Remove testutil.TLSTestServerWithCert in favor of the testutil/tlsserver package

test/integration/securetls_fips_test.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 //go:build fips_strict
@@ -23,14 +23,14 @@ import (
 func TestFIPSCipherSuites_Parallel(t *testing.T) {
 	_ = testlib.IntegrationEnv(t)
 
-	server := tlsserver.TLSTestServer(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	Server, _ := tlsserver.TestServerIPv4(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// use the default fips config which contains a hard coded list of cipher suites
 		// that should be equal to the default list of fips cipher suites.
 		// assert that the client hello response has the same tls config as this test server.
 		tlsserver.AssertTLS(t, r, ptls.Default)
 	}), tlsserver.RecordTLSHello)
 
-	ca := tlsserver.TLSTestServerCA(server)
+	ca := tlsserver.TestServerIPv4CA(server)
 	pool, err := cert.NewPoolFromBytes(ca)
 	require.NoError(t, err)
 	// create a tls config that does not explicitly set cipher suites,

test/integration/securetls_test.go

@@ -23,7 +23,7 @@ import (
 func TestSecureTLSPinnipedCLIToKAS_Parallel(t *testing.T) {
 	_ = testlib.IntegrationEnv(t)
 
-	server := tlsserver.TLSTestServer(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	server, serverCA := tlsserver.TestServerIPv4(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// pinniped CLI uses ptls.Secure when talking to KAS
 		// in FIPS mode the distinction doesn't matter much because
 		// each of the configs is a wrapper for the same base FIPS config
@@ -33,15 +33,13 @@ func TestSecureTLSPinnipedCLIToKAS_Parallel(t *testing.T) {
 			`"status":{"credential":{"token":"some-fancy-token"}}}`)
 	}), tlsserver.RecordTLSHello)
 
-	ca := tlsserver.TLSTestServerCA(server)
-
 	pinnipedExe := testlib.PinnipedCLIPath(t)
 
 	stdout, stderr := runPinnipedCLI(t, nil, pinnipedExe, "login", "static",
 		"--token", "does-not-matter",
 		"--concierge-authenticator-type", "webhook",
 		"--concierge-authenticator-name", "does-not-matter",
-		"--concierge-ca-bundle-data", base64.StdEncoding.EncodeToString(ca),
+		"--concierge-ca-bundle-data", base64.StdEncoding.EncodeToString(serverCA),
 		"--concierge-endpoint", server.URL,
 		"--enable-concierge",
 		"--credential-cache", "",
@@ -57,7 +55,7 @@ func TestSecureTLSPinnipedCLIToKAS_Parallel(t *testing.T) {
 func TestSecureTLSPinnipedCLIToSupervisor_Parallel(t *testing.T) {
 	_ = testlib.IntegrationEnv(t)
 
-	server := tlsserver.TLSTestServer(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	server, serverCA := tlsserver.TestServerIPv4(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// pinniped CLI uses ptls.Default when talking to supervisor
 		// in FIPS mode the distinction doesn't matter much because
 		// each of the configs is a wrapper for the same base FIPS config
@@ -66,12 +64,10 @@ func TestSecureTLSPinnipedCLIToSupervisor_Parallel(t *testing.T) {
 		fmt.Fprint(w, `{"issuer":"https://not-a-good-issuer"}`)
 	}), tlsserver.RecordTLSHello)
 
-	ca := tlsserver.TLSTestServerCA(server)
-
 	pinnipedExe := testlib.PinnipedCLIPath(t)
 
 	stdout, stderr := runPinnipedCLI(&fakeT{T: t}, nil, pinnipedExe, "login", "oidc",
-		"--ca-bundle-data", base64.StdEncoding.EncodeToString(ca),
+		"--ca-bundle-data", base64.StdEncoding.EncodeToString(serverCA),
 		"--issuer", server.URL,
 		"--credential-cache", "",
 		"--upstream-identity-provider-flow", "cli_password",