27 files changed, 53 insertions, 76 deletions

diff --git a/client/add-entry/main.go b/client/add-entry/main.go
index 084bdad..0f494aa 100644
--- a/client/add-entry/main.go
+++ b/client/add-entry/main.go
@@ -15,8 +15,8 @@ import (
 var (
 	operators = flag.String("operators", "../../descriptor/stfe.json", "path to json-encoded list of log operators")
 	logId     = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier")
-	chain     = flag.String("chain", "../../server/testdata/x509/chain.pem", "path to pem-encoded certificate chain that the log accepts")
-	key       = flag.String("key", "../../server/testdata/x509/end-entity.key", "path to ed25519 private key that corresponds to the chain's end-entity certificate")
+	chain     = flag.String("chain", "../../x509util/testdata/chain.pem", "path to pem-encoded certificate chain that the log accepts")
+	key       = flag.String("key", "../../x509util/testdata/end-entity.key", "path to ed25519 private key that corresponds to the chain's end-entity certificate")
 	name      = flag.String("name", "foobar-1.2.3", "package name")
 	checksum  = flag.String("checksum", "50e7967bce266a506f8f614bb5096beba580d205046b918f47d23b2ec626d75e", "base64-encoded package checksum")
 )
diff --git a/server/main.go b/server/main.go
index 7cf9ccf..f98b114 100644
--- a/server/main.go
+++ b/server/main.go
@@ -20,8 +20,8 @@ var (
 	prefix       = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path")
 	trillianID   = flag.Int64("trillian_id", 5991359069696313945, "log identifier in the Trillian database")
 	rpcDeadline  = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests")
-	anchorPath   = flag.String("anchor_path", "testdata/x509/root.pem", "path to a file containing PEM-encoded X.509 root certificates")
-	keyPath      = flag.String("key_path", "testdata/log/private.key", "path to a PEM-encoded ed25519 signing key")
+	anchorPath   = flag.String("anchor_path", "../x509util/testdata/anchors.pem", "path to a file containing PEM-encoded X.509 root certificates")
+	keyPath      = flag.String("key_path", "../x509util/testdata/log.key", "path to a PEM-encoded ed25519 signing key")
 	maxRange     = flag.Int64("max_range", 2, "maximum number of entries that can be retrived in a single request")
 	maxChain     = flag.Int64("max_chain", 3, "maximum number of certificates in a chain, including the trust anchor")
 )
diff --git a/server/testdata/cmd/config b/server/testdata/cmd/config
deleted file mode 100644
index 8138319..0000000
--- a/server/testdata/cmd/config
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-export base_url='localhost:6965/st/v1'
-
-function info() {
-	echo "[Info] $@" 1>&2
-}
-
-function newline() {
-	echo ""
-}
diff --git a/server/testdata/cmd/get-anchors b/server/testdata/cmd/get-anchors
deleted file mode 100755
index def3595..0000000
--- a/server/testdata/cmd/get-anchors
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-source config
-
-info "downloading trust anchors"
-curl -G $base_url/get-anchors
-newline
diff --git a/server/testdata/cmd/get-consistency-proof b/server/testdata/cmd/get-consistency-proof
deleted file mode 100755
index 206cb4c..0000000
--- a/server/testdata/cmd/get-consistency-proof
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-source config
-
-first="1"
-second="2"
-if [[ ! -z $1 ]] && [[ ! -z $2 ]]; then
-	first=$1
-	second=$2
-fi
-
-info "sending get-consistency-proof request"
-curl -G -d "first=$first" -d "second=$second" $base_url/get-consistency-proof
-newline
diff --git a/server/testdata/cmd/get-entries b/server/testdata/cmd/get-entries
deleted file mode 100755
index b0075ab..0000000
--- a/server/testdata/cmd/get-entries
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-source config
-
-first=0
-second=0
-if [[ ! -z $1 ]] && [[ ! -z $2 ]]; then
-	first=$1
-	second=$2
-fi
-
-info "downloading entries [$first, $second]"
-curl -G -d "start=$first" -d "end=$second" $base_url/get-entries
-newline
diff --git a/server/testdata/cmd/get-proof-by-hash b/server/testdata/cmd/get-proof-by-hash
deleted file mode 100755
index 9d3221e..0000000
--- a/server/testdata/cmd/get-proof-by-hash
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-source config
-
-tree_size=2
-hash_b64="Fl5eY9cAOz9A9c9j3Uibia3YfBxeGH5KQJg5BMIqNrA="
-if [[ ! -z $1 ]] && [[ ! -z $2 ]]; then
-	tree_size=$1
-	hash_b64=$2
-fi
-
-info "fetching proof($hash_b64) against size $tree_size"
-curl -G -d "tree_size=$tree_size" -d "hash=$hash_b64" $base_url/get-proof-by-hash
-newline
diff --git a/server/testdata/cmd/get-sth b/server/testdata/cmd/get-sth
deleted file mode 100755
index e5881a9..0000000
--- a/server/testdata/cmd/get-sth
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-source config
-
-info "fetching signed tree head"
-curl -G $base_url/get-sth
-newline
diff --git a/server/testdata/x509/.rand b/server/testdata/x509/.rand
deleted file mode 100644
index e69de29..0000000
--- a/server/testdata/x509/.rand
+++ /dev/null
diff --git a/server/testdata/x509/README.md b/x509util/testdata/README.md
index c9f03de..c9f03de 100644
--- a/server/testdata/x509/README.md
+++ b/x509util/testdata/README.md
diff --git a/x509util/testdata/anchors.pem b/x509util/testdata/anchors.pem
new file mode 100644
index 0000000..c71feaa
--- /dev/null
+++ b/x509util/testdata/anchors.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ
+BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
+MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
+DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD
+VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
+MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
+CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB
+uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW
+gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8
+NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAa+gAwIBAgIUCFGFq5zAkH03LQ2fpAamPhGd8FgwBQYDK2VwMGwxCzAJ
+BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
+MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
+DQEJARYCTkEwHhcNMjAxMTE3MTgxNTQyWhcNMzIwMjA0MTgxNTQyWjBsMQswCQYD
+VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
+MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
+CQEWAk5BMCowBQYDK2VwAyEAFOG1Lof1UiV2mYsM17EopyVCR87qRrNW9YHP0biu
+pOyjYzBhMB0GA1UdDgQWBBQeeImH1qUrWk+pq3YOkwI8bWdEuTAfBgNVHSMEGDAW
+gBQeeImH1qUrWk+pq3YOkwI8bWdEuTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIChDAFBgMrZXADQQDP4IQePN5Krr7jn+RM8AbF+c4fXgamA1XDHVIfXy/n
+MexxZMsuSCSDq5XM5GMImffmBXA1dNJ6ytfJi668C+kF
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/ca.conf b/x509util/testdata/ca.conf
index 7889331..7889331 100644
--- a/server/testdata/x509/ca.conf
+++ b/x509util/testdata/ca.conf
diff --git a/server/testdata/x509/chain.pem b/x509util/testdata/chain.pem
index 0ac66a0..0ac66a0 100644
--- a/server/testdata/x509/chain.pem
+++ b/x509util/testdata/chain.pem
diff --git a/x509util/testdata/chain2.pem b/x509util/testdata/chain2.pem
new file mode 100644
index 0000000..6ca2131
--- /dev/null
+++ b/x509util/testdata/chain2.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIBbDCCAR4CFC4G5ep2NoHAmvFkmFID7y4U/BryMAUGAytlcDBsMQswCQYDVQQG
+EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
+A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
+Ak5BMB4XDTIwMTEyNTIxNTkwM1oXDTMyMDIxMjIxNTkwM1owRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAqMAUGAytlcAMhAKwG0O/Ql+L6O8aq8BZ+KOdJmVLdcnOmMENR
+H7O84kVFMAUGAytlcANBAJIUg3wQ5AvhOaITYB/9rT5cm5dcklOdEIwAqvmSOEXf
+vgCpSAz29bnKYJmjwp6mkXx3f31h39G41zr2wRjKnw8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
+DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
+A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTI1
+MjE1NzU1WhcNMzIwMjEyMjE1NzU1WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
+TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
+BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
+DD23ESkuIKaCkU6xCncIwvD12w4ETBgAiHAubr/wDwujZjBkMB0GA1UdDgQWBBSy
+uua2yvX+VM9JBc19GQisnLnH5zAfBgNVHSMEGDAWgBQeeImH1qUrWk+pq3YOkwI8
+bWdEuTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
+QQCoQvs8gPHZOH6VIuUGCcXVzf8D5+F6GZSoxMF880yYbdbUBVwwbJLFazwEn0uC
+PwMBM9nZj3g1ZSH8uP2sEo0F
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/end-entity.key b/x509util/testdata/end-entity.key
index da83f09..da83f09 100644
--- a/server/testdata/x509/end-entity.key
+++ b/x509util/testdata/end-entity.key
diff --git a/server/testdata/x509/end-entity.pem b/x509util/testdata/end-entity.pem
index 52b99f6..52b99f6 100644
--- a/server/testdata/x509/end-entity.pem
+++ b/x509util/testdata/end-entity.pem
diff --git a/server/testdata/x509/end-entity2.key b/x509util/testdata/end-entity2.key
index 4758b40..4758b40 100644
--- a/server/testdata/x509/end-entity2.key
+++ b/x509util/testdata/end-entity2.key
diff --git a/server/testdata/x509/end-entity2.pem b/x509util/testdata/end-entity2.pem
index f1d41fc..f1d41fc 100644
--- a/server/testdata/x509/end-entity2.pem
+++ b/x509util/testdata/end-entity2.pem
diff --git a/server/testdata/x509/intermediate.key b/x509util/testdata/intermediate.key
index 26721e4..26721e4 100644
--- a/server/testdata/x509/intermediate.key
+++ b/x509util/testdata/intermediate.key
diff --git a/server/testdata/x509/intermediate.pem b/x509util/testdata/intermediate.pem
index 0f893b8..0f893b8 100644
--- a/server/testdata/x509/intermediate.pem
+++ b/x509util/testdata/intermediate.pem
diff --git a/server/testdata/x509/intermediate2.key b/x509util/testdata/intermediate2.key
index 487627e..487627e 100644
--- a/server/testdata/x509/intermediate2.key
+++ b/x509util/testdata/intermediate2.key
diff --git a/server/testdata/x509/intermediate2.pem b/x509util/testdata/intermediate2.pem
index 854785c..854785c 100644
--- a/server/testdata/x509/intermediate2.pem
+++ b/x509util/testdata/intermediate2.pem
diff --git a/server/testdata/log/private.key b/x509util/testdata/log.key
index ffc5df4..ffc5df4 100644
--- a/server/testdata/log/private.key
+++ b/x509util/testdata/log.key
diff --git a/server/testdata/x509/root.key b/x509util/testdata/root.key
index c2dd558..c2dd558 100644
--- a/server/testdata/x509/root.key
+++ b/x509util/testdata/root.key
diff --git a/server/testdata/x509/root.pem b/x509util/testdata/root.pem
index 1fc802b..1fc802b 100644
--- a/server/testdata/x509/root.pem
+++ b/x509util/testdata/root.pem
diff --git a/server/testdata/x509/root2.key b/x509util/testdata/root2.key
index df8b7af..df8b7af 100644
--- a/server/testdata/x509/root2.key
+++ b/x509util/testdata/root2.key
diff --git a/server/testdata/x509/root2.pem b/x509util/testdata/root2.pem
index d0b131c..d0b131c 100644
--- a/server/testdata/x509/root2.pem
+++ b/x509util/testdata/root2.pem