Test Cypress in Chrome 80, FF 72, Debian 10 (#6428)

* update docker image to chrome 80 and firefox 72 image * Use image with compatible 12.8.1 Node version * update docker script * improve debug logging of launched browser * run tests with correct color depth * force run with new cache version * revert docker image * Revert "revert docker image" This reverts commit 93d03446cc. * update gitignore * generate 2048-bit keys * add script to regenerate certs, if we need to do this again * update certs (ran regenerate-certs.sh) * copy, don't symlink - won't work on win anyways * reregen * cleanup * don't use https-pem, it's too smol see https://github.com/watson/https-pem/issues/3 * decaffeinate: Rename ca.coffee and 11 other files from .coffee to .js * decaffeinate: Convert ca.coffee and 11 other files to JS * decaffeinate: Run post-processing cleanups on ca.coffee and 11 other files * https-proxy decaf cleanup * wip: ca_version * add versioning for CA store * add regenerate:certs script * add timings to ca_spec * unneeded patch-package * fix yarn.lock Co-authored-by: Zach Bloomquist <github@chary.us>
2026-05-03 13:30:26 -05:00 · 2020-03-04 03:55:02 +06:30
parent a4b11e1928
commit 7eed6ad581
20 changed files with 285 additions and 150 deletions
@@ -1,25 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIJALopHKFY/15aMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV
-BAYTAlVTMQ0wCwYDVQQIEwRVdGFoMQ4wDAYDVQQHEwVQcm92bzEjMCEGA1UEChMa
-QUNNRSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t
-MB4XDTE2MDYwODE3MTExOVoXDTE5MDMyOTE3MTExOVowZzELMAkGA1UEBhMCVVMx
-DTALBgNVBAgTBFV0YWgxDjAMBgNVBAcTBVByb3ZvMSMwIQYDVQQKExpBQ01FIFNp
-Z25pbmcgQXV0aG9yaXR5IEluYzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG/vgku+Ugjy+BtPMGyhoOk89Ef6Cp
-KintiwE4JI1LkaGJj2cJLBW7qll5fjSXOYbYVsEA5naa7hSfcIjUVidrsGSeDiLd
-vOc2Vz/Dl163R384TgPBnfQ/OVI5r43/Kjkr2jWXOhvCGIbF1BBSz3aNNBFTgEy8
-HkFwrxISzInt/GMpXn4eVDPIQpT1SoWNF301vANDPdni51W8ftsMtyKpCWFEsLHA
-2bznrz2Mzb0BL+FvnrCmyPNTNHlYDZZ4mzUDXs77eO1sWhfM9J8B2tY1TrUwUEjy
-Ggf1PX9tZr2VLCoEvFRZu6lxbQlVhdkE3ioXQLV83hDn9pUtYbkDD60lAgMBAAGj
-gcwwgckwHQYDVR0OBBYEFK7xCs6E4Vt/O4KwbJgOHN/pCQT/MIGZBgNVHSMEgZEw
-gY6AFK7xCs6E4Vt/O4KwbJgOHN/pCQT/oWukaTBnMQswCQYDVQQGEwJVUzENMAsG
-A1UECBMEVXRhaDEOMAwGA1UEBxMFUHJvdm8xIzAhBgNVBAoTGkFDTUUgU2lnbmlu
-ZyBBdXRob3JpdHkgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbYIJALopHKFY/15a
-MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAH7EVGG1sxYH0QHbArxu
-WIqzz79K5egLdnfrvvah/dDcqsJEH7BZSNeIWlBIs47ofVY4xUM/r4hL1TKgIrwq
-IsKeRql02gNxQPZV7iudGuOBp41cmIxvM+cQsxWmK3Ja/Tf1tE0nsm2L7J+a7ktJ
-cHJ5yzJA4gY5pVby/TvHzJ5R2BZwd5B+EVRStgxG2Yt4YvvlcDXCxIMzrFYUCmDf
-AHo7KXsyA/R2mtihSvZEudivbxBt01wKvcAEMeUOsLuEZgSdqFmk3npIhOyHpPSM
-pHM22Lf0jvz4WeCmgzB0ZinQh1k+E4kxMqP9g+R2dhlZITwL/z5TUdy90fh/iOzD
-4ek=
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIQxHqMbWiiVO/Qhhr4qxKQJjANBgkqhkiG9w0BAQsFADB0
+MRcwFQYDVQQDEw5DeXByZXNzUHJveHlDQTERMA8GA1UEBhMISW50ZXJuZXQxETAP
+BgNVBAgTCEludGVybmV0MREwDwYDVQQHEwhJbnRlcm5ldDETMBEGA1UEChMKQ3lw
+cmVzcy5pbzELMAkGA1UECxMCQ0EwHhcNMjAwMjE5MTk1MzM1WhcNMzAwMjE5MTk1
+MzM1WjB0MRcwFQYDVQQDEw5DeXByZXNzUHJveHlDQTERMA8GA1UEBhMISW50ZXJu
+ZXQxETAPBgNVBAgTCEludGVybmV0MREwDwYDVQQHEwhJbnRlcm5ldDETMBEGA1UE
+ChMKQ3lwcmVzcy5pbzELMAkGA1UECxMCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDI0XAGVItp0zBAbY1697fttxw9uMhaVAR7HCB7jEFaT0RKiYjQ
+xWHf042yPv0MRyjbofzCdkKwmkbDrwOWE1FxPUKhUabsJnIiuY7wmVlXvuEwrola
+HVYT5b3XkwaRbjD0f1obB2fas2qcCMXGZaeGZqxY67w/QhfoB0SWaE0UyKWkt1Ec
+7YgIRn+d12FrL5lDHCUkjifPd53M8B9+d3usVzc0t4XodeerVPx9mW+B/ULQ1Hiw
+QDzG7d6OpJrt3Wk7ibaJCBobhuDSMEXPPhxwDS+YEaH0D5Wh8pzmHpduMD1i3/jg
+xq6Si8jchIPZRE0jBX0Fe+NCjXZswQV2GFdlAgMBAAGjgY0wgYowDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAvQwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMC
+BggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMBEGCWCGSAGG+EIBAQQEAwIA
+9zAdBgNVHQ4EFgQUiw3dB0uxjFLp7MqHN1IHF+MHt6kwDQYJKoZIhvcNAQELBQAD
+ggEBAIRyfZZqjUTtUFKDgqD1MUn2UvsCAePFDw6aafkfo4Kk2V69XHPP3lxEhnpu
+ff0COh5p3D9SHMfAWFmj4PH0+R4H+zIfyA0F1KzO6B+cn4JSaQtF0HrWDOtz4KH5
+CwddoBTt6LSawAb1eaxn3Rk19KD7dS/3tjY2sAHMSJgbnsbxVnQhMVTBBy3Llgd3
+I6vomUuXp8rHLVz8KgfSVzU/iPJhPkxxqDdKoBvL7k+2GUcSFBkltZXDXnSP/q3F
+8N6NyRta0mg/xsi5lvx0s5XeCLQpxJAzijaqelGt7mYwctNaLyO1CCPr3j0fjG+y
+FsmO0zl5SGzyLe044FmFjcqnaW4=
+-----END CERTIFICATE-----
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxv74JLvlII8vgbTzBsoaDpPPRH+gqSop7YsBOCSNS5GhiY9n
-CSwVu6pZeX40lzmG2FbBAOZ2mu4Un3CI1FYna7Bkng4i3bznNlc/w5det0d/OE4D
-wZ30PzlSOa+N/yo5K9o1lzobwhiGxdQQUs92jTQRU4BMvB5BcK8SEsyJ7fxjKV5+
-HlQzyEKU9UqFjRd9NbwDQz3Z4udVvH7bDLciqQlhRLCxwNm85689jM29AS/hb56w
-psjzUzR5WA2WeJs1A17O+3jtbFoXzPSfAdrWNU61MFBI8hoH9T1/bWa9lSwqBLxU
-WbupcW0JVYXZBN4qF0C1fN4Q5/aVLWG5Aw+tJQIDAQABAoIBAH9KpezJjH3RWfA8
-kaDsMtLUVidZBKpxYDSlUHhbWU7Xr19RLfW+D4DmLSn8QyPhFpLYm8k5ovDkDqkW
-0VASdFD8msBIBqGUrsoh8ZXqBBp1T7nynZCCu7SdtC1WURzCI6Qbh2BfOVZlXgC5
-8F8oeotEnTiuv2cua2nrc0I3OJvUT2AFblIPaCiKeUA6GEQNbe1SbD1VWhfyIMgL
-59rUNtsq/NI2lS8Be52r5cE/KeEEi5+8p3hXPo0VcmHCU1Oyffidwr9bPcseCTjy
-aKnzn/8FMmGlVGJ/rJNsuX68a1SQVbECc5ulb9+P9kMOztGAu/gaZJcrJdD8YFTa
-8gKfDNkCgYEA7ns4+pqguqbZjpPu9ncKI+0exm9gU78AIdHY5hUifkfr2ynaQfu8
-WlJOtta9K8jUI2N9jN/4ysSxoFUpsGoY7QKpgMF58JH4+HAGUJhUR4xsXu+P2tt+
-vunWL5LngzreIzxPObqs/83shE+WxkzhHybu1A5Z55yS/VqmHF2gGFcCgYEA1Z0z
-tA16t6Akb+XQN0wMYlEZp9195gFvri5zlydCqDfS1yf+rsF4oDQ8j90zyHvL/VWQ
-wrmLlpuBhQz5VpztemlzLNp2/LdtJoBv0SbgbAgN0cWMD1C0R3M7XQXH65WHR7yK
-urX2eKhmh/XXtclxm7ubC55edyouJwby0oJHqOMCgYEAlD6O/eFPFpgPVz0IZ7c5
-23lUDyA+7fAmQd+zh9sNdRh6OeO7ZBb7T94oRioYr/YIQPNgoUi83DcG/9bQsnRR
-iEuGWJ5skan77Vud4U2/3jYhS6Z5cx/Mmxq65RnZxk66tYaQ7R7o2Z8Fbn4XCK/T
-pUzLW5CMPJitGsbVyX49vcMCgYEAl1bTjanLGpNDnV9lH/gqAfHRSmOa0byMwgu4
-6wrup709DCASyP7bFi1MBuTBzjUe9bGMaNkJsz8jCP+DG0D84rAY4Fs615qgoxl1
-nul7MC6Yk9jwfN1BjClwklwJIrgCaumCI/vMzfkJAyRCmlFIwvusQhQGe0iQAChl
-Go0gdd8CgYAtMQlL6jJn9JpI3o6vZoFoTfGcMId7T8/VSPZ5qMyptP9lh/xDU8QN
-y92AqG6nYxMY9CRRW1aP0HJRxu/BwKLF6QBid9efntYcT53GUoAqIyiwyjpIzlv2
-F9RZj0L64mcmJTFvI+kvKrAeZVdUK/Q5OJyTHtOyA9o30LOBWibJ9A==
-----END RSA PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyNFwBlSLadMwQG2Neve37bccPbjIWlQEexwge4xBWk9ESomI
+0MVh39ONsj79DEco26H8wnZCsJpGw68DlhNRcT1CoVGm7CZyIrmO8JlZV77hMK6J
+Wh1WE+W915MGkW4w9H9aGwdn2rNqnAjFxmWnhmasWOu8P0IX6AdElmhNFMilpLdR
+HO2ICEZ/nddhay+ZQxwlJI4nz3edzPAffnd7rFc3NLeF6HXnq1T8fZlvgf1C0NR4
+sEA8xu3ejqSa7d1pO4m2iQgaG4bg0jBFzz4ccA0vmBGh9A+VofKc5h6XbjA9Yt/4
+4MaukovI3ISD2URNIwV9BXvjQo12bMEFdhhXZQIDAQABAoIBAFFBnYiSMQ8S6xVG
+vtag4YWIcB7xY/BYyq9dxC75o3/9Tu6yE/AVzfKZUV5sakvLh1bHhtTQsU9wPW30
+pQjWrD+bwBgyR86KB+jRGGt2QVZl4Ayost8Ju8i1T0mpLiEuaxSjazxAlN9DdcHJ
+Mu2COHUDmn0odbVK8w1p03Dgpz/e8NnyG/D/LIGuxetEFQATXpB+YbpxTpZ1q1G2
+r3ep5pOdaO13FchoJ3c5XfJBgz9zxZ0z5Lp51/+oYWLTLT16MPSC2xvV5B9BiB+y
+k81RSXd8A1z80mpEjklBG3dVCY71PXD83maVFpfjBPcwQGjrA1ntLSDQRbO9Tc2b
+56OMVEECgYEA4u97pvH+kl5g7+m003EQvAuPN+7AXHQgubxGUsrIDJ2SuE3X8mI1
+/O4VV6sAyzwjSWrV7CgO2B0KMseTNtM2QY3GrU+gXdzuDXKldDeLvWv4dNdkSrp0
+i/VbzS8WyTxaOnw6nNu5k+tp1C3gsMWjCaiK5jB6zk8YbIa7cGYDRt0CgYEA4oml
+fbEIle2YpL+kbzzdDrkdbD8ZpOXyTNqGTP9vbTpnKEeCCbsOgoq7Viq9qMMg/yl4
+OfMc9g4SscBX69ScPfP3XQgzH1btjbf72bjbVZsNbEvJcGk1eWjJWhG7oNJfDZhe
+qSi3oxwfEhri2Tl6fcJWOQQtt1QBRkPDYjY3FikCgYEAgQfnx7mKpJCTD3ZTgXGl
+MTZlXUkcCLVishix53szGbEybiacpU1gIwsACZPKZMQx0Bm1vovcPNbuKIc/Vgnr
+rIQ/NeWzagsnM3A/UQAQLUjJwS2C8dZoU/fTFawziYIOT3i5Htzz/H3681COlBQb
+qm8xYsan3MwuN+63fqYSMOUCgYEAz521JPe91aJ2de8JZcVTF25Cb/V4rC7uHM9d
+rG2iEmonJrw6im58AtngjT0IqwWCVTgNbpbH4R3OtkeAjKtDMmhIOWQNblh9yJdo
+4wZPRiqfZ7Qhfrt9fbKybrC309FZuhz+DGw7uOpJ847efpT2FRGpcgHJYC5GKL5r
+77OeUtkCgYB54h1MUcDE+KErG+N0IMjvaSEeXuZiWHW03tVsKXzSvpTGZpeQFYbn
+rVOukS8gvzamBvu+omtmjlfsgwN/lHEAoQVuZI69ow/67A2fiPuNuP1KWZW+UrSO
+OvJ1VmJKuVHarOzuLqXKnm6vCVd2FHlyzuUKG8C4ad8fTIRJk8LRlw==
+-----END RSA PRIVATE KEY-----
@@ -1 +0,0 @@
-AA71608ABEAE0A1B
@@ -1,25 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIJALopHKFY/15aMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV
-BAYTAlVTMQ0wCwYDVQQIEwRVdGFoMQ4wDAYDVQQHEwVQcm92bzEjMCEGA1UEChMa
-QUNNRSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t
-MB4XDTE2MDYwODE3MTExOVoXDTE5MDMyOTE3MTExOVowZzELMAkGA1UEBhMCVVMx
-DTALBgNVBAgTBFV0YWgxDjAMBgNVBAcTBVByb3ZvMSMwIQYDVQQKExpBQ01FIFNp
-Z25pbmcgQXV0aG9yaXR5IEluYzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG/vgku+Ugjy+BtPMGyhoOk89Ef6Cp
-KintiwE4JI1LkaGJj2cJLBW7qll5fjSXOYbYVsEA5naa7hSfcIjUVidrsGSeDiLd
-vOc2Vz/Dl163R384TgPBnfQ/OVI5r43/Kjkr2jWXOhvCGIbF1BBSz3aNNBFTgEy8
-HkFwrxISzInt/GMpXn4eVDPIQpT1SoWNF301vANDPdni51W8ftsMtyKpCWFEsLHA
-2bznrz2Mzb0BL+FvnrCmyPNTNHlYDZZ4mzUDXs77eO1sWhfM9J8B2tY1TrUwUEjy
-Ggf1PX9tZr2VLCoEvFRZu6lxbQlVhdkE3ioXQLV83hDn9pUtYbkDD60lAgMBAAGj
-gcwwgckwHQYDVR0OBBYEFK7xCs6E4Vt/O4KwbJgOHN/pCQT/MIGZBgNVHSMEgZEw
-gY6AFK7xCs6E4Vt/O4KwbJgOHN/pCQT/oWukaTBnMQswCQYDVQQGEwJVUzENMAsG
-A1UECBMEVXRhaDEOMAwGA1UEBxMFUHJvdm8xIzAhBgNVBAoTGkFDTUUgU2lnbmlu
-ZyBBdXRob3JpdHkgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbYIJALopHKFY/15a
-MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAH7EVGG1sxYH0QHbArxu
-WIqzz79K5egLdnfrvvah/dDcqsJEH7BZSNeIWlBIs47ofVY4xUM/r4hL1TKgIrwq
-IsKeRql02gNxQPZV7iudGuOBp41cmIxvM+cQsxWmK3Ja/Tf1tE0nsm2L7J+a7ktJ
-cHJ5yzJA4gY5pVby/TvHzJ5R2BZwd5B+EVRStgxG2Yt4YvvlcDXCxIMzrFYUCmDf
-AHo7KXsyA/R2mtihSvZEudivbxBt01wKvcAEMeUOsLuEZgSdqFmk3npIhOyHpPSM
-pHM22Lf0jvz4WeCmgzB0ZinQh1k+E4kxMqP9g+R2dhlZITwL/z5TUdy90fh/iOzD
-4ek=
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIQxHqMbWiiVO/Qhhr4qxKQJjANBgkqhkiG9w0BAQsFADB0
+MRcwFQYDVQQDEw5DeXByZXNzUHJveHlDQTERMA8GA1UEBhMISW50ZXJuZXQxETAP
+BgNVBAgTCEludGVybmV0MREwDwYDVQQHEwhJbnRlcm5ldDETMBEGA1UEChMKQ3lw
+cmVzcy5pbzELMAkGA1UECxMCQ0EwHhcNMjAwMjE5MTk1MzM1WhcNMzAwMjE5MTk1
+MzM1WjB0MRcwFQYDVQQDEw5DeXByZXNzUHJveHlDQTERMA8GA1UEBhMISW50ZXJu
+ZXQxETAPBgNVBAgTCEludGVybmV0MREwDwYDVQQHEwhJbnRlcm5ldDETMBEGA1UE
+ChMKQ3lwcmVzcy5pbzELMAkGA1UECxMCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDI0XAGVItp0zBAbY1697fttxw9uMhaVAR7HCB7jEFaT0RKiYjQ
+xWHf042yPv0MRyjbofzCdkKwmkbDrwOWE1FxPUKhUabsJnIiuY7wmVlXvuEwrola
+HVYT5b3XkwaRbjD0f1obB2fas2qcCMXGZaeGZqxY67w/QhfoB0SWaE0UyKWkt1Ec
+7YgIRn+d12FrL5lDHCUkjifPd53M8B9+d3usVzc0t4XodeerVPx9mW+B/ULQ1Hiw
+QDzG7d6OpJrt3Wk7ibaJCBobhuDSMEXPPhxwDS+YEaH0D5Wh8pzmHpduMD1i3/jg
+xq6Si8jchIPZRE0jBX0Fe+NCjXZswQV2GFdlAgMBAAGjgY0wgYowDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAvQwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMC
+BggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMBEGCWCGSAGG+EIBAQQEAwIA
+9zAdBgNVHQ4EFgQUiw3dB0uxjFLp7MqHN1IHF+MHt6kwDQYJKoZIhvcNAQELBQAD
+ggEBAIRyfZZqjUTtUFKDgqD1MUn2UvsCAePFDw6aafkfo4Kk2V69XHPP3lxEhnpu
+ff0COh5p3D9SHMfAWFmj4PH0+R4H+zIfyA0F1KzO6B+cn4JSaQtF0HrWDOtz4KH5
+CwddoBTt6LSawAb1eaxn3Rk19KD7dS/3tjY2sAHMSJgbnsbxVnQhMVTBBy3Llgd3
+I6vomUuXp8rHLVz8KgfSVzU/iPJhPkxxqDdKoBvL7k+2GUcSFBkltZXDXnSP/q3F
+8N6NyRta0mg/xsi5lvx0s5XeCLQpxJAzijaqelGt7mYwctNaLyO1CCPr3j0fjG+y
+FsmO0zl5SGzyLe044FmFjcqnaW4=
+-----END CERTIFICATE-----
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+# this script will take the CA cert from @packages/https-proxy/ca
+# and regenerate all the certs in this directory from it
+
+# folders:
+#   ca contains a mock CA
+#   client contains public info that a client would have
+#   server contains private info that a server would have
+
+CA_PATH=../../../ca
+
+rm -rf $CA_PATH
+
+# ensure regular root CA exists
+node -r "@packages/coffee/register" -e "require('@packages/https-proxy/lib/ca').create('$CA_PATH')"
+
+echo "remove and relink test CA pems"
+for f in ca client server
+do
+  rm -f $f/my-root-ca.crt.pem
+  cp $CA_PATH/certs/ca.pem $f/my-root-ca.crt.pem
+done
+
+echo "remove and relink test CA key"
+rm -f ca/my-root-ca.key.pem
+cp $CA_PATH/keys/ca.private.key ca/my-root-ca.key.pem
+
+echo "reuse existing key and crt to generate a new server csr"
+openssl x509 -in server/my-server.crt.pem -signkey server/my-server.key.pem -x509toreq -out server/my-server.csr
+rm -f server/my-server.crt.pem ca/*.srl
+
+echo "now use that CSR with the CA to sign a new certificate"
+openssl x509 -req -in server/my-server.csr -CA ca/my-root-ca.crt.pem -CAkey ca/my-root-ca.key.pem -CAcreateserial -out server/my-server.crt.pem
+
+echo "get rid of CSR, we don't need it"
+rm -f server/my-server.csr
+
+echo "regenerate public key"
+rm -f client/my-server.pub
+openssl rsa -in server/my-server.key.pem -pubout -out client/my-server.pub
@@ -1,25 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIJALopHKFY/15aMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV
-BAYTAlVTMQ0wCwYDVQQIEwRVdGFoMQ4wDAYDVQQHEwVQcm92bzEjMCEGA1UEChMa
-QUNNRSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t
-MB4XDTE2MDYwODE3MTExOVoXDTE5MDMyOTE3MTExOVowZzELMAkGA1UEBhMCVVMx
-DTALBgNVBAgTBFV0YWgxDjAMBgNVBAcTBVByb3ZvMSMwIQYDVQQKExpBQ01FIFNp
-Z25pbmcgQXV0aG9yaXR5IEluYzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG/vgku+Ugjy+BtPMGyhoOk89Ef6Cp
-KintiwE4JI1LkaGJj2cJLBW7qll5fjSXOYbYVsEA5naa7hSfcIjUVidrsGSeDiLd
-vOc2Vz/Dl163R384TgPBnfQ/OVI5r43/Kjkr2jWXOhvCGIbF1BBSz3aNNBFTgEy8
-HkFwrxISzInt/GMpXn4eVDPIQpT1SoWNF301vANDPdni51W8ftsMtyKpCWFEsLHA
-2bznrz2Mzb0BL+FvnrCmyPNTNHlYDZZ4mzUDXs77eO1sWhfM9J8B2tY1TrUwUEjy
-Ggf1PX9tZr2VLCoEvFRZu6lxbQlVhdkE3ioXQLV83hDn9pUtYbkDD60lAgMBAAGj
-gcwwgckwHQYDVR0OBBYEFK7xCs6E4Vt/O4KwbJgOHN/pCQT/MIGZBgNVHSMEgZEw
-gY6AFK7xCs6E4Vt/O4KwbJgOHN/pCQT/oWukaTBnMQswCQYDVQQGEwJVUzENMAsG
-A1UECBMEVXRhaDEOMAwGA1UEBxMFUHJvdm8xIzAhBgNVBAoTGkFDTUUgU2lnbmlu
-ZyBBdXRob3JpdHkgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbYIJALopHKFY/15a
-MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAH7EVGG1sxYH0QHbArxu
-WIqzz79K5egLdnfrvvah/dDcqsJEH7BZSNeIWlBIs47ofVY4xUM/r4hL1TKgIrwq
-IsKeRql02gNxQPZV7iudGuOBp41cmIxvM+cQsxWmK3Ja/Tf1tE0nsm2L7J+a7ktJ
-cHJ5yzJA4gY5pVby/TvHzJ5R2BZwd5B+EVRStgxG2Yt4YvvlcDXCxIMzrFYUCmDf
-AHo7KXsyA/R2mtihSvZEudivbxBt01wKvcAEMeUOsLuEZgSdqFmk3npIhOyHpPSM
-pHM22Lf0jvz4WeCmgzB0ZinQh1k+E4kxMqP9g+R2dhlZITwL/z5TUdy90fh/iOzD
-4ek=
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIQxHqMbWiiVO/Qhhr4qxKQJjANBgkqhkiG9w0BAQsFADB0
+MRcwFQYDVQQDEw5DeXByZXNzUHJveHlDQTERMA8GA1UEBhMISW50ZXJuZXQxETAP
+BgNVBAgTCEludGVybmV0MREwDwYDVQQHEwhJbnRlcm5ldDETMBEGA1UEChMKQ3lw
+cmVzcy5pbzELMAkGA1UECxMCQ0EwHhcNMjAwMjE5MTk1MzM1WhcNMzAwMjE5MTk1
+MzM1WjB0MRcwFQYDVQQDEw5DeXByZXNzUHJveHlDQTERMA8GA1UEBhMISW50ZXJu
+ZXQxETAPBgNVBAgTCEludGVybmV0MREwDwYDVQQHEwhJbnRlcm5ldDETMBEGA1UE
+ChMKQ3lwcmVzcy5pbzELMAkGA1UECxMCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDI0XAGVItp0zBAbY1697fttxw9uMhaVAR7HCB7jEFaT0RKiYjQ
+xWHf042yPv0MRyjbofzCdkKwmkbDrwOWE1FxPUKhUabsJnIiuY7wmVlXvuEwrola
+HVYT5b3XkwaRbjD0f1obB2fas2qcCMXGZaeGZqxY67w/QhfoB0SWaE0UyKWkt1Ec
+7YgIRn+d12FrL5lDHCUkjifPd53M8B9+d3usVzc0t4XodeerVPx9mW+B/ULQ1Hiw
+QDzG7d6OpJrt3Wk7ibaJCBobhuDSMEXPPhxwDS+YEaH0D5Wh8pzmHpduMD1i3/jg
+xq6Si8jchIPZRE0jBX0Fe+NCjXZswQV2GFdlAgMBAAGjgY0wgYowDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAvQwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMC
+BggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMBEGCWCGSAGG+EIBAQQEAwIA
+9zAdBgNVHQ4EFgQUiw3dB0uxjFLp7MqHN1IHF+MHt6kwDQYJKoZIhvcNAQELBQAD
+ggEBAIRyfZZqjUTtUFKDgqD1MUn2UvsCAePFDw6aafkfo4Kk2V69XHPP3lxEhnpu
+ff0COh5p3D9SHMfAWFmj4PH0+R4H+zIfyA0F1KzO6B+cn4JSaQtF0HrWDOtz4KH5
+CwddoBTt6LSawAb1eaxn3Rk19KD7dS/3tjY2sAHMSJgbnsbxVnQhMVTBBy3Llgd3
+I6vomUuXp8rHLVz8KgfSVzU/iPJhPkxxqDdKoBvL7k+2GUcSFBkltZXDXnSP/q3F
+8N6NyRta0mg/xsi5lvx0s5XeCLQpxJAzijaqelGt7mYwctNaLyO1CCPr3j0fjG+y
+FsmO0zl5SGzyLe044FmFjcqnaW4=
+-----END CERTIFICATE-----
@@ -1,20 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDRjCCAi4CCQCqcWCKvq4KGzANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJV
-UzENMAsGA1UECBMEVXRhaDEOMAwGA1UEBxMFUHJvdm8xIzAhBgNVBAoTGkFDTUUg
-U2lnbmluZyBBdXRob3JpdHkgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbTAeFw0x
-NjA2MDgxNzExMTlaFw0xNzEwMjExNzExMTlaMGMxCzAJBgNVBAYTAlVTMQ0wCwYD
-VQQIEwRVdGFoMQ4wDAYDVQQHEwVQcm92bzEWMBQGA1UEChMNQUNNRSBUZWNoIElu
-YzEdMBsGA1UEAxMUbG9jYWwubGRzY29ubmVjdC5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDBAT7GdY1jcbzhHw+XrgpWVu8/ioXzPSOyAKNpmZBZ
-I8SBs8TBhjg1Rv9E5msiLDCj0dKmR8TGt8Qvad+W/rmYxGrJZUHk6BMV2ZBOlzSv
-5h5JL+tIcSDSf6HPcG6DDolk4V5oG8lDfHI9ADrbW3FqEirSQB+6bvtoBpfdoU46
-fn8hWNjefi7LapAYW/cmHSLHnCdWCso+V0rAE6Utie4pAkUmaBSHCLhwW6AAPque
-/L++kNq/XdRrspqFTq6wHItK/DaNOPBh5z3Cs3E0fu4KMRYB0ufCRVa7zTcS0u0W
-f0Db2TYtNv3pn/dew3DhQwCfU+1tWeWOAxCtYwU+oxHLAgMBAAEwDQYJKoZIhvcN
-AQEFBQADggEBAFmj6aJg1/euvIjfnr4oWoeLKEThPdZDCBwOMesDH3RiZyAQ+UOK
-kGIIQydgEKWazv8k4FzoPRDf1x1l7/iQofT7pxQgT8Mcv5LBAOPomG2tupaWy0b8
-B2t4EKFH6AoO6Id48mkWWVMgonVen4rzcPslBi9E92306lnPZEevi9lKT/+hllqX
-coCNhAuZ4eDS95e7gydPwdMY6P8Azx94buG6DFddSbtDppBy8sb+YOUCGLwwY8zy
-8JPlk0V2LJLBeFuMAwRb7nULh25x3p+EXbYF3vNvmMdVgLiwvOheCNCTfwkjyotk
-5+PqZrsL0ci+j0IfLHOBJBcBwjDCk1j7RR4=
+MIIDXjCCAkYCFH2GWLVnyyzmK8b9/0pw89/+/pqDMA0GCSqGSIb3DQEBCwUAMHQx
+FzAVBgNVBAMTDkN5cHJlc3NQcm94eUNBMREwDwYDVQQGEwhJbnRlcm5ldDERMA8G
+A1UECBMISW50ZXJuZXQxETAPBgNVBAcTCEludGVybmV0MRMwEQYDVQQKEwpDeXBy
+ZXNzLmlvMQswCQYDVQQLEwJDQTAeFw0yMDAyMTkxOTUzNTFaFw0yMDAzMjAxOTUz
+NTFaMGMxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMQ4wDAYDVQQHEwVQcm92
+bzEWMBQGA1UEChMNQUNNRSBUZWNoIEluYzEdMBsGA1UEAxMUbG9jYWwubGRzY29u
+bmVjdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBAT7GdY1j
+cbzhHw+XrgpWVu8/ioXzPSOyAKNpmZBZI8SBs8TBhjg1Rv9E5msiLDCj0dKmR8TG
+t8Qvad+W/rmYxGrJZUHk6BMV2ZBOlzSv5h5JL+tIcSDSf6HPcG6DDolk4V5oG8lD
+fHI9ADrbW3FqEirSQB+6bvtoBpfdoU46fn8hWNjefi7LapAYW/cmHSLHnCdWCso+
+V0rAE6Utie4pAkUmaBSHCLhwW6AAPque/L++kNq/XdRrspqFTq6wHItK/DaNOPBh
+5z3Cs3E0fu4KMRYB0ufCRVa7zTcS0u0Wf0Db2TYtNv3pn/dew3DhQwCfU+1tWeWO
+AxCtYwU+oxHLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACg6Vw8HqNRHjy7GRUr4
+V3tGhj8yEpCUeEjKzDtw/FB5K0luXUXV0ql4QiAxWHs57mB71Ovx9r7wUG4+qIBB
+qgPgIPnKAEFq/dwhMQKuTXkA51rGFEnG2Z6Ei+qbsLxPHO5+7+A8QP0ejSzgN+Gm
+MDuIymB//aTAYqM0TPqP5yuKTxT34d4wMhKOCD8SQXsNr/wvCAUDt4bAYdK0kpEE
+0G4UqogKov43LM+Jx5EUEQPJEk+zPGjC69ANZp9VNZiAr1RlRf8WK9G6SUBzCay3
+namBghp7izNRLQcHkc9zA1Ylt7Xx67ss297SxX3JuGK6oCTeKBdLzEhgMncrN2iA
+qY4=
 -----END CERTIFICATE-----
@@ -1,3 +1,4 @@
+/* eslint-disable no-console */
 const { expect } = require('../spec_helper')

 let fs = require('fs-extra')
@@ -15,7 +16,12 @@ describe('lib/ca', () => {

    return fs.ensureDirAsync(this.dir)
    .then(() => {
+      console.time('creating CA')
+
      return CA.create(this.dir)
+      .tap(() => {
+        console.timeEnd('creating CA')
+      })
    }).then((ca) => {
      this.ca = ca
    })
@@ -27,8 +33,11 @@ describe('lib/ca', () => {

  context('#generateServerCertificateKeys', () => {
    it('generates certs for each host', function () {
+      console.time('generating cert')
+
      return this.ca.generateServerCertificateKeys('www.cypress.io')
      .spread((certPem, keyPrivatePem) => {
+        console.timeEnd('generating cert')
        expect(certPem).to.include('-----BEGIN CERTIFICATE-----')

        expect(keyPrivatePem).to.include('-----BEGIN RSA PRIVATE KEY-----')
@@ -74,7 +83,7 @@ describe('lib/ca', () => {
    describe('existing CA folder', () => {
      beforeEach(function () {
        this.sandbox.spy(CA.prototype, 'loadCA')
-        this.sandbox.spy(CA.prototype, 'generateCA')
+        this.generateCA = this.sandbox.spy(CA.prototype, 'generateCA')

        return CA.create(this.dir)
        .then((ca2) => {
@@ -82,6 +91,55 @@ describe('lib/ca', () => {
        })
      })

+      describe('CA versioning', () => {
+        beforeEach(function () {
+          this.removeAll = this.sandbox.spy(CA.prototype, 'removeAll')
+        })
+
+        it('clears out CA folder with no ca_version.txt', function () {
+          expect(this.generateCA).to.not.be.called
+
+          return fs.remove(path.join(this.dir, 'ca_version.txt'))
+          .then(() => {
+            return CA.create(this.dir)
+          }).then(() => {
+            expect(this.removeAll).to.be.calledOnce
+            expect(this.generateCA).to.be.calledOnce
+          })
+        })
+
+        it('clears out CA folder with old ca_version', function () {
+          expect(this.generateCA).to.not.be.called
+
+          return fs.outputFile(path.join(this.dir, 'ca_version.txt'), '0')
+          .then(() => {
+            return CA.create(this.dir)
+          }).then(() => {
+            expect(this.removeAll).to.be.calledOnce
+            expect(this.generateCA).to.be.calledOnce
+          })
+        })
+
+        it('keeps CA folder with version of at least 1', function () {
+          expect(this.generateCA).to.not.be.called
+
+          return fs.outputFile(path.join(this.dir, 'ca_version.txt'), '1')
+          .then(() => {
+            return CA.create(this.dir)
+          }).then(() => {
+            expect(this.removeAll).to.not.be.called
+            expect(this.generateCA).to.not.be.called
+
+            return fs.outputFile(path.join(this.dir, 'ca_version.txt'), '100')
+          }).then(() => {
+            return CA.create(this.dir)
+          }).then(() => {
+            expect(this.removeAll).to.not.be.called
+            expect(this.generateCA).to.not.be.called
+          })
+        })
+      })
+
      it('calls loadCA and not generateCA', () => {
        expect(CA.prototype.loadCA).to.be.calledOnce