
-	Ed25519PrivateKeyBadWhiteSpace = []byte(`
-		-----BEGIN PRIVATE KEY-----
-		MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ
-		-----END PRIVATE KEY-----`)
-
-	// CertificateBadWhiteSpace is a PEM-encoded certificate that contains
-	// unwanted white space
-	CertificateBadWhiteSpace = []byte(`
-		-----BEGIN CERTIFICATE-----
-		MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
-		EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-		A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-		Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
-		QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-		dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
-		wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
-		I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
-		-----END CERTIFICATE-----`)
-)
diff --git a/x509util/testdata/end-entity.key b/x509util/testdata/end-entity.key
deleted file mode 100644
index da83f09..0000000
--- a/x509util/testdata/end-entity.key
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIDme3WaCwW2/FX095yh02yIIsn0D3vbvN5NsJzcdUwq1
------END PRIVATE KEY-----
diff --git a/x509util/testdata/end-entity.pem b/x509util/testdata/end-entity.pem
deleted file mode 100644
index 52b99f6..0000000
--- a/x509util/testdata/end-entity.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
-wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
-I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
------END CERTIFICATE-----
diff --git a/x509util/testdata/end-entity2.key b/x509util/testdata/end-entity2.key
deleted file mode 100644
index 4758b40..0000000
--- a/x509util/testdata/end-entity2.key
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIH65lXoCT4N9q4mPmDcsmAqIqG9CrqrB4KV2nqBC9JlZ
------END PRIVATE KEY-----
diff --git a/x509util/testdata/end-entity2.pem b/x509util/testdata/end-entity2.pem
deleted file mode 100644
index f1d41fc..0000000
--- a/x509util/testdata/end-entity2.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBbDCCAR4CFC4G5ep2NoHAmvFkmFID7y4U/BryMAUGAytlcDBsMQswCQYDVQQG
-EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
-A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
-Ak5BMB4XDTIwMTEyNTIxNTkwM1oXDTMyMDIxMjIxNTkwM1owRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
-H7O84kVFMAUGAytlcANBAJIUg3wQ5AvhOaITYB/9rT5cm5dcklOdEIwAqvmSOEXf
-vgCpSAz29bnKYJmjwp6mkXx3f31h39G41zr2wRjKnw8=
------END CERTIFICATE-----
diff --git a/x509util/testdata/intermediate.key b/x509util/testdata/intermediate.key
deleted file mode 100644
index 26721e4..0000000
--- a/x509util/testdata/intermediate.key
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIEiZEO5PnjkbN4A+5r9LVTIZeVdPq/on5AzwnetZjszE
------END PRIVATE KEY-----
diff --git a/x509util/testdata/intermediate.pem b/x509util/testdata/intermediate.pem
deleted file mode 100644
index 0f893b8..0000000
--- a/x509util/testdata/intermediate.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz
-MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6
-P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
-sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES
-Vc510vi4dM8I+e/vcoBsmMQP
------END CERTIFICATE-----
diff --git a/x509util/testdata/intermediate2.key b/x509util/testdata/intermediate2.key
deleted file mode 100644
index 487627e..0000000
--- a/x509util/testdata/intermediate2.key
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIOo+qcT2GoWoAp0079ecz/ZyrCZ78Zqznv1xEoN96vT7
------END PRIVATE KEY-----
diff --git a/x509util/testdata/intermediate2.pem b/x509util/testdata/intermediate2.pem
deleted file mode 100644
index 854785c..0000000
--- a/x509util/testdata/intermediate2.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
-DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
-A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTI1
-MjE1NzU1WhcNMzIwMjEyMjE1NzU1WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
-TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
-BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
-DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
-uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQeeImH1qUrWk+pq3YOkwI8
-bWdEuTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
-QQCoQvs8gPHZOH6VIuUGCcXVzf8D5+F6GZSoxMF880yYbdbUBVwwbJLFazwEn0uC
-PwMBM9nZj3g1ZSH8uP2sEo0F
------END CERTIFICATE-----
diff --git a/x509util/testdata/log.key b/x509util/testdata/log.key
deleted file mode 100644
index ffc5df4..0000000
--- a/x509util/testdata/log.key
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIAhqlhKgY/TiEyTIe5BcZKLELGa2kODtJ3S+oMP4JwsA
------END PRIVATE KEY-----
diff --git a/x509util/testdata/root.key b/x509util/testdata/root.key
deleted file mode 100644
index c2dd558..0000000
--- a/x509util/testdata/root.key
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIPJGy4Tf9SwDv44lLCmVyEjsbUmwfTg+j/Xoyaunf1rx
------END PRIVATE KEY-----
diff --git a/x509util/testdata/root.pem b/x509util/testdata/root.pem
deleted file mode 100644
index 1fc802b..0000000
--- a/x509util/testdata/root.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB
-uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW
-gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8
-NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI
------END CERTIFICATE-----
diff --git a/x509util/testdata/root2.key b/x509util/testdata/root2.key
deleted file mode 100644
index df8b7af..0000000
--- a/x509util/testdata/root2.key
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIKQd3B84w9pB6zJLGljuDyGKfz9uPP6QBeLiFcw0EME4
------END PRIVATE KEY-----
diff --git a/x509util/testdata/root2.pem b/x509util/testdata/root2.pem
deleted file mode 100644
index d0b131c..0000000
--- a/x509util/testdata/root2.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ
-BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
-MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
-DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD
-VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
-MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
-CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu
-pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW
-gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n
-MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF
------END CERTIFICATE-----
diff --git a/x509util/x509util.go b/x509util/x509util.go
deleted file mode 100644
index 57d97ca..0000000
--- a/x509util/x509util.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package x509util
-
-import (
-	"fmt"
-
-	"crypto/ed25519"
-	"crypto/x509"
-	"encoding/pem"
-)
-
-// NewEd25519PrivateKey creates a new Ed25519 private-key from a PEM block
-func NewEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
-	block, rest := pem.Decode(data)
-	if block == nil {
-		return nil, fmt.Errorf("pem block: is empty")
-	}
-	if block.Type != "PRIVATE KEY" {
-		return nil, fmt.Errorf("bad pem block type: %v", block.Type)
-	}
-	if len(rest) != 0 {
-		return nil, fmt.Errorf("pem block: trailing data")
-	}
-
-	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
-	if err != nil {
-		fmt.Errorf("x509 parser failed: %v", err)
-	}
-	switch t := key.(type) {
-	case ed25519.PrivateKey:
-		return key.(ed25519.PrivateKey), nil
-	default:
-		return nil, fmt.Errorf("unexpected signing key type: %v", t)
-	}
-}
-
-// NewCertificateList parses a block of PEM-encoded X.509 certificates
-func NewCertificateList(rest []byte) ([]*x509.Certificate, error) {
-	var certificates []*x509.Certificate
-	for len(rest) > 0 {
-		var block *pem.Block
-		block, rest = pem.Decode(rest)
-		if block == nil {
-			return nil, fmt.Errorf("no block: probably caused by leading white space")
-		}
-		if block.Type != "CERTIFICATE" {
-			return nil, fmt.Errorf("unexpected pem block type: %v", block.Type)
-		}
-
-		certificate, err := x509.ParseCertificate(block.Bytes)
-		if err != nil {
-			return nil, fmt.Errorf("failed parsing x509 certificate: %v", err)
-		}
-		certificates = append(certificates, certificate)
-	}
-	return certificates, nil
-}
-
-// NewCertPool returns a new cert pool from a list of certificates
-func NewCertPool(certificates []*x509.Certificate) *x509.CertPool {
-	pool := x509.NewCertPool()
-	for _, certificate := range certificates {
-		pool.AddCert(certificate)
-	}
-	return pool
-}
-
-// VerifyChain checks whether the listed certificates are chained such
-// that the first is signed by the second, the second by the third, etc.
-//
-// Note: it is up to the caller to determine whether the final certificate
-// is a valid trust anchor.
-func VerifyChain(chain []*x509.Certificate) error {
-	for i := 0; i < len(chain)-1; i++ {
-		if err := chain[i].CheckSignatureFrom(chain[i+1]); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// ParseDerChain parses a list of DER-encoded X.509 certificates, such that the
-// first (zero-index) blob is interpretted as an end-entity certificate and
-// the remaining ones as its intermediate CertPool.
-//
-// Note: these are the parameters you will need to use x509.Certificate.Verify()
-// with x509.VerifyOptions that include both a pool of roots and intermediates.
-func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) {
-	certificates, err := ParseDerList(chain)
-	if err != nil {
-		return nil, nil, err
-	}
-	if len(certificates) == 0 {
-		return nil, nil, fmt.Errorf("empty certificate chain")
-	}
-	intermediatePool := x509.NewCertPool()
-	for _, certificate := range certificates[1:] {
-		intermediatePool.AddCert(certificate)
-	}
-	return certificates[0], intermediatePool, nil
-}
-
-// ParseDerList parses a list of DER-encoded X.509 certificates
-func ParseDerList(certificates [][]byte) ([]*x509.Certificate, error) {
-	ret := make([]*x509.Certificate, 0, len(certificates))
-	for _, der := range certificates {
-		c, err := x509.ParseCertificate(der)
-		if err != nil {
-			return nil, fmt.Errorf("certificate decoding failed: %v", err)
-		}
-		ret = append(ret, c)
-	}
-	return ret, nil
-}
diff --git a/x509util/x509util_test.go b/x509util/x509util_test.go
deleted file mode 100644
index 298293b..0000000
--- a/x509util/x509util_test.go
+++ /dev/null
@@ -1,332 +0,0 @@
-package x509util
-
-import (
-	"bytes"
-	"fmt"
-	"testing"
-
-	"crypto/x509"
-
-	"github.com/system-transparency/stfe/x509util/testdata"
-)
-
-func TestNewEd25519PrivateKey(t *testing.T) {
-	for _, table := range []struct {
-		description string
-		pem         []byte
-		wantErr     bool
-	}{
-		{
-			description: "bad block: unwanted white space",
-			pem:         testdata.Ed25519PrivateKeyBadWhiteSpace,
-			wantErr:     true,
-		},
-		{
-			description: "invalid block type",
-			pem:         testdata.EndEntityCertificate,
-			wantErr:     true,
-		},
-		{
-			description: "bad block: trailing data",
-			pem:         testdata.DoubleEd25519PrivateKey,
-			wantErr:     true,
-		},
-		{
-			description: "bad block bytes: truncated key",
-			pem:         testdata.TruncatedEd25519PrivateKey,
-			wantErr:     true,
-		},
-		{
-			description: "bad block bytes: not an ed25519 private key",
-			pem:         testdata.NotEd25519PrivateKey,
-			wantErr:     true,
-		},
-		{
-			description: "ok ed25519 private key",
-			pem:         testdata.EndEntityPrivateKey,
-		},
-	} {
-		_, err := NewEd25519PrivateKey(table.pem)
-		if got, want := err != nil, table.wantErr; got != want {
-			t.Errorf("got error=%v but wanted %v in test %q: %v", got, want, table.description, err)
-		}
-	}
-}
-
-func TestNewCertificateList(t *testing.T) {
-	for _, table := range []struct {
-		description string
-		pem         []byte
-		wantErr     bool
-		wantSerial  []string
-	}{
-		{
-			description: "invalid block type",
-			pem:         testdata.EndEntityPrivateKey,
-			wantErr:     true,
-		},
-		{
-			description: "bad block bytes: not a certificate",
-			pem:         testdata.NotACertificate,
-			wantErr:     true,
-		},
-		{
-			description: "bad block bytes: truncated certificate",
-			pem:         testdata.TruncatedCertificate,
-			wantErr:     true,
-		},
-		{
-			description: "bad block bytes: truncated certificate in list",
-			pem:         append(testdata.TruncatedCertificate, testdata.IntermediateCertificate...),
-			wantErr:     true,
-		},
-		{
-			description: "bad block: unwanted white spaces",
-			pem:         testdata.CertificateBadWhiteSpace,
-			wantErr:     true,
-		},
-		{
-			description: "ok certificate list: empty",
-			pem:         []byte{},
-			wantSerial:  nil,
-		},
-		{
-			description: "ok certificate list: size 1",
-			pem:         testdata.EndEntityCertificate,
-			wantSerial:  []string{testdata.EndEntityCertificateSerial},
-		},
-		{
-			description: "ok certificate list: size 2",
-			pem:         testdata.IntermediateChain,
-			wantSerial:  []string{testdata.EndEntityCertificateSerial, testdata.IntermediateCertificateSerial},
-		},
-		{
-			description: "ok certificate list: size 3",
-			pem:         testdata.RootChain,
-			wantSerial: []string{
-				testdata.EndEntityCertificateSerial,
-				testdata.IntermediateCertificateSerial,
-				testdata.RootCertificateSerial,
-			},
-		},
-	} {
-		list, err := NewCertificateList(table.pem)
-		if got, want := err != nil, table.wantErr; got != want {
-			t.Errorf("got error=%v but wanted %v in test %q: %v", got, want, table.description, err)
-		}
-		if err != nil {
-			continue
-		}
-		if got, want := len(list), len(table.wantSerial); got != want {
-			t.Errorf("got list of length %d but wanted %d in test %q", got, want, table.description)
-			continue
-		}
-		for i, certificate := range list {
-			if got, want := fmt.Sprintf("%v", certificate.SerialNumber), table.wantSerial[i]; got != want {
-				t.Errorf("Got serial number %s but wanted %s on index %d and test %q", got, want, i, table.description)
-			}
-		}
-	}
-}
-
-func TestNewCertPool(t *testing.T) {
-	for i, pem := range [][]byte{
-		testdata.EndEntityCertificate,
-		testdata.IntermediateChain,
-		testdata.RootChain,
-	} {
-		list, err := NewCertificateList(pem)
-		if err != nil {
-			t.Fatalf("must parse chain: %v", err)
-		}
-		pool := NewCertPool(list)
-		if got, want := len(pool.Subjects()), len(list); got != want {
-			t.Errorf("got pool of size %d but wanted %d in test %d", got, want, i)
-			continue
-		}
-		for j, got := range pool.Subjects() {
-			if want := list[j].RawSubject; !bytes.Equal(got, want) {
-				t.Errorf("got subject[%d]=%X but wanted %X in test %d", j, got, want, i)
-			}
-		}
-	}
-}
-
-func TestParseDerChain(t *testing.T) {
-	for _, table := range []struct {
-		description string
-		chain       [][]byte
-		wantErr     bool
-	}{
-		{
-			description: "invalid chain: empty",
-			wantErr:     true,
-		},
-		{
-			description: "invalid chain: first certificate: byte is missing",
-			chain: [][]byte{
-				mustMakeDerList(t, testdata.IntermediateChain)[0][1:],
-				mustMakeDerList(t, testdata.IntermediateChain)[1],
-			},
-			wantErr: true,
-		},
-		{
-			description: "valid chain: size 1",
-			chain:       mustMakeDerList(t, testdata.EndEntityCertificate),
-		},
-		{
-			description: "valid chain: size 2",
-			chain:       mustMakeDerList(t, testdata.IntermediateChain),
-		},
-		{
-			description: "valid chain: size 3",
-			chain:       mustMakeDerList(t, testdata.RootChain),
-		},
-	} {
-		cert, pool, err := ParseDerChain(table.chain)
-		if got, want := err != nil, table.wantErr; got != want {
-			t.Errorf("got error=%v but wanted %v in test %q: %v", got, want, table.description, err)
-		}
-		if err != nil {
-			continue
-		}
-
-		if got, want := cert.Raw, table.chain[0]; !bytes.Equal(got, want) {
-			t.Errorf("got end-entity certificate %X but wanted %X in test %q", got, want, table.description)
-		}
-		if got, want := len(pool.Subjects()), len(table.chain)-1; got != want {
-			t.Errorf("got %d intermediates but wanted %d in test %q", got, want, table.description)
-			continue
-		}
-		for _, der := range table.chain[1:] {
-			want := mustMakeCertificate(t, der).RawSubject
-			ok := false
-			for _, got := range pool.Subjects() {
-				if bytes.Equal(got, want) {
-					ok = true
-					break
-				}
-			}
-			if !ok {
-				t.Errorf("want subject %X but found no match in test %q", want, table.description)
-			}
-		}
-	}
-}
-
-func TestParseDerList(t *testing.T) {
-	for _, table := range []struct {
-		description string
-		list        [][]byte
-		wantErr     bool
-	}{
-		{
-			description: "invalid certificate: first certificate: byte is missing",
-			list: [][]byte{
-				mustMakeDerList(t, testdata.IntermediateChain)[0][1:],
-				mustMakeDerList(t, testdata.IntermediateChain)[1],
-			},
-			wantErr: true,
-		},
-		{
-			description: "invalid certificate: second certificate: byte is missing",
-			list: [][]byte{
-				mustMakeDerList(t, testdata.IntermediateChain)[0],
-				mustMakeDerList(t, testdata.IntermediateChain)[1][1:],
-			},
-			wantErr: true,
-		},
-		{
-			description: "valid certificate list: empty",
-		},
-		{
-			description: "valid certificate list: size 1",
-			list:        mustMakeDerList(t, testdata.EndEntityCertificate),
-		},
-		{
-			description: "valid certificate list: size 2",
-			list:        mustMakeDerList(t, testdata.IntermediateChain),
-		},
-		{
-			description: "valid certificate list: size 3",
-			list:        mustMakeDerList(t, testdata.RootChain),
-		},
-	} {
-		list, err := ParseDerList(table.list)
-		if got, want := err != nil, table.wantErr; got != want {
-			t.Errorf("got error=%v but wanted %v in test %q: %v", got, want, table.description, err)
-		}
-		if err != nil {
-			continue
-		}
-
-		if got, want := len(list), len(table.list); got != want {
-			t.Errorf("got %d certifictes but wanted %d in test %q", got, want, table.description)
-			continue
-		}
-		for i, cert := range list {
-			if got, want := cert.Raw, table.list[i]; !bytes.Equal(got, want) {
-				t.Errorf("got certificate bytes %X but wanted %X in test %q", got, want, table.description)
-			}
-		}
-	}
-}
-
-func TestVerifyChain(t *testing.T) {
-	for _, table := range []struct {
-		description string
-		pem         []byte
-		wantErr     bool
-	}{
-		{
-			description: "invalid chain: intermediate did not sign end-entity",
-			pem:         testdata.ChainBadIntermediate,
-			wantErr:     true,
-		},
-		{
-			description: "invalid chain: root did not sign intermediate",
-			pem:         testdata.ChainBadRoot,
-			wantErr:     true,
-		},
-		{
-			description: "valid chain",
-			pem:         testdata.RootChain,
-		},
-		{
-			description: "valid chain 2",
-			pem:         testdata.RootChain2,
-		},
-	} {
-		chain, err := NewCertificateList(table.pem)
-		if err != nil {
-			t.Fatalf("must parse chain: %v", err)
-		}
-		err = VerifyChain(chain)
-		if got, want := err != nil, table.wantErr; got != want {
-			t.Errorf("got error %v but wanted %v in test %q: %v", got, want, table.description, err)
-		}
-	}
-}
-
-// mustMakeDerList must parse a PEM-encoded list of certificates to DER
-func mustMakeDerList(t *testing.T, pem []byte) [][]byte {
-	certs, err := NewCertificateList(pem)
-	if err != nil {
-		t.Fatalf("must parse pem-encoded certificates: %v", err)
-	}
-
-	list := make([][]byte, 0, len(certs))
-	for _, cert := range certs {
-		list = append(list, cert.Raw)
-	}
-	return list
-}
-
-// mustMakeCertificate must parse a DER-encoded certificate
-func mustMakeCertificate(t *testing.T, der []byte) *x509.Certificate {
-	cert, err := x509.ParseCertificate(der)
-	if err != nil {
-		t.Fatalf("must parsse der-encoded certificate: %v", err)
-	}
-	return cert
-}