Merge branch 'main' into zkbesu

# Conflicts: # .github/workflows/release.yml # besu/src/main/java/org/hyperledger/besu/controller/BesuController.java # ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/internal/methods/EthEstimateGas.java # ethereum/evmtool/build.gradle # evm/src/main/java/org/hyperledger/besu/evm/EvmSpecVersion.java # gradle/verification-metadata.xml # plugin-api/build.gradle
2026-01-09 15:28:09 -05:00 · 2024-07-16 17:09:07 +02:00
parent 752aeff37d 465fd1cbe5
commit b19ae8cd26
703 changed files with 12760 additions and 7736 deletions
--- a/.github/workflows/BesuContainerVerify.sh
+++ b/.github/workflows/BesuContainerVerify.sh
@@ -0,0 +1,70 @@
 #!/bin/bash
 ##
 ## Copyright contributors to Hyperledger Besu.
 ##
 ## Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 ## the License. You may obtain a copy of the License at
 ##
 ## http://www.apache.org/licenses/LICENSE-2.0
 ##
 ## Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 ## an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 ## specific language governing permissions and limitations under the License.
 ##
 ## SPDX-License-Identifier: Apache-2.0
 ##
 CONTAINER_NAME=${CONTAINER_NAME:-besu}
 VERSION=${VERSION}
 TAG=${TAG}
 CHECK_LATEST=${CHECK_LATEST}
 RETRY=${RETRY:-10}
 SLEEP=${SLEEP:-5}
 # Helper function to throw error
 log_error() {
  echo "::error $1"
  exit 1
 }
 # Check container is in running state
 _RUN_STATE=$(docker inspect --type=container -f={{.State.Status}} ${CONTAINER_NAME})
 if [[ "${_RUN_STATE}" != "running" ]]
 then
  log_error "container is not running"
 fi
 # Check for specific log message in container logs to verify besu started
 _SUCCESS=false
 while [[ ${_SUCCESS} != "true" && $RETRY -gt 0 ]]
 do
  docker logs ${CONTAINER_NAME} | grep -q "Ethereum main loop is up" && {
    _SUCCESS=true
    continue
  }
  echo "Waiting for the besu to start. Remaining retries $RETRY ..."
  RETRY=$(expr $RETRY - 1)
  sleep $SLEEP
 done
 # Log entry does not present after all retries, fail the script with a message
 if [[ ${_SUCCESS} != "true" ]]
 then
  docker logs --tail=100 ${CONTAINER_NAME}
  log_error "could not find the log message 'Ethereum main loop is up'"
 else
  echo "Besu container started and entered main loop"
 fi
 # For the latest tag check the version match
 if [[ ${TAG} == "latest" && ${CHECK_LATEST} == "true" ]]
 then
  _VERSION_IN_LOG=$(docker logs ${CONTAINER_NAME} | grep "#" | grep "Besu version" | cut -d " " -f 4 | sed 's/\s//g')
  echo "Extracted version from logs [$_VERSION_IN_LOG]"
  if [[ "$_VERSION_IN_LOG" != "${VERSION}" ]]
  then
    log_error "version [$_VERSION_IN_LOG] extracted from container logs does not match the expected version [${VERSION}]"
  else
    echo "Latest Besu container version matches"
  fi
 fi
--- a/.github/workflows/container-security-scan.yml
+++ b/.github/workflows/container-security-scan.yml
@@ -8,12 +8,15 @@ on:
        required: false
        default: 'develop'      
  schedule:
-    # Start of the hour is the busy time. Scheule it to run 8:17am UTC
+    # Start of the hour is the busy time. Schedule it to run 8:17am UTC
    - cron:  '17 8 * * *'
 jobs:
  scan-sarif:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - name: Checkout
--- a/.github/workflows/container-verify.yml
+++ b/.github/workflows/container-verify.yml
@@ -0,0 +1,57 @@
 name: container verify
 on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Besu version'
        required: true
      verify-latest-version:
        description: 'Check latest container version'
        required: false
        type: choice
        default: "true"
        options:
          - "true"
          - "false"
 jobs:
  verify:
    timeout-minutes: 4
    strategy:
      matrix:
        combination:
          - tag: ${{ inputs.version }}
            platform: ''
            runner: ubuntu-latest
          - tag: ${{ inputs.version }}-amd64
            platform: 'linux/amd64'
            runner: ubuntu-latest
          - tag: latest
            platform: ''
            runner: ubuntu-latest
          - tag: ${{ inputs.version }}-arm64
            platform: ''
            runner: besu-arm64
    runs-on: ${{ matrix.combination.runner }}
    env:
      CONTAINER_NAME: besu-check
    steps:
      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      - name: Start container
        run: |
          PLATFORM_OPT=""
          [[ x${{ matrix.combination.platform }} != 'x' ]] && PLATFORM_OPT="--platform ${{ matrix.combination.platform }}"
          docker run -d $PLATFORM_OPT --name ${{ env.CONTAINER_NAME }} hyperledger/besu:${{ matrix.combination.tag }}
      - name: Verify besu container
        run: bash .github/workflows/BesuContainerVerify.sh
        env:
          TAG: ${{ matrix.combination.tag }}
          VERSION: ${{ inputs.version }}
          CHECK_LATEST: ${{ inputs.verify-latest-version }}
      - name: Stop container
        run: docker stop ${{ env.CONTAINER_NAME }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,32 @@
 # Changelog
-## Next Release
+## Next release
 ### Breaking Changes
 - Remove deprecated sync modes (X_SNAP and X_CHECKPOINT). Use SNAP and CHECKPOINT instead [#7309](https://github.com/hyperledger/besu/pull/7309)
 - Remove PKI-backed QBFT (deprecated in 24.5.1) Other forms of QBFT remain unchanged. [#7293](https://github.com/hyperledger/besu/pull/7293)
 ### Additions and Improvements
 - `--Xsnapsync-bft-enabled` option enables experimental support for snap sync with IBFT/QBFT permissioned Bonsai-DB chains [#7140](https://github.com/hyperledger/besu/pull/7140)
 - Add support to load external profiles using `--profile` [#7265](https://github.com/hyperledger/besu/issues/7265)
 - `privacy-nonce-always-increments` option enables private transactions to always increment the nonce, even if the transaction is invalid [#6593](https://github.com/hyperledger/besu/pull/6593)
 - Add `block-test` subcommand to the evmtool which runs blockchain reference tests [#7310](https://github.com/hyperledger/besu/pull/7310)
 - Implement gnark-crypto for eip-2537 [#7316](https://github.com/hyperledger/besu/pull/7316)
 ### Bug fixes
 - Fix `eth_call` deserialization to correctly ignore unknown fields in the transaction object. [#7323](https://github.com/hyperledger/besu/pull/7323)
 ## 24.7.0
 ### Upcoming Breaking Changes
 - Receipt compaction will be enabled by default in a future version of Besu. After this change it will not be possible to downgrade to the previous Besu version.
 - PKI-backed QBFT will be removed in a future version of Besu. Other forms of QBFT will remain unchanged.
 - --Xbonsai-limit-trie-logs-enabled is deprecated, use --bonsai-limit-trie-logs-enabled instead
 - --Xbonsai-trie-logs-pruning-window-size is deprecated, use --bonsai-trie-logs-pruning-window-size instead
 - `besu storage x-trie-log` subcommand is deprecated, use `besu storage trie-log` instead
 ### Breaking Changes
 - `Xp2p-peer-lower-bound` has been removed. [#7247](https://github.com/hyperledger/besu/pull/7247)
 ### Additions and Improvements
 - Support for eth_maxPriorityFeePerGas [#5658](https://github.com/hyperledger/besu/issues/5658)
@@ -11,10 +35,20 @@
 - A full and up to date implementation of EOF for Prague [#7169](https://github.com/hyperledger/besu/pull/7169)
 - Add Subnet-Based Peer Permissions.  [#7168](https://github.com/hyperledger/besu/pull/7168)
 - Reduce lock contention on transaction pool when building a block [#7180](https://github.com/hyperledger/besu/pull/7180)
 - Update Docker base image to Ubuntu 24.04 [#7251](https://github.com/hyperledger/besu/pull/7251)
 - Add LUKSO as predefined network name [#7223](https://github.com/hyperledger/besu/pull/7223)
 - Refactored how code, initcode, and max stack size are configured in forks. [#7245](https://github.com/hyperledger/besu/pull/7245)
 - Nodes in a permissioned chain maintain (and retry) connections to bootnodes [#7257](https://github.com/hyperledger/besu/pull/7257)
 - Promote experimental `besu storage x-trie-log` subcommand to production-ready [#7278](https://github.com/hyperledger/besu/pull/7278)
 - Enhanced BFT round-change diagnostics [#7271](https://github.com/hyperledger/besu/pull/7271)
 ### Bug fixes
 - Validation errors ignored in accounts-allowlist and empty list [#7138](https://github.com/hyperledger/besu/issues/7138)
 - Fix "Invalid block detected" for BFT chains using Bonsai DB [#7204](https://github.com/hyperledger/besu/pull/7204)
 - Fix "Could not confirm best peer had pivot block" [#7109](https://github.com/hyperledger/besu/issues/7109)
 - Fix "Chain Download Halt" [#6884](https://github.com/hyperledger/besu/issues/6884)
 ## 24.6.0
@@ -2743,7 +2777,7 @@ If you have existing private transactions, see [migration details](docs/Private-
 This can be enabled using the `--rpc-http-api TRACE` CLI flag.  There are some philosophical differences between Besu and other implementations that are outlined in [trace_rpc_apis](docs/trace_rpc_apis.md).
- Ability to automatically detect Docker NAT settings from inside the conainter.
+- Ability to automatically detect Docker NAT settings from inside the container.
 The default NAT method (AUTO) can detect this so no user intervention is required to enable this.
@@ -2966,7 +3000,7 @@ For compatibility with ETC Agharta upgrade, use 1.3.7 or later.
 - Update Governance and Code of Conduct verbiage [\#120](https://github.com/hyperledger/besu/pull/120)
 - Fix private transaction root mismatch [\#118](https://github.com/hyperledger/besu/pull/118)
- Programatically enforce plugin CLI variable names [\#117](https://github.com/hyperledger/besu/pull/117)
+- Programmatically enforce plugin CLI variable names [\#117](https://github.com/hyperledger/besu/pull/117)
 - Additional unit test for selecting replaced pending transactions [\#116](https://github.com/hyperledger/besu/pull/116)
 - Only set sync targets that have an estimated height value [\#115](https://github.com/hyperledger/besu/pull/115)
 - Fix rlpx startup [\#114](https://github.com/hyperledger/besu/pull/114)
@@ -3020,7 +3054,7 @@ For compatibility with ETC Agharta upgrade, use 1.3.7 or later.
 ### Technical Improvements
- Less verbose synching subscriptions [\#59](https://github.com/hyperledger/besu/pull/59)
+- Less verbose syncing subscriptions [\#59](https://github.com/hyperledger/besu/pull/59)
 - Return enclave key instead of private transaction hash [\#53](https://github.com/hyperledger/besu/pull/53)
 - Fix mark sweep pruner bugs where nodes that should be kept were being swept  [\#50](https://github.com/hyperledger/besu/pull/50)
 - Clean up BesuConfiguration construction [\#51](https://github.com/hyperledger/besu/pull/51)
@@ -3153,7 +3187,7 @@ For compatibility with ETC Agharta upgrade, use 1.3.7 or later.
 - Updating Orion to v1.3.2 [#1805](https://github.com/PegaSysEng/pantheon/pull/1805)
 - Updaated newHeads subscription to emit events only for canonical blocks [#1798](https://github.com/PegaSysEng/pantheon/pull/1798)
 - Repricing for trie-size-dependent opcodes [#1795](https://github.com/PegaSysEng/pantheon/pull/1795)
- Revised Istanbul Versioning assignemnts [#1794](https://github.com/PegaSysEng/pantheon/pull/1794)
+- Revised Istanbul Versioning assignments [#1794](https://github.com/PegaSysEng/pantheon/pull/1794)
 - Updated RevertReason to return BytesValue [#1793](https://github.com/PegaSysEng/pantheon/pull/1793)
 - Updated way priv_getPrivacyPrecompileAddress source [#1786](https://github.com/PegaSysEng/pantheon/pull/1786) (thanks to [iikirilov](https://github.com/iikirilov))
 - Updated Chain ID opcode to return 0 as default [#1785](https://github.com/PegaSysEng/pantheon/pull/1785)
@@ -4214,7 +4248,7 @@ has been updated to use the moved quickstart.
 - Fixed deprecation warnings [\#596](https://github.com/PegaSysEng/pantheon/pull/596)
 - IBFT Integration Tests - Future Height [\#591](https://github.com/PegaSysEng/pantheon/pull/591)
 - Added `getNodeData` to `EthPeer` to enable requesting node data [\#589](https://github.com/PegaSysEng/pantheon/pull/589)
- `Blockcreator` to use `parentblock` specified at constuction [\#588](https://github.com/PegaSysEng/pantheon/pull/588)
+- `Blockcreator` to use `parentblock` specified at construction [\#588](https://github.com/PegaSysEng/pantheon/pull/588)
 - Support responding to `GetNodeData` requests [\#587](https://github.com/PegaSysEng/pantheon/pull/587)
 - IBFT validates block on proposal reception [\#583](https://github.com/PegaSysEng/pantheon/pull/583)
 - Rework `NewRoundValidator` tests [\#582](https://github.com/PegaSysEng/pantheon/pull/582)
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Besu Ethereum Client
 [![CircleCI](https://circleci.com/gh/hyperledger/besu/tree/main.svg?style=svg)](https://circleci.com/gh/hyperledger/besu/tree/main)
- [![Documentation Status](https://readthedocs.org/projects/hyperledger-besu/badge/?version=latest)](https://besu.hyperledger.org/en/latest/?badge=latest)
+ [![Documentation](https://img.shields.io/github/actions/workflow/status/hyperledger/besu-docs/publish-main-docs.yml?branch=main&label=docs)](https://github.com/hyperledger/besu-docs/actions/workflows/publish-main-docs.yml)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3174/badge)](https://bestpractices.coreinfrastructure.org/projects/3174)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/hyperledger/besu/blob/main/LICENSE)
 [![Discord](https://img.shields.io/discord/905194001349627914?logo=Hyperledger&style=plastic)](https://discord.gg/hyperledger)
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/blockchain/ExpectBeneficiary.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/blockchain/ExpectBeneficiary.java
@@ -14,7 +14,7 @@
 */
 package org.hyperledger.besu.tests.acceptance.dsl.condition.blockchain;
-import static org.assertj.core.api.Java6Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import org.hyperledger.besu.tests.acceptance.dsl.WaitUtils;
 import org.hyperledger.besu.tests.acceptance.dsl.condition.Condition;
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/blockchain/ExpectBlockNumberAbove.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/blockchain/ExpectBlockNumberAbove.java
@@ -14,7 +14,7 @@
 */
 package org.hyperledger.besu.tests.acceptance.dsl.condition.blockchain;
-import static org.assertj.core.api.Java6Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import org.hyperledger.besu.tests.acceptance.dsl.WaitUtils;
 import org.hyperledger.besu.tests.acceptance.dsl.condition.Condition;
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/clique/ExpectNonceVote.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/clique/ExpectNonceVote.java
@@ -14,7 +14,7 @@
 */
 package org.hyperledger.besu.tests.acceptance.dsl.condition.clique;
-import static org.assertj.core.api.Java6Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.hyperledger.besu.tests.acceptance.dsl.condition.clique.ExpectNonceVote.CLIQUE_NONCE_VOTE.AUTH;
 import org.hyperledger.besu.tests.acceptance.dsl.WaitUtils;
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/clique/ExpectedBlockHasProposer.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/clique/ExpectedBlockHasProposer.java
@@ -14,7 +14,7 @@
 */
 package org.hyperledger.besu.tests.acceptance.dsl.condition.clique;
-import static org.assertj.core.api.Java6Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 import org.hyperledger.besu.consensus.clique.CliqueBlockHeaderFunctions;
 import org.hyperledger.besu.consensus.clique.CliqueExtraData;
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java
@@ -166,6 +166,9 @@ public class ProcessBesuNodeRunner implements BesuNodeRunner {
      if (node.getPrivacyParameters().isPrivacyPluginEnabled()) {
        params.add("--Xprivacy-plugin-enabled");
      }
      if (node.getPrivacyParameters().isPrivateNonceAlwaysIncrementsEnabled()) {
        params.add("privacy-nonce-always-increments");
      }
    }
    if (!node.getBootnodes().isEmpty()) {
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeConfiguration.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeConfiguration.java
@@ -29,7 +29,6 @@ import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration
 import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
 import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
 import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
 import org.hyperledger.besu.pki.config.PkiKeyStoreConfiguration;
 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.genesis.GenesisConfigurationProvider;
 import java.nio.file.Path;
@@ -72,7 +71,6 @@ public class BesuNodeConfiguration {
  private final List<String> runCommand;
  private final NetworkName network;
  private final Optional<KeyPair> keyPair;
  private final Optional<PkiKeyStoreConfiguration> pkiKeyStoreConfiguration;
  private final boolean strictTxReplayProtectionEnabled;
  private final Map<String, String> environment;
@@ -110,7 +108,6 @@ public class BesuNodeConfiguration {
      final Optional<PrivacyParameters> privacyParameters,
      final List<String> runCommand,
      final Optional<KeyPair> keyPair,
      final Optional<PkiKeyStoreConfiguration> pkiKeyStoreConfiguration,
      final boolean strictTxReplayProtectionEnabled,
      final Map<String, String> environment) {
    this.name = name;
@@ -146,7 +143,6 @@ public class BesuNodeConfiguration {
    this.privacyParameters = privacyParameters;
    this.runCommand = runCommand;
    this.keyPair = keyPair;
    this.pkiKeyStoreConfiguration = pkiKeyStoreConfiguration;
    this.strictTxReplayProtectionEnabled = strictTxReplayProtectionEnabled;
    this.environment = environment;
  }
@@ -283,10 +279,6 @@ public class BesuNodeConfiguration {
    return keyPair;
  }
  public Optional<PkiKeyStoreConfiguration> getPkiKeyStoreConfiguration() {
    return pkiKeyStoreConfiguration;
  }
  public boolean isStrictTxReplayProtectionEnabled() {
    return strictTxReplayProtectionEnabled;
  }
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeConfigurationBuilder.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeConfigurationBuilder.java
@@ -43,7 +43,6 @@ import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration
 import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
 import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
 import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
 import org.hyperledger.besu.pki.config.PkiKeyStoreConfiguration;
 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.genesis.GenesisConfigurationProvider;
 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.pki.PKCS11Utils;
@@ -100,7 +99,6 @@ public class BesuNodeConfigurationBuilder {
  private Optional<PrivacyParameters> privacyParameters = Optional.empty();
  private List<String> runCommand = new ArrayList<>();
  private Optional<KeyPair> keyPair = Optional.empty();
  private Optional<PkiKeyStoreConfiguration> pkiKeyStoreConfiguration = Optional.empty();
  private Boolean strictTxReplayProtectionEnabled = false;
  private Map<String, String> environment = new HashMap<>();
@@ -439,13 +437,6 @@ public class BesuNodeConfigurationBuilder {
    return this;
  }
  public BesuNodeConfigurationBuilder pkiBlockCreationEnabled(
      final PkiKeyStoreConfiguration pkiKeyStoreConfiguration) {
    this.pkiKeyStoreConfiguration = Optional.of(pkiKeyStoreConfiguration);
    return this;
  }
  public BesuNodeConfigurationBuilder discoveryEnabled(final boolean discoveryEnabled) {
    this.discoveryEnabled = discoveryEnabled;
    return this;
@@ -560,7 +551,6 @@ public class BesuNodeConfigurationBuilder {
        privacyParameters,
        runCommand,
        keyPair,
        pkiKeyStoreConfiguration,
        strictTxReplayProtectionEnabled,
        environment);
  }
--- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeFactory.java
+++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeFactory.java
@@ -288,7 +288,8 @@ public class BesuNodeFactory {
      final String enclaveUrl,
      final String authFile,
      final String privTransactionSigningKey,
-      final boolean enableFlexiblePrivacy)
+      final boolean enableFlexiblePrivacy,
      final boolean enablePrivateNonceAlwaysIncrements)
      throws IOException, URISyntaxException {
    final PrivacyParameters.Builder privacyParametersBuilder = new PrivacyParameters.Builder();
    final PrivacyParameters privacyParameters =
@@ -299,6 +300,7 @@ public class BesuNodeFactory {
            .setStorageProvider(new InMemoryPrivacyStorageProvider())
            .setEnclaveFactory(new EnclaveFactory(Vertx.vertx()))
            .setEnclaveUrl(URI.create(enclaveUrl))
            .setPrivateNonceAlwaysIncrementsEnabled(enablePrivateNonceAlwaysIncrements)
            .setPrivateKeyPath(
                Paths.get(ClassLoader.getSystemResource(privTransactionSigningKey).toURI()))
            .build();
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/crypto/SECP256R1AcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/crypto/SECP256R1AcceptanceTest.java
@@ -66,6 +66,12 @@ public class SECP256R1AcceptanceTest extends AcceptanceTestBase {
        besu.createNodeWithNonDefaultSignatureAlgorithm(
            "otherNode", GENESIS_FILE, otherNodeKeyPair, List.of(minerNode));
    noDiscoveryCluster.addNode(otherNode);
    minerNode.verify(net.awaitPeerCount(1));
    otherNode.verify(net.awaitPeerCount(1));
    final var minerChainHead = minerNode.execute(ethTransactions.block());
    otherNode.verify(blockchain.minimumHeight(minerChainHead.getNumber().longValue()));
  }
  @Test
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/AccountLocalAndOnchainPermissioningAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/AccountLocalAndOnchainPermissioningAcceptanceTest.java
@@ -22,8 +22,10 @@ import java.math.BigInteger;
 import java.util.Arrays;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
@Disabled("permissioning tests flaky with timeouts")
 public class AccountLocalAndOnchainPermissioningAcceptanceTest
    extends AccountSmartContractPermissioningAcceptanceTestBase {
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeLocalAndOnchainPermissioningAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeLocalAndOnchainPermissioningAcceptanceTest.java
@@ -17,8 +17,10 @@ package org.hyperledger.besu.tests.acceptance.permissioning;
 import org.hyperledger.besu.tests.acceptance.dsl.node.Node;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
@Disabled("permissioning tests flaky with timeouts")
 public class NodeLocalAndOnchainPermissioningAcceptanceTest
    extends NodeSmartContractPermissioningAcceptanceTestBase {
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningAcceptanceTest.java
@@ -17,6 +17,7 @@ package org.hyperledger.besu.tests.acceptance.permissioning;
 import org.hyperledger.besu.tests.acceptance.dsl.node.Node;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 public class NodeSmartContractPermissioningAcceptanceTest
@@ -37,9 +38,10 @@ public class NodeSmartContractPermissioningAcceptanceTest
    permissionedCluster.start(bootnode, forbiddenNode, allowedNode, permissionedNode);
    // updating permissioning smart contract with allowed nodes
-
+    permissionedNode.verify(nodeIsForbidden(bootnode));
    permissionedNode.execute(allowNode(bootnode));
    permissionedNode.verify(nodeIsAllowed(bootnode));
    permissionedNode.verify(admin.hasPeer(bootnode));
    permissionedNode.execute(allowNode(allowedNode));
    permissionedNode.verify(nodeIsAllowed(allowedNode));
@@ -47,7 +49,6 @@ public class NodeSmartContractPermissioningAcceptanceTest
    permissionedNode.execute(allowNode(permissionedNode));
    permissionedNode.verify(nodeIsAllowed(permissionedNode));
    permissionedNode.verify(admin.addPeer(bootnode));
    permissionedNode.verify(admin.addPeer(allowedNode));
    allowedNode.verify(eth.syncingStatus(false));
@@ -57,6 +58,7 @@ public class NodeSmartContractPermissioningAcceptanceTest
  }
  @Test
  @Disabled("test is flaky")
  public void permissionedNodeShouldPeerOnlyWithAllowedNodes() {
    bootnode.verify(net.awaitPeerCount(3));
    allowedNode.verify(net.awaitPeerCount(3));
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2AcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2AcceptanceTest.java
@@ -17,6 +17,7 @@ package org.hyperledger.besu.tests.acceptance.permissioning;
 import org.hyperledger.besu.tests.acceptance.dsl.node.Node;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 public class NodeSmartContractPermissioningV2AcceptanceTest
@@ -51,6 +52,7 @@ public class NodeSmartContractPermissioningV2AcceptanceTest
  }
  @Test
  @Disabled("test is flaky")
  public void permissionedNodeShouldPeerOnlyWithAllowedNodes() {
    bootnode.verify(net.awaitPeerCount(3));
    allowedNode.verify(net.awaitPeerCount(3));
@@ -60,7 +62,7 @@ public class NodeSmartContractPermissioningV2AcceptanceTest
  @Test
  public void permissionedNodeShouldDisconnectFromNodeNotPermittedAnymore() {
-    permissionedNode.verify(admin.addPeer(bootnode));
+    permissionedNode.verify(admin.hasPeer(bootnode));
    permissionedNode.verify(admin.addPeer(allowedNode));
    permissionedNode.verify(net.awaitPeerCount(2));
@@ -72,7 +74,7 @@ public class NodeSmartContractPermissioningV2AcceptanceTest
  @Test
  public void permissionedNodeShouldConnectToNewlyPermittedNode() {
-    permissionedNode.verify(admin.addPeer(bootnode));
+    permissionedNode.verify(admin.hasPeer(bootnode));
    permissionedNode.verify(admin.addPeer(allowedNode));
    permissionedNode.verify(net.awaitPeerCount(2));
@@ -87,7 +89,7 @@ public class NodeSmartContractPermissioningV2AcceptanceTest
  @Test
  public void permissioningUpdatesPropagateThroughNetwork() {
-    permissionedNode.verify(admin.addPeer(bootnode));
+    permissionedNode.verify(admin.hasPeer(bootnode));
    permissionedNode.verify(admin.addPeer(allowedNode));
    permissionedNode.verify(net.awaitPeerCount(2));
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2DNSAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2DNSAcceptanceTest.java
@@ -25,8 +25,10 @@ import java.net.UnknownHostException;
 import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
@Disabled("test is flaky #7191")
 public class NodeSmartContractPermissioningV2DNSAcceptanceTest
    extends NodeSmartContractPermissioningV2AcceptanceTestBase {
@@ -57,12 +59,6 @@ public class NodeSmartContractPermissioningV2DNSAcceptanceTest
    permissionedNode.execute(allowNode(permissionedNode));
    permissionedNode.verify(connectionIsAllowed(permissionedNode));
    // Verify initial configuration
    bootnode.verify(net.awaitPeerCount(3));
    allowedNode.verify(net.awaitPeerCount(3));
    forbiddenNode.verify(net.awaitPeerCount(2));
    permissionedNode.verify(net.awaitPeerCount(2));
  }
  @Test
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/MultiTenancyAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/MultiTenancyAcceptanceTest.java
@@ -104,6 +104,7 @@ public class MultiTenancyAcceptanceTest extends AcceptanceTestBase {
            "http://127.0.0.1:" + wireMockRule.port(),
            "authentication/auth_priv.toml",
            "authentication/auth_priv_key",
            false,
            false);
    multiTenancyCluster.start(node);
    final String token =
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/MultiTenancyPrivateNonceIncrementingTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/MultiTenancyPrivateNonceIncrementingTest.java
@@ -0,0 +1,241 @@
 /*
 * Copyright contributors to Hyperledger Besu.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 package org.hyperledger.besu.tests.acceptance.privacy.multitenancy;
 import static com.github.tomakehurst.wiremock.client.WireMock.ok;
 import static com.github.tomakehurst.wiremock.client.WireMock.post;
 import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
 import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import org.hyperledger.besu.crypto.KeyPair;
 import org.hyperledger.besu.crypto.SignatureAlgorithm;
 import org.hyperledger.besu.crypto.SignatureAlgorithmFactory;
 import org.hyperledger.besu.datatypes.Address;
 import org.hyperledger.besu.datatypes.Hash;
 import org.hyperledger.besu.datatypes.Wei;
 import org.hyperledger.besu.enclave.types.PrivacyGroup;
 import org.hyperledger.besu.enclave.types.ReceiveResponse;
 import org.hyperledger.besu.enclave.types.SendResponse;
 import org.hyperledger.besu.ethereum.privacy.PrivateTransaction;
 import org.hyperledger.besu.ethereum.rlp.BytesValueRLPOutput;
 import org.hyperledger.besu.plugin.data.Restriction;
 import org.hyperledger.besu.tests.acceptance.dsl.AcceptanceTestBase;
 import org.hyperledger.besu.tests.acceptance.dsl.node.BesuNode;
 import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.Cluster;
 import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfiguration;
 import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurationBuilder;
 import java.math.BigInteger;
 import java.util.List;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.tomakehurst.wiremock.junit.WireMockRule;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import org.apache.tuweni.bytes.Bytes;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 public class MultiTenancyPrivateNonceIncrementingTest extends AcceptanceTestBase {
  private BesuNode node;
  private final ObjectMapper mapper = new ObjectMapper();
  private Cluster multiTenancyCluster;
  private static final Supplier<SignatureAlgorithm> SIGNATURE_ALGORITHM =
      Suppliers.memoize(SignatureAlgorithmFactory::getInstance);
  private static final KeyPair TEST_KEY =
      SIGNATURE_ALGORITHM
          .get()
          .createKeyPair(
              SIGNATURE_ALGORITHM
                  .get()
                  .createPrivateKey(
                      new BigInteger(
                          "853d7f0010fd86d0d7811c1f9d968ea89a24484a8127b4a483ddf5d2cfec766d", 16)));
  private static final String PRIVACY_GROUP_ID = "B1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo=";
  private static final String PARTICIPANT_ENCLAVE_KEY0 =
      "A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo=";
  private static final String PARTICIPANT_ENCLAVE_KEY1 =
      "sgFkVOyFndZe/5SAZJO5UYbrl7pezHetveriBBWWnE8=";
  private final Address senderAddress =
      Address.wrap(Bytes.fromHexString(accounts.getPrimaryBenefactor().getAddress()));
  @Rule public WireMockRule wireMockRule = new WireMockRule(options().dynamicPort());
  @Before
  public void setUp() throws Exception {
    final ClusterConfiguration clusterConfiguration =
        new ClusterConfigurationBuilder().awaitPeerDiscovery(false).build();
    multiTenancyCluster = new Cluster(clusterConfiguration, net);
    node =
        besu.createNodeWithMultiTenantedPrivacy(
            "node1",
            "http://127.0.0.1:" + wireMockRule.port(),
            "authentication/auth_priv.toml",
            "authentication/auth_priv_key",
            false,
            true);
    multiTenancyCluster.start(node);
    final String token =
        node.execute(permissioningTransactions.createSuccessfulLogin("user", "pegasys"));
    node.useAuthenticationTokenInHeaderForJsonRpc(token);
  }
  @After
  public void tearDown() {
    multiTenancyCluster.close();
  }
  @Test
  public void validateUnsuccessfulPrivateTransactionsNonceIncrementation()
      throws JsonProcessingException {
    executePrivateFailingTransaction(0, 0, 1);
    executePrivateValidTransaction(1, 1, 2);
    executePrivateFailingTransaction(2, 2, 3);
    executePrivateFailingTransaction(3, 3, 4);
    executePrivateValidTransaction(4, 4, 5);
  }
  private void executePrivateValidTransaction(
      final int nonce,
      final int expectedTransactionCountBeforeExecution,
      final int expectedTransactionCountAfterExecution)
      throws JsonProcessingException {
    final PrivateTransaction validSignedPrivateTransaction =
        getValidSignedPrivateTransaction(senderAddress, nonce);
    final String accountAddress = validSignedPrivateTransaction.getSender().toHexString();
    final BytesValueRLPOutput rlpOutput = getRLPOutput(validSignedPrivateTransaction);
    processEnclaveStub(validSignedPrivateTransaction);
    node.verify(
        priv.getTransactionCount(
            accountAddress, PRIVACY_GROUP_ID, expectedTransactionCountBeforeExecution));
    final Hash transactionReceipt =
        node.execute(privacyTransactions.sendRawTransaction(rlpOutput.encoded().toHexString()));
    node.verify(priv.getSuccessfulTransactionReceipt(transactionReceipt));
    node.verify(
        priv.getTransactionCount(
            accountAddress, PRIVACY_GROUP_ID, expectedTransactionCountAfterExecution));
  }
  private void executePrivateFailingTransaction(
      final int nonce,
      final int expectedTransactionCountBeforeExecution,
      final int expectedTransactionCountAfterExecution)
      throws JsonProcessingException {
    final PrivateTransaction invalidSignedPrivateTransaction =
        getInvalidSignedPrivateTransaction(senderAddress, nonce);
    final String accountAddress = invalidSignedPrivateTransaction.getSender().toHexString();
    final BytesValueRLPOutput invalidTxRlp = getRLPOutput(invalidSignedPrivateTransaction);
    processEnclaveStub(invalidSignedPrivateTransaction);
    node.verify(
        priv.getTransactionCount(
            accountAddress, PRIVACY_GROUP_ID, expectedTransactionCountBeforeExecution));
    final Hash invalidTransactionReceipt =
        node.execute(privacyTransactions.sendRawTransaction(invalidTxRlp.encoded().toHexString()));
    node.verify(priv.getFailedTransactionReceipt(invalidTransactionReceipt));
    node.verify(
        priv.getTransactionCount(
            accountAddress, PRIVACY_GROUP_ID, expectedTransactionCountAfterExecution));
  }
  private void processEnclaveStub(final PrivateTransaction validSignedPrivateTransaction)
      throws JsonProcessingException {
    retrievePrivacyGroupEnclaveStub();
    sendEnclaveStub();
    receiveEnclaveStub(validSignedPrivateTransaction);
  }
  private void retrievePrivacyGroupEnclaveStub() throws JsonProcessingException {
    final String retrieveGroupResponse =
        mapper.writeValueAsString(
            createPrivacyGroup(
                List.of(PARTICIPANT_ENCLAVE_KEY0, PARTICIPANT_ENCLAVE_KEY1),
                PrivacyGroup.Type.PANTHEON));
    stubFor(post("/retrievePrivacyGroup").willReturn(ok(retrieveGroupResponse)));
  }
  private void sendEnclaveStub() throws JsonProcessingException {
    final String sendResponse =
        mapper.writeValueAsString(new SendResponse(PARTICIPANT_ENCLAVE_KEY1));
    stubFor(post("/send").willReturn(ok(sendResponse)));
  }
  private void receiveEnclaveStub(final PrivateTransaction privTx) throws JsonProcessingException {
    final BytesValueRLPOutput rlpOutput = getRLPOutput(privTx);
    final String senderKey = privTx.getPrivateFrom().toBase64String();
    final String receiveResponse =
        mapper.writeValueAsString(
            new ReceiveResponse(
                rlpOutput.encoded().toBase64String().getBytes(UTF_8), PRIVACY_GROUP_ID, senderKey));
    stubFor(post("/receive").willReturn(ok(receiveResponse)));
  }
  private BytesValueRLPOutput getRLPOutput(final PrivateTransaction privateTransaction) {
    final BytesValueRLPOutput bvrlpo = new BytesValueRLPOutput();
    privateTransaction.writeTo(bvrlpo);
    return bvrlpo;
  }
  private PrivacyGroup createPrivacyGroup(
      final List<String> groupMembers, final PrivacyGroup.Type groupType) {
    return new PrivacyGroup(PRIVACY_GROUP_ID, groupType, "test", "testGroup", groupMembers);
  }
  private static PrivateTransaction getInvalidSignedPrivateTransaction(
      final Address senderAddress, final int nonce) {
    return PrivateTransaction.builder()
        .nonce(nonce)
        .gasPrice(Wei.ZERO)
        .gasLimit(3000000)
        .to(null)
        .value(Wei.ZERO)
        .payload(Bytes.fromHexString("0x1234"))
        .sender(senderAddress)
        .chainId(BigInteger.valueOf(1337))
        .privateFrom(Bytes.fromBase64String(PARTICIPANT_ENCLAVE_KEY0))
        .restriction(Restriction.RESTRICTED)
        .privacyGroupId(Bytes.fromBase64String(PRIVACY_GROUP_ID))
        .signAndBuild(TEST_KEY);
  }
  private static PrivateTransaction getValidSignedPrivateTransaction(
      final Address senderAddress, final int nonce) {
    return PrivateTransaction.builder()
        .nonce(nonce)
        .gasPrice(Wei.ZERO)
        .gasLimit(3000000)
        .to(null)
        .value(Wei.ZERO)
        .payload(Bytes.wrap(new byte[] {}))
        .sender(senderAddress)
        .chainId(BigInteger.valueOf(1337))
        .privateFrom(Bytes.fromBase64String(PARTICIPANT_ENCLAVE_KEY0))
        .restriction(Restriction.RESTRICTED)
        .privacyGroupId(Bytes.fromBase64String(PRIVACY_GROUP_ID))
        .signAndBuild(TEST_KEY);
  }
 }
--- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/MultiTenancyValidationFailAcceptanceTest.java
+++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/privacy/multitenancy/MultiTenancyValidationFailAcceptanceTest.java
@@ -78,6 +78,7 @@ public class MultiTenancyValidationFailAcceptanceTest extends AcceptanceTestBase
            "http://127.0.0.1:" + wireMockRule.port(),
            "authentication/auth_priv.toml",
            "authentication/auth_priv_key",
            false,
            false);
    multiTenancyCluster.start(node);
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/genesis.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/genesis.json
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/00_get_genesis_block_info.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/00_get_genesis_block_info.json
@@ -0,0 +1,43 @@
 {
  "request": {
    "jsonrpc": "2.0",
    "method": "eth_getBlockByNumber",
    "params": [
        "0x00", true
    ],
    "id": 67
  },
  "response": {
    "jsonrpc": "2.0",
    "id": 67,
    "result": {
      "number": "0x0",
      "hash" : "0x38d7daa68e8bac41a0a237b7cbfcef480cb9bd9adc7b282d7b0d23ff4eb8d6e5",
      "mixHash" : "0x0000000000000000000000000000000000000000000000000000000000000000",
      "parentHash" : "0x0000000000000000000000000000000000000000000000000000000000000000",
      "nonce" : "0x0000000000000042",
      "sha3Uncles" : "0x1dcc4de8dec75d7aab85b567b6ccd41ad312451b948a7413f0a142fd40d49347",
      "logsBloom" : "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
      "transactionsRoot" : "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
      "stateRoot" : "0x3ed8435adb5f3526144e6babdd3fc8c661a86097cf7e743441b41fda096fc4dd",
      "receiptsRoot" : "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
      "miner" : "0x0000000000000000000000000000000000000000",
      "difficulty" : "0x400000000",
      "totalDifficulty" : "0x400000000",
      "extraData" : "0x0000000000000000000000000000000000000000000000000000000000000000a94f5374fce5edbc8e2a8697c15331677e6ebf0b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
      "baseFeePerGas" : "0x7",
      "size" : "0x2ba",
      "gasLimit" : "0x1c9c380",
      "gasUsed" : "0x0",
      "timestamp" : "0x0",
      "uncles" : [ ],
      "transactions" : [ ],
      "withdrawalsRoot" : "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
      "withdrawals" : [ ],
      "blobGasUsed" : "0x0",
      "excessBlobGas" : "0x0",
      "parentBeaconBlockRoot" : "0x0000000000000000000000000000000000000000000000000000000000000000"
    }
  },
  "statusCode": 200
 }
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/01_cancun_prepare_payload.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/01_cancun_prepare_payload.json
@@ -4,8 +4,8 @@
    "method": "engine_forkchoiceUpdatedV3",
    "params": [
      {
-        "headBlockHash": "0x3ca89f1d6b71aeb56389ac8270e9ae369d0bb8edeea747f2d868a5eb31892b04",
+        "headBlockHash": "0x38d7daa68e8bac41a0a237b7cbfcef480cb9bd9adc7b282d7b0d23ff4eb8d6e5",
-        "safeBlockHash": "0x3ca89f1d6b71aeb56389ac8270e9ae369d0bb8edeea747f2d868a5eb31892b04",
+        "safeBlockHash": "0x38d7daa68e8bac41a0a237b7cbfcef480cb9bd9adc7b282d7b0d23ff4eb8d6e5",
        "finalizedBlockHash": "0x0000000000000000000000000000000000000000000000000000000000000000"
      },
      {
@@ -24,10 +24,10 @@
    "result": {
      "payloadStatus": {
        "status": "VALID",
-        "latestValidHash": "0x3ca89f1d6b71aeb56389ac8270e9ae369d0bb8edeea747f2d868a5eb31892b04",
+        "latestValidHash": "0x38d7daa68e8bac41a0a237b7cbfcef480cb9bd9adc7b282d7b0d23ff4eb8d6e5",
        "validationError": null
      },
-      "payloadId": "0x282643d318bdab11"
+      "payloadId": "0x28264396eca1deef"
    }
  },
  "statusCode": 200
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/02_cancun_getPayloadV3.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/02_cancun_getPayloadV3.json
@@ -3,7 +3,7 @@
    "jsonrpc": "2.0",
    "method": "engine_getPayloadV3",
    "params": [
-      "0x282643d318bdab11"
+      "0x28264396eca1deef"
    ],
    "id": 67
  },
@@ -12,9 +12,9 @@
    "id": 67,
    "result": {
      "executionPayload": {
-        "parentHash": "0x3ca89f1d6b71aeb56389ac8270e9ae369d0bb8edeea747f2d868a5eb31892b04",
+        "parentHash": "0x38d7daa68e8bac41a0a237b7cbfcef480cb9bd9adc7b282d7b0d23ff4eb8d6e5",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
-        "stateRoot": "0x2b6a1166ce24fe0af741c7313e6049e9e19351742bfaf4179154bc594ca9eb90",
+        "stateRoot": "0x3ed8435adb5f3526144e6babdd3fc8c661a86097cf7e743441b41fda096fc4dd",
        "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "gasLimit": "0x1c9c380",
@@ -29,7 +29,7 @@
        "blockNumber": "0x1",
        "receiptsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
        "blobGasUsed": "0x0",
-        "blockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950"
+        "blockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593"
      },
      "blockValue": "0x0",
      "blobsBundle": {
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/03_cancun_newPayloadV3.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/03_cancun_newPayloadV3.json
@@ -4,9 +4,9 @@
    "method": "engine_newPayloadV3",
    "params": [
      {
-        "parentHash": "0x3ca89f1d6b71aeb56389ac8270e9ae369d0bb8edeea747f2d868a5eb31892b04",
+        "parentHash": "0x38d7daa68e8bac41a0a237b7cbfcef480cb9bd9adc7b282d7b0d23ff4eb8d6e5",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
-        "stateRoot": "0x2b6a1166ce24fe0af741c7313e6049e9e19351742bfaf4179154bc594ca9eb90",
+        "stateRoot": "0x3ed8435adb5f3526144e6babdd3fc8c661a86097cf7e743441b41fda096fc4dd",
        "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "gasLimit": "0x1c9c380",
@@ -17,7 +17,7 @@
        "transactions": [],
        "withdrawals": [],
        "blockNumber": "0x1",
-        "blockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "blockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
        "receiptsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
        "excessBlobGas": "0x0",
        "blobGasUsed": "0x0"
@@ -32,7 +32,7 @@
    "id": 67,
    "result": {
      "status": "VALID",
-      "latestValidHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+      "latestValidHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
      "validationError": null
    }
  },
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/04_cancun_forkchoiceUpdatedV3.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/04_cancun_forkchoiceUpdatedV3.json
@@ -4,9 +4,9 @@
    "method": "engine_forkchoiceUpdatedV3",
    "params": [
      {
-        "headBlockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "headBlockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
-        "safeBlockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "safeBlockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
-        "finalizedBlockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950"
+        "finalizedBlockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593"
      },
      null
    ],
@@ -18,7 +18,7 @@
    "result": {
      "payloadStatus": {
        "status": "VALID",
-        "latestValidHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "latestValidHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
        "validationError": null
      },
      "payloadId": null
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/05_prague_forkchoiceUpdatedV3.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/05_prague_forkchoiceUpdatedV3.json
@@ -4,9 +4,9 @@
    "method": "engine_forkchoiceUpdatedV3",
    "params": [
      {
-        "headBlockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "headBlockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
-        "safeBlockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "safeBlockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
-        "finalizedBlockHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950"
+        "finalizedBlockHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593"
      },
      {
        "timestamp": "0x20",
@@ -24,10 +24,10 @@
    "result": {
      "payloadStatus": {
        "status": "VALID",
-        "latestValidHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "latestValidHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
        "validationError": null
      },
-      "payloadId": "0x282643c6d89e12df"
+      "payloadId": "0x282643d3a905e721"
    }
  },
  "statusCode": 200
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/06_prague_getPayloadV4.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/06_prague_getPayloadV4.json
@@ -3,7 +3,7 @@
    "jsonrpc": "2.0",
    "method": "engine_getPayloadV4",
    "params": [
-      "0x282643c6d89e12df"
+      "0x282643d3a905e721"
    ],
    "id": 67
  },
@@ -12,9 +12,9 @@
    "id": 67,
    "result": {
      "executionPayload": {
-        "parentHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "parentHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
-        "stateRoot": "0x546ac65b9d37c72d7185f8dd67419803c636dd4e5ddf9b325fb64e9ecf570871",
+        "stateRoot": "0x2e59916a57b535875bcd80d8472aeaa0027aa685d159804e8caa2f12d060155e",
        "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "gasLimit": "0x1c9c380",
@@ -34,8 +34,9 @@
            "amount": "0x0"
          }
        ],
        "consolidationRequests" : [],
        "blockNumber": "0x2",
-        "blockHash": "0xa7a92cc82e1d876476ad6433538599b0d592f88ba0823c23e80af93fb1748f14",
+        "blockHash": "0x27a2bc2ac21b3fc796f636bec1ec9cba100435f9a793176a83a5d4fa7cc13006",
        "receiptsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
        "blobGasUsed": "0x0"
      },
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/08_prague_invalid_null_deposits_execute_payload.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/08_prague_invalid_null_deposits_execute_payload.json
@@ -4,7 +4,7 @@
    "method": "engine_newPayloadV4",
    "params": [
      {
-        "parentHash": "0xa7a92cc82e1d876476ad6433538599b0d592f88ba0823c23e80af93fb1748f14",
+        "parentHash": "0x27a2bc2ac21b3fc796f636bec1ec9cba100435f9a793176a83a5d4fa7cc13006",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
        "stateRoot": "0x9b8c4a9a86cb49252075c0db2f0e72fb1e49350a0f70ea36f26f700201961e62",
        "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/09_prague_newPayloadV4.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/09_prague_newPayloadV4.json
@@ -4,9 +4,9 @@
    "method": "engine_newPayloadV4",
    "params": [
      {
-        "parentHash": "0x74e8ce9d96d325a605675a34175adfa34581f35091dcd7b107c525a82b0b9950",
+        "parentHash": "0x8082deff44f79489ea92415be59afb48b6f46b939553f855479828a6f87f9593",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
-        "stateRoot": "0xdb2a9bb9097dd6946525203a14437cd925ef549289e1fe17c6ed845c53647a26",
+        "stateRoot": "0x961878fdcdff52ea42db0026f59aa414a5ec2835e56ed1a8ae50c80a9fe3a04b",
        "logsBloom": "0x10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000",
        "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "gasLimit": "0x1c9c380",
@@ -35,8 +35,9 @@
            "validatorPubkey": "0xb10a4a15bf67b328c9b101d09e5c6ee6672978fdad9ef0d9e2ceffaee99223555d8601f0cb3bcc4ce1af9864779a416e"
          }
        ],
        "consolidationRequests": [],
        "blockNumber": "0x2",
-        "blockHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d",
+        "blockHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca",
        "receiptsRoot": "0x79ee3424eb720a3ad4b1c5a372bb8160580cbe4d893778660f34213c685627a9",
        "blobGasUsed": "0x0"
      },
@@ -50,7 +51,7 @@
    "id": 67,
    "result": {
      "status": "VALID",
-      "latestValidHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d",
+      "latestValidHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca",
      "validationError": null
    }
  },
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/10_prague_forkchoiceUpdatedV3.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/10_prague_forkchoiceUpdatedV3.json
@@ -4,9 +4,9 @@
    "method": "engine_forkchoiceUpdatedV3",
    "params": [
      {
-        "headBlockHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d",
+        "headBlockHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca",
-        "safeBlockHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d",
+        "safeBlockHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca",
-        "finalizedBlockHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d"
+        "finalizedBlockHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca"
      },
      {
        "timestamp": "0x30",
@@ -24,10 +24,10 @@
    "result": {
      "payloadStatus": {
        "status": "VALID",
-        "latestValidHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d",
+        "latestValidHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca",
        "validationError": null
      },
-      "payloadId": "0x282643e2da21a7cf"
+      "payloadId": "0x282643a16a58b5cf"
    }
  },
  "statusCode": 200
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/11_prague_getPayloadV4.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/11_prague_getPayloadV4.json
@@ -3,7 +3,7 @@
    "jsonrpc": "2.0",
    "method": "engine_getPayloadV4",
    "params": [
-      "0x282643e2da21a7cf"
+      "0x282643a16a58b5cf"
    ],
    "id": 67
  },
@@ -12,9 +12,9 @@
    "id": 67,
    "result": {
      "executionPayload": {
-        "parentHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d",
+        "parentHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
-        "stateRoot": "0xcd9f15de5f17cf87a02bf795a0dc98c108eead4651eca57fc7195bda0d9c20ee",
+        "stateRoot": "0x5fc31c01a451fe02f0e938de7ec7044aaba1159a81a1be64357bc70af226f304",
        "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "gasLimit": "0x1c9c380",
@@ -28,8 +28,9 @@
        "withdrawals": [],
        "depositRequests": [],
        "withdrawalRequests": [],
        "consolidationRequests" : [],
        "blockNumber": "0x3",
-        "blockHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42",
+        "blockHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634",
        "receiptsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
        "blobGasUsed": "0x0"
      },
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/12_cancun_newPayloadV3.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/12_cancun_newPayloadV3.json
@@ -4,9 +4,9 @@
    "method": "engine_newPayloadV3",
    "params": [
      {
-        "parentHash": "0x5200df2eb24d08e7bceec64194d073e81a6e9c00c4f61d323fad5d70b40e6d6d",
+        "parentHash": "0xc67a660f5d3c20ee603911bdff1e409e976f306883dff8ef4999dca3176f7dca",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
-        "stateRoot": "0xcd9f15de5f17cf87a02bf795a0dc98c108eead4651eca57fc7195bda0d9c20ee",
+        "stateRoot": "0x5fc31c01a451fe02f0e938de7ec7044aaba1159a81a1be64357bc70af226f304",
        "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "gasLimit": "0x1c9c380",
@@ -19,7 +19,7 @@
        "depositRequests": [],
        "withdrawalRequests": [],
        "blockNumber": "0x3",
-        "blockHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42",
+        "blockHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634",
        "receiptsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
        "excessBlobGas": "0x0",
        "blobGasUsed": "0x0"
@@ -34,7 +34,7 @@
    "id": 67,
    "result": {
      "status": "VALID",
-      "latestValidHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42",
+      "latestValidHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634",
      "validationError": null
    }
  },
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/14_prague_send_raw_transaction_consolidation_request.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/14_prague_send_raw_transaction_consolidation_request.json
@@ -0,0 +1,14 @@
 {
  "request": {
    "jsonrpc": "2.0",
    "method": "eth_sendRawTransaction",
    "params": ["0xf8c80185e8d4a51000832dc6c09400b42dbf2194e931e80326d950320f7d9dbeac0201b860fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe822fe0a05b88b593926d340f448918ef1c6263356c37f2434774e0fdb1cb9d90cfa5a23ba003a86aac4adb774181ba51eda17efb5fbed99ad57895e6eb56ccdf508a88a7cc"],
    "id": 67
  },
  "response": {
    "jsonrpc": "2.0",
    "id": 67,
    "result": "0xa4252f576c4e16cb020f86f8a30d4fa990ee0cbfc84198a6d0eb118dd2f8b72d"
  },
  "statusCode": 200
 }
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/15_prague_forkchoiceUpdatedV3.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/15_prague_forkchoiceUpdatedV3.json
@@ -4,9 +4,9 @@
    "method": "engine_forkchoiceUpdatedV3",
    "params": [
      {
-        "headBlockHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42",
+        "headBlockHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634",
-        "safeBlockHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42",
+        "safeBlockHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634",
-        "finalizedBlockHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42"
+        "finalizedBlockHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634"
      },
      {
        "timestamp": "0x40",
@@ -24,10 +24,10 @@
    "result": {
      "payloadStatus": {
        "status": "VALID",
-        "latestValidHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42",
+        "latestValidHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634",
        "validationError": null
      },
-      "payloadId": "0x282643de0e3d43bf"
+      "payloadId": "0x28264396a9634d41"
    }
  },
  "statusCode": 200
--- a/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/16_prague_getPayloadV4.json
+++ b/acceptance-tests/tests/src/test/resources/jsonrpc/engine/prague/test-cases/16_prague_getPayloadV4.json
@@ -3,7 +3,7 @@
    "jsonrpc": "2.0",
    "method": "engine_getPayloadV4",
    "params": [
-      "0x282643de0e3d43bf"
+      "0x28264396a9634d41"
    ],
    "id": 67
  },
@@ -12,20 +12,21 @@
    "id": 67,
    "result": {
      "executionPayload": {
-        "parentHash": "0x79858f6eb8e82f0ec11087983ce4eb8c7edc10c9363a2a124dd78fd2c305dc42",
+        "parentHash": "0xdbb55a049f14b8152695bf3bbd754aa1fd55bbe10b306eb49caa4bd7d7fcb634",
        "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
-        "stateRoot": "0xe4642cc58d61f2392fe056042c226e286f22a25e3104f4a4acb423dad9a43311",
+        "stateRoot": "0x49df1f1a1d28a23fa752230d442077768787d392e9edb70c83d727d31e55eaac",
        "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "gasLimit": "0x1c9c380",
-        "gasUsed": "0x145d3",
+        "gasUsed": "0x3ad4d",
        "timestamp": "0x40",
        "extraData": "0x",
        "baseFeePerGas": "0x7",
        "excessBlobGas": "0x0",
        "parentBeaconBlockRoot": "0x0000000000000000000000000000000000000000000000000000000000000000",
        "transactions": [
-          "0xf8a08085e8d4a51000832dc6c09400a3ca265ebcb825b45f985a16cefb49958ce01702b8388706d19a62f28a6a6549f96c5adaebac9124a61d44868ec94f6d2d707c6a2f82c9162071231dfeb40e24bfde4ffdf2430000000000000000822fdfa00476c1a81f80f4c130acb5f8b8075468ba0893d766b7ec51a8d9723c573ad034a03bd3eaedabbaaf745f15023185ba66584ad3ee8bb40b9bef8c0b9ed27f8b1959"
+          "0xf8a08085e8d4a51000832dc6c09400a3ca265ebcb825b45f985a16cefb49958ce01702b8388706d19a62f28a6a6549f96c5adaebac9124a61d44868ec94f6d2d707c6a2f82c9162071231dfeb40e24bfde4ffdf2430000000000000000822fdfa00476c1a81f80f4c130acb5f8b8075468ba0893d766b7ec51a8d9723c573ad034a03bd3eaedabbaaf745f15023185ba66584ad3ee8bb40b9bef8c0b9ed27f8b1959",
          "0xf8c80185e8d4a51000832dc6c09400b42dbf2194e931e80326d950320f7d9dbeac0201b860fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe822fe0a05b88b593926d340f448918ef1c6263356c37f2434774e0fdb1cb9d90cfa5a23ba003a86aac4adb774181ba51eda17efb5fbed99ad57895e6eb56ccdf508a88a7cc"
        ],
        "withdrawals": [],
        "depositRequests": [],
@@ -36,12 +37,19 @@
            "validatorPubkey": "0x8706d19a62f28a6a6549f96c5adaebac9124a61d44868ec94f6d2d707c6a2f82c9162071231dfeb40e24bfde4ffdf243"
          }
        ],
        "consolidationRequests": [
          {
            "sourceAddress": "0x23618e81e3f5cdf7f54c3d65f7fbc0abf5b21e8f",
            "sourcePubKey": "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
            "targetPubKey": "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
          }
        ],
        "blockNumber": "0x4",
-        "receiptsRoot": "0x765bd9d63cc10fa47117d6cc0958f15e55a3bde540d4ed15d220f573fbb82cba",
+        "receiptsRoot": "0x970fc81bb3e7fb21435f9a65a184aa9e3fd2f52b89fd859302b46954354266b5",
        "blobGasUsed": "0x0",
-        "blockHash": "0xb2d60adb2a0c73313ebdacf425b1d6bbd810c3ec6b28ad0d62a73cdc34cb696a"
+        "blockHash": "0x93df6f3484202f24c692354e2ab96e9948ae45eea6ad85faea121a389e468ea8"
      },
-      "blockValue": "0x12855dcd153473b",
+      "blockValue": "0x3581baab15c12e5",
      "blobsBundle": {
        "commitments": [],
        "proofs": [],
--- a/acceptance-tests/tests/src/test/resources/pki-certs/README.md
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/README.md
@@ -1,127 +0,0 @@
 See `ethereum/p2p/src/test/resources/keys/README.md` which describes the details on how the 
 certificates are created. The same CA are used to create miner1-miner6. 
 For `PkiQbftAcceptanceTest`: 
 `miner1`-`miner5` are signed with `partner1_ca` and `miner6` is signed with `partner2_ca`.
 `miner5` and `miner6` are revoked and added in the crl list.
 Sample shell script that can be executed to recreate the certificates
 ~~~
 #! /bin/sh
 names=("partner1:miner1" "partner1:miner2" "partner1:miner3" "partner1:miner4" "partner1:miner5" "partner2:miner6")
 crls=("partner1:miner5" "partner2:miner6")
 KEY_ALG="EC -groupname secp256r1"
 #KEY_ALG="RSA -keysize 2048"
 ##########
 CA_CERTS_PATH=./ca_certs
 ROOT_CA_KS=$CA_CERTS_PATH/root_ca.p12
 INTER_CA_KS=$CA_CERTS_PATH/inter_ca.p12
 CRL_DIR=./crl
 keytool -exportcert -keystore $ROOT_CA_KS -storepass test123 -alias root_ca -rfc -file $CA_CERTS_PATH/root_ca.pem
 echo "Generating miner keystores..."
 ### Generate client keystores
 for name in "${names[@]}"
 do
  IFS=':' read -r -a array <<< "$name"
  partner=${array[0]}
  client=${array[1]}
  PARTNER_CA_KEYSTORE="$CA_CERTS_PATH/${partner}_ca.p12"
  CLIENT_PATH="./${client}"
  KEYSTORE_PATH="./$CLIENT_PATH/${client}.p12"
  NSSDB_PATH="${CLIENT_PATH}/nssdb"
  echo "$PARTNER_CA_KEYSTORE"
  mkdir -p $NSSDB_PATH
  echo "Generating keystore for Partner $partner Client $client"
  keytool -genkeypair -keystore $KEYSTORE_PATH -storepass test123 -alias ${client} \
  -keyalg $KEY_ALG -validity 36500 \
  -dname "CN=localhost, OU=${partner}" \
  -ext san=dns:localhost,ip:127.0.0.1
  echo "Creating CSR for $client and signing it with ${partner}_ca"
  keytool -storepass test123 -keystore $KEYSTORE_PATH -certreq -alias ${client} \
  | keytool -storepass test123 -keystore $PARTNER_CA_KEYSTORE -gencert -alias "${partner}_ca" -ext ku:c=digitalSignature,nonRepudiation,keyEncipherment -ext eku=sA,cA \
  -rfc > "${CLIENT_PATH}/${client}.pem"
  echo "Concat root_ca.pem to ${client}.pem"
  cat "${CA_CERTS_PATH}/root_ca.pem" >> "${CLIENT_PATH}/${client}.pem"
  echo "Importing signed $client.pem CSR into $KEYSTORE_PATH"
  keytool -keystore $KEYSTORE_PATH -importcert -alias $client \
  -storepass test123 -noprompt -file "${CLIENT_PATH}/${client}.pem"
  echo "Converting p12 to jks"
  keytool -importkeystore -srckeystore $KEYSTORE_PATH -srcstoretype PKCS12 -destkeystore "$CLIENT_PATH/${client}.jks"  -deststoretype JKS -srcstorepass test123 -deststorepass test123 -srcalias $client -destalias $client -srckeypass test123 -destkeypass test123 -noprompt
  echo "Initialize nss"
  echo "test123" > ${CLIENT_PATH}/nsspin.txt
  certutil -N -d sql:${NSSDB_PATH} -f "${CLIENT_PATH}/nsspin.txt"
  # hack to make Java SunPKCS11 work with new sql version of nssdb
  touch ${NSSDB_PATH}/secmod.db
  pk12util -i $KEYSTORE_PATH -d sql:${NSSDB_PATH} -k ${CLIENT_PATH}/nsspin.txt -W test123
  echo "Fixing truststores in sql:${NSSDB_PATH}"
  certutil -M -n "CN=root.ca.besu.com"       -t CT,C,C -d sql:"$NSSDB_PATH" -f ${CLIENT_PATH}/nsspin.txt
  certutil -M -n "CN=inter.ca.besu.com"      -t CT,C,C -d sql:"$NSSDB_PATH" -f ${CLIENT_PATH}/nsspin.txt
  certutil -M -n "CN=${partner}.ca.besu.com" -t CT,C,C -d sql:"$NSSDB_PATH" -f ${CLIENT_PATH}/nsspin.txt
  certutil -d sql:"$NSSDB_PATH" -f nsspin.txt -L
  echo "Creating pkcs11 nss config file"
  cat <<EOF >${CLIENT_PATH}/nss.cfg
 name = NSScrypto-${partner}-${client}
 nssSecmodDirectory = ./src/test/resources/pki-certs/${client}/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
 EOF
  # remove pem files
  rm "${CLIENT_PATH}/${client}.pem"
  # create truststore
  echo "Creating truststore ..."
  keytool -exportcert -keystore $ROOT_CA_KS  -storepass test123 -alias root_ca -rfc   | keytool -import -trustcacerts -alias root_ca -keystore "${CLIENT_PATH}/truststore.p12" -storepass test123 -noprompt
  keytool -exportcert -keystore $INTER_CA_KS -storepass test123 -alias inter_ca -rfc | keytool -import -trustcacerts -alias inter_ca -keystore "${CLIENT_PATH}/truststore.p12" -storepass test123 -noprompt
  keytool -exportcert -keystore $PARTNER_CA_KEYSTORE  -storepass test123 -alias "${partner}_ca" -rfc   | keytool -import -trustcacerts -alias "${partner}_ca" -keystore "${CLIENT_PATH}/truststore.p12" -storepass test123 -noprompt
 done
 rm $CA_CERTS_PATH/root_ca.pem
 echo "Keystores and nss database created"
 ## create crl list
 mkdir -p $CRL_DIR
 rm $CRL_DIR/crl.pem
 for crl in "${crls[@]}"
 do
  IFS=':' read -r -a array <<< "$crl"
  partner=${array[0]}
  client=${array[1]}
  echo "Exporting CA certificate and private key"
  openssl pkcs12 -nodes -in "$CA_CERTS_PATH/${partner}_ca.p12" -out "$CRL_DIR/${partner}_ca_key.pem" -passin pass:test123 -nocerts
  openssl pkcs12 -nodes -in "$CA_CERTS_PATH/${partner}_ca.p12" -out "$CRL_DIR/${partner}_ca.pem" -passin pass:test123 -nokeys
  echo "Export $client certificate"
  openssl pkcs12 -nodes -in "./${client}/${client}.p12" -out "$CRL_DIR/${client}.pem" -passin pass:test123 -nokeys
  ## On Mac, use gnutls-certtool, on Linux use certtool
  echo "Creating crl"
  printf '365\n\n' | gnutls-certtool --generate-crl --load-ca-privkey "$CRL_DIR/${partner}_ca_key.pem" --load-ca-certificate "$CRL_DIR/${partner}_ca.pem" \
  --load-certificate "$CRL_DIR/${client}.pem" >> $CRL_DIR/crl.pem
  rm "$CRL_DIR/${partner}_ca_key.pem"
  rm "$CRL_DIR/${partner}_ca.pem"
  rm "$CRL_DIR/${client}.pem"
 done
 ~~~
--- a/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/inter_ca.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/inter_ca.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/partner1_ca.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/partner1_ca.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/partner2_ca.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/partner2_ca.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/root_ca.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/ca_certs/root_ca.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/create.sh
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/create.sh
@@ -1,190 +0,0 @@
 #! /bin/sh
 ##
 ## Copyright contributors to Hyperledger Besu.
 ##
 ## Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 ## the License. You may obtain a copy of the License at
 ##
 ## http://www.apache.org/licenses/LICENSE-2.0
 ##
 ## Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 ## an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 ## specific language governing permissions and limitations under the License.
 ##
 ## SPDX-License-Identifier: Apache-2.0
 ##
 set -e
 names=("partner1:miner1" "partner1:miner2" "partner1:miner3" "partner1:miner4" "partner1:miner5" "partner2:miner6")
 crls=("partner1:miner5" "partner2:miner6")
 KEY_ALG="EC -groupname secp256r1"
 #KEY_ALG="RSA -keysize 2048"
 ##########
 CA_CERTS_PATH=./ca_certs
 ROOT_CA_KS=$CA_CERTS_PATH/root_ca.p12
 INTER_CA_KS=$CA_CERTS_PATH/inter_ca.p12
 PARTNER1_CA_KS=$CA_CERTS_PATH/partner1_ca.p12
 PARTNER2_CA_KS=$CA_CERTS_PATH/partner2_ca.p12
 CRL_DIR=./crl
 mkdir $CA_CERTS_PATH
 keytool -genkeypair -alias root_ca -dname "CN=root.ca.besu.com" -ext bc:c -keyalg RSA -keysize 2048 \
 -sigalg SHA256WithRSA -validity 36500 \
 -storepass test123 \
 -keystore $ROOT_CA_KS
 keytool -exportcert -keystore $ROOT_CA_KS -storepass test123 -alias root_ca -rfc -file $CA_CERTS_PATH/root_ca.pem
 keytool -genkeypair -alias inter_ca -dname "CN=inter.ca.besu.com" \
 -ext bc:c=ca:true,pathlen:1 -ext ku:c=dS,kCS,cRLs \
 -keyalg RSA -sigalg SHA256WithRSA -validity 36500 \
 -storepass test123 \
 -keystore $INTER_CA_KS
 keytool -exportcert -keystore $INTER_CA_KS -storepass test123 -alias inter_ca -rfc -file $CA_CERTS_PATH/inter_ca.pem
 keytool -genkeypair -alias partner1_ca -dname "CN=partner1.ca.besu.com" \
 -ext bc:c=ca:true,pathlen:0 -ext ku:c=dS,kCS,cRLs \
 -keyalg RSA -sigalg SHA256WithRSA -validity 36500 \
 -storepass test123 \
 -keystore $PARTNER1_CA_KS
 keytool -exportcert -keystore $PARTNER1_CA_KS -storepass test123 -alias partner1_ca -rfc -file $CA_CERTS_PATH/partner1_ca.pem
 keytool -genkeypair -alias partner2_ca -dname "CN=partner2.ca.besu.com" \
 -ext bc:c=ca:true,pathlen:0 -ext ku:c=dS,kCS,cRLs \
 -keyalg RSA -sigalg SHA256WithRSA -validity 36500 \
 -storepass test123 \
 -keystore $PARTNER2_CA_KS
 keytool -exportcert -keystore $PARTNER2_CA_KS -storepass test123 -alias partner2_ca -rfc -file $CA_CERTS_PATH/partner2_ca.pem
 keytool -storepass test123 -keystore $INTER_CA_KS -certreq -alias inter_ca \
 | keytool -storepass test123 -keystore $ROOT_CA_KS -gencert -validity 36500 -alias root_ca \
 -ext bc:c=ca:true,pathlen:1 -ext ku:c=dS,kCS,cRLs -rfc > $CA_CERTS_PATH/inter_ca.pem
 cat $CA_CERTS_PATH/root_ca.pem >> $CA_CERTS_PATH/inter_ca.pem
 keytool -keystore $INTER_CA_KS -importcert -alias inter_ca \
 -storepass test123 -noprompt -file $CA_CERTS_PATH/inter_ca.pem
 keytool -storepass test123 -keystore $PARTNER1_CA_KS -certreq -alias partner1_ca \
 | keytool -storepass test123 -keystore $INTER_CA_KS -gencert -validity 36500 -alias inter_ca \
 -ext bc:c=ca:true,pathlen:0 -ext ku:c=dS,kCS,cRLs -rfc > $CA_CERTS_PATH/partner1_ca.pem
 keytool -storepass test123 -keystore $PARTNER2_CA_KS -certreq -alias partner2_ca \
 | keytool -storepass test123 -keystore $INTER_CA_KS -gencert -validity 36500 -alias inter_ca \
 -ext bc:c=ca:true,pathlen:0 -ext ku:c=dS,kCS,cRLs -rfc > $CA_CERTS_PATH/partner2_ca.pem
 cat $CA_CERTS_PATH/inter_ca.pem >> $CA_CERTS_PATH/partner1_ca.pem
 cat $CA_CERTS_PATH/inter_ca.pem >> $CA_CERTS_PATH/partner2_ca.pem
 keytool -keystore $PARTNER1_CA_KS -importcert -alias partner1_ca \
 -storepass test123 -noprompt -file $CA_CERTS_PATH/partner1_ca.pem
 keytool -keystore $PARTNER2_CA_KS -importcert -alias partner2_ca \
 -storepass test123 -noprompt -file $CA_CERTS_PATH/partner2_ca.pem
 echo "Generating miner keystores..."
 ### Generate client keystores
 for name in "${names[@]}"
 do
  IFS=':' read -r -a array <<< "$name"
  partner=${array[0]}
  client=${array[1]}
  PARTNER_CA_KEYSTORE="$CA_CERTS_PATH/${partner}_ca.p12"
  CLIENT_PATH="./${client}"
  KEYSTORE_PATH="./$CLIENT_PATH/${client}.p12"
  NSSDB_PATH="${CLIENT_PATH}/nssdb"
  echo "$PARTNER_CA_KEYSTORE"
  mkdir -p $NSSDB_PATH
  echo "Generating keystore for Partner $partner Client $client"
  keytool -genkeypair -keystore $KEYSTORE_PATH -storepass test123 -alias ${client} \
  -keyalg $KEY_ALG -validity 36500 \
  -dname "CN=localhost, OU=${partner}" \
  -ext san=dns:localhost,ip:127.0.0.1
  echo "Creating CSR for $client and signing it with ${partner}_ca"
  keytool -storepass test123 -keystore $KEYSTORE_PATH -certreq -alias ${client} \
  | keytool -storepass test123 -keystore $PARTNER_CA_KEYSTORE -gencert -validity 36500 -alias "${partner}_ca" -ext ku:c=digitalSignature,nonRepudiation,keyEncipherment -ext eku=sA,cA \
  -rfc > "${CLIENT_PATH}/${client}.pem"
  echo "Concat root_ca.pem to ${client}.pem"
  cat "${CA_CERTS_PATH}/root_ca.pem" >> "${CLIENT_PATH}/${client}.pem"
  echo "Importing signed $client.pem CSR into $KEYSTORE_PATH"
  keytool -keystore $KEYSTORE_PATH -importcert -alias $client \
  -storepass test123 -noprompt -file "${CLIENT_PATH}/${client}.pem"
  echo "Converting p12 to jks"
  keytool -importkeystore -srckeystore $KEYSTORE_PATH -srcstoretype PKCS12 -destkeystore "$CLIENT_PATH/${client}.jks"  -deststoretype JKS -srcstorepass test123 -deststorepass test123 -srcalias $client -destalias $client -srckeypass test123 -destkeypass test123 -noprompt
  echo "Initialize nss"
  echo "test123" > ${CLIENT_PATH}/nsspin.txt
  certutil -N -d sql:${NSSDB_PATH} -f "${CLIENT_PATH}/nsspin.txt"
  # hack to make Java SunPKCS11 work with new sql version of nssdb
  touch ${NSSDB_PATH}/secmod.db
  pk12util -i $KEYSTORE_PATH -d sql:${NSSDB_PATH} -k ${CLIENT_PATH}/nsspin.txt -W test123
  echo "Fixing truststores in sql:${NSSDB_PATH}"
  certutil -M -n "CN=root.ca.besu.com"       -t CT,C,C -d sql:"$NSSDB_PATH" -f ${CLIENT_PATH}/nsspin.txt
  certutil -M -n "CN=inter.ca.besu.com"      -t u,u,u -d sql:"$NSSDB_PATH" -f ${CLIENT_PATH}/nsspin.txt
  certutil -M -n "CN=${partner}.ca.besu.com" -t u,u,u -d sql:"$NSSDB_PATH" -f ${CLIENT_PATH}/nsspin.txt
  certutil -d sql:"$NSSDB_PATH" -f nsspin.txt -L
  echo "Creating pkcs11 nss config file"
  cat <<EOF >${CLIENT_PATH}/nss.cfg
 name = NSScrypto-${partner}-${client}
 nssSecmodDirectory = ./src/test/resources/pki-certs/${client}/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
 EOF
  # remove pem files
  rm "${CLIENT_PATH}/${client}.pem"
  # create truststore
  echo "Creating truststore ..."
  keytool -exportcert -keystore $ROOT_CA_KS  -storepass test123 -alias root_ca -rfc   | keytool -import -trustcacerts -alias root_ca -keystore "${CLIENT_PATH}/truststore.p12" -storepass test123 -noprompt
 ##   keytool -exportcert -keystore $INTER_CA_KS -storepass test123 -alias inter_ca -rfc | keytool -import -trustcacerts -alias inter_ca -keystore "${CLIENT_PATH}/truststore.p12" -storepass test123 -noprompt
 ##  keytool -exportcert -keystore $PARTNER_CA_KEYSTORE  -storepass test123 -alias "${partner}_ca" -rfc   | keytool -import -trustcacerts -alias "${partner}_ca" -keystore "${CLIENT_PATH}/truststore.p12" -storepass test123 -noprompt
 done
 rm $CA_CERTS_PATH/root_ca.pem
 echo "Keystores and nss database created"
 ## create crl list
 mkdir -p $CRL_DIR
 ## rm $CRL_DIR/crl.pem
 for crl in "${crls[@]}"
 do
  IFS=':' read -r -a array <<< "$crl"
  partner=${array[0]}
  client=${array[1]}
  echo "Exporting CA certificate and private key"
  openssl pkcs12 -nodes -in "$CA_CERTS_PATH/${partner}_ca.p12" -out "$CRL_DIR/${partner}_ca_key.pem" -passin pass:test123 -nocerts
  openssl pkcs12 -nodes -in "$CA_CERTS_PATH/${partner}_ca.p12" -out "$CRL_DIR/${partner}_ca.pem" -passin pass:test123 -nokeys
  echo "Export $client certificate"
  openssl pkcs12 -nodes -in "./${client}/${client}.p12" -out "$CRL_DIR/${client}.pem" -passin pass:test123 -nokeys
  ## On Mac, use gnutls-certtool, on Linux use certtool
  echo "Creating crl"
  printf '365\n\n' | gnutls-certtool --generate-crl --load-ca-privkey "$CRL_DIR/${partner}_ca_key.pem" --load-ca-certificate "$CRL_DIR/${partner}_ca.pem" \
  --load-certificate "$CRL_DIR/${client}.pem" >> $CRL_DIR/crl.pem
  rm "$CRL_DIR/${partner}_ca_key.pem"
  rm "$CRL_DIR/${partner}_ca.pem"
  rm "$CRL_DIR/${client}.pem"
 done
--- a/acceptance-tests/tests/src/test/resources/pki-certs/crl/crl.pem
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/crl/crl.pem
@@ -1,28 +0,0 @@
 -----BEGIN X509 CRL-----
 MIICGzCCAQMCAQEwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAxMUcGFydG5lcjEu
 Y2EuYmVzdS5jb20XDTIzMDUwNDEwMTUzNVoXDTI0MDUwMzEwMTUzNVowbTAZAghF
 KUAnwQI0rxcNMjMwNTA0MTAxNTM1WjAZAggBqEW2S0yD7hcNMjMwNTA0MTAxNTM1
 WjAZAghxoeavxdMy8xcNMjMwNTA0MTAxNTM1WjAaAgkAgWKzx/tKZWkXDTIzMDUw
 NDEwMTUzNVqgQTA/MB8GA1UdIwQYMBaAFJcP76nbNK50KG5jmh6CvsxlAhJjMBwG
 A1UdFAQVAhNkU4XHFwNbgBqsTIFexJjuzEvyMA0GCSqGSIb3DQEBCwUAA4IBAQB2
 fhAhVwRBtHdwqhGjRlgbz4i6E0CtoL/02Vazib1OiRAXCkyFJL04U3FGcrPa89Dt
 ClZE0G38+Jw0Be0tEpn9A8doSbLr73w1GqW3BqNTw/qjbc6R2x28A1VIVPwV6bZH
 5P59YtDV+SjSPNxqkwRMyXqGZ2WIMwUS3u47Es9vMsjChXUJWU6W+jf3LYO/dt+V
 7xSchRpljhBtMB8MIoXILBq9uOSFalLmy94YzK2Rw1ZG2SVy2QZ6ZXHvZ/omLbPL
 kd4oAiN7L0OLOkFVHyb9bVP6DUWfXxSxBdszbQzHCy74NEsFUC0xqq0xpxwQRRfD
 codJtbEVJraSsSBkB78n
 -----END X509 CRL-----
 -----BEGIN X509 CRL-----
 MIICGzCCAQMCAQEwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAxMUcGFydG5lcjIu
 Y2EuYmVzdS5jb20XDTIzMDUwNDEwMTUzNVoXDTI0MDUwMzEwMTUzNVowbTAZAggF
 p9b0zZl1RxcNMjMwNTA0MTAxNTM1WjAZAgh7MQ7e4x/GbRcNMjMwNTA0MTAxNTM1
 WjAZAghxoeavxdMy8xcNMjMwNTA0MTAxNTM1WjAaAgkAgWKzx/tKZWkXDTIzMDUw
 NDEwMTUzNVqgQTA/MB8GA1UdIwQYMBaAFJuQMv8IsgbJS8FfPZZx+hSgj7PBMBwG
 A1UdFAQVAhNkU4XHGmnm4OkmS4KBFW1nS4csMA0GCSqGSIb3DQEBCwUAA4IBAQB2
 43mCjuMmB+MXpl+Axn3b/4V2f0HmbUFhF/andWKUwzC47HoQ+WzXoTV0xisHGCgH
 SYlrLdWd+pFh24H7TrKgqvmwtVmUFwm6DphXW3AHvaePWIrAy7L5ZrdOQB9TZPC1
 Ly+6x0oKoueiHodWivLQx+CJVbPAzxFEVh0JjecoFw8Tf9FGTqy8jJRdno9HgKDg
 BB7w7kPGF7xoaAbukwTXFz7f1nep44oqge+leEc398tdFDxmwralXAUB0A2v/vDG
 cSZTr+fyTri+zHjQzeq6//y2GF7S56KSyBXDXTJrvqtuijiVHTzQku+pbVNNrid5
 LgCJI7Phj2Q8k26z0+JJ
 -----END X509 CRL-----
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/miner1.jks
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/miner1.jks
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/miner1.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/miner1.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nss.cfg
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nss.cfg
@@ -1,5 +0,0 @@
 name = NSScrypto-partner1-miner1
 nssSecmodDirectory = ./src/test/resources/pki-certs/miner1/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/cert9.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/cert9.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/key4.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/key4.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/pkcs11.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/pkcs11.txt
@@ -1,5 +0,0 @@
 library=
 name=NSS Internal PKCS #11 Module
 parameters=configdir='sql:./miner1/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
 NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/secmod.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nssdb/secmod.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nsspin.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/nsspin.txt
@@ -1 +0,0 @@
 test123
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner1/truststore.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner1/truststore.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/miner2.jks
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/miner2.jks
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/miner2.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/miner2.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nss.cfg
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nss.cfg
@@ -1,5 +0,0 @@
 name = NSScrypto-partner1-miner2
 nssSecmodDirectory = ./src/test/resources/pki-certs/miner2/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/cert9.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/cert9.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/key4.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/key4.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/pkcs11.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/pkcs11.txt
@@ -1,5 +0,0 @@
 library=
 name=NSS Internal PKCS #11 Module
 parameters=configdir='sql:./miner2/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
 NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/secmod.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nssdb/secmod.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nsspin.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/nsspin.txt
@@ -1 +0,0 @@
 test123
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner2/truststore.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner2/truststore.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/miner3.jks
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/miner3.jks
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/miner3.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/miner3.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nss.cfg
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nss.cfg
@@ -1,5 +0,0 @@
 name = NSScrypto-partner1-miner3
 nssSecmodDirectory = ./src/test/resources/pki-certs/miner3/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/cert9.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/cert9.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/key4.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/key4.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/pkcs11.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/pkcs11.txt
@@ -1,5 +0,0 @@
 library=
 name=NSS Internal PKCS #11 Module
 parameters=configdir='sql:./miner3/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
 NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/secmod.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nssdb/secmod.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nsspin.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/nsspin.txt
@@ -1 +0,0 @@
 test123
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner3/truststore.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner3/truststore.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/miner4.jks
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/miner4.jks
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/miner4.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/miner4.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nss.cfg
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nss.cfg
@@ -1,5 +0,0 @@
 name = NSScrypto-partner1-miner4
 nssSecmodDirectory = ./src/test/resources/pki-certs/miner4/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/cert9.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/cert9.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/key4.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/key4.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/pkcs11.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/pkcs11.txt
@@ -1,5 +0,0 @@
 library=
 name=NSS Internal PKCS #11 Module
 parameters=configdir='sql:./miner4/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
 NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/secmod.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nssdb/secmod.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nsspin.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/nsspin.txt
@@ -1 +0,0 @@
 test123
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner4/truststore.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner4/truststore.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/miner5.jks
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/miner5.jks
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/miner5.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/miner5.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nss.cfg
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nss.cfg
@@ -1,5 +0,0 @@
 name = NSScrypto-partner1-miner5
 nssSecmodDirectory = ./src/test/resources/pki-certs/miner5/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/cert9.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/cert9.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/key4.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/key4.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/pkcs11.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/pkcs11.txt
@@ -1,5 +0,0 @@
 library=
 name=NSS Internal PKCS #11 Module
 parameters=configdir='sql:./miner5/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
 NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/secmod.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nssdb/secmod.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nsspin.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/nsspin.txt
@@ -1 +0,0 @@
 test123
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner5/truststore.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner5/truststore.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/miner6.jks
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/miner6.jks
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/miner6.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/miner6.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nss.cfg
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nss.cfg
@@ -1,5 +0,0 @@
 name = NSScrypto-partner2-miner6
 nssSecmodDirectory = ./src/test/resources/pki-certs/miner6/nssdb
 nssDbMode = readOnly
 nssModule = keystore
 showInfo = true
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/cert9.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/cert9.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/key4.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/key4.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/pkcs11.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/pkcs11.txt
@@ -1,5 +0,0 @@
 library=
 name=NSS Internal PKCS #11 Module
 parameters=configdir='sql:./miner6/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
 NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/secmod.db
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nssdb/secmod.db
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nsspin.txt
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/nsspin.txt
@@ -1 +0,0 @@
 test123
--- a/acceptance-tests/tests/src/test/resources/pki-certs/miner6/truststore.p12
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/miner6/truststore.p12
--- a/acceptance-tests/tests/src/test/resources/pki-certs/node1/crl.pem
+++ b/acceptance-tests/tests/src/test/resources/pki-certs/node1/crl.pem
@@ -1,27 +0,0 @@
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCVVMxCzAJBgNV
 BAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJBgNVBAoMAk1DMQ0wCwYDVQQLDARyb290
 MRMwEQYDVQQDDApwYXJ0bmVyYWNhMSYwJAYJKoZIhvcNAQkBFhdwYXJ0bmVyYWNh
 QHBhcnRuZXJhLmNvbRcNMjEwNzA5MTkxMjM1WhcNMjIwNzA5MTkxMjM1WjAnMCUC
 FF9rJlU9U6JdFIeK/xRojaoxHdc5Fw0yMTA3MDkxOTEyMzVaoA4wDDAKBgNVHRQE
 AwIBADANBgkqhkiG9w0BAQsFAAOCAQEAfByR//FGHSsVQbaS51d59o82XocOGnnT
 p1hjceqtLGv3bhiebVrsRCOB5TsvE/r2IbB/yHYTe3+LJisIUqBxblQ6xK6IM+qA
 3fY646YnPT5pvdZAPZ2BCN/xP3xqGffFKapQ9cz0/36YE3vaEoUDlC2VHK0OXI0t
 4CLwAmiptUT2GW4Bk1RtokAsFiUNwNIOlRX5bywUNwkG7EuitR90QSGH3l/vyii2
 0c1Fm9He9MskwipjXpJKKb+t+m1pdpOVkSjRfjmVqi4BZwWlnQjELSLywhJ+WZG2
 Z1NgRjzPXotFKK+YD97Kx1L260A1eUZ46zSq73oUZr0EDZRnNJTr6A==
 -----END X509 CRL-----
 -----BEGIN X509 CRL-----
 MIICLDCCARQCAQEwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
 VQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9v
 dDETMBEGA1UEAwwKcGFydG5lcmJjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcmJj
 YUBwYXJ0bmVyYi5jb20XDTIxMDcwOTE5MTIzNVoXDTIyMDcwOTE5MTIzNVowTjAl
 AhQTZhDgbKuvX7iLRUBBTiWXBPKM1xcNMjEwNzA5MTkxMjM1WjAlAhRfayZVPVOi
 XRSHiv8UaI2qMR3XORcNMjEwNzA5MTkxMjM1WqAOMAwwCgYDVR0UBAMCAQEwDQYJ
 KoZIhvcNAQELBQADggEBAMIltmJ036f1BmK/baISJTZTu7PKZgSZMNORnpFT8KvC
 s2GNRor5bGp5qvD6LHvsx92YVppCC6xd/beCFBtdyYifqw5xtOvqLQKuqCfxruLz
 EqYjKXE/3v8VdyU71J7kFqi0U0Gy4/h/YCL92e5KNbATlmcn5ToyI2EBIEfBfV08
 mm7FBXvbHRzqhfrnCNEjBWBWz3zkJMc9Rib26eCCofYIDkY2HvYSN78YgrnMmD6O
 hWOXrPoxArxvmDr5rG4vCadqbQYRkkCAOP0hBeMiB0SAcO2W2LNNAmHWXX7FvU3n
 ZRZUX31WoVjhNeEQtNBb2mPYBXHQzLC66qYm1p97afc=
 -----END X509 CRL-----
--- a/Show More
+++ b/Show More