Merge "Remove PKI/PKIZ support"

author: Zuul <zuul@review.opendev.org> 2019-06-21 21:31:56 +0000
committer: Gerrit Code Review <review@openstack.org> 2019-06-21 21:31:56 +0000
commit: 2ed915f4fe29138a88687e70efd95ea014b948bc (patch)
tree: f9ecbe2bf087f70def445d62836d1d47a74355a6
parent: d040cf67fb186ba2e8458e7a8228034ecba7b474 (diff)
parent: b3e84aafc0302b1a87754f438696794076ba844f (diff)
download: keystonemiddleware-2ed915f4fe29138a88687e70efd95ea014b948bc.tar.gz
40 files changed, 29 insertions, 2364 deletions
diff --git a/examples/pki/certs/cacert.pem b/examples/pki/certs/cacert.pem
deleted file mode 100644
index 952bdae..0000000
--- a/examples/pki/certs/cacert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID1jCCAr6gAwIBAgIJAJOtRP2+wrM/MA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD
-VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55
-dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG
-CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs
-ZiBTaWduZWQwIBcNMTMwOTEzMTYyNTQyWhgPMjA3MjAzMDcxNjI1NDJaMIGeMQow
-CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1
-bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl
-MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML
-U2VsZiBTaWduZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl8906
-EaRpibQFcCBWfxzLi5x/XpZ9iL6UX92NrSJxcDbaGws7s+GtjgDy8UOEonesRWTe
-qQEZtHpC3/UHHOnsA8F6ha/pq9LioqT7RehCnZCLBJwh5Ct+lclpWs15SkjJD2LT
-Dkjox0eA9nOBx+XDlWyU/GAyqx5Wsvg/Kxr0iod9/4IcJdnSdUjq4v0Cxg/zNk08
-XPJX+F0bUDhgdUf7JrAmmS5LA8wphRnbIgtVsf6VN9HrbqtHAJDxh8gEfuwdhEW1
-df1fBtZ+6WMIF3IRSbIsZELFB6sqcyRj7HhMoWMkdEyPb2f8mq61MzTgE6lJGIyT
-RvEoFie7qtGADIofAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADggEBAJRMdEwAdN+crqI9dBLYlbBbnQ8xr9mk+REMdz9+SKhDCNdVisWU
-iLEZvK/aozrsRsDi81JjS4Tz0wXo8zsPPoDnXgDYEicNPTKifbPKgHdDIGFOwBKn
-y2cF6fHEn8n3KIBrDCNY6rHcYGZ7lbq/8eF0GoYQboPiuYesvVpynPmIK5/Mmire
-EuuZALAe1IFqqFt+l6tiJU2JWUFjLkFARMOD14qFZm+SInl64toi08j6gdou+NMW
-7GEMbVHwNTafM/TgFN5j0yP9SAnYubckLSyH6hwR+rM8dztP5769joxQfnc9O/Bn
-TBD9KFpeQv6VJWLAxiIKcQCRTTDJLZZ0MQI=
------END CERTIFICATE-----
diff --git a/examples/pki/certs/middleware.pem b/examples/pki/certs/middleware.pem
deleted file mode 100644
index 7d593ef..0000000
--- a/examples/pki/certs/middleware.pem
+++ /dev/null
@@ -1,50 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDpjCCAo4CARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
-EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
-ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
-MzA5MTMxNjI1NDNaGA8yMDcyMDMwNzE2MjU0M1owgZAxCzAJBgNVBAYTAlVTMQsw
-CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
-Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
-cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDL06AaJROwHPgJ9tcySSBepzJ81jYars2sMvLjyuvd
-iIBbhWvbS/a9Tw3WgL8H6OALkHiOU/f0A6Rpv8dGDIDsxZQVjT/4SLaQUOeDM+9b
-fkKHpSd9G3CsdSSZgOH08n+MyZ7slPHfUHLYWso0SJD0vAi1gmGDlSM/mmhhHTpC
-DGo6Wbwqare6JNeTCGJTJYwrxtoMCh/W1ZrslPC5lFvlHD7KBBf6IU2A8Xh/dUa3
-p5pmQeHPW8Em90DzIB1qH0DRXl3KANc24xYRR45pPCVkk6vFsy6P0JwwpnkszB+L
-cK6CEsJhLsOYvQFsiQfSZ8m7YGhgrMLxtop4YEPirGGrAgMBAAEwDQYJKoZIhvcN
-AQEFBQADggEBAAjU7YomUx/U56p1KWHvr1B7oczHF8fPHYbuk5c/N81WOJeSRy+P
-5ZGZ2UPjvqqXByv+78YWMKGY1BZ/2doeWuydr0sdSxEwmIUBYxFpujuYY+0AjS/n
-mMr1ZijK7TJssteKM7/MClzghUhPweDZrAg3ff1hbhK5QSy+9UPxUqLH44tfYSVC
-/BzM6se0p5ToM0bwdsa8TofaBRE1L1IW/Hg4VIGOoKs0R0uLm7+Oot2me2cEuZ6h
-Wls6MED8ND1Nz8EAKwndkeDu2iMM+qx/YFp6K8BQ5E5nXd2rbUZUlQMp1WbUlZ87
-KvC98aT0UYIq6uo1Lx/dQvJs7faAkYd4lmE=
------END CERTIFICATE-----
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDL06AaJROwHPgJ
-9tcySSBepzJ81jYars2sMvLjyuvdiIBbhWvbS/a9Tw3WgL8H6OALkHiOU/f0A6Rp
-v8dGDIDsxZQVjT/4SLaQUOeDM+9bfkKHpSd9G3CsdSSZgOH08n+MyZ7slPHfUHLY
-Wso0SJD0vAi1gmGDlSM/mmhhHTpCDGo6Wbwqare6JNeTCGJTJYwrxtoMCh/W1Zrs
-lPC5lFvlHD7KBBf6IU2A8Xh/dUa3p5pmQeHPW8Em90DzIB1qH0DRXl3KANc24xYR
-R45pPCVkk6vFsy6P0JwwpnkszB+LcK6CEsJhLsOYvQFsiQfSZ8m7YGhgrMLxtop4
-YEPirGGrAgMBAAECggEATwvbY0hNwlb5uqOIAXBqpUqiQdexU9fG26lGmSDxKBDv
-9o5frcRgBDrMWwvDCgY+HT4CAvB9kJx4/qnpVjkzJp/ZNiJ5VIiehIlbv348rXbh
-xkk+bz5dDATCFOXuu1fwL2FhyM5anwhMAav0DyK1VLQ3jGzr9GO6L8hqAn+bQFFu
-6ngiODwfhBMl5aRoL9UOBEhccK07znrH0JGRz+3+5Cdz59Xw91Bv210LhNNDL58+
-0JD0N+YztVOQd2bgwo0bQbOEijzmYq+0mjoqAnJh1/++y7PlIPs0AnPgqSnFPx9+
-6FsQEVRgk5Uq3kvPLaP4nT2y6MDZSp+ujYldvJhyQQKBgQDuX2pZIJMZ4aFnkG+K
-TmJ5wsLa/u9an0TmvAL9RLtBpVpQNKD8cQ+y8PUZavXDbAIt5NWqZVnTbCR79Dnd
-mZKblwcHhtsyA5f89el5KcxY2BREWdHdTnJpNd7XRlUECmzvX1zGj77lA982PhII
-yflRBRV3vqLkgC8vfoYgRyRElwKBgQDa5jnLdx/RahfYMOgn1HE5o4hMzLR4Y0Dd
-+gELshcUbPqouoP5zOb8WOagVJIgZVOSN+/VqbilVYrqRiNTn2rnoxs+HHRdaJNN
-3eXllD4J2HfC2BIj1xSpIdyh2XewAJqw9IToHNB29QUhxOtgwseHciPG6JaKH2ik
-kqGKH/EKDQKBgFFAftygiOPCkCTgC9UmANUmOQsy6N2H+pF3tsEj43xt44oBVnqW
-A1boYXNnjRwuvdNs9BPf9i1l6E3EItFRXrLgWQoMwryakv0ryYh+YeRKyyW9RBbe
-fYs1TJ8unx4Ae79gTxxztQsVNcmkgLs0NWKTjAzEE3w14V+cDhYEie1DAoGBAJdI
-V5cLrBzBstsB6eBlDR9lqrRRIUS2a8U9m+1mVlcSfiWQSdehSd4K3tDdwePLw3ch
-W4qR8n+pYAlLEe0gFvUhn5lMdwt7U5qUCeehjUKmrRYm2FqWsbu2IFJnBjXIJSC4
-zQXRrC0aZ0KQYpAL7XPpaVp1slyhGmPqxuO78Y0dAoGBAMHo3EIMwu9rfuGwFodr
-GFsOZhfJqgo5GDNxxf89Q9WWpMDTCdX+wdBTrN/wsMbBuwIDHrUuRnk6D5CWRjSk
-/ikCgHN3kOtrbL8zzqRomGAIIWKYGFEIGe1GHVGo5r//HXHdPxFXygvruQ/xbOA4
-RGvmDiji8vVDq7Shho8I6KuT
------END PRIVATE KEY-----
diff --git a/examples/pki/certs/signing_cert.pem b/examples/pki/certs/signing_cert.pem
deleted file mode 100644
index 63ab247..0000000
--- a/examples/pki/certs/signing_cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDpTCCAo0CAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
-EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
-ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
-MzA5MTMxNjI1NDNaGA8yMDcyMDMwNzE2MjU0M1owgY8xCzAJBgNVBAYTAlVTMQsw
-CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
-Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
-cGVuc3RhY2sub3JnMREwDwYDVQQDEwhLZXlzdG9uZTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMz5WsgsuX3rZUdLwQpZXN2Ro7LQ6jEZnreBqMztVObw
-BuC1WdiJsg6dVlC7PVdt+0gY1c8WFg1TKmsucxesQSyfGAPg+9T/hsRMb6y12uJx
-fp3Wgqqw0U1HsXvMiaJH87MaGnt043BxzF+R9fhAcDk6Cyj5cx9J0LvZJEOzN4J4
-ZRyO6j/DZZItb3lK5W9xkuoT+mTdDZOQJnXyG818uiWfjdCkLjr1ruytRcBOo4na
-Y828voT/A7I95+YCgKgbjiUWhHeTaNmMEQiGy0nGYfteC+oSsHOlxZ3b12azzHPk
-83Bh2ez0Ih9vcZoe9DqvlFOXfv9q8OsYc5Yo6gPTXEsCAwEAATANBgkqhkiG9w0B
-AQUFAAOCAQEAmaYE98kOQWu6DV84ZcZP/OdT8eeu3vdB247nRj+6+GYItN/Gzqt4
-HVvz7c+FVTolCcAQQ+z3XGswI9fIJ78Hb0p9CgnLprc3L7Xtk60Im59Xlf3tcurn
-r/ZnSDcjRBXKiEDrSM0VrhAnc0GoSeb6aDWopec+1hWOWfBVAg9R8yJgU9sUgO3O
-0gimGyrw8eubmNhckSQLJTunUTsrkcBjuSg63wAD9OqCiX6c2eoQr+0YBp2eV2/n
-aOiJXWNLbeueMKSYiJNyyvM/dlON7/56cdwDTzKzgD34TImouM5VKipUwCX1ovLu
-ITLzALzpqFFzc8ugV9pMgUKtDbZoPp9EEA==
------END CERTIFICATE-----
diff --git a/examples/pki/certs/ssl_cert.pem b/examples/pki/certs/ssl_cert.pem
deleted file mode 100644
index cdd2e4c..0000000
--- a/examples/pki/certs/ssl_cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDpjCCAo4CARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
-EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
-ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
-MzA5MTMxNjI1NDNaGA8yMDcyMDMwNzE2MjU0M1owgZAxCzAJBgNVBAYTAlVTMQsw
-CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
-Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
-cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDL06AaJROwHPgJ9tcySSBepzJ81jYars2sMvLjyuvd
-iIBbhWvbS/a9Tw3WgL8H6OALkHiOU/f0A6Rpv8dGDIDsxZQVjT/4SLaQUOeDM+9b
-fkKHpSd9G3CsdSSZgOH08n+MyZ7slPHfUHLYWso0SJD0vAi1gmGDlSM/mmhhHTpC
-DGo6Wbwqare6JNeTCGJTJYwrxtoMCh/W1ZrslPC5lFvlHD7KBBf6IU2A8Xh/dUa3
-p5pmQeHPW8Em90DzIB1qH0DRXl3KANc24xYRR45pPCVkk6vFsy6P0JwwpnkszB+L
-cK6CEsJhLsOYvQFsiQfSZ8m7YGhgrMLxtop4YEPirGGrAgMBAAEwDQYJKoZIhvcN
-AQEFBQADggEBAAjU7YomUx/U56p1KWHvr1B7oczHF8fPHYbuk5c/N81WOJeSRy+P
-5ZGZ2UPjvqqXByv+78YWMKGY1BZ/2doeWuydr0sdSxEwmIUBYxFpujuYY+0AjS/n
-mMr1ZijK7TJssteKM7/MClzghUhPweDZrAg3ff1hbhK5QSy+9UPxUqLH44tfYSVC
-/BzM6se0p5ToM0bwdsa8TofaBRE1L1IW/Hg4VIGOoKs0R0uLm7+Oot2me2cEuZ6h
-Wls6MED8ND1Nz8EAKwndkeDu2iMM+qx/YFp6K8BQ5E5nXd2rbUZUlQMp1WbUlZ87
-KvC98aT0UYIq6uo1Lx/dQvJs7faAkYd4lmE=
------END CERTIFICATE-----
diff --git a/examples/pki/cms/auth_token_revoked.json b/examples/pki/cms/auth_token_revoked.json
deleted file mode 100644
index 3da8f8b..0000000
--- a/examples/pki/cms/auth_token_revoked.json
+++ /dev/null
@@ -1,85 +0,0 @@
-{
-    "access": {
-        "token": {
-            "expires": "2038-01-18T21:14:07Z",
-            "id": "placeholder",
-            "tenant": {
-                "id": "tenant_id1",
-                "enabled": true,
-                "description": null,
-                "name": "tenant_name1"
-            }
-        },
-        "serviceCatalog": [
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "type": "volume",
-                "name": "volume"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:9292/v1",
-                        "publicURL": "http://127.0.0.1:9292/v1"
-                    }
-                ],
-                "type": "image",
-                "name": "glance"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "type": "compute",
-                "name": "nova"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:35357/v2.0",
-                        "region": "RegionOne",
-                        "internalURL": "http://127.0.0.1:35357/v2.0",
-                        "publicURL": "http://127.0.0.1:5000/v2.0"
-                    }
-                ],
-                "type": "identity",
-                "name": "keystone"
-            }
-        ],
-        "user": {
-            "username": "revoked_username1",
-            "roles_links": [
-                "role1",
-                "role2"
-            ],
-            "id": "revoked_user_id1",
-            "roles": [
-                {
-                    "name": "role1"
-                },
-                {
-                    "name": "role2"
-                }
-            ],
-            "name": "revoked_username1"
-        }
-    }
-}
diff --git a/examples/pki/cms/auth_token_revoked.pem b/examples/pki/cms/auth_token_revoked.pem
deleted file mode 100644
index a685a45..0000000
--- a/examples/pki/cms/auth_token_revoked.pem
+++ /dev/null
@@ -1,75 +0,0 @@
------BEGIN CMS-----
-MIINnQYJKoZIhvcNAQcCoIINjjCCDYoCAQExCTAHBgUrDgMCGjCCC6oGCSqGSIb3
-DQEHAaCCC5sEgguXew0KICAgICJhY2Nlc3MiOiB7DQogICAgICAgICJ0b2tlbiI6
-IHsNCiAgICAgICAgICAgICJleHBpcmVzIjogIjIwMzgtMDEtMThUMjE6MTQ6MDda
-IiwNCiAgICAgICAgICAgICJpZCI6ICJwbGFjZWhvbGRlciIsDQogICAgICAgICAg
-ICAidGVuYW50Ijogew0KICAgICAgICAgICAgICAgICJpZCI6ICJ0ZW5hbnRfaWQx
-IiwNCiAgICAgICAgICAgICAgICAiZW5hYmxlZCI6IHRydWUsDQogICAgICAgICAg
-ICAgICAgImRlc2NyaXB0aW9uIjogbnVsbCwNCiAgICAgICAgICAgICAgICAibmFt
-ZSI6ICJ0ZW5hbnRfbmFtZTEiDQogICAgICAgICAgICB9DQogICAgICAgIH0sDQog
-ICAgICAgICJzZXJ2aWNlQ2F0YWxvZyI6IFsNCiAgICAgICAgICAgIHsNCiAgICAg
-ICAgICAgICAgICAiZW5kcG9pbnRzX2xpbmtzIjogW10sDQogICAgICAgICAgICAg
-ICAgImVuZHBvaW50cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAg
-ICAgICAgICAgICAgICAgICAgImFkbWluVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6
-ODc3Ni92MS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAg
-ICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIsDQogICAg
-ICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4w
-LjAuMTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwN
-CiAgICAgICAgICAgICAgICAgICAgICAgICJwdWJsaWNVUkwiOiAiaHR0cDovLzEy
-Ny4wLjAuMTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdh
-Ig0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgXSwNCiAg
-ICAgICAgICAgICAgICAidHlwZSI6ICJ2b2x1bWUiLA0KICAgICAgICAgICAgICAg
-ICJuYW1lIjogInZvbHVtZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7
-DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAg
-ICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsN
-CiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3
-LjAuMC4xOjkyOTIvdjEiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lv
-biI6ICJyZWdpb25PbmUiLA0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVy
-bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIsDQogICAgICAgICAg
-ICAgICAgICAgICAgICAicHVibGljVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5
-Mi92MSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0s
-DQogICAgICAgICAgICAgICAgInR5cGUiOiAiaW1hZ2UiLA0KICAgICAgICAgICAg
-ICAgICJuYW1lIjogImdsYW5jZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAg
-ICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAg
-ICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAg
-IHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8v
-MTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2
-NjE3YSIsDQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lv
-bk9uZSIsDQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAi
-aHR0cDovLzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBm
-Y2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInB1YmxpY1VS
-TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVl
-OGE2MGZjZjg5YmI2NjE3YSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAg
-ICAgICAgICAgIF0sDQogICAgICAgICAgICAgICAgInR5cGUiOiAiY29tcHV0ZSIs
-DQogICAgICAgICAgICAgICAgIm5hbWUiOiAibm92YSINCiAgICAgICAgICAgIH0s
-DQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5r
-cyI6IFtdLA0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAg
-ICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVS
-TCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YyLjAiLA0KICAgICAgICAgICAg
-ICAgICAgICAgICAgInJlZ2lvbiI6ICJSZWdpb25PbmUiLA0KICAgICAgICAgICAg
-ICAgICAgICAgICAgImludGVybmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUz
-NTcvdjIuMCIsDQogICAgICAgICAgICAgICAgICAgICAgICAicHVibGljVVJMIjog
-Imh0dHA6Ly8xMjcuMC4wLjE6NTAwMC92Mi4wIg0KICAgICAgICAgICAgICAgICAg
-ICB9DQogICAgICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICAgICAidHlwZSI6
-ICJpZGVudGl0eSIsDQogICAgICAgICAgICAgICAgIm5hbWUiOiAia2V5c3RvbmUi
-DQogICAgICAgICAgICB9DQogICAgICAgIF0sDQogICAgICAgICJ1c2VyIjogew0K
-ICAgICAgICAgICAgInVzZXJuYW1lIjogInJldm9rZWRfdXNlcm5hbWUxIiwNCiAg
-ICAgICAgICAgICJyb2xlc19saW5rcyI6IFsNCiAgICAgICAgICAgICAgICAicm9s
-ZTEiLA0KICAgICAgICAgICAgICAgICJyb2xlMiINCiAgICAgICAgICAgIF0sDQog
-ICAgICAgICAgICAiaWQiOiAicmV2b2tlZF91c2VyX2lkMSIsDQogICAgICAgICAg
-ICAicm9sZXMiOiBbDQogICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAg
-ICAgICAibmFtZSI6ICJyb2xlMSINCiAgICAgICAgICAgICAgICB9LA0KICAgICAg
-ICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAicm9sZTIi
-DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgXSwNCiAgICAgICAgICAg
-ICJuYW1lIjogInJldm9rZWRfdXNlcm5hbWUxIg0KICAgICAgICB9DQogICAgfQ0K
-fQ0KMYIByjCCAcYCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQsw
-CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
-Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
-cGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjAN
-BgkqhkiG9w0BAQEFAASCAQAxJMbNZf0/IWg/+/ciWQr9yuW9M48hQdaHcN+t6qvZ
-OlPev8N1tP8pNTupW9LXt0N8ZU/8AzPLPeRXHqd4lzuDV6ttesfLL3Ag410o4Elb
-Aum11Y1kDGlbwnaYoD9m07FML1ZfOWJ81Z0CITVGGRX90e+jlYjtnmdshmi2saVl
-r/Sae6ta52gjptaZE9tOu42uXlfhWNuC0/W7lRuWbWSHZENZWtTHHz2Q+v/HxORf
-jY3kwSaVEkx9faQ9Npy6J+rSQg+lIMRAYw/rFWedEsP9MzHKBcKTXid0yIQ2ox1r
-1Em3WapL1FDpwJtHaaL92WTEQulpxJUcmzPgEd5H78+Q
------END CMS-----
diff --git a/examples/pki/cms/auth_token_revoked.pkiz b/examples/pki/cms/auth_token_revoked.pkiz
deleted file mode 100644
index 9fbe8ea..0000000
--- a/examples/pki/cms/auth_token_revoked.pkiz
+++ /dev/null
@@ -1 +0,0 @@
-PKIZ_eJylVtly4jgUfddXzHuqK9jGED_Mgze8BInYeEF-8wJeBYTF29ePbEh3p9OZycxQRZUtS_eee87Rlb59oz9J1Qz0hwzXw8s3AA1DZxpsPh8CI6tjJFqxfKBjnSLL0pMli5bayo6oS6l7UlIoawUd31qavH7V1kbEAcVSdTGkg4mrpunG3nZmhllUxRzMV7k0N_b0eR8cMespeGNnkSbsjeKQ-tw5j8jiAoK1MTNkk43Ylol8N1_KYh74fBlrwjHa2_3bZOzbl9DnPbdsaGAxD3V7EiuHGix7tUPdtFkW4hU6hynqY3bJ4XbZ4wkuAgLZIMcsZGBv9ch3p9jBTUAQWSlVjgvMAugkmZE3qbE3q4Ct6igfEXWBnxwjln-JyA0VzT4JNuYV--07FGCA8X9QgAHGDxQSg0l7xIy3duQRySHR7WaVP9XQMbgxgTxtV0XKoR7XSaHWABV2jgjuA2IWuHd7pEAmcLIMFRLBLJ6ufDNHBW4Rq-Y7b3KmQSfbjVQN5Br7oAaR7l2oEsOHKiJ2E7HVNdHRLtKqa3iTMtps6EL9JttdtX2kLa6YdXPwb2X7hS8ewKLsBsL-qxLgs8jvA39OLnjPbtmtHGNg9yNhpLpgP6nGgMS7BrpUD4hAzAhn-nCKOxp5cUl26yal-4HCZO4L-Toh6qcWB18kazDXZDQX1f5n6cE_aT9kjom3D33hetP-TnQpXAf5Aa1zgFTFhM-ixVccaA0cXeH6iUWawYKgoGAIKpADJ7D3qpWmslALiqBIeUwMFhUqh29GaxLfpHyhL22m39b7u3LB33qdoDraSEyifWw0G7Y9RuTSg1EOhhGWMm1fAw-0K43wWI-PObt-c-FndgdfkLCn_DCoE1iYT5tfLT-osP5q9_ldcPAx-lebittARaxBUhh0wBQ262GxzcfanQPfrmi9x0QvPyVw4AIMBN4X15S40W10L1RbXTpSB46TjMJoYJ9eoKJeoJO5sFBn0LFmUElCcINNs5HFNRkg085Ds2W0jCoY3-0u8d1B3h8b7G3-QriCYRDenFYGG1TEpGoS7d5UNJ6JtGb4dgxufEyG4LSMXehbrbGf3PbC_WND-1wR-FkdaXRv5KYw1J5s6NGW35DFRDjTJO_6JaCa0gXuW0sbnjujmvwC2awSIpwC396NAW-GG9fcA3j9zwfmvfN29Lyk5ZkfXDoicYzR-kMJTMx63c8Lg00wKFJuOK-_Geo7T2_lfp8D7pPupDDCztFkMT40aaprYqpK0NBK-t9C69DIIlY8y1qojcpA69zIFlYAHdDUxvTcXl1CsdRExlVlCcrWRG3VQrSkFHmSGDuyh5iI8HxCFhS-uoaSOM4FcgZNh5OqqEIT7KMTtNVGacZMS7XJlsGm6hONti9HraAMv99M6MXEFG3sgx_b1hOjIdD-FmhJhC7oVRdKxphJbOHSZb1zkEtO6CfXwKfXH5oMSA1ePDdTRcwOjWL9fFdSJckS6bVHFfF1IvDP-CWbCmXy9NpVu_BpqcRivc16oLGr4hK_vmoz1BDkvSxetosqVk-l6J5X-elhpsFty70GHNfuNX6VQnbGwedWP0pnp9wFMTBTn1wV_hryDJ7He69j2piEh31eh4yyeDTnVnOUqwekOJskWmXPiGm6R-UlY4xz-ZjMe0C6bus-TBfLy45cLuHM19gyW1Df1s5JbjUu1XU3FphSW7XS6UnvrDYL42XW7YvwyD-fOhBCxpuHZbEsrSeTeY6cR3W5TY66RQ4MmmvZUYXRflFI5uuWEecPjMA9If-BMIFQZVOb04E_O0ai7my7iTy3iyjLPXa6O678kDwyBSTepGIrln2AO_U4mzlzS-TU7WP1_DJr_vwTjHdVFSk_7q1_AfJ_mjc=
-\ No newline at end of file
diff --git a/examples/pki/cms/auth_token_scoped.json b/examples/pki/cms/auth_token_scoped.json
deleted file mode 100644
index cf18fa1..0000000
--- a/examples/pki/cms/auth_token_scoped.json
+++ /dev/null
@@ -1,88 +0,0 @@
-{
-    "access": {
-        "token": {
-            "expires": "2038-01-18T21:14:07Z",
-            "id": "placeholder",
-            "tenant": {
-                "id": "tenant_id1",
-                "enabled": true,
-                "description": null,
-                "name": "tenant_name1"
-            },
-            "audit_ids": [
-                "SLIXlXQUQZWUi9VJrqdXqA"
-            ]
-        },
-        "serviceCatalog": [
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "type": "volume",
-                "name": "volume"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:9292/v1",
-                        "publicURL": "http://127.0.0.1:9292/v1"
-                    }
-                ],
-                "type": "image",
-                "name": "glance"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "type": "compute",
-                "name": "nova"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:35357/v2.0",
-                        "region": "RegionOne",
-                        "internalURL": "http://127.0.0.1:35357/v2.0",
-                        "publicURL": "http://127.0.0.1:5000/v2.0"
-                    }
-                ],
-                "type": "identity",
-                "name": "keystone"
-            }
-        ],
-        "user": {
-            "username": "user_name1",
-            "roles_links": [
-                "role1",
-                "role2"
-            ],
-            "id": "user_id1",
-            "roles": [
-                {
-                    "name": "role1"
-                },
-                {
-                    "name": "role2"
-                }
-            ],
-            "name": "user_name1"
-        }
-    }
-}
diff --git a/examples/pki/cms/auth_token_scoped.pem b/examples/pki/cms/auth_token_scoped.pem
deleted file mode 100644
index 68f5049..0000000
--- a/examples/pki/cms/auth_token_scoped.pem
+++ /dev/null
@@ -1,77 +0,0 @@
------BEGIN CMS-----
-MIIN5QYJKoZIhvcNAQcCoIIN1jCCDdICAQExDTALBglghkgBZQMEAgEwggvqBgkq
-hkiG9w0BBwGgggvbBIIL13sNCiAgICAiYWNjZXNzIjogew0KICAgICAgICAidG9r
-ZW4iOiB7DQogICAgICAgICAgICAiZXhwaXJlcyI6ICIyMDM4LTAxLTE4VDIxOjE0
-OjA3WiIsDQogICAgICAgICAgICAiaWQiOiAicGxhY2Vob2xkZXIiLA0KICAgICAg
-ICAgICAgInRlbmFudCI6IHsNCiAgICAgICAgICAgICAgICAiaWQiOiAidGVuYW50
-X2lkMSIsDQogICAgICAgICAgICAgICAgImVuYWJsZWQiOiB0cnVlLA0KICAgICAg
-ICAgICAgICAgICJkZXNjcmlwdGlvbiI6IG51bGwsDQogICAgICAgICAgICAgICAg
-Im5hbWUiOiAidGVuYW50X25hbWUxIg0KICAgICAgICAgICAgfSwNCiAgICAgICAg
-ICAgICJhdWRpdF9pZHMiOiBbDQogICAgICAgICAgICAgICAgIlNMSVhsWFFVUVpX
-VWk5VkpycWRYcUEiDQogICAgICAgICAgICBdDQogICAgICAgIH0sDQogICAgICAg
-ICJzZXJ2aWNlQ2F0YWxvZyI6IFsNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAg
-ICAgICAiZW5kcG9pbnRzX2xpbmtzIjogW10sDQogICAgICAgICAgICAgICAgImVu
-ZHBvaW50cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAg
-ICAgICAgICAgICAgImFkbWluVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3Ni92
-MS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAgICAg
-ICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIsDQogICAgICAgICAg
-ICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4
-Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwNCiAgICAg
-ICAgICAgICAgICAgICAgICAgICJwdWJsaWNVUkwiOiAiaHR0cDovLzEyNy4wLjAu
-MTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIg0KICAg
-ICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgXSwNCiAgICAgICAg
-ICAgICAgICAidHlwZSI6ICJ2b2x1bWUiLA0KICAgICAgICAgICAgICAgICJuYW1l
-IjogInZvbHVtZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7DQogICAg
-ICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAgICAgICAg
-ICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsNCiAgICAg
-ICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3LjAuMC4x
-OjkyOTIvdjEiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJy
-ZWdpb25PbmUiLA0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVybmFsVVJM
-IjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIsDQogICAgICAgICAgICAgICAg
-ICAgICAgICAicHVibGljVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIN
-CiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0sDQogICAg
-ICAgICAgICAgICAgInR5cGUiOiAiaW1hZ2UiLA0KICAgICAgICAgICAgICAgICJu
-YW1lIjogImdsYW5jZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7DQog
-ICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAgICAg
-ICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsNCiAg
-ICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3LjAu
-MC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIs
-DQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIs
-DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDov
-LzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJi
-NjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInB1YmxpY1VSTCI6ICJo
-dHRwOi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZj
-Zjg5YmI2NjE3YSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAg
-ICAgIF0sDQogICAgICAgICAgICAgICAgInR5cGUiOiAiY29tcHV0ZSIsDQogICAg
-ICAgICAgICAgICAgIm5hbWUiOiAibm92YSINCiAgICAgICAgICAgIH0sDQogICAg
-ICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtd
-LA0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAg
-ICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJo
-dHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YyLjAiLA0KICAgICAgICAgICAgICAgICAg
-ICAgICAgInJlZ2lvbiI6ICJSZWdpb25PbmUiLA0KICAgICAgICAgICAgICAgICAg
-ICAgICAgImludGVybmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIu
-MCIsDQogICAgICAgICAgICAgICAgICAgICAgICAicHVibGljVVJMIjogImh0dHA6
-Ly8xMjcuMC4wLjE6NTAwMC92Mi4wIg0KICAgICAgICAgICAgICAgICAgICB9DQog
-ICAgICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICAgICAidHlwZSI6ICJpZGVu
-dGl0eSIsDQogICAgICAgICAgICAgICAgIm5hbWUiOiAia2V5c3RvbmUiDQogICAg
-ICAgICAgICB9DQogICAgICAgIF0sDQogICAgICAgICJ1c2VyIjogew0KICAgICAg
-ICAgICAgInVzZXJuYW1lIjogInVzZXJfbmFtZTEiLA0KICAgICAgICAgICAgInJv
-bGVzX2xpbmtzIjogWw0KICAgICAgICAgICAgICAgICJyb2xlMSIsDQogICAgICAg
-ICAgICAgICAgInJvbGUyIg0KICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICJp
-ZCI6ICJ1c2VyX2lkMSIsDQogICAgICAgICAgICAicm9sZXMiOiBbDQogICAgICAg
-ICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJyb2xlMSIN
-CiAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAg
-ICAgICAgICAgICAgIm5hbWUiOiAicm9sZTIiDQogICAgICAgICAgICAgICAgfQ0K
-ICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICJuYW1lIjogInVzZXJfbmFtZTEi
-DQogICAgICAgIH0NCiAgICB9DQp9DQoxggHOMIIBygIBATCBpDCBnjEKMAgGA1UE
-BRMBNTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZh
-bGUxEjAQBgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkq
-hkiG9w0BCQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYg
-U2lnbmVkAgERMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQCgtkCXRzS8
-s7WjZCsKDhMt6q5JQIm7x6EMKCBaOABQG9EOVIAyqfoJDdjDtz9rZEPO3UVTpPkg
-VjtA0QV97qT8bX55AcCkk7kBRDOKTtco5GOGwjMxL+GWbIwWiB7DKIP4RA6NLZtF
-WxUbLBY+OgBSiayuHqSx+Rd08QC9oHf25wRkTNp3VFPxtAleDmASzdAoIafoS+FB
-Po+9WuTaGdeya7S+ms4SSyXf9cdMKGv010R/aMINWUWaBrkB4wlespYLmKH/XzwS
-pENRIdbI9XHEOYTWKqul5tucA3p21IA24ND6acl9CXHr3KeqXpRwclSZ38Kg/23T
-92D+SowEjlGf
------END CMS-----
diff --git a/examples/pki/cms/auth_token_scoped.pkiz b/examples/pki/cms/auth_token_scoped.pkiz
deleted file mode 100644
index cbfc082..0000000
--- a/examples/pki/cms/auth_token_scoped.pkiz
+++ /dev/null
@@ -1 +0,0 @@
-PKIZ_eJylVkuXojgY3edXzL5OnwLUKlnMgrdBwAJDgOx4KK-gVimC_PoJWFVdM93z6DNuNEFu7nfv98i3b-wjawZ0flPs7bj4BmwIV8s8MtdHAotr6khuqhzZ3nxQFFlcKpKr9SqSLDmneVHnMnFtTcq1Ls_DmZzXr6CoS0PsOFnujJxtHmUI9cXqXEaBU5HQGWB1zHc3k0uEC01K-ATZMxIWXRyaNL3BJwAVeLNVe24hqbeQNscq7DeVxm0qaRaU8AwV80QU9qJidomhVyQoronh0fT-jAMkWBTJwS03pfwMG9xGgXkmwbTm0gOmliKV8bSWyswYny-4UKC1vZ0AWhAFPB1pwoNHk0ZvM11sx733P9QsjCptaJcZ9DqFYCz4xOjFETgKcQ3i0NvHgTfFGtxMhDQaJXrhYazHmMenDSbr9KDXwUqXIeWnF1MB37KGVsR3CpAZ-jkR0pFywsRiLLwuEWibreyPvYIY_CmheIvuWhyzlddtyuXVRnAGrEpqbWXOhMtnzhBds0q7OpVXOk00kMasosEfHNXmCSoKp5KbSIjmm8AsnSrqHUErwUSpwYc4ENu7FiYlAou3Flty1-GUMH3Shomt_8gCjDT-Dwsw0phYrHCZGLTC2LQnJk3BZSvpybote7tKxwM6q9KeNmo6c0pRsLdLwTGgAEjFzmmcykE2Zw-YbgxNsA1SkSpfRA0UnEqbRVtTDLddPuYJWcnXmOVCyotn9v0GxnSE-iUbWWQr2rG4xxiFROj5JPAndiw_Ln_d3zPA0TXwq7Z916u-bRC8AiZY-X-cAH-H_An8L-KCT3URXNiTun8v2M_0AhO9QD-8U20_i6vJzqzyKsIALeVeqZ-AdyC2p9cgCWj7n7xXRnbz3hoiLqpIYwukjASbB_bgDk7gzyMUdaRxmo1Ky6hij1BWwLL7Lmg5CXcjQXZKhMVL0twtBiMlEo7Ue-zX3dQ44pXHperxag3azbmNLJjA6Dh3hpSzZlFvfUl18F8q7p_cAL8S78_CBZ_xHvjJHtYj69QQx8QZQqE_Jc3l3q14bmqiu1B-d8m5JqHMs470Q763yYwwQPbC2MK_AE5As7Hlexem3aQZ-AfRBlahvHNj4ZTz7ieObEdHwFdLfsGRT3DwHV3mo6Y_Rfy_VaHf2arEagWytSmCX8n7aUqx4cJmBLf7YbA0F7oLHTYDF_TDkSx0xhE2zcPp91jOrJlMU2pcU_EO8D6Fbqzb0D8zOLM-IZ4J-ugZ429Y3lnTejwYwAMemHBsOrn9u9JseOJPy77YOx1gf1bnnc1k4wfyHnN_Lul38AmEsdiHvGhHUB4qRZHS43h36EAeu11O5r1SSVDOHSxLPpKQ3yuDZN7XEZIoRrZ77hQ3UrHrQq0zVRdpW1uWDCDxvib3tunPcJscqMBygNoe7DRp-vNa6-hLypT3Z14RCedeQ9LLHfiMFO1CwYfy9tbvYPf1qlPLekHeSEiHzGDN1ZevI1B6B2Lpbh5sz-2Alk8nqVp3QSToG6g7J8IACYtI-8ndSHW_HqLJQHYlLc81aX3lauEoClh6VuT6CVmW_Xx4cUKMVpistrF-8znERbl2fHvMwv1Zg7ipXuENxJolYFGlM8EwxIGkw0pI51zZPri711NwFfOy9-h2eDMzXGe6HAtPSqjDtyZSZq0lXBUA-dVBNQ9FszxyDqe-1DG0sq2P0nb_-vCoLDptv3s43RpcnC1-vVPWh6J_uR7D1-xVklHsgVJt1t5DSq3mbKql9HradSuMTCoWQ_HywKdLk7-01l5nbWlbqI8WXjxrwgYhdFwe0MF9AUVO9lb9XD9JQ2Ku-TjaCYawm8_np5i1w2pmP9qSdKH5rttzT12SxPlSXOs3xXe0U6N6BnD2jNsSSlK1ffBnwirm-se3_a7NcLsk-e-_g-lCqznq98vtH9MPoOI=
-\ No newline at end of file
diff --git a/examples/pki/cms/auth_token_scoped_expired.json b/examples/pki/cms/auth_token_scoped_expired.json
deleted file mode 100644
index 04ec9f3..0000000
--- a/examples/pki/cms/auth_token_scoped_expired.json
+++ /dev/null
@@ -1,85 +0,0 @@
-{
-    "access": {
-        "token": {
-            "expires": "2010-06-02T14:47:34Z",
-            "id": "placeholder",
-            "tenant": {
-                "id": "tenant_id1",
-                "enabled": true,
-                "description": null,
-                "name": "tenant_name1"
-            }
-        },
-        "serviceCatalog": [
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "type": "volume",
-                "name": "volume"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:9292/v1",
-                        "publicURL": "http://127.0.0.1:9292/v1"
-                    }
-                ],
-                "type": "image",
-                "name": "glance"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "type": "compute",
-                "name": "nova"
-            },
-            {
-                "endpoints_links": [],
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:35357/v2.0",
-                        "region": "RegionOne",
-                        "internalURL": "http://127.0.0.1:35357/v2.0",
-                        "publicURL": "http://127.0.0.1:5000/v2.0"
-                    }
-                ],
-                "type": "identity",
-                "name": "keystone"
-            }
-        ],
-        "user": {
-            "username": "user_name1",
-            "roles_links": [
-                "role1",
-                "role2"
-            ],
-            "id": "user_id1",
-            "roles": [
-                {
-                    "name": "role1"
-                },
-                {
-                    "name": "role2"
-                }
-            ],
-            "name": "user_name1"
-        }
-    }
-}
diff --git a/examples/pki/cms/auth_token_scoped_expired.pem b/examples/pki/cms/auth_token_scoped_expired.pem
deleted file mode 100644
index c3de8bb..0000000
--- a/examples/pki/cms/auth_token_scoped_expired.pem
+++ /dev/null
@@ -1,75 +0,0 @@
------BEGIN CMS-----
-MIINhwYJKoZIhvcNAQcCoIINeDCCDXQCAQExCTAHBgUrDgMCGjCCC5QGCSqGSIb3
-DQEHAaCCC4UEgguBew0KICAgICJhY2Nlc3MiOiB7DQogICAgICAgICJ0b2tlbiI6
-IHsNCiAgICAgICAgICAgICJleHBpcmVzIjogIjIwMTAtMDYtMDJUMTQ6NDc6MzRa
-IiwNCiAgICAgICAgICAgICJpZCI6ICJwbGFjZWhvbGRlciIsDQogICAgICAgICAg
-ICAidGVuYW50Ijogew0KICAgICAgICAgICAgICAgICJpZCI6ICJ0ZW5hbnRfaWQx
-IiwNCiAgICAgICAgICAgICAgICAiZW5hYmxlZCI6IHRydWUsDQogICAgICAgICAg
-ICAgICAgImRlc2NyaXB0aW9uIjogbnVsbCwNCiAgICAgICAgICAgICAgICAibmFt
-ZSI6ICJ0ZW5hbnRfbmFtZTEiDQogICAgICAgICAgICB9DQogICAgICAgIH0sDQog
-ICAgICAgICJzZXJ2aWNlQ2F0YWxvZyI6IFsNCiAgICAgICAgICAgIHsNCiAgICAg
-ICAgICAgICAgICAiZW5kcG9pbnRzX2xpbmtzIjogW10sDQogICAgICAgICAgICAg
-ICAgImVuZHBvaW50cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAg
-ICAgICAgICAgICAgICAgICAgImFkbWluVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6
-ODc3Ni92MS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAg
-ICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIsDQogICAg
-ICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4w
-LjAuMTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwN
-CiAgICAgICAgICAgICAgICAgICAgICAgICJwdWJsaWNVUkwiOiAiaHR0cDovLzEy
-Ny4wLjAuMTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdh
-Ig0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgXSwNCiAg
-ICAgICAgICAgICAgICAidHlwZSI6ICJ2b2x1bWUiLA0KICAgICAgICAgICAgICAg
-ICJuYW1lIjogInZvbHVtZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7
-DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAg
-ICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsN
-CiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3
-LjAuMC4xOjkyOTIvdjEiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lv
-biI6ICJyZWdpb25PbmUiLA0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVy
-bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIsDQogICAgICAgICAg
-ICAgICAgICAgICAgICAicHVibGljVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5
-Mi92MSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0s
-DQogICAgICAgICAgICAgICAgInR5cGUiOiAiaW1hZ2UiLA0KICAgICAgICAgICAg
-ICAgICJuYW1lIjogImdsYW5jZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAg
-ICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAg
-ICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAg
-IHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8v
-MTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2
-NjE3YSIsDQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lv
-bk9uZSIsDQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAi
-aHR0cDovLzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBm
-Y2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInB1YmxpY1VS
-TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVl
-OGE2MGZjZjg5YmI2NjE3YSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAg
-ICAgICAgICAgIF0sDQogICAgICAgICAgICAgICAgInR5cGUiOiAiY29tcHV0ZSIs
-DQogICAgICAgICAgICAgICAgIm5hbWUiOiAibm92YSINCiAgICAgICAgICAgIH0s
-DQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5r
-cyI6IFtdLA0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAg
-ICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVS
-TCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YyLjAiLA0KICAgICAgICAgICAg
-ICAgICAgICAgICAgInJlZ2lvbiI6ICJSZWdpb25PbmUiLA0KICAgICAgICAgICAg
-ICAgICAgICAgICAgImludGVybmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUz
-NTcvdjIuMCIsDQogICAgICAgICAgICAgICAgICAgICAgICAicHVibGljVVJMIjog
-Imh0dHA6Ly8xMjcuMC4wLjE6NTAwMC92Mi4wIg0KICAgICAgICAgICAgICAgICAg
-ICB9DQogICAgICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICAgICAidHlwZSI6
-ICJpZGVudGl0eSIsDQogICAgICAgICAgICAgICAgIm5hbWUiOiAia2V5c3RvbmUi
-DQogICAgICAgICAgICB9DQogICAgICAgIF0sDQogICAgICAgICJ1c2VyIjogew0K
-ICAgICAgICAgICAgInVzZXJuYW1lIjogInVzZXJfbmFtZTEiLA0KICAgICAgICAg
-ICAgInJvbGVzX2xpbmtzIjogWw0KICAgICAgICAgICAgICAgICJyb2xlMSIsDQog
-ICAgICAgICAgICAgICAgInJvbGUyIg0KICAgICAgICAgICAgXSwNCiAgICAgICAg
-ICAgICJpZCI6ICJ1c2VyX2lkMSIsDQogICAgICAgICAgICAicm9sZXMiOiBbDQog
-ICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJy
-b2xlMSINCiAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgIHsNCiAg
-ICAgICAgICAgICAgICAgICAgIm5hbWUiOiAicm9sZTIiDQogICAgICAgICAgICAg
-ICAgfQ0KICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICJuYW1lIjogInVzZXJf
-bmFtZTEiDQogICAgICAgIH0NCiAgICB9DQp9DQoxggHKMIIBxgIBATCBpDCBnjEK
-MAgGA1UEBRMBNTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlT
-dW5ueXZhbGUxEjAQBgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUx
-JTAjBgkqhkiG9w0BCQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMT
-C1NlbGYgU2lnbmVkAgERMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIIBALYxBjRE
-hecjo98fUdki3cwcpGU8zY8XHQa4x15WGkPxkI1HwSYaId/WjrOWP2CxmT3vVe7Z
-lqV2a0YmdPx9zdDm09VmoiZr3HxYaNzXztT817dECYINCgz33EnansIyPHG2hjOR
-4Gt7R26MXf+AIRiCNuCFZPnHI1pfCbwuky9/iBokvE9mThA+bVrUPZd/2+jp4s3B
-n3+fbC+FCoZ5t522wGgEtVyMNvC90Wvvuf2mx7baXNo4/0ZG8C86lT+qmMe22zlf
-+DxmJl149p419zdv6rzTU7p2OeTBnkdw1GsEqKyvtHYxzAjLYjiJo6jyaERXBaLm
-/J7ZRSBmhHoLuWk=
------END CMS-----
diff --git a/examples/pki/cms/auth_token_scoped_expired.pkiz b/examples/pki/cms/auth_token_scoped_expired.pkiz
deleted file mode 100644
index 766b4cd..0000000
--- a/examples/pki/cms/auth_token_scoped_expired.pkiz
+++ /dev/null
@@ -1 +0,0 @@
-PKIZ_eJylVtlyozgUfddXzHuqK2xOzCObMdiSzW7pzUCMwchLbNavH4GT6kmnM5OZcZWrQEhH555z75V-_GA_1TAt9IcGveHlB4CWNW8cbC9OxNrXCVKcRDuxsWuhaeqTpCmO0Wq-Mlez4FXPoGYO44lkat7F9KxYBLpjzJUtG4ynRpZFzy-dvccCKhMR5qtcfbaO7PlIzlgIdbxx97EpH63ilEXiNY_p7AaIZz1Zmi3EQsvHUZAvNSUn0eSQmPI5Prr9-2QcubdtNAmDQ8OAlXw7d7lEP9Vg2Rsd6qRmWSgV9E8S6hNhKeJ22WMOF4RCgeRYgDzsnR5FgYR93BCK6Eovc1xgAUA_3Vt5k1lHuyRCWcf5yKgjUXqOhck6pndWbHeObOwKR-0HFmCg8X9YgIHGTxYqj2l7xnzo-drI5JTO3WaVT2voW-K4gSa1qyITUY_rtDBqgAo3RxT3hNoF7oMe6ZAn_n6PCpViAUuryM5RgVskGPku5K4MlHvZqOUgrnUkNYjn4Y05MXwoY-o2sVBW6RztYrOstncr482GLZzfbXtz7RibswoLQQ7-rW2_6DUBsDh0g2D_1QnwFfJH4K_FBR_VPXQr3xrU_SwYLW84SssRkIYVmav1wAgkvHxlD69Jx5Bnt3TnNRmrB0aTf1s4qVNqfJni4JtiDcnFjcnFvP-r9eCfvB92Tmh43EZydff-TeiDXA32AxbnQKlM6GQfz76Tgc6gUQW9qYBMSwCkYGQoKpAPOdiH5co0BGiSghTZBFNLQIUh4nuiNWlkM73Qt4rpt_H-Llzwt7lOUR1vVD41PzeajdCeY3rrwWgHz8tLjbWvQQfWlUZ6QjhJRLd-z8Kv0h18w8Ke6cOjThZgLjW_pvzggvfd7vM7cPAZ_btNJWigrtQgLSw2YMsbb1jsThLzTYPILVm853R--FLAQQswCPi2uGbCjdnGaqF8matnloHjJKuwGugrN6hj9rcD6DtPSE-eYO9uwZ02243OqnSgzDoP223PwijJ-O52aRQM9v4ssPf5M7kCwyC8Z9qBbFCR0LJJzbemYk742GyGb2dy14MbwFkYu23ktNaRu9fC28eG9bmCRPs6Nllt5LY8xJ5u2NGW35klVL6yTT70S8A8ZQuC95Y2PHdWyf1COeyZrbuxqfrvFTqAwRwMKB8ayDvg8VMn7tj5WcL83bER9K7BV7uwOEdLxzBK-Ux0Vi8bXobYUjt2zCsJ1gA7_5ts6zQZkVqtUCw1Q6GqBL7iB63WK_b9HftKGfrQuTaag_XQcSyjsXXHNzwAVcVU-MBQW2gHYljFx1JgKVxC12oMZZy8MJpynZhhFYguuztcW8NX1nfgqw8041a-bBDHaoHZGTRW89fbykGd7ckr2ZR9arIWFqj1AJTcgapYtI8Auk5jZONOutHcfBK11JqhM2GAhEVkfLjeKEjNDpf9ITflhlNZ-DOgKB67B2niTXTXpH1IYeWIT09VZWNhm5pu_7LFotenk40hKN5tMWmeLuGz5F_p9Lw8CZct2Exj5Vhc1ig3oPTgy6G0cGOnnYclRPPLjp6a5elZauAxWJk7U3pep74japd2cbW6ykoJIP5aWuX7hwdztjNlszcnrfuwmnC8LJSzZ11Osktpha621jm0Jdw6epycXy3yWK5odqWiC66rXBCk-CJeBffxOaJazV2mNJhOt4l2eFXI3o0Wt2oBV3SWRiePSlr56B_UY9dRTz2YEvCb9bK-zFdQrRHO5cuZqx5fIiHT1CZ3-SQq7Cpz7MNRvjxORbSpQnmy7B7YRZI_16hsr-B6Pb2IF9vVHjxzkSbJLjhEi9h4DOIVBeNd1ED6z3vpnxbOkgI=
-\ No newline at end of file
diff --git a/examples/pki/cms/auth_token_unscoped.json b/examples/pki/cms/auth_token_unscoped.json
deleted file mode 100644
index 4156688..0000000
--- a/examples/pki/cms/auth_token_unscoped.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-    "access": {
-        "token": {
-            "expires": "2112-08-17T15:35:34Z",
-            "id": "01e032c996ef4406b144335915a41e79"
-        },
-        "serviceCatalog": {},
-        "user": {
-            "username": "user_name1",
-            "roles_links": [],
-            "id": "c9c89e3be3ee453fbf00c7966f6d3fbd",
-            "roles": [
-                {
-                    "name": "role1"
-                },
-                {
-                    "name": "role2"
-                }
-            ],
-            "name": "user_name1"
-        }
-    }
-}
diff --git a/examples/pki/cms/auth_token_unscoped.pem b/examples/pki/cms/auth_token_unscoped.pem
deleted file mode 100644
index 6855221..0000000
--- a/examples/pki/cms/auth_token_unscoped.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CMS-----
-MIIERgYJKoZIhvcNAQcCoIIENzCCBDMCAQExCTAHBgUrDgMCGjCCAlMGCSqGSIb3
-DQEHAaCCAkQEggJAew0KICAgICJhY2Nlc3MiOiB7DQogICAgICAgICJ0b2tlbiI6
-IHsNCiAgICAgICAgICAgICJleHBpcmVzIjogIjIxMTItMDgtMTdUMTU6MzU6MzRa
-IiwNCiAgICAgICAgICAgICJpZCI6ICIwMWUwMzJjOTk2ZWY0NDA2YjE0NDMzNTkx
-NWE0MWU3OSINCiAgICAgICAgfSwNCiAgICAgICAgInNlcnZpY2VDYXRhbG9nIjog
-e30sDQogICAgICAgICJ1c2VyIjogew0KICAgICAgICAgICAgInVzZXJuYW1lIjog
-InVzZXJfbmFtZTEiLA0KICAgICAgICAgICAgInJvbGVzX2xpbmtzIjogW10sDQog
-ICAgICAgICAgICAiaWQiOiAiYzljODllM2JlM2VlNDUzZmJmMDBjNzk2NmY2ZDNm
-YmQiLA0KICAgICAgICAgICAgInJvbGVzIjogWw0KICAgICAgICAgICAgICAgIHsN
-CiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAicm9sZTEiDQogICAgICAgICAg
-ICAgICAgfSwNCiAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAg
-ICJuYW1lIjogInJvbGUyIg0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAg
-IF0sDQogICAgICAgICAgICAibmFtZSI6ICJ1c2VyX25hbWUxIg0KICAgICAgICB9
-DQogICAgfQ0KfQ0KMYIByjCCAcYCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
-EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
-ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAH
-BgUrDgMCGjANBgkqhkiG9w0BAQEFAASCAQAXNWXYv3q2EcEjigKDJEOvnKBGTHeV
-o9iwYmtdJ2kKtbuZiSGOcWymxNtv//IPMmNDWZ/uwDZt37YdPwCMRJa79h6dastD
-5slEZGMxgFekm/1yqpV2F7xGqGIED2rNTeBlVnYS6ZOL8hCqekPb1OqXZ3vDaHtQ
-rrBzNP8RbWS4MyUoVZtSEYANjJVp/zou/pYASml9iNPPKrl2xRgYuzaAirVIiTZt
-QZY4LQYnHdVBLTZ0fQQugohTba789ix0U79ReQrIOqnBD3OnmN0uRovu5s1HYyre
-c67FixOpNgA4IBFsqYG2feP6ZF1zCmAaRYX4LpprZLGzg/aPHxqjXGsT
------END CMS-----
diff --git a/examples/pki/cms/auth_token_unscoped.pkiz b/examples/pki/cms/auth_token_unscoped.pkiz
deleted file mode 100644
index 13c5e40..0000000
--- a/examples/pki/cms/auth_token_unscoped.pkiz
+++ /dev/null
@@ -1 +0,0 @@
-PKIZ_eJx9VMmSozgQvfMVfa-oMAbbVRzmIAlZCFvQGLHewAs72MaY5esHuzt65tSKUEiZkS_z5RL5-TkfiAk1fiBmv4RPgVGq7kCg75qQps-jAawjamYd4QiBwUHAwgPiQIOJc1cThkg-67lDkH0jNo1lQbWwBqJZaQc4SXB2HvU0kIzyKLPMzOAXred_HV4DyVUD_5DGRKlp3iRnWWwp0kUhlh5lnNEN1dos9NM-8vXyOM4yoiPjeNxzsNpzLLsqXpo5e13Ry-gLfA0R3QizYc88p2eTnpu8kEIvEA0VSEGO55dNBi8Gw8PibCObtq7sEchO_szqd1DhWClt6BuXmJRd9It27Nt9Qqt1GnvOLP8GlEoXeMuS2e_oYywNb6YC3T6-_m_8dshxdpmdzPV4g14501p_xsQZab08_WEx44S_RHnnOL-56bGV6TlTUDlT6DmiwY0qqIKeESYLJg-kMA8LJoVZiHTl4otDkmi7ub1wSCgEHMGrimCd4x0DCQFLB8MDgwbHewYKIrwVKUOuywY0AR0mhgtBwkFhQHagPQaB6lqWhvuSn7x1d_bDuZXOgHNgvWwFCBqOHKUPvTU_kW0eTfjAwPc7EhoYtSV3fZQPz7hyBp2DHCbFLS0yovQiRBb2hG31KM--IcbSurTI29H0djSun8fqOGxVYP9ixThaGmVMgsSRyjqu3AIk-CAwcCTQbk3Q04gB8c-IzhMKgeUAONcCbO8atS73i3mAGF0iWEaZWKcHN11FAj1_r8a1F5ZGKDWGyD468ZlOstqwRb1jnp5-5fK-M-cJvXSTbE6Vxqs4Sg9dUQdNcSuE_Cfc3JzH-fqxLruP-wpoqpNGV9iP8lMuzsmGtUkY1PCeUyJHQ7Nl2vfJslSkKOoJWpOw21fD1JDztsjbyx27Hw95icVWut-JOC6a_SUK-k1AmpUrNtpjm3T5osNNEn608g1lsSOgZBVvppgUhx2vm-5ate56rZynjSgam_tr6J7awn9y4n5Lth48bJRdy6Wx8m52ju7IE1Z-G92-ldZegIXrbm6gHJuBT63Ss1g3be9i5-ZTVotYxMm5WNrPXaB2_PpzsPt_hPdKwYb633r5FzKfcIU=
-\ No newline at end of file
diff --git a/examples/pki/cms/auth_v3_token_revoked.json b/examples/pki/cms/auth_v3_token_revoked.json
deleted file mode 100644
index c5dc01a..0000000
--- a/examples/pki/cms/auth_v3_token_revoked.json
+++ /dev/null
@@ -1,88 +0,0 @@
-{
-    "token": {
-        "catalog": [
-            {
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "endpoints_links": [],
-                "type": "volume",
-                "name": "volume"
-            },
-            {
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:9292/v1",
-                        "publicURL": "http://127.0.0.1:9292/v1"
-                    }
-                ],
-                "endpoints_links": [],
-                "type": "image",
-                "name": "glance"
-            },
-            {
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne",
-                        "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"
-                    }
-                ],
-                "endpoints_links": [],
-                "type": "compute",
-                "name": "nova"
-            },
-            {
-                "endpoints": [
-                    {
-                        "adminURL": "http://127.0.0.1:35357/v3",
-                        "region": "RegionOne",
-                        "internalURL": "http://127.0.0.1:35357/v3",
-                        "publicURL": "http://127.0.0.1:5000/v3"
-                    }
-                ],
-                "endpoints_links": [],
-                "type": "identity",
-                "name": "keystone"
-            }
-        ],
-        "expires_at": "2038-01-18T21:14:07Z",
-        "project": {
-            "enabled": true,
-            "description": null,
-            "name": "tenant_name1",
-            "id": "tenant_id1",
-            "domain": {
-                "id": "domain_id1",
-                "name": "domain_name1"
-            }
-        },
-        "user": {
-            "name": "revoked_username1",
-            "id": "revoked_user_id1",
-            "domain": {
-                "id": "domain_id1",
-                "name": "domain_name1"
-            }
-        },
-        "roles": [
-            {
-                "name": "role1"
-            },
-            {
-                "name": "role2"
-            }
-        ],
-        "methods": [
-            "password"
-        ]
-    }
-}
diff --git a/examples/pki/cms/auth_v3_token_revoked.pem b/examples/pki/cms/auth_v3_token_revoked.pem
deleted file mode 100644
index 94a077b..0000000
--- a/examples/pki/cms/auth_v3_token_revoked.pem
+++ /dev/null
@@ -1,76 +0,0 @@
------BEGIN CMS-----
-MIINrQYJKoZIhvcNAQcCoIINnjCCDZoCAQExCTAHBgUrDgMCGjCCC7oGCSqGSIb3
-DQEHAaCCC6sEggunew0KICAgICJ0b2tlbiI6IHsNCiAgICAgICAgImNhdGFsb2ci
-OiBbDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50cyI6
-IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAg
-ICAgImFkbWluVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3Ni92MS82NGI2ZjNm
-YmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAgICAgICAgICAgICAg
-ICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIsDQogICAgICAgICAgICAgICAgICAg
-ICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3YxLzY0
-YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwNCiAgICAgICAgICAgICAg
-ICAgICAgICAgICJwdWJsaWNVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx
-LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIg0KICAgICAgICAgICAg
-ICAgICAgICB9DQogICAgICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICAgICAi
-ZW5kcG9pbnRzX2xpbmtzIjogW10sDQogICAgICAgICAgICAgICAgInR5cGUiOiAi
-dm9sdW1lIiwNCiAgICAgICAgICAgICAgICAibmFtZSI6ICJ2b2x1bWUiDQogICAg
-ICAgICAgICB9LA0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICJlbmRw
-b2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAg
-ICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi
-LA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJyZWdpb25PbmUi
-LA0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVybmFsVVJMIjogImh0dHA6
-Ly8xMjcuMC4wLjE6OTI5Mi92MSIsDQogICAgICAgICAgICAgICAgICAgICAgICAi
-cHVibGljVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSINCiAgICAgICAg
-ICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0sDQogICAgICAgICAgICAg
-ICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAgICAgICAgICAgICJ0eXBl
-IjogImltYWdlIiwNCiAgICAgICAgICAgICAgICAibmFtZSI6ICJnbGFuY2UiDQog
-ICAgICAgICAgICB9LA0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICJl
-bmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAg
-ICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzQv
-djEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAg
-ICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIsDQogICAgICAg
-ICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAu
-MTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJiNjYxN2EiLA0K
-ICAgICAgICAgICAgICAgICAgICAgICAgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3
-LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3
-YSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0sDQog
-ICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAgICAg
-ICAgICAgICJ0eXBlIjogImNvbXB1dGUiLA0KICAgICAgICAgICAgICAgICJuYW1l
-IjogIm5vdmEiDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAgew0KICAgICAg
-ICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsN
-CiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3
-LjAuMC4xOjM1MzU3L3YzIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJyZWdp
-b24iOiAiUmVnaW9uT25lIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJpbnRl
-cm5hbFVSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YzIiwNCiAgICAgICAg
-ICAgICAgICAgICAgICAgICJwdWJsaWNVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1
-MDAwL3YzIg0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAg
-XSwNCiAgICAgICAgICAgICAgICAiZW5kcG9pbnRzX2xpbmtzIjogW10sDQogICAg
-ICAgICAgICAgICAgInR5cGUiOiAiaWRlbnRpdHkiLA0KICAgICAgICAgICAgICAg
-ICJuYW1lIjogImtleXN0b25lIg0KICAgICAgICAgICAgfQ0KICAgICAgICBdLA0K
-ICAgICAgICAiZXhwaXJlc19hdCI6ICIyMDM4LTAxLTE4VDIxOjE0OjA3WiIsDQog
-ICAgICAgICJwcm9qZWN0Ijogew0KICAgICAgICAgICAgImVuYWJsZWQiOiB0cnVl
-LA0KICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogbnVsbCwNCiAgICAgICAgICAg
-ICJuYW1lIjogInRlbmFudF9uYW1lMSIsDQogICAgICAgICAgICAiaWQiOiAidGVu
-YW50X2lkMSIsDQogICAgICAgICAgICAiZG9tYWluIjogew0KICAgICAgICAgICAg
-ICAgICJpZCI6ICJkb21haW5faWQxIiwNCiAgICAgICAgICAgICAgICAibmFtZSI6
-ICJkb21haW5fbmFtZTEiDQogICAgICAgICAgICB9DQogICAgICAgIH0sDQogICAg
-ICAgICJ1c2VyIjogew0KICAgICAgICAgICAgIm5hbWUiOiAicmV2b2tlZF91c2Vy
-bmFtZTEiLA0KICAgICAgICAgICAgImlkIjogInJldm9rZWRfdXNlcl9pZDEiLA0K
-ICAgICAgICAgICAgImRvbWFpbiI6IHsNCiAgICAgICAgICAgICAgICAiaWQiOiAi
-ZG9tYWluX2lkMSIsDQogICAgICAgICAgICAgICAgIm5hbWUiOiAiZG9tYWluX25h
-bWUxIg0KICAgICAgICAgICAgfQ0KICAgICAgICB9LA0KICAgICAgICAicm9sZXMi
-OiBbDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgIm5hbWUiOiAicm9s
-ZTEiDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAgew0KICAgICAgICAgICAg
-ICAgICJuYW1lIjogInJvbGUyIg0KICAgICAgICAgICAgfQ0KICAgICAgICBdLA0K
-ICAgICAgICAibWV0aG9kcyI6IFsNCiAgICAgICAgICAgICJwYXNzd29yZCINCiAg
-ICAgICAgXQ0KICAgIH0NCn0NCjGCAcowggHGAgEBMIGkMIGeMQowCAYDVQQFEwE1
-MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTES
-MBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMGCSqGSIb3
-DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2VsZiBTaWdu
-ZWQCAREwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEggEAwFCjl3GSGrlil3cLwS11
-1gtc6K3gBSMbc7LviIFk4KDRBvHWEHT1fs/Q4T0Y12P97Uaxh47f2sNgdbsDKSE8
-K/KCeMy+0I7Eo3iDoXKcIRPux1sXFhOX36qLPpY4eWd3Q77MiUPng+78qA3AMPPl
-wEcfb2OaYsWmVi9jGsDfAvksF/WO5dg+G9m2l+zcboIJswsKbBJnM5bn8EDHk7bg
-YuMnOzqZsoymr6sehOPQ8QTV6kIj1w/gmtkaIH2QtBo78hCqjZ+cFeYy4zDk2HJg
-Mf7PDm0hx1G0hJMVxdNzkWoFvLreTzRselsrXrx8Gejof92JyKuBjZq0kBpphOHG
-6w==
------END CMS-----
diff --git a/examples/pki/cms/auth_v3_token_revoked.pkiz b/examples/pki/cms/auth_v3_token_revoked.pkiz
deleted file mode 100644
index 67823fd..0000000
--- a/examples/pki/cms/auth_v3_token_revoked.pkiz
+++ /dev/null
@@ -1 +0,0 @@
-PKIZ_eJylVsmSozgQvesr5l7R0Symyhz6wG5oS5jFgLixtDEY7PLC-vUjYXd31Sw1PTOOcNgIZerle7no0yfykTXDRL8p0KMPnwA0zdWywNbXU2zuuwxJTqacyNpiUhRZXCqSow2KL63kYntRC6gYFVnfLQ3FOxuemfJAdbSVlNBFSSuK6PpttJiUu9VpaT6bq2uZrawuaYIqV-7PcSjscTPU8fzsjiAPt1dTsQ4px-6TcFHapfxiNsI-Dbfkv1TGhnjDYd1G3Lw2mGVfmE19MKsT-XU7kIb6a1qLr7GqlTuPvvxpnBtBi0OBeW_s1hmHxiSSmSQUW0A9pcfgmipvPB_dOm30NtffOkb73NCvKZdRlCkJlThna3A3iLt0Fdxiz6ThEGO3T7m6zVfw--Z9bLAEaeD5NHbFOuUrt7fLZQegb_LrSmqhshjsquDRhLu80jpUuSVq8BQ3VoWn7YRUyMb-fo8qucEcXtihVaIKDwBxWrlWpDJrgiON6Y7IqmOu7tKD2D5QvaYkrIzyo79HASiM_4MCUBg_UKyCMjXqKggseJdpz-Qr6Xk9LgdYZfSAfl1pz7aa8agUOegtOYAMk4srck6DKuRDBk5BbRsaB424iqtCwI3JoUrjsWeJEVXj6AqZ8ZC5Ea8kkdj6rm_Qxiu5S4juGSteye8lG0ms-i2nMn6X7Y4sv5L8qCg_4N_K9p6vwwhs36SE_WclwN95fuf4A3LBO3Z9U4Azu38mLAnZfcxtZ4ekIg-ZIVJEE4i44TVtbhP1HLKsuFbeV2PaiBz-IMXBr5FFk8uhIbVU-7fSg4-1n08e4zB_TbnFjOg70T4nzPIDUsItqfuRlO_1lzJQoRwthvWEGVzFDYBcXGIOsnByJhRuF9jHfdygxlbrElfkjZ_v50Q7yixpZa-Y_aVi-ut4_ypc8FGuY068kRxg_txo0I7kRZvwsARUjihirrTjEh5oV6LwLnFUT7nxIwv_Nt3BP0tI-dnyax5Pdy4eKV7ONh64SyRs0uaeZbQa44hW3hBsD_09C1cuk6mnbj1pIxqpIsS5f5oIJyxAI5FlnGH2eWiRMkb_ZMhCVepnREc2B_TUfFX3j9hfYzILcqNmvn1A3J03Nqe2ZLAETGKIh3vzIKPM0KeMz7usccpZlSZYZEY9xhHa4ciZkcFKmmyF6aHHDMDWnZHAGpB66hF7evQF8RpH8N0AefSILjXIhDr-VA08oI8pN9Sw_J4LwRRH5mNOut08_h7D9o3U8zwFhPXdvOhrDxWcPwzV-kD7A333xpiEFHcJFxxAxNPT7jDho3XFyvtNjz074pzAZ8WdbyhSduqLYmUAqdBkaBoH8v0GnVOvSFgNHEfXeo2FzrVXnPnZ0Hor2E7aGkoHQ2K3miJDxWG0AWiV5MgFCmQp85UAsWkjCDkpbRKSB2XpvnkPLZ-X67RGDA7RBbpar_az4zXQ-v36R977Wg0V-OP6Qm4vluTikIQhZDwhswmklDo63h2tG3EE8aRtoWzOJ0kDXG-54BqXsp-EeRuHjiKR0-Qe61_7hSrtT73qvL1PaTKQHXo30qTi8A1d3G3mrSX5pubCKREZlaxEeZF0qnqe3Gq0mmcvvB763tW0W69v-s-RDqpRgZnLY1x4BMViY3G8gDiW3cTRsolW2uc0MOVLyz_fal5dtTiSq7TstR2f2eNmoWKwQVmIxW25t-zzywnrqrEbO_VsuJd1bWtQ1vTyKWg3ngtbQfl80c8Xd0wydeAbqJRPVxcMHty3SBcuQd0vfX_h9ofRwuYUcmWwGJJ8SL7mJRwCzcebvLt5SqHwT_LGzgaxZ3aFBBzm5Ww_7faNib7K_nR4sXH7ujkdrPPlZSva8pNYtf1zPY0o6XtJv52T6LwNfIlbdkJvSQxA-XNVOzJ7Vlipvh6Dk_2UC0vmcxS3tiN9-QLmC62G1J-X298BCSOhiw==
-\ No newline at end of file
diff --git a/examples/pki/cms/auth_v3_token_scoped.json b/examples/pki/cms/auth_v3_token_scoped.json
deleted file mode 100644
index 9020745..0000000
--- a/examples/pki/cms/auth_v3_token_scoped.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
-    "token": {
-        "audit_ids": [
-            "SLIXlXQUQZWUi9VJrqdXqA"
-        ],
-        "methods": [
-            "password"
-        ],
-        "roles": [
-            {
-                "name": "role1"
-            },
-            {
-                "name": "role2"
-            }
-        ],
-        "expires_at": "2038-01-18T21:14:07Z",
-        "project": {
-            "id": "tenant_id1",
-            "domain": {
-                "id": "domain_id1",
-                "name": "domain_name1"
-            },
-            "enabled": true,
-            "description": null,
-            "name": "tenant_name1"
-        },
-        "catalog": [
-            {
-                "endpoints": [
-                    {
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "interface": "public",
-                        "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    }
-                ],
-                "type": "volume",
-                "name": "volume"
-            },
-            {
-                "endpoints": [
-                    {
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne"
-                    },
-                    {
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne"
-                    },
-                    {
-                        "interface": "public",
-                        "url": "http://127.0.0.1:9292/v1",
-                        "region": "regionOne"
-                    }
-                ],
-                "type": "image",
-                "name": "glance"
-            },
-            {
-                "endpoints": [
-                    {
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    },
-                    {
-                        "interface": "public",
-                        "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a",
-                        "region": "regionOne"
-                    }
-                ],
-                "type": "compute",
-                "name": "nova"
-            },
-            {
-                "endpoints": [
-                    {
-                        "interface": "admin",
-                        "url": "http://127.0.0.1:35357/v3",
-                        "region": "RegionOne"
-                    },
-                    {
-                        "interface": "internal",
-                        "url": "http://127.0.0.1:35357/v3",
-                        "region": "RegionOne"
-                    },
-                    {
-                        "interface": "public",
-                        "url": "http://127.0.0.1:5000/v3",
-                        "region": "RegionOne"
-                    }
-                ],
-                "type": "identity",
-                "name": "keystone"
-            }
-        ],
-        "user": {
-            "domain": {
-                "id": "domain_id1",
-                "name": "domain_name1"
-            },
-            "name": "user_name1",
-            "id": "user_id1"
-        }
-    }
-}
diff --git a/examples/pki/cms/auth_v3_token_scoped.pem b/examples/pki/cms/auth_v3_token_scoped.pem
deleted file mode 100644
index e83e7a0..0000000
--- a/examples/pki/cms/auth_v3_token_scoped.pem
+++ /dev/null
@@ -1,100 +0,0 @@
------BEGIN CMS-----
-MIISOAYJKoZIhvcNAQcCoIISKTCCEiUCAQExDTALBglghkgBZQMEAgEwghA9Bgkq
-hkiG9w0BBwGgghAuBIIQKnsNCiAgICAidG9rZW4iOiB7DQogICAgICAgICJhdWRp
-dF9pZHMiOiBbDQogICAgICAgICAgICAiU0xJWGxYUVVRWldVaTlWSnJxZFhxQSIN
-CiAgICAgICAgXSwNCiAgICAgICAgIm1ldGhvZHMiOiBbDQogICAgICAgICAgICAi
-cGFzc3dvcmQiDQogICAgICAgIF0sDQogICAgICAgICJyb2xlcyI6IFsNCiAgICAg
-ICAgICAgIHsNCiAgICAgICAgICAgICAgICAibmFtZSI6ICJyb2xlMSINCiAgICAg
-ICAgICAgIH0sDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgIm5hbWUi
-OiAicm9sZTIiDQogICAgICAgICAgICB9DQogICAgICAgIF0sDQogICAgICAgICJl
-eHBpcmVzX2F0IjogIjIwMzgtMDEtMThUMjE6MTQ6MDdaIiwNCiAgICAgICAgInBy
-b2plY3QiOiB7DQogICAgICAgICAgICAiaWQiOiAidGVuYW50X2lkMSIsDQogICAg
-ICAgICAgICAiZG9tYWluIjogew0KICAgICAgICAgICAgICAgICJpZCI6ICJkb21h
-aW5faWQxIiwNCiAgICAgICAgICAgICAgICAibmFtZSI6ICJkb21haW5fbmFtZTEi
-DQogICAgICAgICAgICB9LA0KICAgICAgICAgICAgImVuYWJsZWQiOiB0cnVlLA0K
-ICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogbnVsbCwNCiAgICAgICAgICAgICJu
-YW1lIjogInRlbmFudF9uYW1lMSINCiAgICAgICAgfSwNCiAgICAgICAgImNhdGFs
-b2ciOiBbDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50
-cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAg
-ICAgICAgImludGVyZmFjZSI6ICJhZG1pbiIsDQogICAgICAgICAgICAgICAgICAg
-ICAgICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3Ni92MS82NGI2ZjNmYmNj
-NTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAgICAgICAgICAgICAgICAg
-ICAicmVnaW9uIjogInJlZ2lvbk9uZSINCiAgICAgICAgICAgICAgICAgICAgfSwN
-CiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAg
-ImludGVyZmFjZSI6ICJpbnRlcm5hbCIsDQogICAgICAgICAgICAgICAgICAgICAg
-ICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3Ni92MS82NGI2ZjNmYmNjNTM0
-MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAgICAgICAgICAgICAgICAgICAi
-cmVnaW9uIjogInJlZ2lvbk9uZSINCiAgICAgICAgICAgICAgICAgICAgfSwNCiAg
-ICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAgImlu
-dGVyZmFjZSI6ICJwdWJsaWMiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInVy
-bCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh
-NjBmY2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lv
-biI6ICJyZWdpb25PbmUiDQogICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAg
-ICAgICAgICBdLA0KICAgICAgICAgICAgICAgICJ0eXBlIjogInZvbHVtZSIsDQog
-ICAgICAgICAgICAgICAgIm5hbWUiOiAidm9sdW1lIg0KICAgICAgICAgICAgfSwN
-CiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAiZW5kcG9pbnRzIjogWw0K
-ICAgICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICAi
-aW50ZXJmYWNlIjogImFkbWluIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1
-cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwNCiAgICAgICAgICAgICAg
-ICAgICAgICAgICJyZWdpb24iOiAicmVnaW9uT25lIg0KICAgICAgICAgICAgICAg
-ICAgICB9LA0KICAgICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAg
-ICAgICAgICAiaW50ZXJmYWNlIjogImludGVybmFsIiwNCiAgICAgICAgICAgICAg
-ICAgICAgICAgICJ1cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwNCiAg
-ICAgICAgICAgICAgICAgICAgICAgICJyZWdpb24iOiAicmVnaW9uT25lIg0KICAg
-ICAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgICAgICB7DQogICAg
-ICAgICAgICAgICAgICAgICAgICAiaW50ZXJmYWNlIjogInB1YmxpYyIsDQogICAg
-ICAgICAgICAgICAgICAgICAgICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5
-Mi92MSIsDQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lv
-bk9uZSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0s
-DQogICAgICAgICAgICAgICAgInR5cGUiOiAiaW1hZ2UiLA0KICAgICAgICAgICAg
-ICAgICJuYW1lIjogImdsYW5jZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAg
-ICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50cyI6IFsNCiAgICAgICAgICAg
-ICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVyZmFjZSI6
-ICJhZG1pbiIsDQogICAgICAgICAgICAgICAgICAgICAgICAidXJsIjogImh0dHA6
-Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODli
-YjY2MTdhIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJyZWdpb24iOiAicmVn
-aW9uT25lIg0KICAgICAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAg
-ICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJmYWNlIjogImlu
-dGVybmFsIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cmwiOiAiaHR0cDov
-LzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJi
-NjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJyZWdp
-b25PbmUiDQogICAgICAgICAgICAgICAgICAgIH0sDQogICAgICAgICAgICAgICAg
-ICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJpbnRlcmZhY2UiOiAicHVi
-bGljIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovLzEy
-Ny4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJiNjYx
-N2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJyZWdpb25P
-bmUiDQogICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICBdLA0K
-ICAgICAgICAgICAgICAgICJ0eXBlIjogImNvbXB1dGUiLA0KICAgICAgICAgICAg
-ICAgICJuYW1lIjogIm5vdmEiDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAg
-ew0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAg
-ICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJpbnRlcmZhY2UiOiAi
-YWRtaW4iLA0KICAgICAgICAgICAgICAgICAgICAgICAgInVybCI6ICJodHRwOi8v
-MTI3LjAuMC4xOjM1MzU3L3YzIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJy
-ZWdpb24iOiAiUmVnaW9uT25lIg0KICAgICAgICAgICAgICAgICAgICB9LA0KICAg
-ICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50
-ZXJmYWNlIjogImludGVybmFsIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1
-cmwiOiAiaHR0cDovLzEyNy4wLjAuMTozNTM1Ny92MyIsDQogICAgICAgICAgICAg
-ICAgICAgICAgICAicmVnaW9uIjogIlJlZ2lvbk9uZSINCiAgICAgICAgICAgICAg
-ICAgICAgfSwNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAg
-ICAgICAgICAgImludGVyZmFjZSI6ICJwdWJsaWMiLA0KICAgICAgICAgICAgICAg
-ICAgICAgICAgInVybCI6ICJodHRwOi8vMTI3LjAuMC4xOjUwMDAvdjMiLA0KICAg
-ICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJSZWdpb25PbmUiDQogICAg
-ICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICBdLA0KICAgICAgICAg
-ICAgICAgICJ0eXBlIjogImlkZW50aXR5IiwNCiAgICAgICAgICAgICAgICAibmFt
-ZSI6ICJrZXlzdG9uZSINCiAgICAgICAgICAgIH0NCiAgICAgICAgXSwNCiAgICAg
-ICAgInVzZXIiOiB7DQogICAgICAgICAgICAiZG9tYWluIjogew0KICAgICAgICAg
-ICAgICAgICJpZCI6ICJkb21haW5faWQxIiwNCiAgICAgICAgICAgICAgICAibmFt
-ZSI6ICJkb21haW5fbmFtZTEiDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAg
-Im5hbWUiOiAidXNlcl9uYW1lMSIsDQogICAgICAgICAgICAiaWQiOiAidXNlcl9p
-ZDEiDQogICAgICAgIH0NCiAgICB9DQp9DQoxggHOMIIBygIBATCBpDCBnjEKMAgG
-A1UEBRMBNTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5u
-eXZhbGUxEjAQBgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAj
-BgkqhkiG9w0BCQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1Nl
-bGYgU2lnbmVkAgERMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQBBvzoh
-0iSPMQhuRCAtTG3cPhyewvf554MPjbGQnu8mYmmfyxl7gMmWkTAmyckAsSv4mS6/
-4SQj9WCn4T1lFkhUz7WWjCwt6fWWp3mzF8Nl/kMsJKDwlxDGbPzsyewXIUsw11sz
-q/Qxs7qGxQ1vYWnaWQ3hC3oZw7cOswKRJicdP439iVPvfqR9CDbK55sPP+ewZRgQ
-YJ3Uc/xDizxepudFJj9+VHKceA37/sVK0ataNe2uHLHwVBYPwOppMckP169QBw8x
-QYh9h+kcOAyZ5psiUzCpLKnlMiYDrVcTGxnTeiVHxKXxj/MERNhR1Y4lEr0ZHJ+p
-Y6p3FBP2VUCefaRh
------END CMS-----
diff --git a/examples/pki/cms/auth_v3_token_scoped.pkiz b/examples/pki/cms/auth_v3_token_scoped.pkiz
deleted file mode 100644
index 74f8f63..0000000
--- a/examples/pki/cms/auth_v3_token_scoped.pkiz
+++ /dev/null
@@ -1 +0,0 @@
-PKIZ_eJy9V0tzozoT3etX3H1qKoBNEhbfgpexMJKNjXloZyDmJWwnNs9f_wnsSWYyuXUzc6uuq7yQQN2n-_RpNd--sZ-iGxD_paLNsPgGEISmIwfm4khgWkdYtiP1yPZWjqqqTqHKtt5qjmwpCU3SIlGIjXQ50ZskiddKUryAtMgMqeEUpTEStqkqEM5Xh3MWG9Ir8abZMlMeYcnT2EhrMkfDOoQHJY0meBJOzAJAyp2hanah0NKogw9wdmEHxDT0tuxlOYtK6UwcPdtvmuS5M6vA4ynMjwk8mHVobDsAD3xsqXJG_LTZ-SaNeCmNVWZIhR3S0NRy5NZy9KmrwXaZ69wylydeBgenDTP-AoiHucEis16EAp_u3mDTYvRUruvQm51CKp2IpmeDs7CcXchmcMJCuB4S9-PmDSosXQbVPBPPHoxx0cGlw8HduJZZfobnIucLtABoM8L5IbY1ZcaqeCaNe7fnBfFxHpW0iQ1ahxnzboh8aLQSGCwHwowLvLYmb0l0KzJXaoaMe08srZjnjpSz_AY_JQZ_AuE1IXxUNiO83XzNRdqxtnq9w920sXK5Qs5xivtIsCZBa_UBF-SkRAJhjhEPUG_32NtOAydoSInLpUazIGePnDiFWTPQRYlwg83oJl58CgVxFZbbMV-AZf8UsrijkqSBcOV-gE78IS_NmPXYN89XRlIunssPVvfUojyqkDptgJXrD0uN1VUmCWjzJGADCiTHZVDiHDuIQ71Ll4YuIIPkJE_EoIQCzvVJcE1uB66Qpreqcw87T6ocQaTwwCp0fv6Opgw8fGNJ4YOyPQXdNXfgT5P3PXfgj5Lnjvrhnn2FgissUodzdyjPD0X1fd-ULFX5tD7A3xXIF-tDBCgvuiHGr3D-GeXgdzgfKXegiEbK_yMaxX8KEXxGzTUEegm8mI4Hf2hxRGjTsMRvCFkIYhEZ0pCcfjjoTT6BXc6K0KPVFYXbhWPLM4_xfN2AZfZUIwdORsjqlPW9ZIJ7u45zvfqKNsBHcfxuUt8KibWx82cQ_wkh-F35fkQIfpf3j7SDT-TLjfLN9Rrn64xh60lp5kG_7bGGeOKkKc6VMhCC6dIzM4DzoMXC9cL4nrTb1XUtmkKqBjX6w31xWIuRca2HQJAu0dzlwC8SLsU6Lt_uQnZHrJtQYIm-XawfBQVGa976MlxpXxETGkJxIsYCGt8HP8GmP8O-NpFf-sUNAStvFZ7BF5oG84h43DEJd79SCbZ_IOEfHYJPPPJIkxtGZf-JhDcfmyv4IOGCqZPb-Wvxo4x3gitGEzYrvEufjwS3A_9muBjOgF-Hi3evsY9pRH-aE07kKrTR-23AGOhiteC7BYO-33m3xtKZjqPTIJyla9ed7VzePS1dsogOs8KbzxRIeWnvGCqQoymb-eYLNvspCBoF-z8j-9iocqC5tj3TG51H9rlR7XFt6I3pbnvdQnJhyPxWB6qCVJvTWz2XbSXBriJHjupiPixFMWY9goW2QYo8vqymyHQmCg0pZhMNfkVrvQFaM1q29Ca1iE97NmBW7BBFKjLUzYuxgeFEs3VTXgfeOxOuHA6GDpgDgyWrlDrS61ukwNGT3CJrK7hnkinOzosrNq2pMvOmNoEZQAJlb6spMlSQzBngBy-KbG9lNuoqsl45jyd9AeeC-HheWe3ZcDV83l82hJcKyxTugoXTmR29W7ggfMi9NIj3U057PbLunu_O-6Pf76PznSIHxJRq4e7OOIWL7KTwPgcP9f2rd7_dRKUwebBCDmgngUi2KFhknc5gFhThttK4Je6NbWFO4GIz0T3rsfJW4mql2yo1yqqtlZnzjLO21O874K2f7p-3F08ISRVMDf_iXbz5PD_K8sTuT0er8oTnKn5NWsdHyHVR99DQbfas-vv01XjSVsATVN47Wg1furyTLmYXI0p8ob7Xl6tjv6sXjplX6K40Nz4WV013XF_UIgmX3fSurGfTwwJ0j4vLEa_um-eE7-4VWqYvq8eX-zbZTFYPl2htaOZRdlYzh4P_A-M3io619--V_wMk2UFA
-\ No newline at end of file
diff --git a/examples/pki/cms/revocation_list.json b/examples/pki/cms/revocation_list.json
deleted file mode 100644
index 2c239e5..0000000
--- a/examples/pki/cms/revocation_list.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "revoked": [
-        {
-            "expires": "2112-08-14T17:58:48Z",
-            "id": "dc57ea171d2f93e4ff5fa01fe5711f2a"
-        },
-        {
-            "expires": "2112-08-14T17:58:48Z",
-            "id": "4948fb46f88c41af90b65213a48baef7"
-        },
-        {
-            "expires": "2112-08-14T17:58:48Z",
-            "id": "dc57ea171d2f93e4ff5fa01fe5711f2a"
-        },
-        {
-            "expires": "2112-08-14T17:58:48Z",
-            "id": "4948fb46f88c41af90b65213a48baef7"
-        }
-    ]
-}
diff --git a/examples/pki/cms/revocation_list.pem b/examples/pki/cms/revocation_list.pem
deleted file mode 100644
index a86d6d3..0000000
--- a/examples/pki/cms/revocation_list.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CMS-----
-MIIEGAYJKoZIhvcNAQcCoIIECTCCBAUCAQExCTAHBgUrDgMCGjCCAiUGCSqGSIb3
-DQEHAaCCAhYEggISew0KICAgICJyZXZva2VkIjogWw0KICAgICAgICB7DQogICAg
-ICAgICAgICAiZXhwaXJlcyI6ICIyMTEyLTA4LTE0VDE3OjU4OjQ4WiIsDQogICAg
-ICAgICAgICAiaWQiOiAiZGM1N2VhMTcxZDJmOTNlNGZmNWZhMDFmZTU3MTFmMmEi
-DQogICAgICAgIH0sDQogICAgICAgIHsNCiAgICAgICAgICAgICJleHBpcmVzIjog
-IjIxMTItMDgtMTRUMTc6NTg6NDhaIiwNCiAgICAgICAgICAgICJpZCI6ICI0OTQ4
-ZmI0NmY4OGM0MWFmOTBiNjUyMTNhNDhiYWVmNyINCiAgICAgICAgfSwNCiAgICAg
-ICAgew0KICAgICAgICAgICAgImV4cGlyZXMiOiAiMjExMi0wOC0xNFQxNzo1ODo0
-OFoiLA0KICAgICAgICAgICAgImlkIjogImRjNTdlYTE3MWQyZjkzZTRmZjVmYTAx
-ZmU1NzExZjJhIg0KICAgICAgICB9LA0KICAgICAgICB7DQogICAgICAgICAgICAi
-ZXhwaXJlcyI6ICIyMTEyLTA4LTE0VDE3OjU4OjQ4WiIsDQogICAgICAgICAgICAi
-aWQiOiAiNDk0OGZiNDZmODhjNDFhZjkwYjY1MjEzYTQ4YmFlZjciDQogICAgICAg
-IH0NCiAgICBdDQp9DQoxggHKMIIBxgIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkG
-A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNV
-BAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEW
-FmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgER
-MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIIBAGMtzsHJdosl27LoRWYHGknORRWE
-K0E9a7Bm4ZDt0XiGn0opGWpXF3Kj+7q86Ph1qcG9vZy20e2V+8n5696//OgMGCZe
-QNbkOv70c0pkICMqczv4RaNF+UPetwDdv+p0WV8nLH5dDVc8Pp8B4T6fN6vXHXA2
-GMWxxn8SpF9bvP8S5VCAt7wsvmhWJpJVYe6bOdYzlhR0yLJzv4GvHtPVP+cBz6nS
-uJguvt77MfQU97pOaDbvfmsJRUf/L3Fd93KbgLTzFPEhddTs1oD9pSDckncnZwua
-9nIDn2iFNB/NfZrbqy+owM0Nt5j1m4dcPX/qm0J9DAhKGeDUbIu+81yL308=
------END CMS-----
diff --git a/examples/pki/cms/revocation_list.pkiz b/examples/pki/cms/revocation_list.pkiz
deleted file mode 100644
index 600fce0..0000000
--- a/examples/pki/cms/revocation_list.pkiz
+++ /dev/null
@@ -1 +0,0 @@
-PKIZ_eJx9VEuPszgQvPMr9h6NQgIhk8N3MMaACTaBmJdvCZMxGMhjkgmPX79kRtq9rNYXq0ul6u7qVr-9Tc9EDqZ_QbJ_BW8KwdhiXe5tLxyXz4KCsICXCQstCMHYQRCiHjLgmiL-sgSBjpzwpHPg_ubs8VFTrBC54DCBsYqEsL3T4A0848_DMqmxvIhUu1c8K7tD5jXFgA0M8UAYGnwGdJ8hVUkspAUy1gMZ6mmF7xh6Vw5fRK_Ox1jjKerpaNekzVdkGau8zRe8RR1JeUNZ0SskzYd87218aK5xm-iF00wVkCqoQEUk6kmldgFUe2qHk9BlEVgXNbAvlQ9BdUjDSnkRqVWrgcOnn7eBVUpq2SWXdZfLfDGJjDkL9by1Gy6L6nPfianN5uSa16JNRuXVJ5a4Jww_iCUehEUxYYVBmTCoVR5w1QncNj9-4DaSlH00OUMaScNhSjIqnEUtl0mbM9DzNl7QEfVceiU-q3fs_r-BL_-U_zYQq8FUNm-xSttcDxyiktRuA2ZWVMaTCC2n6qo8TVqFDt4my9ReCHc77YTZC2wCBs2rBc2zRFsChAMWMTIjYlKGfALq37gkMElIr8AReKagiQkEAzU1SYQ7BHIrCUMXdQ37SFffp4yXRyfukQThL_fCYLzpeLpiyodjy8OIIgLef5RhT_B-mawKLXoe27j3GJCmqG9lXTmbTjVhiKZmHs0po-pxuWqU0PlRGn-EhtWzaIvetsD-NxNhcEGbo5OLeNmcj21SA_FKVjjm_h6ADh8UAtR_9npaaxOEMTAnLwBePp4BLmXIWNlG3VbvrrPtiQexUW7rJVjJVTHLKFesvvOb53c2y3nfroKr_4HPWybJU5LKEN9F1blaEoPLEt9um4GU7jwrV4_30NvPxp29rpSZE9w6fjULI9zSqsSXWt34unwcYvmpzz_XiIe0nEtSfz6-gVaWj2__0JzrPF0PCCzvtnI-rXdREidG9V7NbmsBV_6mymo9HLTrEoxi53yWtrEjc_U6DtJ71MbzfWfCehrqqf-qb0q011N5z0mktafnQvrah6d2TEBxvsEi0o7hw_LnxL3Gxs2AJyPULAcZZR0GOHJPZzRX6GXHb1Y-J5pO3aO8k1ulj14d6C75KgSo8sN8zOaD2Y1P9P2F_yg_dwhR69-b9Dc2l4GQ
-\ No newline at end of file
diff --git a/examples/pki/gen_cmsz.py b/examples/pki/gen_cmsz.py
deleted file mode 100644
index 9a8834e..0000000
--- a/examples/pki/gen_cmsz.py
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/python
-
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import json
-import os
-
-from keystoneclient.common import cms
-
-CURRENT_DIR = os.path.abspath(os.path.dirname(__file__))
-
-
-def make_filename(*args):
-    return os.path.join(CURRENT_DIR, *args)
-
-
-CA_CERT_FILE_NAME = make_filename('certs', 'cacert.pem')
-SIGNING_CERT_FILE_NAME = make_filename('certs', 'signing_cert.pem')
-SIGNING_KEY_FILE_NAME = make_filename('private', 'signing_key.pem')
-EXAMPLE_TOKENS = ['auth_token_revoked',
-                  'auth_token_unscoped',
-                  'auth_token_scoped',
-                  'auth_token_scoped_expired',
-                  'auth_v3_token_scoped',
-                  'auth_v3_token_revoked']
-
-
-# Helper script to generate the sample data for testing
-# the signed tokens using the existing JSON data for the
-# MII-prefixed tokens.  Uses the keys and certificates
-# generated in gen_pki.sh.
-def generate_der_form(name):
-    derfile = make_filename('cms', '%s.der' % name)
-    with open(derfile, 'w') as f:
-        derform = cms.cms_sign_data(text,
-                                    SIGNING_CERT_FILE_NAME,
-                                    SIGNING_KEY_FILE_NAME, cms.PKIZ_CMS_FORM)
-        f.write(derform)
-
-for name in EXAMPLE_TOKENS:
-    json_file = make_filename('cms', name + '.json')
-    pkiz_file = make_filename('cms', name + '.pkiz')
-    with open(json_file, 'r') as f:
-        string_data = f.read()
-
-    # validate the JSON
-    try:
-        token_data = json.loads(string_data)
-    except ValueError as v:
-        raise SystemExit('%s while processing token data from %s: %s' %
-                         (v, json_file, string_data))
-
-    text = json.dumps(token_data).encode('utf-8')
-
-    # Uncomment to record the token uncompressed,
-    # useful for debugging
-    # generate_der_form(name)
-
-    encoded = cms.pkiz_sign(text,
-                            SIGNING_CERT_FILE_NAME,
-                            SIGNING_KEY_FILE_NAME)
-
-    # verify before writing
-    cms.pkiz_verify(encoded,
-                    SIGNING_CERT_FILE_NAME,
-                    CA_CERT_FILE_NAME)
-
-    with open(pkiz_file, 'w') as f:
-        f.write(encoded)
diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh
deleted file mode 100755
index b8b28f9..0000000
--- a/examples/pki/gen_pki.sh
+++ /dev/null
@@ -1,213 +0,0 @@
-#!/bin/bash
-
-# Copyright 2012 OpenStack Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# These functions generate the certificates and signed tokens for the tests.
-
-DIR=`dirname "$0"`
-CURRENT_DIR=`cd "$DIR" && pwd`
-CERTS_DIR=$CURRENT_DIR/certs
-PRIVATE_DIR=$CURRENT_DIR/private
-CMS_DIR=$CURRENT_DIR/cms
-
-
-function rm_old {
-  rm -rf $CERTS_DIR/*.pem
-  rm -rf $PRIVATE_DIR/*.pem
-}
-
-function cleanup {
-  rm -rf *.conf > /dev/null 2>&1
-  rm -rf index* > /dev/null 2>&1
-  rm -rf *.crt > /dev/null 2>&1
-  rm -rf newcerts > /dev/null 2>&1
-  rm -rf *.pem > /dev/null 2>&1
-  rm -rf serial* > /dev/null 2>&1
-}
-
-function generate_ca_conf {
-  echo '
-[ req ]
-default_bits            = 2048
-default_keyfile         = cakey.pem
-default_md              = default
-
-prompt                  = no
-distinguished_name      = ca_distinguished_name
-
-x509_extensions         = ca_extensions
-
-[ ca_distinguished_name ]
-serialNumber            = 5
-countryName             = US
-stateOrProvinceName     = CA
-localityName            = Sunnyvale
-organizationName        = OpenStack
-organizationalUnitName  = Keystone
-emailAddress            = keystone@openstack.org
-commonName              = Self Signed
-
-[ ca_extensions ]
-basicConstraints        = critical,CA:true
-' > ca.conf
-}
-
-function generate_ssl_req_conf {
-  echo '
-[ req ]
-default_bits            = 2048
-default_keyfile         = keystonekey.pem
-default_md              = default
-
-prompt                  = no
-distinguished_name      = distinguished_name
-
-[ distinguished_name ]
-countryName             = US
-stateOrProvinceName     = CA
-localityName            = Sunnyvale
-organizationName        = OpenStack
-organizationalUnitName  = Keystone
-commonName              = localhost
-emailAddress            = keystone@openstack.org
-' > ssl_req.conf
-}
-
-function generate_cms_signing_req_conf {
-  echo '
-[ req ]
-default_bits            = 2048
-default_keyfile         = keystonekey.pem
-default_md              = default
-
-prompt                  = no
-distinguished_name      = distinguished_name
-
-[ distinguished_name ]
-countryName             = US
-stateOrProvinceName     = CA
-localityName            = Sunnyvale
-organizationName        = OpenStack
-organizationalUnitName  = Keystone
-commonName              = Keystone
-emailAddress            = keystone@openstack.org
-' > cms_signing_req.conf
-}
-
-function generate_signing_conf {
-  echo '
-[ ca ]
-default_ca      = signing_ca
-
-[ signing_ca ]
-dir             = .
-database        = $dir/index.txt
-new_certs_dir   = $dir/newcerts
-
-certificate     = $dir/certs/cacert.pem
-serial          = $dir/serial
-private_key     = $dir/private/cakey.pem
-
-default_days            = 21360
-default_crl_days        = 30
-default_md              = default
-
-policy                  = policy_any
-
-[ policy_any ]
-countryName             = supplied
-stateOrProvinceName     = supplied
-localityName            = optional
-organizationName        = supplied
-organizationalUnitName  = supplied
-emailAddress            = supplied
-commonName              = supplied
-' > signing.conf
-}
-
-function setup {
-  touch index.txt
-  echo '10' > serial
-  generate_ca_conf
-  mkdir newcerts
-}
-
-function check_error {
-  if [ $1 != 0 ] ; then
-    echo "Failed! rc=${1}"
-    echo 'Bailing ...'
-    cleanup
-    exit $1
-  else
-    echo 'Done'
-  fi
-}
-
-function generate_ca {
-  echo 'Generating New CA Certificate ...'
-  openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
-  check_error $?
-}
-
-function ssl_cert_req {
-  echo 'Generating SSL Certificate Request ...'
-  generate_ssl_req_conf
-  openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
-  check_error $?
-  #openssl req -in req.pem -text -noout
-}
-
-function cms_signing_cert_req {
-  echo 'Generating CMS Signing Certificate Request ...'
-  generate_cms_signing_req_conf
-  openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
-  check_error $?
-  #openssl req -in req.pem -text -noout
-}
-
-function issue_certs {
-  generate_signing_conf
-  echo 'Issuing SSL Certificate ...'
-  openssl ca -in ssl_req.pem -config signing.conf -batch
-  check_error $?
-  openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
-  check_error $?
-  echo 'Issuing CMS Signing Certificate ...'
-  openssl ca -in cms_signing_req.pem -config signing.conf -batch
-  check_error $?
-  openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
-  check_error $?
-}
-
-function create_middleware_cert {
-  cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
-  cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
-}
-
-function check_openssl {
-  echo 'Checking openssl availability ...'
-  which openssl
-  check_error $?
-}
-
-JSON_FILES="${CMS_DIR}/auth_token_revoked.json ${CMS_DIR}/auth_token_unscoped.json ${CMS_DIR}/auth_token_scoped.json ${CMS_DIR}/auth_token_scoped_expired.json ${CMS_DIR}/revocation_list.json ${CMS_DIR}/auth_v3_token_scoped.json ${CMS_DIR}/auth_v3_token_revoked.json"
-
-function gen_sample_cms {
-  for json_file in $JSON_FILES
-  do
-    openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
-  done
-}
-
diff --git a/examples/pki/private/cakey.pem b/examples/pki/private/cakey.pem
deleted file mode 100644
index 1c93ee1..0000000
--- a/examples/pki/private/cakey.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCl8906EaRpibQF
-cCBWfxzLi5x/XpZ9iL6UX92NrSJxcDbaGws7s+GtjgDy8UOEonesRWTeqQEZtHpC
-3/UHHOnsA8F6ha/pq9LioqT7RehCnZCLBJwh5Ct+lclpWs15SkjJD2LTDkjox0eA
-9nOBx+XDlWyU/GAyqx5Wsvg/Kxr0iod9/4IcJdnSdUjq4v0Cxg/zNk08XPJX+F0b
-UDhgdUf7JrAmmS5LA8wphRnbIgtVsf6VN9HrbqtHAJDxh8gEfuwdhEW1df1fBtZ+
-6WMIF3IRSbIsZELFB6sqcyRj7HhMoWMkdEyPb2f8mq61MzTgE6lJGIyTRvEoFie7
-qtGADIofAgMBAAECggEBAJ47X3y2xaU7f0KQHsVafgI2JAnuDl+zusOOhJlJs8Wl
-0Sc1EgjjAxOQiqcaE96rap//qqYDTuFLjCenkuItV32KNzizr3+GLZWaruRHS6X4
-xpFG2/gUrsQL3fdudOxpP+01lmzW+f25xRvZ4VilWRabquSDntWxA0R3cOwKFbGD
-uuwbTw3pBrRfCk/2IdpQtRrvvkVIFiYT6b/zeCQzhp4RETbC0oxqcEEOIUGmimAV
-9cbwafinxCo54cOfX4JAh3j7Mp3eQUymoFk5gnmIeVe0QmpH2VkN7eItrhEvHKOk
-On7a5xvQ8s3wqPV5ZawHQcqar/p3QnGkiT6a+8LkIMECgYEA2iJ2DprTGZFRN0M7
-Yj4WLsSC3/GKK8eYsKG3TvMrmPqUDaiWLIvBoc1Le59x9eoF7Mha+WX+cAFL+GTg
-1sB+PUZZStpf1R1tGvMldvpQ+5GplUBpuQe4J0n5rCG6+5jkvSr7xO+G1B+C3GFq
-KR3iltiW5WJRVwh2k8yGvx3agyUCgYEAwsKFX82F7O+9IVud1JSQWmZMiyEK+DEX
-JRnwx4HBuWr+AZqbb0grRRb6x8JTUOD4T7DZGxTaAdfzzRjKU2sBAO8VCgaj2Auv
-5nsbvfXvrmDDCqwoaD2PMy+kgFvE0QTh65tzuGXl1IgpIYSC1JwnP6kOeUDbqE+k
-UXzfVZzDdvMCgYByk9dfJIPt0h7O4Em4+NO+DQqRhtYE2PqjDM60cZZc7IIICp2X
-GHHFA4i6jq3Vde9WyIbAqYpUWtoExzgylTm6BdGxN7NOxf4hQcZUEHepLIHfG85s
-mlloibrTZ4RH06+SjZlhgE9Z7JNYHvMcVc5HXc0k/9ep15AxYiUFDjFQ4QKBgG7i
-k089U4/X2wWgBNdgkmN1tQTNllJCmNvdzhG41dQ8j0vYe8C7BS+76qJLCGaW/6lX
-lfRuRcUg78UI5UDjPloKxR7FMwmxdb+yvdPEr2bH3qQ36nWW/u30pSMTnJYownwD
-MLp/AYCk2U4lBNwJ3+rF1ODCRY2pcnOWtg0nSL5zAoGAWRoOinogEnOodJzO7eB3
-TmL6M9QMyrAPBDsCnduJ8yW5mMUNod139YbSDxZPYwTLhK/GiHP/7OvLV5hg0s4s
-QKnNaMeEowX7dyEO4ehnbfzysxXPKLRVhWhN6MCUc71NMxqr7QkuCXAjJS6/G21+
-Im3+Xb3Scq+UZghR+jiEZF0=
------END PRIVATE KEY-----
diff --git a/examples/pki/private/signing_key.pem b/examples/pki/private/signing_key.pem
deleted file mode 100644
index 758c0ff..0000000
--- a/examples/pki/private/signing_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDM+VrILLl962VH
-S8EKWVzdkaOy0OoxGZ63gajM7VTm8AbgtVnYibIOnVZQuz1XbftIGNXPFhYNUypr
-LnMXrEEsnxgD4PvU/4bETG+stdricX6d1oKqsNFNR7F7zImiR/OzGhp7dONwccxf
-kfX4QHA5Ogso+XMfSdC72SRDszeCeGUcjuo/w2WSLW95SuVvcZLqE/pk3Q2TkCZ1
-8hvNfLoln43QpC469a7srUXATqOJ2mPNvL6E/wOyPefmAoCoG44lFoR3k2jZjBEI
-hstJxmH7XgvqErBzpcWd29dms8xz5PNwYdns9CIfb3GaHvQ6r5RTl37/avDrGHOW
-KOoD01xLAgMBAAECggEAaIi22qWsh+JYCW9B6NRAPyN6V8Sh2x6UykOO4cwb45b/
-+vOh+YPn0fo9vfhvxTnq0A8SY4WBA5SpanYK7kTEDEyqw7em1y7l/RB6V5t7IMb+
-6uIuS3zXkVEB3AApJSEK0Ql7/gBTydHPh+H5jnzWfujyLhhhtNBBarvH+drZcWio
-lWx8RERN4cH+3DZD/xxjH2Ff+X1XMvb8Xcup7MlWi2FtREg7LttLNWNK25iWjciP
-QwfWQIrURRJrD2IrOr9V2nuIEvRqRRBoO+pxJT2sC48NJ3hiKV2GtSQe2nRpQJ47
-f9MEsF5KVQOOn+aQ60EKOI0MpNPmpiCZ5hFvBrNuOQKBgQD6vueEdI9eJgz5YN+t
-XWdpNippv35RTD8R4bQcE6GqIUXOmtQFS2wPJLn7nisZUsGMNEs36Yl0T9iow63r
-5GNAfgzpqN1XZqaSMwAdxKmlBNYpAkVXHhv+1jN+9diDYmoj9T+3Q6Zvk5e/Liyp
-6i+TsDppwmmr2utWajhyJ7owFwKBgQDRROncTztGDYLfRcrIoYsPo79KQ8tqwd2a
-07Usch2kplTqojCUmmhMMFgV2eZPPiCjnEy2bAYh9I/oj7xG6EwApXTshZdCpivC
-rbUV64MakRTUP8IvM6PdI+apkJRsRUi/bSyIbcRlvEoCMNZhfj/5VY6w/jlwrPJj
-oBOCXBlB7QKBgQDGEbEeX1i03UfYYh6uep7qbEAaooqsu5cCkBDPMO6+TmQvLPyY
-Zhio6bEEQs/2w/lhwBk+xHqw5zXVMiWbtiB03F1k4eBeXxbrW+AWo7gCQ4zMfh+6
-Dm284wVwn9D1D/OaDevT31uEvcjb2ySq3/PPLSEnU8xXVaoa6/NEsX8Q5wKBgQCm
-2smULWBXZKJ6n00mVxdnqun0rsVcI6Mrta14+KwGAdEnG5achdivFsTE924YtLKV
-gSPxN4RUQokTprc52jHvOf1WMNYAADpYCOSfy55G6nKvIP8VX5lB00Qw4uRUx5FP
-gB7H0K2NaGmiAYqNRXqAtOUG3kyyOFMzeAjWIdTJqQKBgQCHzY1c7sS1vv7mPEkr
-6CpwoaEbZeFnWoHBA8Rd82psqfYsVJIRwk5Id8zgDSEmoEi8hQ9UrYbrFpLK77xq
-EYSxLQHTNlM0G3lyEsv/gJhwYYhdTYiW3Cx3F6Y++jyn9O/+hFMyQvuesAL7DUYE
-ptEfvzFprpQUpByXkIpuJub6fg==
------END PRIVATE KEY-----
diff --git a/examples/pki/private/ssl_key.pem b/examples/pki/private/ssl_key.pem
deleted file mode 100644
index 363ce94..0000000
--- a/examples/pki/private/ssl_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDL06AaJROwHPgJ
-9tcySSBepzJ81jYars2sMvLjyuvdiIBbhWvbS/a9Tw3WgL8H6OALkHiOU/f0A6Rp
-v8dGDIDsxZQVjT/4SLaQUOeDM+9bfkKHpSd9G3CsdSSZgOH08n+MyZ7slPHfUHLY
-Wso0SJD0vAi1gmGDlSM/mmhhHTpCDGo6Wbwqare6JNeTCGJTJYwrxtoMCh/W1Zrs
-lPC5lFvlHD7KBBf6IU2A8Xh/dUa3p5pmQeHPW8Em90DzIB1qH0DRXl3KANc24xYR
-R45pPCVkk6vFsy6P0JwwpnkszB+LcK6CEsJhLsOYvQFsiQfSZ8m7YGhgrMLxtop4
-YEPirGGrAgMBAAECggEATwvbY0hNwlb5uqOIAXBqpUqiQdexU9fG26lGmSDxKBDv
-9o5frcRgBDrMWwvDCgY+HT4CAvB9kJx4/qnpVjkzJp/ZNiJ5VIiehIlbv348rXbh
-xkk+bz5dDATCFOXuu1fwL2FhyM5anwhMAav0DyK1VLQ3jGzr9GO6L8hqAn+bQFFu
-6ngiODwfhBMl5aRoL9UOBEhccK07znrH0JGRz+3+5Cdz59Xw91Bv210LhNNDL58+
-0JD0N+YztVOQd2bgwo0bQbOEijzmYq+0mjoqAnJh1/++y7PlIPs0AnPgqSnFPx9+
-6FsQEVRgk5Uq3kvPLaP4nT2y6MDZSp+ujYldvJhyQQKBgQDuX2pZIJMZ4aFnkG+K
-TmJ5wsLa/u9an0TmvAL9RLtBpVpQNKD8cQ+y8PUZavXDbAIt5NWqZVnTbCR79Dnd
-mZKblwcHhtsyA5f89el5KcxY2BREWdHdTnJpNd7XRlUECmzvX1zGj77lA982PhII
-yflRBRV3vqLkgC8vfoYgRyRElwKBgQDa5jnLdx/RahfYMOgn1HE5o4hMzLR4Y0Dd
-+gELshcUbPqouoP5zOb8WOagVJIgZVOSN+/VqbilVYrqRiNTn2rnoxs+HHRdaJNN
-3eXllD4J2HfC2BIj1xSpIdyh2XewAJqw9IToHNB29QUhxOtgwseHciPG6JaKH2ik
-kqGKH/EKDQKBgFFAftygiOPCkCTgC9UmANUmOQsy6N2H+pF3tsEj43xt44oBVnqW
-A1boYXNnjRwuvdNs9BPf9i1l6E3EItFRXrLgWQoMwryakv0ryYh+YeRKyyW9RBbe
-fYs1TJ8unx4Ae79gTxxztQsVNcmkgLs0NWKTjAzEE3w14V+cDhYEie1DAoGBAJdI
-V5cLrBzBstsB6eBlDR9lqrRRIUS2a8U9m+1mVlcSfiWQSdehSd4K3tDdwePLw3ch
-W4qR8n+pYAlLEe0gFvUhn5lMdwt7U5qUCeehjUKmrRYm2FqWsbu2IFJnBjXIJSC4
-zQXRrC0aZ0KQYpAL7XPpaVp1slyhGmPqxuO78Y0dAoGBAMHo3EIMwu9rfuGwFodr
-GFsOZhfJqgo5GDNxxf89Q9WWpMDTCdX+wdBTrN/wsMbBuwIDHrUuRnk6D5CWRjSk
-/ikCgHN3kOtrbL8zzqRomGAIIWKYGFEIGe1GHVGo5r//HXHdPxFXygvruQ/xbOA4
-RGvmDiji8vVDq7Shho8I6KuT
------END PRIVATE KEY-----
diff --git a/examples/pki/run_all.sh b/examples/pki/run_all.sh
deleted file mode 100755
index ba2f0b6..0000000
--- a/examples/pki/run_all.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash -x
-
-# Copyright 2012 OpenStack Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# This script generates the crypto necessary for the SSL tests.
-
-. gen_pki.sh
-
-check_openssl
-rm_old
-cleanup
-setup
-generate_ca
-ssl_cert_req
-cms_signing_cert_req
-issue_certs
-create_middleware_cert
-gen_sample_cms
-cleanup
diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 6041e9e..dcf166b 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -217,7 +217,6 @@ object is stored.
 
 """
 
-import binascii
 import copy
 
 from keystoneauth1 import access
@@ -226,8 +225,6 @@ from keystoneauth1 import discover
 from keystoneauth1 import exceptions as ksa_exceptions
 from keystoneauth1 import loading
 from keystoneauth1.loading import session as session_loading
-from keystoneclient.common import cms
-from keystoneclient import exceptions as ksc_exceptions
 import oslo_cache
 from oslo_config import cfg
 from oslo_log import log as logging
@@ -242,7 +239,6 @@ from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.auth_token import _identity
 from keystonemiddleware.auth_token import _opts
 from keystonemiddleware.auth_token import _request
-from keystonemiddleware.auth_token import _signing_dir
 from keystonemiddleware.auth_token import _user_plugin
 from keystonemiddleware.i18n import _
 
@@ -289,16 +285,6 @@ class _BIND_MODE(object):
     KERBEROS = 'kerberos'
 
 
-def _uncompress_pkiz(token):
-    # TypeError If the signed_text is not zlib compressed binascii.Error if
-    # signed_text has incorrect base64 padding (py34)
-
-    try:
-        return cms.pkiz_uncompress(token)
-    except (TypeError, binascii.Error):
-        raise ksm_exceptions.InvalidToken(token)
-
-
 class BaseAuthProtocol(object):
     """A base class for AuthProtocol token checking implementations.
 
@@ -534,9 +520,6 @@ class BaseAuthProtocol(object):
 class AuthProtocol(BaseAuthProtocol):
     """Middleware that handles authenticating client calls."""
 
-    _SIGNING_CERT_FILE_NAME = 'signing_cert.pem'
-    _SIGNING_CA_FILE_NAME = 'cacert.pem'
-
     def __init__(self, app, conf):
         log = logging.getLogger(conf.get('log_name', __name__))
         log.info('Starting Keystone auth_token middleware')
@@ -568,9 +551,7 @@ class AuthProtocol(BaseAuthProtocol):
         self._delay_auth_decision = self._conf.get('delay_auth_decision')
         self._include_service_catalog = self._conf.get(
             'include_service_catalog')
-        self._hash_algorithms = self._conf.get('hash_algorithms')
         self._interface = self._conf.get('interface')
-
         self._auth = self._create_auth_plugin()
         self._session = self._create_session()
         self._identity_server = self._create_identity_server()
@@ -590,9 +571,6 @@ class AuthProtocol(BaseAuthProtocol):
             self._www_authenticate_uri = \
                 self._identity_server.www_authenticate_uri
 
-        self._signing_directory = _signing_dir.SigningDirectory(
-            directory_name=self._conf.get('signing_dir'), log=self.log)
-
         self._token_cache = self._token_cache_factory()
 
     def process_request(self, request):
@@ -674,37 +652,6 @@ class AuthProtocol(BaseAuthProtocol):
         header_val = 'Keystone uri="%s"' % self._www_authenticate_uri
         return [('WWW-Authenticate', header_val)]
 
-    def _token_hashes(self, token):
-        """Generate a list of hashes that the current token may be cached as.
-
-        The first element of this list is the preferred algorithm and is what
-        new cache values should be saved as.
-
-        :param str token: The token being presented by a user.
-
-        :returns: list of str token hashes.
-        """
-        if cms.is_asn1_token(token) or cms.is_pkiz(token):
-            return list(cms.cms_hash_token(token, mode=algo)
-                        for algo in self._hash_algorithms)
-        else:
-            return [token]
-
-    def _cache_get_hashes(self, token_hashes):
-        """Check if the token is cached already.
-
-        Functions takes a list of hashes that might be in the cache and matches
-        the first one that is present. If nothing is found in the cache it
-        returns None.
-
-        :returns: token data if found else None.
-        """
-        for token in token_hashes:
-            cached = self._token_cache.get(token)
-
-            if cached:
-                return cached
-
     def fetch_token(self, token, allow_expired=False):
         """Retrieve a token from either a PKI bundle or the identity server.
 
@@ -713,11 +660,8 @@ class AuthProtocol(BaseAuthProtocol):
         :raises exc.InvalidToken: if token is rejected
         """
         data = None
-        token_hashes = None
-
         try:
-            token_hashes = self._token_hashes(token)
-            cached = self._cache_get_hashes(token_hashes)
+            cached = self._token_cache.get(token)
 
             if cached:
                 if cached == _CACHE_INVALID_INDICATOR:
@@ -733,13 +677,11 @@ class AuthProtocol(BaseAuthProtocol):
 
                 data = cached
             else:
-                data = self._validate_offline(token, token_hashes)
-                if not data:
-                    data = self._identity_server.verify_token(
-                        token,
-                        allow_expired=allow_expired)
+                data = self._identity_server.verify_token(
+                    token,
+                    allow_expired=allow_expired)
 
-                self._token_cache.set(token_hashes[0], data)
+                self._token_cache.set(token, data)
 
         except (ksa_exceptions.ConnectFailure,
                 ksa_exceptions.DiscoveryFailure,
@@ -755,9 +697,7 @@ class AuthProtocol(BaseAuthProtocol):
                 'The Keystone service is temporarily unavailable.')
         except ksm_exceptions.InvalidToken:
             self.log.debug('Token validation failure.', exc_info=True)
-            if token_hashes:
-                self._token_cache.set(token_hashes[0],
-                                      _CACHE_INVALID_INDICATOR)
+            self._token_cache.set(token, _CACHE_INVALID_INDICATOR)
             self.log.warning('Authorization failed for token')
             raise
         except ksa_exceptions.EndpointNotFound:
@@ -767,34 +707,6 @@ class AuthProtocol(BaseAuthProtocol):
 
         return data
 
-    def _validate_offline(self, token, token_hashes):
-        if cms.is_pkiz(token):
-            token_data = _uncompress_pkiz(token)
-            inform = cms.PKIZ_CMS_FORM
-        elif cms.is_asn1_token(token):
-            token_data = cms.token_to_cms(token)
-            inform = cms.PKI_ASN1_FORM
-        else:
-            # Can't do offline validation for this type of token.
-            return
-
-        try:
-            verified = self._cms_verify(token_data, inform)
-        except ksc_exceptions.CertificateConfigError:
-            self.log.warning('Fetch certificate config failed, '
-                             'fallback to online validation.')
-        else:
-            self.log.warning('auth_token middleware received a PKI/Z token. '
-                             'This form of token is deprecated and has been '
-                             'removed from keystone server and will be '
-                             'removed from auth_token middleware in the Rocky '
-                             'release. Please contact your administrator '
-                             'about upgrading keystone and the token format.')
-
-            data = jsonutils.loads(verified)
-
-            return data
-
     def _validate_token(self, auth_ref, **kwargs):
         super(AuthProtocol, self)._validate_token(auth_ref, **kwargs)
 
@@ -802,53 +714,6 @@ class AuthProtocol(BaseAuthProtocol):
             msg = _('Unable to determine service tenancy.')
             raise ksm_exceptions.InvalidToken(msg)
 
-    def _cms_verify(self, data, inform=cms.PKI_ASN1_FORM):
-        """Verify the signature of the provided data's IAW CMS syntax.
-
-        If either of the certificate files might be missing, fetch them and
-        retry.
-        """
-        def verify():
-            try:
-                signing_cert_path = self._signing_directory.calc_path(
-                    self._SIGNING_CERT_FILE_NAME)
-                signing_ca_path = self._signing_directory.calc_path(
-                    self._SIGNING_CA_FILE_NAME)
-                return cms.cms_verify(data, signing_cert_path,
-                                      signing_ca_path,
-                                      inform=inform).decode('utf-8')
-            except (ksc_exceptions.CMSError,
-                    cms.subprocess.CalledProcessError) as err:
-                self.log.warning('Verify error: %s', err)
-                msg = _('Token authorization failed')
-                raise ksm_exceptions.InvalidToken(msg)
-
-        try:
-            return verify()
-        except ksc_exceptions.CertificateConfigError:
-            # the certs might be missing; unconditionally fetch to avoid racing
-            self._fetch_signing_cert()
-            self._fetch_ca_cert()
-
-            try:
-                # retry with certs in place
-                return verify()
-            except ksc_exceptions.CertificateConfigError as err:
-                # if this is still occurring, something else is wrong and we
-                # need err.output to identify the problem
-                self.log.error('CMS Verify output: %s', err.output)
-                raise
-
-    def _fetch_signing_cert(self):
-        self._signing_directory.write_file(
-            self._SIGNING_CERT_FILE_NAME,
-            self._identity_server.fetch_signing_cert())
-
-    def _fetch_ca_cert(self):
-        self._signing_directory.write_file(
-            self._SIGNING_CA_FILE_NAME,
-            self._identity_server.fetch_ca_cert())
-
     def _create_auth_plugin(self):
         # NOTE(jamielennox): Ideally this would use load_from_conf_options
         # however that is not possible because we have to support the override
diff --git a/keystonemiddleware/auth_token/_identity.py b/keystonemiddleware/auth_token/_identity.py
index aeeb8d9..4c10521 100644
--- a/keystonemiddleware/auth_token/_identity.py
+++ b/keystonemiddleware/auth_token/_identity.py
@@ -10,12 +10,9 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-import functools
-
 from keystoneauth1 import discover
 from keystoneauth1 import exceptions as ksa_exceptions
 from keystoneauth1 import plugin
-from keystoneclient import exceptions as ksc_exceptions
 from keystoneclient.v2_0 import client as v2_client
 from keystoneclient.v3 import client as v3_client
 from six.moves import urllib
@@ -25,18 +22,6 @@ from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.i18n import _
 
 
-def _convert_fetch_cert_exception(fetch_cert):
-    @functools.wraps(fetch_cert)
-    def wrapper(self):
-        try:
-            text = fetch_cert(self)
-        except ksa_exceptions.HttpError as e:
-            raise ksc_exceptions.CertificateConfigError(e.details)
-        return text
-
-    return wrapper
-
-
 class _RequestStrategy(object):
 
     AUTH_VERSION = None
@@ -49,20 +34,6 @@ class _RequestStrategy(object):
     def verify_token(self, user_token, allow_expired=False):
         pass
 
-    @_convert_fetch_cert_exception
-    def fetch_signing_cert(self):
-        return self._fetch_signing_cert()
-
-    def _fetch_signing_cert(self):
-        pass
-
-    @_convert_fetch_cert_exception
-    def fetch_ca_cert(self):
-        return self._fetch_ca_cert()
-
-    def _fetch_ca_cert(self):
-        pass
-
 
 class _V2RequestStrategy(_RequestStrategy):
 
@@ -82,12 +53,6 @@ class _V2RequestStrategy(_RequestStrategy):
 
         return {'access': auth_ref}
 
-    def _fetch_signing_cert(self):
-        return self._client.certificates.get_signing_certificate()
-
-    def _fetch_ca_cert(self):
-        return self._client.certificates.get_ca_certificate()
-
 
 class _V3RequestStrategy(_RequestStrategy):
 
@@ -112,12 +77,6 @@ class _V3RequestStrategy(_RequestStrategy):
 
         return {'token': auth_ref}
 
-    def _fetch_signing_cert(self):
-        return self._client.simple_cert.get_certificates()
-
-    def _fetch_ca_cert(self):
-        return self._client.simple_cert.get_ca_certificates()
-
 
 _REQUEST_STRATEGIES = [_V3RequestStrategy, _V2RequestStrategy]
 
@@ -126,9 +85,8 @@ class IdentityServer(object):
     """Base class for operations on the Identity API server.
 
     The auth_token middleware needs to communicate with the Identity API server
-    to validate UUID tokens, signing certificates,
-    etc. This class encapsulates the data and methods to perform these
-    operations.
+    to validate tokens. This class encapsulates the data and methods to perform
+    the operations.
 
     """
 
@@ -241,11 +199,5 @@ class IdentityServer(object):
         else:
             return auth_ref
 
-    def fetch_signing_cert(self):
-        return self._request_strategy.fetch_signing_cert()
-
-    def fetch_ca_cert(self):
-        return self._request_strategy.fetch_ca_cert()
-
     def invalidate(self):
         return self._adapter.invalidate()
diff --git a/keystonemiddleware/auth_token/_opts.py b/keystonemiddleware/auth_token/_opts.py
index 6231b6d..b551407 100644
--- a/keystonemiddleware/auth_token/_opts.py
+++ b/keystonemiddleware/auth_token/_opts.py
@@ -99,13 +99,6 @@ _OPTS = [
     cfg.BoolOpt('insecure', default=False, help='Verify HTTPS connections.'),
     cfg.StrOpt('region_name',
                help='The region in which the identity server can be found.'),
-    cfg.StrOpt('signing_dir',
-               deprecated_for_removal=True,
-               deprecated_reason='PKI token format is no longer supported.',
-               deprecated_since='Ocata',
-               help='Directory used to cache files related to PKI tokens. This'
-               ' option has been deprecated in the Ocata release and will be'
-               ' removed in the P release.'),
     cfg.ListOpt('memcached_servers',
                 deprecated_name='memcache_servers',
                 help='Optionally specify a list of memcached server(s) to'
@@ -172,19 +165,6 @@ _OPTS = [
                ' unknown the token will be rejected. "required" any form of'
                ' token binding is needed to be allowed. Finally the name of a'
                ' binding method that must be present in tokens.'),
-    cfg.ListOpt('hash_algorithms', default=['md5'],
-                deprecated_for_removal=True,
-                deprecated_reason='PKI token format is no longer supported.',
-                deprecated_since='Ocata',
-                help='Hash algorithms to use for hashing PKI tokens. This may'
-                ' be a single algorithm or multiple. The algorithms are those'
-                ' supported by Python standard hashlib.new(). The hashes will'
-                ' be tried in the order given, so put the preferred one first'
-                ' for performance. The result of the first hash will be stored'
-                ' in the cache. This will typically be set to multiple values'
-                ' only while migrating from a less secure algorithm to a more'
-                ' secure one. Once all the old tokens are expired this option'
-                ' should be set to a single value for better performance.'),
     cfg.ListOpt('service_token_roles', default=['service'],
                 help='A choice of roles that must be present in a service'
                 ' token. Service tokens are allowed to request that an expired'
diff --git a/keystonemiddleware/auth_token/_signing_dir.py b/keystonemiddleware/auth_token/_signing_dir.py
deleted file mode 100644
index 698e055..0000000
--- a/keystonemiddleware/auth_token/_signing_dir.py
+++ /dev/null
@@ -1,90 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import os
-import stat
-import tempfile
-
-from oslo_log import log as logging
-import six
-
-from keystonemiddleware.auth_token import _exceptions as exc
-from keystonemiddleware.i18n import _
-
-_LOG = logging.getLogger(__name__)
-
-
-class SigningDirectory(object):
-
-    def __init__(self, directory_name=None, log=None):
-        self._log = log or _LOG
-
-        self._directory_name = directory_name
-        if self._directory_name:
-            self._log.info(
-                'Using %s as cache directory for signing certificate',
-                self._directory_name)
-            self._verify_signing_dir()
-
-    def write_file(self, file_name, new_contents):
-
-        # In Python2, encoding is slow so the following check avoids it if it
-        # is not absolutely necessary.
-        if isinstance(new_contents, six.text_type):
-            new_contents = new_contents.encode('utf-8')
-
-        def _atomic_write():
-            with tempfile.NamedTemporaryFile(dir=self._directory_name,
-                                             delete=False) as f:
-                f.write(new_contents)
-            os.rename(f.name, self.calc_path(file_name))
-
-        try:
-            _atomic_write()
-        except (OSError, IOError):
-            self._verify_signing_dir()
-            _atomic_write()
-
-    def read_file(self, file_name):
-        path = self.calc_path(file_name)
-        open_kwargs = {'encoding': 'utf-8'} if six.PY3 else {}
-        with open(path, 'r', **open_kwargs) as f:
-            return f.read()
-
-    def calc_path(self, file_name):
-        self._lazy_create_signing_dir()
-        return os.path.join(self._directory_name, file_name)
-
-    def _lazy_create_signing_dir(self):
-        if self._directory_name is None:
-            self._directory_name = tempfile.mkdtemp(prefix='keystone-signing-')
-            self._log.info(
-                'Using %s as cache directory for signing certificate',
-                self._directory_name)
-            self._verify_signing_dir()
-
-    def _verify_signing_dir(self):
-        if os.path.isdir(self._directory_name):
-            if not os.access(self._directory_name, os.W_OK):
-                raise exc.ConfigurationError(
-                    _('unable to access signing_dir %s') %
-                    self._directory_name)
-            uid = os.getuid()
-            if os.stat(self._directory_name).st_uid != uid:
-                self._log.warning('signing_dir is not owned by %s', uid)
-            current_mode = stat.S_IMODE(os.stat(self._directory_name).st_mode)
-            if current_mode != stat.S_IRWXU:
-                self._log.warning(
-                    'signing_dir mode is %(mode)s instead of %(need)s',
-                    {'mode': oct(current_mode), 'need': oct(stat.S_IRWXU)})
-        else:
-            os.makedirs(self._directory_name, stat.S_IRWXU)
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 1e2dcc3..04e605c 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -14,9 +14,6 @@
 
 import datetime
 import os
-import shutil
-import stat
-import tempfile
 import time
 import uuid
 
@@ -25,7 +22,6 @@ from keystoneauth1 import exceptions as ksa_exceptions
 from keystoneauth1 import fixture
 from keystoneauth1 import loading
 from keystoneauth1 import session
-from keystoneclient.common import cms
 from keystoneclient import exceptions as ksc_exceptions
 import mock
 import oslo_cache
@@ -282,11 +278,8 @@ class BaseAuthTokenMiddlewareTest(base.BaseAuthTokenTestCase):
         self.fake_app = fake_app or FakeApp
         self.middleware = None
 
-        signing_dir = self._setup_signing_directory()
-
         self.conf = {
             'identity_uri': 'https://keystone.example.com:1234/testadmin/',
-            'signing_dir': signing_dir,
             'auth_version': auth_version,
             'www_authenticate_uri': 'https://keystone.example.com:1234',
             'admin_user': uuid.uuid4().hex,
@@ -299,16 +292,6 @@ class BaseAuthTokenMiddlewareTest(base.BaseAuthTokenTestCase):
     def call_middleware(self, **kwargs):
         return self.call(self.middleware, **kwargs)
 
-    def _setup_signing_directory(self):
-        directory_name = self.useFixture(fixtures.TempDir()).path
-
-        # Copy the sample certificate files into the temporary directory.
-        for filename in ['cacert.pem', 'signing_cert.pem', ]:
-            shutil.copy2(os.path.join(client_fixtures.CERTDIR, filename),
-                         os.path.join(directory_name, filename))
-
-        return directory_name
-
     def set_middleware(self, expected_env=None, conf=None):
         """Configure the class ready to call the auth_token middleware.
 
@@ -528,10 +511,7 @@ class CommonAuthTokenMiddlewareTest(object):
     """These tests are run once using v2 tokens and again using v3 tokens."""
 
     def test_init_does_not_call_http(self):
-        conf = {
-            'revocation_cache_time': '1'
-        }
-        self.create_simple_middleware(conf=conf)
+        self.create_simple_middleware(conf={})
         self.assertLastPath(None)
 
     def test_auth_with_no_token_does_not_call_http(self):
@@ -578,40 +558,6 @@ class CommonAuthTokenMiddlewareTest(object):
         self.assert_valid_request_200(self.token_dict['uuid_token_default'])
         self.assert_valid_last_url(self.token_dict['uuid_token_default'])
 
-    def test_valid_signed_request(self):
-        for _ in range(2):  # Do it twice because first result was cached.
-            self.assert_valid_request_200(
-                self.token_dict['signed_token_scoped'])
-            # ensure that signed requests do not generate HTTP traffic
-            self.assertLastPath(None)
-
-    def test_valid_signed_compressed_request(self):
-        self.assert_valid_request_200(
-            self.token_dict['signed_token_scoped_pkiz'])
-        # ensure that signed requests do not generate HTTP traffic
-        self.assertLastPath(None)
-
-    def test_validate_offline_succeeds_for_unrevoked_token(self):
-        token = self.middleware._validate_offline(
-            self.token_dict['signed_token_scoped'],
-            [self.token_dict['signed_token_scoped_hash']])
-        self.assertIsInstance(token, dict)
-
-    def test_verify_signed_compressed_token_succeeds_for_unrevoked_token(self):
-        token = self.middleware._validate_offline(
-            self.token_dict['signed_token_scoped_pkiz'],
-            [self.token_dict['signed_token_scoped_hash']])
-        self.assertIsInstance(token, dict)
-
-    def test_validate_offline_token_succeeds_for_unrevoked_token_sha256(self):
-        self.conf['hash_algorithms'] = ','.join(['sha256', 'md5'])
-        self.set_middleware()
-        token = self.middleware._validate_offline(
-            self.token_dict['signed_token_scoped'],
-            [self.token_dict['signed_token_scoped_hash_sha256'],
-             self.token_dict['signed_token_scoped_hash']])
-        self.assertIsInstance(token, dict)
-
     def test_request_invalid_uuid_token(self):
         # remember because we are testing the middleware we stub the connection
         # to the keystone server, but this is not what gets returned
@@ -623,20 +569,6 @@ class CommonAuthTokenMiddlewareTest(object):
         self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
                          resp.headers['WWW-Authenticate'])
 
-    def test_request_invalid_signed_token(self):
-        token = self.examples.INVALID_SIGNED_TOKEN
-        resp = self.call_middleware(headers={'X-Auth-Token': token},
-                                    expected_status=401)
-        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
-                         resp.headers['WWW-Authenticate'])
-
-    def test_request_invalid_signed_pkiz_token(self):
-        token = self.examples.INVALID_SIGNED_PKIZ_TOKEN
-        resp = self.call_middleware(headers={'X-Auth-Token': token},
-                                    expected_status=401)
-        self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
-                         resp.headers['WWW-Authenticate'])
-
     def test_request_no_token(self):
         resp = self.call_middleware(expected_status=401)
         self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
@@ -653,19 +585,8 @@ class CommonAuthTokenMiddlewareTest(object):
         self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
                          resp.headers['WWW-Authenticate'])
 
-    def _get_cached_token(self, token, mode='md5'):
-        token_id = cms.cms_hash_token(token, mode=mode)
-        return self.middleware._token_cache.get(token_id)
-
-    def test_memcache(self):
-        token = self.token_dict['signed_token_scoped']
-        self.call_middleware(headers={'X-Auth-Token': token})
-        self.assertIsNotNone(self._get_cached_token(token))
-
-    def test_expired(self):
-        token = self.token_dict['signed_token_scoped_expired']
-        self.call_middleware(headers={'X-Auth-Token': token},
-                             expected_status=401)
+    def _get_cached_token(self, token):
+        return self.middleware._token_cache.get(token)
 
     def test_memcache_set_invalid_uuid(self):
         invalid_uri = "%s/v2.0/tokens/invalid-token" % BASE_URI
@@ -702,7 +623,7 @@ class CommonAuthTokenMiddlewareTest(object):
         conf.update(extra_conf)
         self.set_middleware(conf=conf)
 
-        token = self.token_dict['signed_token_scoped']
+        token = self.token_dict['uuid_token_default']
         self.call_middleware(headers={'X-Auth-Token': token})
 
         req = webob.Request.blank('/')
@@ -948,7 +869,7 @@ class CommonAuthTokenMiddlewareTest(object):
         orig_cache_set = cache.set
         cache.set = mock.Mock(side_effect=orig_cache_set)
 
-        token = self.token_dict['signed_token_scoped']
+        token = self.token_dict['uuid_token_default']
 
         self.call_middleware(headers={'X-Auth-Token': token})
 
@@ -1085,144 +1006,6 @@ class CommonAuthTokenMiddlewareTest(object):
                          resp.request.headers['X-Service-Identity-Status'])
 
 
-class V2CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest,
-                                   testresources.ResourcedTestCase):
-
-    resources = [('examples', client_fixtures.EXAMPLES_RESOURCE)]
-
-    def __init__(self, *args, **kwargs):
-        super(V2CertDownloadMiddlewareTest, self).__init__(*args, **kwargs)
-        self.auth_version = 'v2.0'
-        self.fake_app = None
-        self.ca_path = '/v2.0/certificates/ca'
-        self.signing_path = '/v2.0/certificates/signing'
-
-    def setUp(self):
-        super(V2CertDownloadMiddlewareTest, self).setUp(
-            auth_version=self.auth_version,
-            fake_app=self.fake_app)
-        self.logger = self.useFixture(fixtures.FakeLogger())
-        self.base_dir = tempfile.mkdtemp()
-        self.addCleanup(shutil.rmtree, self.base_dir)
-        self.cert_dir = os.path.join(self.base_dir, 'certs')
-        os.makedirs(self.cert_dir, stat.S_IRWXU)
-        conf = {
-            'signing_dir': self.cert_dir,
-            'auth_version': self.auth_version,
-        }
-
-        self.requests_mock.get(BASE_URI,
-                               json=VERSION_LIST_v3,
-                               status_code=300)
-
-        self.set_middleware(conf=conf)
-
-    # Usually we supply a signed_dir with pre-installed certificates,
-    # so invocation of /usr/bin/openssl succeeds. This time we give it
-    # an empty directory, so it fails.
-    def test_request_no_token_dummy(self):
-        cms._ensure_subprocess()
-
-        self.requests_mock.get('%s%s' % (BASE_URI, self.ca_path),
-                               status_code=404)
-        self.requests_mock.get('%s%s' % (BASE_URI, self.signing_path),
-                               status_code=404)
-
-        token = self.middleware._validate_offline(
-            self.examples.SIGNED_TOKEN_SCOPED,
-            [self.examples.SIGNED_TOKEN_SCOPED_HASH])
-
-        self.assertIsNone(token)
-
-        self.assertIn('Fetch certificate config failed', self.logger.output)
-        self.assertIn('fallback to online validation', self.logger.output)
-
-    def test_fetch_signing_cert(self):
-        data = 'FAKE CERT'
-        url = "%s%s" % (BASE_URI, self.signing_path)
-        self.requests_mock.get(url, text=data)
-        self.middleware._fetch_signing_cert()
-
-        signing_cert_path = self.middleware._signing_directory.calc_path(
-            self.middleware._SIGNING_CERT_FILE_NAME)
-        with open(signing_cert_path, 'r') as f:
-            self.assertEqual(f.read(), data)
-
-        self.assertEqual(url, self.requests_mock.last_request.url)
-
-    def test_fetch_signing_ca(self):
-        data = 'FAKE CA'
-        url = "%s%s" % (BASE_URI, self.ca_path)
-        self.requests_mock.get(url, text=data)
-        self.middleware._fetch_ca_cert()
-
-        ca_file_path = self.middleware._signing_directory.calc_path(
-            self.middleware._SIGNING_CA_FILE_NAME)
-        with open(ca_file_path, 'r') as f:
-            self.assertEqual(f.read(), data)
-
-        self.assertEqual(url, self.requests_mock.last_request.url)
-
-    def test_prefix_trailing_slash(self):
-        del self.conf['identity_uri']
-        self.conf['auth_protocol'] = 'https'
-        self.conf['auth_host'] = 'keystone.example.com'
-        self.conf['auth_port'] = '1234'
-        self.conf['auth_admin_prefix'] = '/newadmin/'
-
-        base_url = '%s/newadmin' % BASE_HOST
-        ca_url = "%s%s" % (base_url, self.ca_path)
-        signing_url = "%s%s" % (base_url, self.signing_path)
-
-        self.requests_mock.get(base_url,
-                               json=VERSION_LIST_v3,
-                               status_code=300)
-        self.requests_mock.get(ca_url, text='FAKECA')
-        self.requests_mock.get(signing_url, text='FAKECERT')
-
-        self.set_middleware(conf=self.conf)
-
-        self.middleware._fetch_ca_cert()
-        self.assertEqual(ca_url, self.requests_mock.last_request.url)
-
-        self.middleware._fetch_signing_cert()
-        self.assertEqual(signing_url, self.requests_mock.last_request.url)
-
-    def test_without_prefix(self):
-        del self.conf['identity_uri']
-        self.conf['auth_protocol'] = 'https'
-        self.conf['auth_host'] = 'keystone.example.com'
-        self.conf['auth_port'] = '1234'
-        self.conf['auth_admin_prefix'] = ''
-
-        ca_url = "%s%s" % (BASE_HOST, self.ca_path)
-        signing_url = "%s%s" % (BASE_HOST, self.signing_path)
-
-        self.requests_mock.get(BASE_HOST,
-                               json=VERSION_LIST_v3,
-                               status_code=300)
-        self.requests_mock.get(ca_url, text='FAKECA')
-        self.requests_mock.get(signing_url, text='FAKECERT')
-
-        self.set_middleware(conf=self.conf)
-
-        self.middleware._fetch_ca_cert()
-        self.assertEqual(ca_url, self.requests_mock.last_request.url)
-
-        self.middleware._fetch_signing_cert()
-        self.assertEqual(signing_url, self.requests_mock.last_request.url)
-
-
-class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest):
-
-    def __init__(self, *args, **kwargs):
-        super(V3CertDownloadMiddlewareTest, self).__init__(*args, **kwargs)
-        self.auth_version = 'v3.0'
-        self.fake_app = v3FakeApp
-        self.ca_path = '/v3/OS-SIMPLE-CERT/ca'
-        self.signing_path = '/v3/OS-SIMPLE-CERT/certificates'
-
-
 def network_error_response(request, context):
     raise ksa_exceptions.ConnectFailure("Network connection refused.")
 
@@ -1261,13 +1044,6 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
             'uuid_token_unscoped': self.examples.UUID_TOKEN_UNSCOPED,
             'uuid_token_bind': self.examples.UUID_TOKEN_BIND,
             'uuid_token_unknown_bind': self.examples.UUID_TOKEN_UNKNOWN_BIND,
-            'signed_token_scoped': self.examples.SIGNED_TOKEN_SCOPED,
-            'signed_token_scoped_pkiz': self.examples.SIGNED_TOKEN_SCOPED_PKIZ,
-            'signed_token_scoped_hash': self.examples.SIGNED_TOKEN_SCOPED_HASH,
-            'signed_token_scoped_hash_sha256':
-            self.examples.SIGNED_TOKEN_SCOPED_HASH_SHA256,
-            'signed_token_scoped_expired':
-            self.examples.SIGNED_TOKEN_SCOPED_EXPIRED,
             'uuid_service_token_default':
             self.examples.UUID_SERVICE_TOKEN_DEFAULT,
         }
@@ -1284,9 +1060,7 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
                       self.examples.UUID_TOKEN_BIND,
                       self.examples.UUID_TOKEN_UNKNOWN_BIND,
                       self.examples.UUID_TOKEN_NO_SERVICE_CATALOG,
-                      self.examples.UUID_SERVICE_TOKEN_DEFAULT,
-                      self.examples.SIGNED_TOKEN_SCOPED_KEY,
-                      self.examples.SIGNED_TOKEN_SCOPED_PKIZ_KEY,):
+                      self.examples.UUID_SERVICE_TOKEN_DEFAULT,):
             url = "%s/v2.0/tokens/%s" % (BASE_URI, token)
             text = self.examples.JSON_TOKEN_RESPONSES[token]
             self.requests_mock.get(url, text=text)
@@ -1316,10 +1090,6 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         self.assert_unscoped_default_tenant_auto_scopes(
             self.examples.UUID_TOKEN_DEFAULT)
 
-    def test_default_tenant_signed_token(self):
-        self.assert_unscoped_default_tenant_auto_scopes(
-            self.examples.SIGNED_TOKEN_SCOPED)
-
     def assert_unscoped_token_receives_401(self, token):
         """Unscoped requests with no default tenant ID should be rejected."""
         resp = self.call_middleware(headers={'X-Auth-Token': token},
@@ -1327,14 +1097,6 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         self.assertEqual('Keystone uri="https://keystone.example.com:1234"',
                          resp.headers['WWW-Authenticate'])
 
-    def test_unscoped_uuid_token_receives_401(self):
-        self.assert_unscoped_token_receives_401(
-            self.examples.UUID_TOKEN_UNSCOPED)
-
-    def test_unscoped_pki_token_receives_401(self):
-        self.assert_unscoped_token_receives_401(
-            self.examples.SIGNED_TOKEN_UNSCOPED)
-
     def test_request_prevent_service_catalog_injection(self):
         token = self.examples.UUID_TOKEN_NO_SERVICE_CATALOG
         resp = self.call_middleware(headers={'X-Service-Catalog': '[]',
@@ -1456,15 +1218,6 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
             'uuid_token_bind': self.examples.v3_UUID_TOKEN_BIND,
             'uuid_token_unknown_bind':
             self.examples.v3_UUID_TOKEN_UNKNOWN_BIND,
-            'signed_token_scoped': self.examples.SIGNED_v3_TOKEN_SCOPED,
-            'signed_token_scoped_pkiz':
-            self.examples.SIGNED_v3_TOKEN_SCOPED_PKIZ,
-            'signed_token_scoped_hash':
-            self.examples.SIGNED_v3_TOKEN_SCOPED_HASH,
-            'signed_token_scoped_hash_sha256':
-            self.examples.SIGNED_v3_TOKEN_SCOPED_HASH_SHA256,
-            'signed_token_scoped_expired':
-            self.examples.SIGNED_TOKEN_SCOPED_EXPIRED,
             'uuid_service_token_default':
             self.examples.v3_UUID_SERVICE_TOKEN_DEFAULT,
         }
@@ -1559,39 +1312,6 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
             self.examples.v3_UUID_TOKEN_DOMAIN_SCOPED)
         self.assertLastPath('/v3/auth/tokens')
 
-    def test_gives_v2_catalog(self):
-        self.set_middleware()
-        req = self.assert_valid_request_200(
-            self.examples.SIGNED_v3_TOKEN_SCOPED)
-
-        catalog = jsonutils.loads(req.headers['X-Service-Catalog'])
-
-        for service in catalog:
-            for endpoint in service['endpoints']:
-                # no point checking everything, just that it's in v2 format
-                self.assertIn('adminURL', endpoint)
-                self.assertIn('publicURL', endpoint)
-                self.assertIn('internalURL', endpoint)
-
-    def test_fallback_to_online_validation_with_signing_error(self):
-        self.requests_mock.get('%s/v3/OS-SIMPLE-CERT/certificates' % BASE_URI,
-                               status_code=404)
-        self.assert_valid_request_200(self.token_dict['signed_token_scoped'])
-        self.assert_valid_request_200(
-            self.token_dict['signed_token_scoped_pkiz'])
-
-    def test_fallback_to_online_validation_with_ca_error(self):
-        self.requests_mock.get('%s/v3/OS-SIMPLE-CERT/ca' % BASE_URI,
-                               status_code=404)
-        self.assert_valid_request_200(self.token_dict['signed_token_scoped'])
-        self.assert_valid_request_200(
-            self.token_dict['signed_token_scoped_pkiz'])
-
-    def test_fallback_to_online_validation_with_revocation_list_error(self):
-        self.assert_valid_request_200(self.token_dict['signed_token_scoped'])
-        self.assert_valid_request_200(
-            self.token_dict['signed_token_scoped_pkiz'])
-
     def test_user_plugin_token_properties(self):
         token = self.examples.v3_UUID_TOKEN_DEFAULT
         token_data = self.examples.TOKEN_RESPONSES[token]
diff --git a/keystonemiddleware/tests/unit/auth_token/test_signing_dir.py b/keystonemiddleware/tests/unit/auth_token/test_signing_dir.py
deleted file mode 100644
index 5664d7d..0000000
--- a/keystonemiddleware/tests/unit/auth_token/test_signing_dir.py
+++ /dev/null
@@ -1,145 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import os
-import shutil
-import stat
-import uuid
-
-from keystonemiddleware.auth_token import _signing_dir
-from keystonemiddleware.tests.unit import utils
-
-
-class SigningDirectoryTests(utils.BaseTestCase):
-
-    def test_directory_created_when_doesnt_exist(self):
-        # When _SigningDirectory is created, if the directory doesn't exist
-        # it's created with the expected permissions.
-        tmp_name = uuid.uuid4().hex
-        parent_directory = '/tmp/%s' % tmp_name
-        directory_name = '/tmp/%s/%s' % ((tmp_name,) * 2)
-
-        # Directories are created by __init__.
-        _signing_dir.SigningDirectory(directory_name)
-        self.addCleanup(shutil.rmtree, parent_directory)
-
-        self.assertTrue(os.path.isdir(directory_name))
-        self.assertTrue(os.access(directory_name, os.W_OK))
-        self.assertEqual(os.stat(directory_name).st_uid, os.getuid())
-        self.assertEqual(stat.S_IMODE(os.stat(directory_name).st_mode),
-                         stat.S_IRWXU)
-
-    def test_use_directory_already_exists(self):
-        # The directory can already exist.
-
-        tmp_name = uuid.uuid4().hex
-        parent_directory = '/tmp/%s' % tmp_name
-        directory_name = '/tmp/%s/%s' % ((tmp_name,) * 2)
-        os.makedirs(directory_name, stat.S_IRWXU)
-        self.addCleanup(shutil.rmtree, parent_directory)
-
-        _signing_dir.SigningDirectory(directory_name)
-
-    def test_write_file(self):
-        # write_file when the file doesn't exist creates the file.
-
-        signing_directory = _signing_dir.SigningDirectory()
-
-        file_name = self.getUniqueString()
-        contents = self.getUniqueString()
-        signing_directory.write_file(file_name, contents)
-
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
-
-        file_path = signing_directory.calc_path(file_name)
-        with open(file_path) as f:
-            actual_contents = f.read()
-
-        self.assertEqual(contents, actual_contents)
-
-    def test_replace_file(self):
-        # write_file when the file already exists overwrites it.
-
-        signing_directory = _signing_dir.SigningDirectory()
-
-        file_name = self.getUniqueString()
-        orig_contents = self.getUniqueString()
-        signing_directory.write_file(file_name, orig_contents)
-
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
-
-        new_contents = self.getUniqueString()
-        signing_directory.write_file(file_name, new_contents)
-
-        file_path = signing_directory.calc_path(file_name)
-        with open(file_path) as f:
-            actual_contents = f.read()
-
-        self.assertEqual(new_contents, actual_contents)
-
-    def test_recreate_directory(self):
-        # If the original directory is lost, it gets recreated when a file
-        # is written.
-
-        signing_directory = _signing_dir.SigningDirectory()
-        original_file_name = self.getUniqueString()
-        original_contents = self.getUniqueString()
-        signing_directory.write_file(original_file_name, original_contents)
-
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
-
-        # Delete the directory.
-        shutil.rmtree(signing_directory._directory_name)
-
-        new_file_name = self.getUniqueString()
-        new_contents = self.getUniqueString()
-        signing_directory.write_file(new_file_name, new_contents)
-
-        actual_contents = signing_directory.read_file(new_file_name)
-        self.assertEqual(new_contents, actual_contents)
-
-    def test_read_file(self):
-        # Can read a file that was written.
-
-        signing_directory = _signing_dir.SigningDirectory()
-        file_name = self.getUniqueString()
-        contents = self.getUniqueString()
-        signing_directory.write_file(file_name, contents)
-
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
-
-        actual_contents = signing_directory.read_file(file_name)
-
-        self.assertEqual(contents, actual_contents)
-
-    def test_read_file_doesnt_exist(self):
-        # Show what happens when try to read a file that wasn't written.
-
-        signing_directory = _signing_dir.SigningDirectory()
-
-        file_name = self.getUniqueString()
-        self.assertRaises(IOError, signing_directory.read_file, file_name)
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
-
-    def test_calc_path(self):
-        # calc_path returns the actual filename built from the directory name.
-
-        signing_directory = _signing_dir.SigningDirectory()
-
-        file_name = self.getUniqueString()
-        actual_path = signing_directory.calc_path(file_name)
-
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
-
-        expected_path = os.path.join(signing_directory._directory_name,
-                                     file_name)
-        self.assertEqual(expected_path, actual_path)
diff --git a/keystonemiddleware/tests/unit/client_fixtures.py b/keystonemiddleware/tests/unit/client_fixtures.py
index fae3e07..a807054 100644
--- a/keystonemiddleware/tests/unit/client_fixtures.py
+++ b/keystonemiddleware/tests/unit/client_fixtures.py
@@ -17,24 +17,12 @@ import uuid
 
 import fixtures
 from keystoneauth1 import fixture
-from keystoneclient.common import cms
-from keystoneclient import utils
 from oslo_serialization import jsonutils
-import six
 import testresources
 
 
 TESTDIR = os.path.dirname(os.path.abspath(__file__))
 ROOTDIR = os.path.normpath(os.path.join(TESTDIR, '..', '..', '..'))
-CERTDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'certs')
-CMSDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'cms')
-KEYDIR = os.path.join(ROOTDIR, 'examples', 'pki', 'private')
-
-
-def _hash_signed_token_safe(signed_text, **kwargs):
-    if isinstance(signed_text, six.text_type):
-        signed_text = signed_text.encode('utf-8')
-    return utils.hash_signed_token(signed_text, **kwargs)
 
 
 class Examples(fixtures.Fixture):
@@ -55,54 +43,9 @@ class Examples(fixtures.Fixture):
     def setUp(self):
         super(Examples, self).setUp()
 
-        # The data for several tests are signed using openssl and are stored in
-        # files in the signing subdirectory.  In order to keep the values
-        # consistent between the tests and the signed documents, we read them
-        # in for use in the tests.
-        with open(os.path.join(CMSDIR, 'auth_token_scoped.json')) as f:
-            self.TOKEN_SCOPED_DATA = cms.cms_to_token(f.read())
-
-        with open(os.path.join(CMSDIR, 'auth_token_scoped.pem')) as f:
-            self.SIGNED_TOKEN_SCOPED = cms.cms_to_token(f.read())
-        self.SIGNED_TOKEN_SCOPED_HASH = _hash_signed_token_safe(
-            self.SIGNED_TOKEN_SCOPED)
-        self.SIGNED_TOKEN_SCOPED_HASH_SHA256 = _hash_signed_token_safe(
-            self.SIGNED_TOKEN_SCOPED, mode='sha256')
-        with open(os.path.join(CMSDIR, 'auth_token_unscoped.pem')) as f:
-            self.SIGNED_TOKEN_UNSCOPED = cms.cms_to_token(f.read())
-        with open(os.path.join(CMSDIR, 'auth_v3_token_scoped.pem')) as f:
-            self.SIGNED_v3_TOKEN_SCOPED = cms.cms_to_token(f.read())
-        self.SIGNED_v3_TOKEN_SCOPED_HASH = _hash_signed_token_safe(
-            self.SIGNED_v3_TOKEN_SCOPED)
-        self.SIGNED_v3_TOKEN_SCOPED_HASH_SHA256 = _hash_signed_token_safe(
-            self.SIGNED_v3_TOKEN_SCOPED, mode='sha256')
-        with open(os.path.join(CMSDIR, 'auth_token_scoped_expired.pem')) as f:
-            self.SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read())
-        with open(os.path.join(CMSDIR, 'auth_token_scoped.pkiz')) as f:
-            self.SIGNED_TOKEN_SCOPED_PKIZ = cms.cms_to_token(f.read())
-        with open(os.path.join(CMSDIR, 'auth_token_unscoped.pkiz')) as f:
-            self.SIGNED_TOKEN_UNSCOPED_PKIZ = cms.cms_to_token(f.read())
-        with open(os.path.join(CMSDIR, 'auth_v3_token_scoped.pkiz')) as f:
-            self.SIGNED_v3_TOKEN_SCOPED_PKIZ = cms.cms_to_token(f.read())
-        with open(os.path.join(CMSDIR,
-                               'auth_token_scoped_expired.pkiz')) as f:
-            self.SIGNED_TOKEN_SCOPED_EXPIRED_PKIZ = cms.cms_to_token(f.read())
-
-        self.SIGNING_CERT_FILE = os.path.join(CERTDIR, 'signing_cert.pem')
-        with open(self.SIGNING_CERT_FILE) as f:
-            self.SIGNING_CERT = f.read()
-
         self.KERBEROS_BIND = 'USER@REALM'
         self.SERVICE_KERBEROS_BIND = 'SERVICE_USER@SERVICE_REALM'
 
-        self.SIGNING_KEY_FILE = os.path.join(KEYDIR, 'signing_key.pem')
-        with open(self.SIGNING_KEY_FILE) as f:
-            self.SIGNING_KEY = f.read()
-
-        self.SIGNING_CA_FILE = os.path.join(CERTDIR, 'cacert.pem')
-        with open(self.SIGNING_CA_FILE) as f:
-            self.SIGNING_CA = f.read()
-
         self.UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
         self.UUID_TOKEN_NO_SERVICE_CATALOG = '8286720fbe4941e69fa8241723bb02df'
         self.UUID_TOKEN_UNSCOPED = '731f903721c14827be7b2dc912af7776'
@@ -120,57 +63,6 @@ class Examples(fixtures.Fixture):
         self.v3_UUID_SERVICE_TOKEN_DEFAULT = 'g431071bbc2f492748596c1b53cb229'
         self.v3_UUID_SERVICE_TOKEN_BIND = 'be705e4426d0449a89e35ae21c380a05'
         self.v3_NOT_IS_ADMIN_PROJECT = uuid.uuid4().hex
-        self.SIGNED_TOKEN_SCOPED_KEY = cms.cms_hash_token(
-            self.SIGNED_TOKEN_SCOPED)
-        self.SIGNED_TOKEN_UNSCOPED_KEY = cms.cms_hash_token(
-            self.SIGNED_TOKEN_UNSCOPED)
-        self.SIGNED_v3_TOKEN_SCOPED_KEY = cms.cms_hash_token(
-            self.SIGNED_v3_TOKEN_SCOPED)
-
-        self.SIGNED_TOKEN_SCOPED_PKIZ_KEY = cms.cms_hash_token(
-            self.SIGNED_TOKEN_SCOPED_PKIZ)
-        self.SIGNED_TOKEN_UNSCOPED_PKIZ_KEY = cms.cms_hash_token(
-            self.SIGNED_TOKEN_UNSCOPED_PKIZ)
-        self.SIGNED_v3_TOKEN_SCOPED_PKIZ_KEY = cms.cms_hash_token(
-            self.SIGNED_v3_TOKEN_SCOPED_PKIZ)
-
-        self.INVALID_SIGNED_TOKEN = (
-            "MIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
-            "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
-            "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
-            "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
-            "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-            "0000000000000000000000000000000000000000000000000000000000000000"
-            "1111111111111111111111111111111111111111111111111111111111111111"
-            "2222222222222222222222222222222222222222222222222222222222222222"
-            "3333333333333333333333333333333333333333333333333333333333333333"
-            "4444444444444444444444444444444444444444444444444444444444444444"
-            "5555555555555555555555555555555555555555555555555555555555555555"
-            "6666666666666666666666666666666666666666666666666666666666666666"
-            "7777777777777777777777777777777777777777777777777777777777777777"
-            "8888888888888888888888888888888888888888888888888888888888888888"
-            "9999999999999999999999999999999999999999999999999999999999999999"
-            "0000000000000000000000000000000000000000000000000000000000000000")
-
-        self.INVALID_SIGNED_PKIZ_TOKEN = (
-            "PKIZ_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
-            "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
-            "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
-            "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
-            "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-            "0000000000000000000000000000000000000000000000000000000000000000"
-            "1111111111111111111111111111111111111111111111111111111111111111"
-            "2222222222222222222222222222222222222222222222222222222222222222"
-            "3333333333333333333333333333333333333333333333333333333333333333"
-            "4444444444444444444444444444444444444444444444444444444444444444"
-            "5555555555555555555555555555555555555555555555555555555555555555"
-            "6666666666666666666666666666666666666666666666666666666666666666"
-            "7777777777777777777777777777777777777777777777777777777777777777"
-            "8888888888888888888888888888888888888888888888888888888888888888"
-            "9999999999999999999999999999999999999999999999999999999999999999"
-            "0000000000000000000000000000000000000000000000000000000000000000")
 
         # JSON responses keyed by token ID
         self.TOKEN_RESPONSES = {}
@@ -225,20 +117,6 @@ class Examples(fixtures.Fixture):
         token.add_role(ROLE_NAME2)
         self.TOKEN_RESPONSES[self.UUID_TOKEN_NO_SERVICE_CATALOG] = token
 
-        token = fixture.V2Token(token_id=self.SIGNED_TOKEN_SCOPED_KEY,
-                                tenant_id=PROJECT_ID,
-                                tenant_name=PROJECT_NAME,
-                                user_id=USER_ID,
-                                user_name=USER_NAME)
-        token.add_role(ROLE_NAME1)
-        token.add_role(ROLE_NAME2)
-        self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY] = token
-
-        token = fixture.V2Token(token_id=self.SIGNED_TOKEN_UNSCOPED_KEY,
-                                user_id=USER_ID,
-                                user_name=USER_NAME)
-        self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED_KEY] = token
-
         token = fixture.V2Token(token_id=self.UUID_TOKEN_BIND,
                                 tenant_id=PROJECT_ID,
                                 tenant_name=PROJECT_NAME,
@@ -338,7 +216,6 @@ class Examples(fixtures.Fixture):
         token.add_role(name=ROLE_NAME2)
         svc = token.add_service(self.SERVICE_TYPE)
         svc.add_endpoint('public', self.SERVICE_URL)
-        self.TOKEN_RESPONSES[self.SIGNED_v3_TOKEN_SCOPED_KEY] = token
 
         token = fixture.V3Token(user_id=USER_ID,
                                 user_name=USER_NAME,
@@ -416,15 +293,6 @@ class Examples(fixtures.Fixture):
         svc.add_endpoint('public', self.SERVICE_URL)
         self.TOKEN_RESPONSES[self.v3_NOT_IS_ADMIN_PROJECT] = token
 
-        # PKIZ tokens generally link to above tokens
-
-        self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_PKIZ_KEY] = (
-            self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY])
-        self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED_PKIZ_KEY] = (
-            self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED_KEY])
-        self.TOKEN_RESPONSES[self.SIGNED_v3_TOKEN_SCOPED_PKIZ_KEY] = (
-            self.TOKEN_RESPONSES[self.SIGNED_v3_TOKEN_SCOPED_KEY])
-
         self.JSON_TOKEN_RESPONSES = dict([(k, jsonutils.dumps(v)) for k, v in
                                           self.TOKEN_RESPONSES.items()])
 
diff --git a/keystonemiddleware/tests/unit/test_opts.py b/keystonemiddleware/tests/unit/test_opts.py
index 143264c..7700d17 100644
--- a/keystonemiddleware/tests/unit/test_opts.py
+++ b/keystonemiddleware/tests/unit/test_opts.py
@@ -53,7 +53,6 @@ class OptsTestCase(utils.TestCase):
             'cafile',
             'region_name',
             'insecure',
-            'signing_dir',
             'memcached_servers',
             'token_cache_time',
             'memcache_security_strategy',
@@ -66,7 +65,6 @@ class OptsTestCase(utils.TestCase):
             'memcache_pool_socket_timeout',
             'include_service_catalog',
             'enforce_token_bind',
-            'hash_algorithms',
             'auth_type',
             'auth_section',
             'service_token_roles',
@@ -99,7 +97,6 @@ class OptsTestCase(utils.TestCase):
             'cafile',
             'region_name',
             'insecure',
-            'signing_dir',
             'memcached_servers',
             'token_cache_time',
             'memcache_security_strategy',
@@ -112,7 +109,6 @@ class OptsTestCase(utils.TestCase):
             'memcache_pool_socket_timeout',
             'include_service_catalog',
             'enforce_token_bind',
-            'hash_algorithms',
             'auth_type',
             'auth_section',
             'service_token_roles',
diff --git a/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml b/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml
index 06741d3..a624c39 100644
--- a/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml
+++ b/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml
@@ -4,5 +4,19 @@ fixes:
     [`bug 1649735 <https://bugs.launchpad.net/keystone/+bug/1649735>`_]
     The auth_token middleware no longer attempts to retrieve the revocation
     list from the Keystone server. The deprecated options
-    `check_revocations_for_cached` and `check_revocations_for_cached` have been
+    `revocations_cache_time` and `check_revocations_for_cached` have been
     removed.
+
+    Keystone no longer issues PKI/PKIZ tokens and now keystonemiddleware's
+    Support for PKI/PKIZ and associated offline validation has been removed.
+    This includes the deprecated config options `signing_dir`, and
+    `hash_algorithms`.
+
+upgrade:
+  - >
+    [`bug 1649735 <https://bugs.launchpad.net/keystone/+bug/1649735>`_]
+    Keystonemiddleware no longer supports PKI/PKIZ tokens, all
+    associated offline validation has been removed. The configuration
+    options `signing_dir`, and `hash_algorithms` have been removed, if
+    they still exist in your configuration(s), they are now safe to remove.
+    Please consider utilizing the newer fernet or JWS token formats.
+\ No newline at end of file
author	Zuul <zuul@review.opendev.org>	2019-06-21 21:31:56 +0000
committer	Gerrit Code Review <review@openstack.org>	2019-06-21 21:31:56 +0000
commit	2ed915f4fe29138a88687e70efd95ea014b948bc (patch)
tree	f9ecbe2bf087f70def445d62836d1d47a74355a6
parent	d040cf67fb186ba2e8458e7a8228034ecba7b474 (diff)
parent	b3e84aafc0302b1a87754f438696794076ba844f (diff)
download	keystonemiddleware-2ed915f4fe29138a88687e70efd95ea014b948bc.tar.gz