Add NIST PKIX validation test suite
Change-Id: I44b8e759e38f074174df745c39979acc5334c778
diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..47cb441
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,22 @@
+# Copyright (C) 2013 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_SRC_FILES := $(call all-java-files-under, src)
+LOCAL_JAVA_RESOURCE_DIRS := res
+LOCAL_MODULE := nist-pkix-tests
+LOCAL_ADDITIONAL_DEPENDENCY := $(LOCAL_PATH)/Android.mk
+include $(BUILD_STATIC_JAVA_LIBRARY)
diff --git a/NOTICE b/NOTICE
new file mode 100644
index 0000000..50efcdd
--- /dev/null
+++ b/NOTICE
@@ -0,0 +1,2 @@
+This library (PKITS) was developed by NIST, an Agency of the U.S.
+Department of Commerce, and others.
diff --git a/README.android b/README.android
new file mode 100644
index 0000000..ce58fae
--- /dev/null
+++ b/README.android
@@ -0,0 +1,2 @@
+This data was made from the NIST PKI Test Suite available at
+http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
diff --git a/extract-pkits-tests.pl b/extract-pkits-tests.pl
new file mode 100755
index 0000000..90d0c01
--- /dev/null
+++ b/extract-pkits-tests.pl
@@ -0,0 +1,228 @@
+#!/usr/bin/env perl
+#
+# Copyright (C) 2012 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# This script parses the NIST PKI Test Suite test descriptions document
+# and creates a .java file with test cases.
+#
+
+use strict;
+
+my $enabled = 0;
+my $readingPath = 0;
+my $sectionName;
+my $testNumber;
+my $testName;
+my $pathEntry = "";
+my $expectedOutcome;
+my @pathEntries;
+
+my @usedFiles = ();
+
+my $delimiter = "\x{2022}";
+utf8::encode($delimiter);
+
+if ($#ARGV != 2) {
+ die "Usage: $0 <text-descriptions> <java-output> <used-files-output>";
+}
+
+open(DESC_FILE, "<", $ARGV[0]);
+open(OUTPUT_FILE, ">", $ARGV[1]);
+open(USED_FILES, ">", $ARGV[2]);
+
+sub trim($) {
+ my $s = shift;
+ $s =~ s/^\s+//g;
+ $s =~ s/\s+$//g;
+ return $s;
+}
+
+sub printTest() {
+ my @certNames;
+ my @crlNames;
+
+ foreach my $entry (@pathEntries) {
+ $entry =~ s/ //g;
+ $entry =~ s/-//g;
+ my @parts = split(/,/, $entry);
+ for my $part (@parts) {
+ if ($part =~ /CRL[0-9]*$/) {
+ my $crlName = $part . ".crl";
+ push(@crlNames, $crlName);
+ push(@usedFiles, "crls/" . $crlName);
+ } else {
+ my $certName = $part . ".crt";
+ push(@certNames, $certName);
+ push(@usedFiles, "certs/" . $certName);
+ }
+ }
+ }
+
+ print OUTPUT_FILE <<EOF;
+ /** NIST PKITS test ${testNumber} */
+ public void test${sectionName}_${testName}() throws Exception {
+EOF
+ print OUTPUT_FILE " " x 8 . "String trustAnchor = \"" . (shift @certNames) . "\";\n";
+
+ print OUTPUT_FILE <<EOF;
+
+ String[] certs = {
+EOF
+
+ # Print the CertPath in reverse order.
+ for (0..$#certNames) {
+ print OUTPUT_FILE " " x 16 . "\"${certNames[$#certNames - $_]}\",\n";
+ }
+ print OUTPUT_FILE <<EOF;
+ };
+
+ String[] crls = {
+EOF
+ foreach my $crlName (@crlNames) {
+ print OUTPUT_FILE " " x 16 . "\"${crlName}\",\n";
+ }
+ print OUTPUT_FILE <<EOF;
+ };
+
+EOF
+ if ($expectedOutcome) {
+ print OUTPUT_FILE <<EOF;
+ assertValidPath(trustAnchor, certs, crls);
+EOF
+ } else {
+ print OUTPUT_FILE <<EOF;
+ assertInvalidPath(trustAnchor, certs, crls);
+EOF
+ }
+
+ print OUTPUT_FILE <<EOF;
+ }
+
+EOF
+}
+
+sub stopReadingPath() {
+ if ($readingPath) {
+ if (defined($pathEntry) and $pathEntry ne "") {
+ push(@pathEntries, $pathEntry);
+ $pathEntry = "";
+ }
+
+ printTest();
+ @pathEntries = ();
+ $readingPath = 0;
+ }
+}
+
+
+while (<DESC_FILE>) {
+ chomp;
+
+ if ($_ =~ /^\s*4 Certification Path Validation Tests$/) {
+ $enabled = 1;
+ next;
+ }
+
+ #
+ # TODO: this script needs to be fixed to support the test cases in
+ # 4.8 to 4.12
+ #
+
+ if ($_ =~ /^\s*4\.8 Certificate Policies\s*$/) {
+ stopReadingPath();
+ $enabled = 0;
+
+ print OUTPUT_FILE " "x4 . "// skipping sections 4.8 to 4.12\n\n";
+ next;
+ }
+
+ if ($_ =~ /^\s*4\.13 Name Constraints\s*$/) {
+ $enabled = 1;
+ next;
+ }
+
+ if ($_ =~ /^\s*5 Relationship to Previous Test Suite\s*[^.]/) {
+ stopReadingPath();
+ $enabled = 0;
+ exit;
+ }
+
+ if (!$enabled) {
+ next;
+ }
+
+ if ($_ =~ /^\s*4\.[0-9]+ (.*)$/) {
+ stopReadingPath();
+ $sectionName = $1;
+ $sectionName =~ s/ //g;
+ $sectionName =~ s/-//g;
+ }
+
+ if ($_ =~ /^\s*(4\.[0-9]+\.[0-9]+) (.*)$/) {
+ stopReadingPath();
+ $testNumber = $1;
+ $testName = $2;
+ $testName =~ s/ //g;
+ $testName =~ s/-//g;
+ }
+
+ if ($_ =~ /Expected Result:.*(should validate|should not validate)/) {
+ if ($1 eq "should validate") {
+ $expectedOutcome = 1;
+ } else {
+ $expectedOutcome = 0;
+ }
+ } elsif ($_ =~ /Expected Result:/) {
+ die "Can not determine expected result for test:\n\t${testName}";
+ }
+
+ if ($_ =~ /^\s*Certification Path:/) {
+ $readingPath = 1;
+ next;
+ }
+
+ if ($readingPath) {
+ # Page number from the PDF
+ if (trim($_) =~ /^[0-9]+$/) {
+ do {
+ $_ = <DESC_FILE>;
+ if ($_ =~ /^\s*$/) {
+ next;
+ }
+ } while (1);
+ }
+
+ if ($_ =~ /${delimiter}\s*(.*)$/u) {
+ if (defined($pathEntry) and $pathEntry ne "") {
+ push(@pathEntries, $pathEntry);
+ }
+ $pathEntry = trim($1);
+ } else {
+ if ($_ =~ /The certification path is composed of the following objects:(.*)$/) {
+ $pathEntry = trim($1);
+ } else {
+ $pathEntry .= trim($_);
+ }
+ }
+ }
+}
+
+print USED_FILES join("\n", keys %{{map{$_ => 1} @usedFiles}});
+
+close(DESC_FILE);
+close(OUTPUT_FILE);
+close(USED_FILES);
diff --git a/generate-tests.sh b/generate-tests.sh
new file mode 100755
index 0000000..4446984
--- /dev/null
+++ b/generate-tests.sh
@@ -0,0 +1,97 @@
+#!/usr/bin/env bash
+#
+# Copyright (C) 2012 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# This script sets up the execution of the test extraction script
+#
+
+STORAGE_DIR="res/tests/resources/nist-pkits"
+TARGET="src/libcore/java/security/cert/X509CertificateNistPkitsTest.java"
+
+
+set -e
+trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
+
+usage() {
+ echo "$0: generates test cases from the NIST PKITS documentation"
+ echo ""
+ echo "Usage: $0 PKITS.pdf PKITS_data.zip"
+ exit 1
+}
+
+if [ $# -ne 2 ]; then
+ usage
+fi
+
+PDF="${1}"
+ZIP="${2}"
+
+if [ ! -f "${PDF}" -o "${PDF#${PDF%.pdf}}" != ".pdf" ]; then
+ echo "The first argument must point to PKITS.pdf"
+ echo ""
+ usage
+elif [ ! -f "${ZIP}" -o "${ZIP#${ZIP%.zip}}" != ".zip" ]; then
+ echo "The second argument must point to PKITS_data.zip"
+ echo ""
+ usage
+fi
+
+if [ ! -f "${TARGET}" ]; then
+ echo "Can not file file:"
+ echo " ${TARGET}"
+ echo ""
+ usage
+fi
+
+PDFTOTEXT=$(which pdftotext)
+if [ -z "${PDFTOTEXT}" -o ! -x "${PDFTOTEXT}" ]; then
+ echo "pdftotext must be installed. Try"
+ echo " apt-get install pdftotext"
+ exit 1
+fi
+
+TEMP_TEXT=$(mktemp --tmpdir PKITS.txt.XXXXXXXX)
+TEMP_JAVA=$(mktemp --tmpdir generated-nist-tests.XXXXXXXXX)
+TEMP_FILES=$(mktemp --tmpdir generated-nist-files.XXXXXXXXX)
+
+${PDFTOTEXT} -layout -nopgbrk -eol unix "${PDF}" "${TEMP_TEXT}"
+
+"$(dirname $0)/extract-pkits-tests.pl" "${TEMP_TEXT}" "${TEMP_JAVA}" "${TEMP_FILES}"
+sed -i '/DO NOT MANUALLY EDIT -- BEGIN AUTOMATICALLY GENERATED TESTS/,/DO NOT MANUALLY EDIT -- END AUTOMATICALLY GENERATED TESTS/{//!d}' "${TARGET}"
+sed -i '/DO NOT MANUALLY EDIT -- BEGIN AUTOMATICALLY GENERATED TESTS/r '"${TEMP_JAVA}" "${TARGET}"
+
+pushd "$(dirname $0)"
+mkdir -p "${STORAGE_DIR}"
+while IFS= read -r -d $'\n' file; do
+ unzip -q -o -d "${STORAGE_DIR}" "${ZIP}" "${file}"
+done < ${TEMP_FILES}
+popd
+
+shasum_file() {
+ declare -r file="$1"
+
+ pushd "$(dirname "${file}")" > /dev/null 2>&1
+ sha256sum -b "$(basename "${file}")"
+ popd > /dev/null 2>&1
+}
+
+echo Writing pkits.version ...
+echo "# sha256sum of PKITS" > pkits.version
+shasum_file "${PDF}" >> pkits.version
+shasum_file "${ZIP}" >> pkits.version
+
+echo Updated tests: ${TARGET}
diff --git a/pkits.version b/pkits.version
new file mode 100644
index 0000000..9b0716d
--- /dev/null
+++ b/pkits.version
@@ -0,0 +1,3 @@
+# sha256sum of PKITS
+506913f4b727704ee1b52b17aa472dc6fbcf01e41e7ad88ba505f29c1a74d9ea *PKITS.pdf
+592f66030d2eff80fced7ad022e197d96b7ee4ccce7da9df9c9b2007b1665665 *PKITS_data.zip
diff --git a/res/tests/resources/nist-pkits/certs/BadCRLIssuerNameCACert.crt b/res/tests/resources/nist-pkits/certs/BadCRLIssuerNameCACert.crt
new file mode 100644
index 0000000..05e4b3d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BadCRLIssuerNameCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BadCRLSignatureCACert.crt b/res/tests/resources/nist-pkits/certs/BadCRLSignatureCACert.crt
new file mode 100644
index 0000000..6dfa00d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BadCRLSignatureCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BadSignedCACert.crt b/res/tests/resources/nist-pkits/certs/BadSignedCACert.crt
new file mode 100644
index 0000000..0a598fc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BadSignedCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BadnotAfterDateCACert.crt b/res/tests/resources/nist-pkits/certs/BadnotAfterDateCACert.crt
new file mode 100644
index 0000000..7a7dcec
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BadnotAfterDateCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BadnotBeforeDateCACert.crt b/res/tests/resources/nist-pkits/certs/BadnotBeforeDateCACert.crt
new file mode 100644
index 0000000..33cfbd7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BadnotBeforeDateCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt
new file mode 100644
index 0000000..4e12452
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt
new file mode 100644
index 0000000..7f86064
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt
new file mode 100644
index 0000000..1f83cb8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt
new file mode 100644
index 0000000..8773e48
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt
new file mode 100644
index 0000000..b00748c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt
new file mode 100644
index 0000000..963f57a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/DSACACert.crt b/res/tests/resources/nist-pkits/certs/DSACACert.crt
new file mode 100644
index 0000000..14787b0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/DSACACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/DSAParametersInheritedCACert.crt b/res/tests/resources/nist-pkits/certs/DSAParametersInheritedCACert.crt
new file mode 100644
index 0000000..5e2fa5b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/DSAParametersInheritedCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt b/res/tests/resources/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt
new file mode 100644
index 0000000..f4acda6
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/GoodCACert.crt b/res/tests/resources/nist-pkits/certs/GoodCACert.crt
new file mode 100644
index 0000000..edbfa64
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/GoodCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt b/res/tests/resources/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt
new file mode 100644
index 0000000..e24d88d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt b/res/tests/resources/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt
new file mode 100644
index 0000000..4b35bd2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
new file mode 100644
index 0000000..348df8f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
new file mode 100644
index 0000000..3ca7995
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt
new file mode 100644
index 0000000..6cc192b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt
new file mode 100644
index 0000000..18033bc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidCASignatureTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidCASignatureTest2EE.crt
new file mode 100644
index 0000000..1f4ad3e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidCASignatureTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt b/res/tests/resources/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt
new file mode 100644
index 0000000..a9938aa
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt b/res/tests/resources/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt
new file mode 100644
index 0000000..f15d6a9
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt
new file mode 100644
index 0000000..5f7ad15
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt
new file mode 100644
index 0000000..fa59d6f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt
new file mode 100644
index 0000000..334fed1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt
new file mode 100644
index 0000000..f724473
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt
new file mode 100644
index 0000000..468cb7b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt
new file mode 100644
index 0000000..806ebf3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt
new file mode 100644
index 0000000..5f3a49f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt
new file mode 100644
index 0000000..d64ddf5
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt
new file mode 100644
index 0000000..fd864ce
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt
new file mode 100644
index 0000000..455658d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt
new file mode 100644
index 0000000..63f262b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt
new file mode 100644
index 0000000..a7ef322
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt
new file mode 100644
index 0000000..3fd895c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt
new file mode 100644
index 0000000..decbf34
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt
new file mode 100644
index 0000000..6ac7665
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt
new file mode 100644
index 0000000..48adc0a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt
new file mode 100644
index 0000000..ed753d4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidDSASignatureTest6EE.crt b/res/tests/resources/nist-pkits/certs/InvalidDSASignatureTest6EE.crt
new file mode 100644
index 0000000..a1725b1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidDSASignatureTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidEESignatureTest3EE.crt b/res/tests/resources/nist-pkits/certs/InvalidEESignatureTest3EE.crt
new file mode 100644
index 0000000..9238109
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidEESignatureTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt b/res/tests/resources/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt
new file mode 100644
index 0000000..af6fdf8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt
new file mode 100644
index 0000000..3ddef09
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt b/res/tests/resources/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt
new file mode 100644
index 0000000..5cf92f7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt b/res/tests/resources/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt
new file mode 100644
index 0000000..c4b45f8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt b/res/tests/resources/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt
new file mode 100644
index 0000000..56b1ab4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidMissingCRLTest1EE.crt b/res/tests/resources/nist-pkits/certs/InvalidMissingCRLTest1EE.crt
new file mode 100644
index 0000000..30b0275
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidMissingCRLTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt b/res/tests/resources/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt
new file mode 100644
index 0000000..80ba7a0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt
new file mode 100644
index 0000000..6b7d7de
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidNameChainingTest1EE.crt b/res/tests/resources/nist-pkits/certs/InvalidNameChainingTest1EE.crt
new file mode 100644
index 0000000..ee18fa0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidNameChainingTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt b/res/tests/resources/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt
new file mode 100644
index 0000000..2c479ca
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt b/res/tests/resources/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt
new file mode 100644
index 0000000..1ec410d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt b/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt
new file mode 100644
index 0000000..c9ad311
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt b/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt
new file mode 100644
index 0000000..28ef8f7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt b/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt
new file mode 100644
index 0000000..0e7f719
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidRevokedCATest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidRevokedCATest2EE.crt
new file mode 100644
index 0000000..8054597
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidRevokedCATest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidRevokedEETest3EE.crt b/res/tests/resources/nist-pkits/certs/InvalidRevokedEETest3EE.crt
new file mode 100644
index 0000000..455cb02
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidRevokedEETest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt b/res/tests/resources/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt
new file mode 100644
index 0000000..2ff84b8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt b/res/tests/resources/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt
new file mode 100644
index 0000000..2cbab48
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt b/res/tests/resources/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt
new file mode 100644
index 0000000..e703d67
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt b/res/tests/resources/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt
new file mode 100644
index 0000000..6509668
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt b/res/tests/resources/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt
new file mode 100644
index 0000000..e64db47
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt b/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt
new file mode 100644
index 0000000..8630e99
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt b/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt
new file mode 100644
index 0000000..42fda8f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt b/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt
new file mode 100644
index 0000000..c3f93b5
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidWrongCRLTest6EE.crt b/res/tests/resources/nist-pkits/certs/InvalidWrongCRLTest6EE.crt
new file mode 100644
index 0000000..148f9fb
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidWrongCRLTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidcAFalseTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidcAFalseTest2EE.crt
new file mode 100644
index 0000000..3d5b829
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidcAFalseTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidcAFalseTest3EE.crt b/res/tests/resources/nist-pkits/certs/InvalidcAFalseTest3EE.crt
new file mode 100644
index 0000000..f791140
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidcAFalseTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt
new file mode 100644
index 0000000..2433e3b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt
new file mode 100644
index 0000000..210bb41
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt
new file mode 100644
index 0000000..5509dda
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt
new file mode 100644
index 0000000..8b9041f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt
new file mode 100644
index 0000000..32e72a2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
new file mode 100644
index 0000000..10da321
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt
new file mode 100644
index 0000000..d60812c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt
new file mode 100644
index 0000000..6b3c374
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt
new file mode 100644
index 0000000..b959414
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt
new file mode 100644
index 0000000..ea141b1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt
new file mode 100644
index 0000000..de4da9d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest2EE.crt
new file mode 100644
index 0000000..a60b030
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest3EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest3EE.crt
new file mode 100644
index 0000000..bbb8271
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest6EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest6EE.crt
new file mode 100644
index 0000000..a47f7b2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest8EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest8EE.crt
new file mode 100644
index 0000000..af3a366
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest9EE.crt b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest9EE.crt
new file mode 100644
index 0000000..3456831
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvaliddistributionPointTest9EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
new file mode 100644
index 0000000..cfddd3a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
new file mode 100644
index 0000000..16c103f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
new file mode 100644
index 0000000..5583f19
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
new file mode 100644
index 0000000..f3062e9
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt
new file mode 100644
index 0000000..279306e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt
new file mode 100644
index 0000000..f206348
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt
new file mode 100644
index 0000000..ecf5128
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt
new file mode 100644
index 0000000..f536fc6
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt
new file mode 100644
index 0000000..af5aa4b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt
new file mode 100644
index 0000000..59722f9
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt
new file mode 100644
index 0000000..4a0f191
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt
new file mode 100644
index 0000000..59a02de
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt
new file mode 100644
index 0000000..447115e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt
new file mode 100644
index 0000000..c28c455
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt
new file mode 100644
index 0000000..dc6d0dd
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt
new file mode 100644
index 0000000..b8830a2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt
new file mode 100644
index 0000000..b96d3c6
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt
new file mode 100644
index 0000000..c339f6f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt b/res/tests/resources/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt
new file mode 100644
index 0000000..3e1ba07
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt b/res/tests/resources/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt
new file mode 100644
index 0000000..4a7e31c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/LongSerialNumberCACert.crt b/res/tests/resources/nist-pkits/certs/LongSerialNumberCACert.crt
new file mode 100644
index 0000000..12830d9
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/LongSerialNumberCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/MissingbasicConstraintsCACert.crt b/res/tests/resources/nist-pkits/certs/MissingbasicConstraintsCACert.crt
new file mode 100644
index 0000000..e6f41a4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/MissingbasicConstraintsCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/NameOrderingCACert.crt b/res/tests/resources/nist-pkits/certs/NameOrderingCACert.crt
new file mode 100644
index 0000000..f1c4a55
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/NameOrderingCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/NegativeSerialNumberCACert.crt b/res/tests/resources/nist-pkits/certs/NegativeSerialNumberCACert.crt
new file mode 100644
index 0000000..1a4d9ba
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/NegativeSerialNumberCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/NoCRLCACert.crt b/res/tests/resources/nist-pkits/certs/NoCRLCACert.crt
new file mode 100644
index 0000000..71c607d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/NoCRLCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/NoissuingDistributionPointCACert.crt b/res/tests/resources/nist-pkits/certs/NoissuingDistributionPointCACert.crt
new file mode 100644
index 0000000..c4f182a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/NoissuingDistributionPointCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/OldCRLnextUpdateCACert.crt b/res/tests/resources/nist-pkits/certs/OldCRLnextUpdateCACert.crt
new file mode 100644
index 0000000..2666670
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/OldCRLnextUpdateCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt b/res/tests/resources/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt
new file mode 100644
index 0000000..9c648a3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/RevokedsubCACert.crt b/res/tests/resources/nist-pkits/certs/RevokedsubCACert.crt
new file mode 100644
index 0000000..25705b2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/RevokedsubCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt b/res/tests/resources/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt
new file mode 100644
index 0000000..32ddfe3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
new file mode 100644
index 0000000..17b3cbb
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
new file mode 100644
index 0000000..d747ea1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
new file mode 100644
index 0000000..3c1730f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt
new file mode 100644
index 0000000..e75eb4c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/TrustAnchorRootCertificate.crt b/res/tests/resources/nist-pkits/certs/TrustAnchorRootCertificate.crt
new file mode 100644
index 0000000..04efaa0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/TrustAnchorRootCertificate.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/TwoCRLsCACert.crt b/res/tests/resources/nist-pkits/certs/TwoCRLsCACert.crt
new file mode 100644
index 0000000..28eb60a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/TwoCRLsCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/UIDCACert.crt b/res/tests/resources/nist-pkits/certs/UIDCACert.crt
new file mode 100644
index 0000000..ec04d74
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/UIDCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt b/res/tests/resources/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt
new file mode 100644
index 0000000..2d653ef
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt b/res/tests/resources/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt
new file mode 100644
index 0000000..ae2ce8a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt b/res/tests/resources/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt
new file mode 100644
index 0000000..6912881
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/UnknownCRLExtensionCACert.crt b/res/tests/resources/nist-pkits/certs/UnknownCRLExtensionCACert.crt
new file mode 100644
index 0000000..2e2c3ef
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/UnknownCRLExtensionCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
new file mode 100644
index 0000000..c91b9f3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt
new file mode 100644
index 0000000..34197f0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt
new file mode 100644
index 0000000..9a7919b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt
new file mode 100644
index 0000000..038e4d7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidCertificatePathTest1EE.crt b/res/tests/resources/nist-pkits/certs/ValidCertificatePathTest1EE.crt
new file mode 100644
index 0000000..69ba301
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidCertificatePathTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt
new file mode 100644
index 0000000..e5235c7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt
new file mode 100644
index 0000000..8bc3e87
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt
new file mode 100644
index 0000000..2332d4c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt
new file mode 100644
index 0000000..f8fe122
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt
new file mode 100644
index 0000000..4364e1b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt
new file mode 100644
index 0000000..3b5ac8b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt
new file mode 100644
index 0000000..20fa140
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt
new file mode 100644
index 0000000..c59e921
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt
new file mode 100644
index 0000000..c6cfcbb
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt
new file mode 100644
index 0000000..f2c4dfc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt
new file mode 100644
index 0000000..6757119
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt b/res/tests/resources/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt
new file mode 100644
index 0000000..d8b6ce3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidDSASignaturesTest4EE.crt b/res/tests/resources/nist-pkits/certs/ValidDSASignaturesTest4EE.crt
new file mode 100644
index 0000000..2fc40a6
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidDSASignaturesTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt b/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
new file mode 100644
index 0000000..7f77ee8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt b/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt
new file mode 100644
index 0000000..f97ed0a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt b/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt
new file mode 100644
index 0000000..2ef73e1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt b/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt
new file mode 100644
index 0000000..66296ac
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt b/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt
new file mode 100644
index 0000000..0a1b85d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt b/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt
new file mode 100644
index 0000000..6f69c0c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt b/res/tests/resources/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt
new file mode 100644
index 0000000..44e8905
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt b/res/tests/resources/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt
new file mode 100644
index 0000000..9618658
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt b/res/tests/resources/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt
new file mode 100644
index 0000000..c0a6b3d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt b/res/tests/resources/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt
new file mode 100644
index 0000000..fc0f65d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt b/res/tests/resources/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt
new file mode 100644
index 0000000..a8ffc87
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidNameUIDsTest6EE.crt b/res/tests/resources/nist-pkits/certs/ValidNameUIDsTest6EE.crt
new file mode 100644
index 0000000..7d0b706
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidNameUIDsTest6EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt b/res/tests/resources/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt
new file mode 100644
index 0000000..ab39228
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt b/res/tests/resources/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt
new file mode 100644
index 0000000..89eac75
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt b/res/tests/resources/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt
new file mode 100644
index 0000000..15825d7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt b/res/tests/resources/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt
new file mode 100644
index 0000000..60a2031
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt b/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt
new file mode 100644
index 0000000..576a1b8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt b/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt
new file mode 100644
index 0000000..c0ff759
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt b/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt
new file mode 100644
index 0000000..75f67b7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt b/res/tests/resources/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
new file mode 100644
index 0000000..0a4e150
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt b/res/tests/resources/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt
new file mode 100644
index 0000000..1cb0924
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt b/res/tests/resources/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt
new file mode 100644
index 0000000..ed34676
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt b/res/tests/resources/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt
new file mode 100644
index 0000000..0826091
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidTwoCRLsTest7EE.crt b/res/tests/resources/nist-pkits/certs/ValidTwoCRLsTest7EE.crt
new file mode 100644
index 0000000..c42779d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidTwoCRLsTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt b/res/tests/resources/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt
new file mode 100644
index 0000000..be8ef42
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt b/res/tests/resources/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt
new file mode 100644
index 0000000..6a24838
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt b/res/tests/resources/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
new file mode 100644
index 0000000..d1f80a7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt b/res/tests/resources/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt
new file mode 100644
index 0000000..b14d789
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt b/res/tests/resources/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
new file mode 100644
index 0000000..d55dcb1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt b/res/tests/resources/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt
new file mode 100644
index 0000000..4059c01
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest28EE.crt b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest28EE.crt
new file mode 100644
index 0000000..9145515
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest28EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest29EE.crt b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest29EE.crt
new file mode 100644
index 0000000..b10632b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest29EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest30EE.crt b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest30EE.crt
new file mode 100644
index 0000000..593ef98
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest30EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest33EE.crt b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest33EE.crt
new file mode 100644
index 0000000..2ae810a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidcRLIssuerTest33EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest2EE.crt b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest2EE.crt
new file mode 100644
index 0000000..a2eb9a7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest2EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest5EE.crt b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest5EE.crt
new file mode 100644
index 0000000..1a3f7f5
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest7EE.crt b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest7EE.crt
new file mode 100644
index 0000000..43b44bc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest8EE.crt b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest8EE.crt
new file mode 100644
index 0000000..8be2458
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddeltaCRLTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest1EE.crt b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest1EE.crt
new file mode 100644
index 0000000..b2c832f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest1EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest4EE.crt b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest4EE.crt
new file mode 100644
index 0000000..47feb00
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest4EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest5EE.crt b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest5EE.crt
new file mode 100644
index 0000000..a93d666
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest5EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest7EE.crt b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest7EE.crt
new file mode 100644
index 0000000..107f102
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValiddistributionPointTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt b/res/tests/resources/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt
new file mode 100644
index 0000000..6da7906
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt b/res/tests/resources/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt
new file mode 100644
index 0000000..3eec5cc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt b/res/tests/resources/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt
new file mode 100644
index 0000000..f255d3a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt b/res/tests/resources/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt
new file mode 100644
index 0000000..912968e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt
new file mode 100644
index 0000000..1ad52ef
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt
new file mode 100644
index 0000000..76800f5
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt
new file mode 100644
index 0000000..f3368ed
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt
new file mode 100644
index 0000000..8ff0a13
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt b/res/tests/resources/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt
new file mode 100644
index 0000000..15b2928
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/WrongCRLCACert.crt b/res/tests/resources/nist-pkits/certs/WrongCRLCACert.crt
new file mode 100644
index 0000000..3a96d87
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/WrongCRLCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt b/res/tests/resources/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt
new file mode 100644
index 0000000..4b678fe
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt b/res/tests/resources/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt
new file mode 100644
index 0000000..d6c7fb8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt b/res/tests/resources/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt
new file mode 100644
index 0000000..27e670e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/deltaCRLCA1Cert.crt b/res/tests/resources/nist-pkits/certs/deltaCRLCA1Cert.crt
new file mode 100644
index 0000000..6815e4f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/deltaCRLCA1Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/deltaCRLCA2Cert.crt b/res/tests/resources/nist-pkits/certs/deltaCRLCA2Cert.crt
new file mode 100644
index 0000000..2f64a74
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/deltaCRLCA2Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/deltaCRLCA3Cert.crt b/res/tests/resources/nist-pkits/certs/deltaCRLCA3Cert.crt
new file mode 100644
index 0000000..31e6b33
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/deltaCRLCA3Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt b/res/tests/resources/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt
new file mode 100644
index 0000000..7cd82a4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/distributionPoint1CACert.crt b/res/tests/resources/nist-pkits/certs/distributionPoint1CACert.crt
new file mode 100644
index 0000000..2325081
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/distributionPoint1CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/distributionPoint2CACert.crt b/res/tests/resources/nist-pkits/certs/distributionPoint2CACert.crt
new file mode 100644
index 0000000..205b62a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/distributionPoint2CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA1Cert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA1Cert.crt
new file mode 100644
index 0000000..046deef
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA1Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA2Cert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA2Cert.crt
new file mode 100644
index 0000000..de9a0be
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA2Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA3Cert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA3Cert.crt
new file mode 100644
index 0000000..03bb3eb
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA3Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt
new file mode 100644
index 0000000..20e8267
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA4Cert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA4Cert.crt
new file mode 100644
index 0000000..f1cb26b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA4Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt
new file mode 100644
index 0000000..ff1203d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA5Cert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA5Cert.crt
new file mode 100644
index 0000000..c4f9f17
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA5Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/indirectCRLCA6Cert.crt b/res/tests/resources/nist-pkits/certs/indirectCRLCA6Cert.crt
new file mode 100644
index 0000000..46443aa
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/indirectCRLCA6Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt b/res/tests/resources/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt
new file mode 100644
index 0000000..2467c94
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt b/res/tests/resources/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt
new file mode 100644
index 0000000..aa19cec
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalCACert.crt b/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalCACert.crt
new file mode 100644
index 0000000..bab8307
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt b/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt
new file mode 100644
index 0000000..a6d878c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt b/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt
new file mode 100644
index 0000000..ef1056f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN1CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1CACert.crt
new file mode 100644
index 0000000..206359f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt
new file mode 100644
index 0000000..452ea54
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt
new file mode 100644
index 0000000..645f0ae
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt
new file mode 100644
index 0000000..6cfc592
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt
new file mode 100644
index 0000000..840d073
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN2CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN2CACert.crt
new file mode 100644
index 0000000..c68d496
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN2CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN3CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN3CACert.crt
new file mode 100644
index 0000000..87ba14d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN3CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt
new file mode 100644
index 0000000..7eed575
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt
new file mode 100644
index 0000000..08f2245
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN4CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN4CACert.crt
new file mode 100644
index 0000000..3b11463
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN4CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDN5CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDN5CACert.crt
new file mode 100644
index 0000000..c190f7a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDN5CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDNS1CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDNS1CACert.crt
new file mode 100644
index 0000000..a7ec3bd
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDNS1CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsDNS2CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsDNS2CACert.crt
new file mode 100644
index 0000000..c708462
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsDNS2CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt
new file mode 100644
index 0000000..1be8e99
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt
new file mode 100644
index 0000000..58308f8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt
new file mode 100644
index 0000000..ff6ba16
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsURI1CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsURI1CACert.crt
new file mode 100644
index 0000000..5f638c0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsURI1CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/nameConstraintsURI2CACert.crt b/res/tests/resources/nist-pkits/certs/nameConstraintsURI2CACert.crt
new file mode 100644
index 0000000..e06b637
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/nameConstraintsURI2CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt b/res/tests/resources/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt
new file mode 100644
index 0000000..e8d2b72
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/onlyContainsCACertsCACert.crt b/res/tests/resources/nist-pkits/certs/onlyContainsCACertsCACert.crt
new file mode 100644
index 0000000..d75988a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/onlyContainsCACertsCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/onlyContainsUserCertsCACert.crt b/res/tests/resources/nist-pkits/certs/onlyContainsUserCertsCACert.crt
new file mode 100644
index 0000000..0d0b950
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/onlyContainsUserCertsCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA1Cert.crt b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA1Cert.crt
new file mode 100644
index 0000000..ca247b0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA1Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA2Cert.crt b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA2Cert.crt
new file mode 100644
index 0000000..c1cce6e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA2Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA3Cert.crt b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA3Cert.crt
new file mode 100644
index 0000000..cd65a82
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA3Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA4Cert.crt b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA4Cert.crt
new file mode 100644
index 0000000..f205db0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/onlySomeReasonsCA4Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint0CACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint0CACert.crt
new file mode 100644
index 0000000..ce9b90d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint0CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt
new file mode 100644
index 0000000..6e8f97c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt
new file mode 100644
index 0000000..2fc8fb5
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint0subCACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint0subCACert.crt
new file mode 100644
index 0000000..b156179
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint0subCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint1CACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint1CACert.crt
new file mode 100644
index 0000000..a424261
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint1CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt
new file mode 100644
index 0000000..87590c3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt
new file mode 100644
index 0000000..f2c43ea
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint1subCACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint1subCACert.crt
new file mode 100644
index 0000000..05a2bac
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint1subCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6CACert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6CACert.crt
new file mode 100644
index 0000000..c254a23
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6CACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt
new file mode 100644
index 0000000..0a8c99d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt
new file mode 100644
index 0000000..bd68629
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt
new file mode 100644
index 0000000..822a383
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt
new file mode 100644
index 0000000..e2fd7ae
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt
new file mode 100644
index 0000000..44c0162
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt
new file mode 100644
index 0000000..284f4a9
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt
new file mode 100644
index 0000000..9766cf0
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt
new file mode 100644
index 0000000..e147531
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt b/res/tests/resources/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt
new file mode 100644
index 0000000..30aff16
--- /dev/null
+++ b/res/tests/resources/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BadCRLIssuerNameCACRL.crl b/res/tests/resources/nist-pkits/crls/BadCRLIssuerNameCACRL.crl
new file mode 100644
index 0000000..eb091dc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BadCRLIssuerNameCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BadCRLSignatureCACRL.crl b/res/tests/resources/nist-pkits/crls/BadCRLSignatureCACRL.crl
new file mode 100644
index 0000000..7b801c2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BadCRLSignatureCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BadSignedCACRL.crl b/res/tests/resources/nist-pkits/crls/BadSignedCACRL.crl
new file mode 100644
index 0000000..f7d0c80
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BadSignedCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BadnotAfterDateCACRL.crl b/res/tests/resources/nist-pkits/crls/BadnotAfterDateCACRL.crl
new file mode 100644
index 0000000..21f7c81
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BadnotAfterDateCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BadnotBeforeDateCACRL.crl b/res/tests/resources/nist-pkits/crls/BadnotBeforeDateCACRL.crl
new file mode 100644
index 0000000..24f3686
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BadnotBeforeDateCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl
new file mode 100644
index 0000000..4adc345
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl
new file mode 100644
index 0000000..f687137
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BasicSelfIssuedNewKeyCACRL.crl b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedNewKeyCACRL.crl
new file mode 100644
index 0000000..5a098ac
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedNewKeyCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BasicSelfIssuedOldKeyCACRL.crl b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedOldKeyCACRL.crl
new file mode 100644
index 0000000..f578382
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedOldKeyCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl
new file mode 100644
index 0000000..f29c23f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/DSACACRL.crl b/res/tests/resources/nist-pkits/crls/DSACACRL.crl
new file mode 100644
index 0000000..369b597
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/DSACACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/DSAParametersInheritedCACRL.crl b/res/tests/resources/nist-pkits/crls/DSAParametersInheritedCACRL.crl
new file mode 100644
index 0000000..9b5c377
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/DSAParametersInheritedCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl b/res/tests/resources/nist-pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl
new file mode 100644
index 0000000..31360af
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/GoodCACRL.crl b/res/tests/resources/nist-pkits/crls/GoodCACRL.crl
new file mode 100644
index 0000000..d46110c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/GoodCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/LongSerialNumberCACRL.crl b/res/tests/resources/nist-pkits/crls/LongSerialNumberCACRL.crl
new file mode 100644
index 0000000..9998cc4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/LongSerialNumberCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/MissingbasicConstraintsCACRL.crl b/res/tests/resources/nist-pkits/crls/MissingbasicConstraintsCACRL.crl
new file mode 100644
index 0000000..c33ff4d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/MissingbasicConstraintsCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/NameOrderCACRL.crl b/res/tests/resources/nist-pkits/crls/NameOrderCACRL.crl
new file mode 100644
index 0000000..592460f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/NameOrderCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/NegativeSerialNumberCACRL.crl b/res/tests/resources/nist-pkits/crls/NegativeSerialNumberCACRL.crl
new file mode 100644
index 0000000..d438c2f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/NegativeSerialNumberCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/NoissuingDistributionPointCACRL.crl b/res/tests/resources/nist-pkits/crls/NoissuingDistributionPointCACRL.crl
new file mode 100644
index 0000000..c9d965a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/NoissuingDistributionPointCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/OldCRLnextUpdateCACRL.crl b/res/tests/resources/nist-pkits/crls/OldCRLnextUpdateCACRL.crl
new file mode 100644
index 0000000..552b999
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/OldCRLnextUpdateCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl b/res/tests/resources/nist-pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl
new file mode 100644
index 0000000..f68a345
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/RFC3280OptionalAttributeTypesCACRL.crl b/res/tests/resources/nist-pkits/crls/RFC3280OptionalAttributeTypesCACRL.crl
new file mode 100644
index 0000000..102aad6
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/RFC3280OptionalAttributeTypesCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/RevokedsubCACRL.crl b/res/tests/resources/nist-pkits/crls/RevokedsubCACRL.crl
new file mode 100644
index 0000000..d534616
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/RevokedsubCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl b/res/tests/resources/nist-pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl
new file mode 100644
index 0000000..17a3f74
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/SeparateCertificateandCRLKeysCA2CRL.crl b/res/tests/resources/nist-pkits/crls/SeparateCertificateandCRLKeysCA2CRL.crl
new file mode 100644
index 0000000..90ec891
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/SeparateCertificateandCRLKeysCA2CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/SeparateCertificateandCRLKeysCRL.crl b/res/tests/resources/nist-pkits/crls/SeparateCertificateandCRLKeysCRL.crl
new file mode 100644
index 0000000..2dffb14
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/SeparateCertificateandCRLKeysCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/TrustAnchorRootCRL.crl b/res/tests/resources/nist-pkits/crls/TrustAnchorRootCRL.crl
new file mode 100644
index 0000000..f6245e4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/TrustAnchorRootCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/TwoCRLsCABadCRL.crl b/res/tests/resources/nist-pkits/crls/TwoCRLsCABadCRL.crl
new file mode 100644
index 0000000..daaaeef
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/TwoCRLsCABadCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/TwoCRLsCAGoodCRL.crl b/res/tests/resources/nist-pkits/crls/TwoCRLsCAGoodCRL.crl
new file mode 100644
index 0000000..074e99b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/TwoCRLsCAGoodCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/UIDCACRL.crl b/res/tests/resources/nist-pkits/crls/UIDCACRL.crl
new file mode 100644
index 0000000..76fca88
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/UIDCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl b/res/tests/resources/nist-pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl
new file mode 100644
index 0000000..4b18abe
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/UTF8StringEncodedNamesCACRL.crl b/res/tests/resources/nist-pkits/crls/UTF8StringEncodedNamesCACRL.crl
new file mode 100644
index 0000000..4411276
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/UTF8StringEncodedNamesCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/UnknownCRLEntryExtensionCACRL.crl b/res/tests/resources/nist-pkits/crls/UnknownCRLEntryExtensionCACRL.crl
new file mode 100644
index 0000000..53f90a8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/UnknownCRLEntryExtensionCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/UnknownCRLExtensionCACRL.crl b/res/tests/resources/nist-pkits/crls/UnknownCRLExtensionCACRL.crl
new file mode 100644
index 0000000..15df8d6
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/UnknownCRLExtensionCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/WrongCRLCACRL.crl b/res/tests/resources/nist-pkits/crls/WrongCRLCACRL.crl
new file mode 100644
index 0000000..f6245e4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/WrongCRLCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl b/res/tests/resources/nist-pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl
new file mode 100644
index 0000000..3dee2bc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/basicConstraintsNotCriticalCACRL.crl b/res/tests/resources/nist-pkits/crls/basicConstraintsNotCriticalCACRL.crl
new file mode 100644
index 0000000..b4ee320
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/basicConstraintsNotCriticalCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/basicConstraintsNotCriticalcAFalseCACRL.crl b/res/tests/resources/nist-pkits/crls/basicConstraintsNotCriticalcAFalseCACRL.crl
new file mode 100644
index 0000000..08f4df8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/basicConstraintsNotCriticalcAFalseCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/deltaCRLCA1CRL.crl b/res/tests/resources/nist-pkits/crls/deltaCRLCA1CRL.crl
new file mode 100644
index 0000000..550bff3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/deltaCRLCA1CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/deltaCRLCA1deltaCRL.crl b/res/tests/resources/nist-pkits/crls/deltaCRLCA1deltaCRL.crl
new file mode 100644
index 0000000..74f746a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/deltaCRLCA1deltaCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/deltaCRLCA2CRL.crl b/res/tests/resources/nist-pkits/crls/deltaCRLCA2CRL.crl
new file mode 100644
index 0000000..8e13c07
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/deltaCRLCA2CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/deltaCRLCA2deltaCRL.crl b/res/tests/resources/nist-pkits/crls/deltaCRLCA2deltaCRL.crl
new file mode 100644
index 0000000..c692f3a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/deltaCRLCA2deltaCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/deltaCRLCA3CRL.crl b/res/tests/resources/nist-pkits/crls/deltaCRLCA3CRL.crl
new file mode 100644
index 0000000..8aaebce
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/deltaCRLCA3CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/deltaCRLCA3deltaCRL.crl b/res/tests/resources/nist-pkits/crls/deltaCRLCA3deltaCRL.crl
new file mode 100644
index 0000000..fff39a5
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/deltaCRLCA3deltaCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/deltaCRLIndicatorNoBaseCACRL.crl b/res/tests/resources/nist-pkits/crls/deltaCRLIndicatorNoBaseCACRL.crl
new file mode 100644
index 0000000..7620c94
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/deltaCRLIndicatorNoBaseCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/distributionPoint1CACRL.crl b/res/tests/resources/nist-pkits/crls/distributionPoint1CACRL.crl
new file mode 100644
index 0000000..aa785bc
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/distributionPoint1CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/distributionPoint2CACRL.crl b/res/tests/resources/nist-pkits/crls/distributionPoint2CACRL.crl
new file mode 100644
index 0000000..0875c0b
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/distributionPoint2CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/indirectCRLCA1CRL.crl b/res/tests/resources/nist-pkits/crls/indirectCRLCA1CRL.crl
new file mode 100644
index 0000000..e8edba2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/indirectCRLCA1CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/indirectCRLCA3CRL.crl b/res/tests/resources/nist-pkits/crls/indirectCRLCA3CRL.crl
new file mode 100644
index 0000000..cd2639c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/indirectCRLCA3CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/indirectCRLCA3cRLIssuerCRL.crl b/res/tests/resources/nist-pkits/crls/indirectCRLCA3cRLIssuerCRL.crl
new file mode 100644
index 0000000..9289a28
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/indirectCRLCA3cRLIssuerCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/indirectCRLCA4cRLIssuerCRL.crl b/res/tests/resources/nist-pkits/crls/indirectCRLCA4cRLIssuerCRL.crl
new file mode 100644
index 0000000..2f73d9c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/indirectCRLCA4cRLIssuerCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/indirectCRLCA5CRL.crl b/res/tests/resources/nist-pkits/crls/indirectCRLCA5CRL.crl
new file mode 100644
index 0000000..d6b3943
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/indirectCRLCA5CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl b/res/tests/resources/nist-pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl
new file mode 100644
index 0000000..89dd9a8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl b/res/tests/resources/nist-pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl
new file mode 100644
index 0000000..6266447
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalCACRL.crl b/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalCACRL.crl
new file mode 100644
index 0000000..bd099eb
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl b/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl
new file mode 100644
index 0000000..ae04987
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl b/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl
new file mode 100644
index 0000000..4e91c59
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN1CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1CACRL.crl
new file mode 100644
index 0000000..d03eab2
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA1CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA1CRL.crl
new file mode 100644
index 0000000..441164e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA1CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA2CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA2CRL.crl
new file mode 100644
index 0000000..024ce6f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA2CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA3CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA3CRL.crl
new file mode 100644
index 0000000..230bff5
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN1subCA3CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN2CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN2CACRL.crl
new file mode 100644
index 0000000..8d7a0ce
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN2CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN3CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN3CACRL.crl
new file mode 100644
index 0000000..19907d7
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN3CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN3subCA1CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN3subCA1CRL.crl
new file mode 100644
index 0000000..784ceaa
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN3subCA1CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN3subCA2CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN3subCA2CRL.crl
new file mode 100644
index 0000000..b3ebd2e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN3subCA2CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN4CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN4CACRL.crl
new file mode 100644
index 0000000..7e096a1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN4CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDN5CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDN5CACRL.crl
new file mode 100644
index 0000000..f734c51
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDN5CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDNS1CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDNS1CACRL.crl
new file mode 100644
index 0000000..7608ab1
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDNS1CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsDNS2CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsDNS2CACRL.crl
new file mode 100644
index 0000000..9349f50
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsDNS2CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA1CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA1CRL.crl
new file mode 100644
index 0000000..af2d043
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA1CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA2CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA2CRL.crl
new file mode 100644
index 0000000..ed1b062
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA2CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA3CRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA3CRL.crl
new file mode 100644
index 0000000..c9cca94
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsRFC822CA3CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsURI1CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsURI1CACRL.crl
new file mode 100644
index 0000000..2ee9a8f
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsURI1CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/nameConstraintsURI2CACRL.crl b/res/tests/resources/nist-pkits/crls/nameConstraintsURI2CACRL.crl
new file mode 100644
index 0000000..192b5d8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/nameConstraintsURI2CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlyContainsAttributeCertsCACRL.crl b/res/tests/resources/nist-pkits/crls/onlyContainsAttributeCertsCACRL.crl
new file mode 100644
index 0000000..676823e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlyContainsAttributeCertsCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlyContainsCACertsCACRL.crl b/res/tests/resources/nist-pkits/crls/onlyContainsCACertsCACRL.crl
new file mode 100644
index 0000000..715f3aa
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlyContainsCACertsCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlyContainsUserCertsCACRL.crl b/res/tests/resources/nist-pkits/crls/onlyContainsUserCertsCACRL.crl
new file mode 100644
index 0000000..3e8c024
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlyContainsUserCertsCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA1compromiseCRL.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA1compromiseCRL.crl
new file mode 100644
index 0000000..f78c17c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA1compromiseCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA1otherreasonsCRL.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA1otherreasonsCRL.crl
new file mode 100644
index 0000000..8167a3a
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA1otherreasonsCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA2CRL1.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA2CRL1.crl
new file mode 100644
index 0000000..c2e7a01
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA2CRL1.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA2CRL2.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA2CRL2.crl
new file mode 100644
index 0000000..7d1f1a6
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA2CRL2.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA3compromiseCRL.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA3compromiseCRL.crl
new file mode 100644
index 0000000..09176f9
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA3compromiseCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA3otherreasonsCRL.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA3otherreasonsCRL.crl
new file mode 100644
index 0000000..efe1117
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA3otherreasonsCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA4compromiseCRL.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA4compromiseCRL.crl
new file mode 100644
index 0000000..0f742ce
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA4compromiseCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA4otherreasonsCRL.crl b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA4otherreasonsCRL.crl
new file mode 100644
index 0000000..4201d62
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/onlySomeReasonsCA4otherreasonsCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint0CACRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint0CACRL.crl
new file mode 100644
index 0000000..d1a0ef8
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint0CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint0subCA2CRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint0subCA2CRL.crl
new file mode 100644
index 0000000..b90fa08
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint0subCA2CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint0subCACRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint0subCACRL.crl
new file mode 100644
index 0000000..8d2c436
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint0subCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint1CACRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint1CACRL.crl
new file mode 100644
index 0000000..dcffee3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint1CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint1subCACRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint1subCACRL.crl
new file mode 100644
index 0000000..f7ddec3
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint1subCACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6CACRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6CACRL.crl
new file mode 100644
index 0000000..a211973
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6CACRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA0CRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA0CRL.crl
new file mode 100644
index 0000000..71f4e10
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA0CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA1CRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA1CRL.crl
new file mode 100644
index 0000000..ab792d4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA1CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA4CRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA4CRL.crl
new file mode 100644
index 0000000..2786565
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subCA4CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA00CRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA00CRL.crl
new file mode 100644
index 0000000..64d154c
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA00CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA11CRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA11CRL.crl
new file mode 100644
index 0000000..54db33e
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA11CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA41CRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA41CRL.crl
new file mode 100644
index 0000000..9fe269d
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubCA41CRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl
new file mode 100644
index 0000000..c10a7ad
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl
new file mode 100644
index 0000000..23a21b4
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl
Binary files differ
diff --git a/res/tests/resources/nist-pkits/crls/pre2000CRLnextUpdateCACRL.crl b/res/tests/resources/nist-pkits/crls/pre2000CRLnextUpdateCACRL.crl
new file mode 100644
index 0000000..436ffad
--- /dev/null
+++ b/res/tests/resources/nist-pkits/crls/pre2000CRLnextUpdateCACRL.crl
Binary files differ
diff --git a/src/libcore/java/security/cert/X509CertificateNistPkitsTest.java b/src/libcore/java/security/cert/X509CertificateNistPkitsTest.java
new file mode 100644
index 0000000..bf98698
--- /dev/null
+++ b/src/libcore/java/security/cert/X509CertificateNistPkitsTest.java
@@ -0,0 +1,3012 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package libcore.java.security.cert;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.CertStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CollectionCertStoreParameters;
+import java.security.cert.PKIXCertPathValidatorResult;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+public class X509CertificateNistPkitsTest extends TestCase {
+ public static final String RESOURCE_PACKAGE = "/tests/resources/";
+
+ public static InputStream getStream(String name) {
+ // If we have the resources packaged up in our jar file, get them that way.
+ String path = RESOURCE_PACKAGE + name;
+ InputStream result = X509CertificateNistPkitsTest.class.getResourceAsStream(path);
+ if (result != null) {
+ return result;
+ }
+ // Otherwise, if we're in an Android build tree, get the files directly.
+ String ANDROID_BUILD_TOP = System.getenv("ANDROID_BUILD_TOP");
+ if (ANDROID_BUILD_TOP != null) {
+ File resource = new File(ANDROID_BUILD_TOP + "/external/nist-pkits/res" + path);
+ if (resource.exists()) {
+ try {
+ return new FileInputStream(resource);
+ } catch (IOException ex) {
+ throw new IllegalArgumentException("Couldn't open: " + resource, ex);
+ }
+ }
+ }
+ throw new IllegalArgumentException("No such resource: " + path);
+ }
+
+ private final X509Certificate getCertificate(CertificateFactory f, String name)
+ throws Exception {
+ final String fileName = "nist-pkits/certs/" + name;
+ final InputStream is = getStream(fileName);
+ assertNotNull("File does not exist: " + fileName, is);
+ try {
+ return (X509Certificate) f.generateCertificate(is);
+ } finally {
+ try {
+ is.close();
+ } catch (IOException ignored) {
+ }
+ }
+ }
+
+ private final X509Certificate[] getCertificates(CertificateFactory f, String[] names)
+ throws Exception {
+ X509Certificate[] certs = new X509Certificate[names.length];
+
+ for (int i = 0; i < names.length; i++) {
+ certs[i] = getCertificate(f, names[i]);
+ }
+
+ return certs;
+ }
+
+ private final X509CRL getCRL(CertificateFactory f, String name) throws Exception {
+ final String fileName = "nist-pkits/crls/" + name;
+ final InputStream is = getStream(fileName);
+ assertNotNull("File does not exist: " + fileName, is);
+ try {
+ return (X509CRL) f.generateCRL(is);
+ } finally {
+ try {
+ is.close();
+ } catch (IOException ignored) {
+ }
+ }
+ }
+
+ private final X509CRL[] getCRLs(CertificateFactory f, String[] names) throws Exception {
+ X509CRL[] crls = new X509CRL[names.length];
+
+ for (int i = 0; i < names.length; i++) {
+ crls[i] = getCRL(f, names[i]);
+ }
+
+ return crls;
+ }
+
+ private CertPath getTestPath(CertificateFactory f, String[] pathCerts) throws Exception {
+ X509Certificate[] certs = getCertificates(f, pathCerts);
+ return f.generateCertPath(Arrays.asList(certs));
+ }
+
+ private PKIXParameters getTestPathParams(CertificateFactory f, String trustedCAName,
+ String[] pathCerts, String[] pathCRLs) throws Exception {
+ X509Certificate[] certs = getCertificates(f, pathCerts);
+ X509CRL[] crls = getCRLs(f, pathCRLs);
+ X509Certificate trustedCA = getCertificate(f, trustedCAName);
+
+ Collection<Object> certCollection = new ArrayList<Object>();
+ certCollection.addAll(Arrays.asList(crls));
+ certCollection.addAll(Arrays.asList(certs));
+ certCollection.add(trustedCA);
+ CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(
+ certCollection);
+ CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
+
+ Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
+ anchors.add(new TrustAnchor(trustedCA, null));
+
+ PKIXParameters params = new PKIXParameters(anchors);
+ params.addCertStore(certStore);
+
+ return params;
+ }
+
+ private void assertInvalidPath(String trustAnchor, String[] certs, String[] crls)
+ throws Exception, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+ CertificateFactory f = CertificateFactory.getInstance("X.509");
+
+ PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls);
+ CertPath cp = getTestPath(f, certs);
+ CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
+
+ try {
+ PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp,
+ params);
+ fail();
+ } catch (CertPathValidatorException expected) {
+ }
+ }
+
+ private void assertValidPath(String trustAnchor, String[] certs, String[] crls)
+ throws Exception, NoSuchAlgorithmException, CertPathValidatorException,
+ InvalidAlgorithmParameterException {
+ CertificateFactory f = CertificateFactory.getInstance("X.509");
+
+ PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls);
+ CertPath cp = getTestPath(f, certs);
+ CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
+
+ PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp,
+ params);
+ }
+
+ /* DO NOT MANUALLY EDIT -- BEGIN AUTOMATICALLY GENERATED TESTS */
+ /** NIST PKITS test 4.1.1 */
+ public void testSignatureVerification_ValidSignaturesTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidCertificatePathTest1EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.1.2 */
+ public void testSignatureVerification_InvalidCASignatureTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidCASignatureTest2EE.crt",
+ "BadSignedCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BadSignedCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.1.3 */
+ public void testSignatureVerification_InvalidEESignatureTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidEESignatureTest3EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.1.4 */
+ public void testSignatureVerification_ValidDSASignaturesTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDSASignaturesTest4EE.crt",
+ "DSACACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "DSACACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.1.5 */
+ public void testSignatureVerification_ValidDSAParameterInheritanceTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDSAParameterInheritanceTest5EE.crt",
+ "DSAParametersInheritedCACert.crt",
+ "DSACACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "DSACACRL.crl",
+ "DSAParametersInheritedCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.1.6 */
+ public void testSignatureVerification_InvalidDSASignatureTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDSASignatureTest6EE.crt",
+ "DSACACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "DSACACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.1 */
+ public void testValidityPeriods_InvalidCAnotBeforeDateTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidCAnotBeforeDateTest1EE.crt",
+ "BadnotBeforeDateCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BadnotBeforeDateCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.2 */
+ public void testValidityPeriods_InvalidEEnotBeforeDateTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidEEnotBeforeDateTest2EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.3 */
+ public void testValidityPeriods_Validpre2000UTCnotBeforeDateTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "Validpre2000UTCnotBeforeDateTest3EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.4 */
+ public void testValidityPeriods_ValidGeneralizedTimenotBeforeDateTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidGeneralizedTimenotBeforeDateTest4EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.5 */
+ public void testValidityPeriods_InvalidCAnotAfterDateTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidCAnotAfterDateTest5EE.crt",
+ "BadnotAfterDateCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BadnotAfterDateCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.6 */
+ public void testValidityPeriods_InvalidEEnotAfterDateTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidEEnotAfterDateTest6EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.7 */
+ public void testValidityPeriods_Invalidpre2000UTCEEnotAfterDateTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "Invalidpre2000UTCEEnotAfterDateTest7EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.2.8 */
+ public void testValidityPeriods_ValidGeneralizedTimenotAfterDateTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidGeneralizedTimenotAfterDateTest8EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.1 */
+ public void testVerifyingNameChaining_InvalidNameChainingEETest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidNameChainingTest1EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.2 */
+ public void testVerifyingNameChaining_InvalidNameChainingOrderTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidNameChainingOrderTest2EE.crt",
+ "NameOrderingCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "NameOrderCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.3 */
+ public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidNameChainingWhitespaceTest3EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.4 */
+ public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidNameChainingWhitespaceTest4EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.5 */
+ public void testVerifyingNameChaining_ValidNameChainingCapitalizationTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidNameChainingCapitalizationTest5EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.6 */
+ public void testVerifyingNameChaining_ValidNameChainingUIDsTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidNameUIDsTest6EE.crt",
+ "UIDCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "UIDCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.7 */
+ public void testVerifyingNameChaining_ValidRFC3280MandatoryAttributeTypesTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidRFC3280MandatoryAttributeTypesTest7EE.crt",
+ "RFC3280MandatoryAttributeTypesCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "RFC3280MandatoryAttributeTypesCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.8 */
+ public void testVerifyingNameChaining_ValidRFC3280OptionalAttributeTypesTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidRFC3280OptionalAttributeTypesTest8EE.crt",
+ "RFC3280OptionalAttributeTypesCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "RFC3280OptionalAttributeTypesCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.9 */
+ public void testVerifyingNameChaining_ValidUTF8StringEncodedNamesTest9() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidUTF8StringEncodedNamesTest9EE.crt",
+ "UTF8StringEncodedNamesCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "UTF8StringEncodedNamesCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.10 */
+ public void testVerifyingNameChaining_ValidRolloverfromPrintableStringtoUTF8StringTest10() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt",
+ "RolloverfromPrintableStringtoUTF8StringCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "RolloverfromPrintableStringtoUTF8StringCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.3.11 */
+ public void testVerifyingNameChaining_ValidUTF8StringCaseInsensitiveMatchTest11() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidUTF8StringCaseInsensitiveMatchTest11EE.crt",
+ "UTF8StringCaseInsensitiveMatchCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "UTF8StringCaseInsensitiveMatchCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.1 */
+ public void testBasicCertificateRevocationTests_MissingCRLTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidMissingCRLTest1EE.crt",
+ "NoCRLCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.2 */
+ public void testBasicCertificateRevocationTests_InvalidRevokedCATest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidRevokedCATest2EE.crt",
+ "RevokedsubCACert.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ "RevokedsubCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.3 */
+ public void testBasicCertificateRevocationTests_InvalidRevokedEETest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidRevokedEETest3EE.crt",
+ "GoodCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.4 */
+ public void testBasicCertificateRevocationTests_InvalidBadCRLSignatureTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidBadCRLSignatureTest4EE.crt",
+ "BadCRLSignatureCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BadCRLSignatureCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.5 */
+ public void testBasicCertificateRevocationTests_InvalidBadCRLIssuerNameTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidBadCRLIssuerNameTest5EE.crt",
+ "BadCRLIssuerNameCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BadCRLIssuerNameCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.6 */
+ public void testBasicCertificateRevocationTests_InvalidWrongCRLTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidWrongCRLTest6EE.crt",
+ "WrongCRLCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "WrongCRLCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.7 */
+ public void testBasicCertificateRevocationTests_ValidTwoCRLsTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidTwoCRLsTest7EE.crt",
+ "TwoCRLsCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "TwoCRLsCAGoodCRL.crl",
+ "TwoCRLsCABadCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.8 */
+ public void testBasicCertificateRevocationTests_InvalidUnknownCRLEntryExtensionTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidUnknownCRLEntryExtensionTest8EE.crt",
+ "UnknownCRLEntryExtensionCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "UnknownCRLEntryExtensionCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.9 */
+ public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest9() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidUnknownCRLExtensionTest9EE.crt",
+ "UnknownCRLExtensionCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "UnknownCRLExtensionCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.10 */
+ public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest10() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidUnknownCRLExtensionTest10EE.crt",
+ "UnknownCRLExtensionCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "UnknownCRLExtensionCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.11 */
+ public void testBasicCertificateRevocationTests_InvalidOldCRLnextUpdateTest11() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidOldCRLnextUpdateTest11EE.crt",
+ "OldCRLnextUpdateCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "OldCRLnextUpdateCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.12 */
+ public void testBasicCertificateRevocationTests_Invalidpre2000CRLnextUpdateTest12() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "Invalidpre2000CRLnextUpdateTest12EE.crt",
+ "pre2000CRLnextUpdateCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pre2000CRLnextUpdateCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.13 */
+ public void testBasicCertificateRevocationTests_ValidGeneralizedTimeCRLnextUpdateTest13() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidGeneralizedTimeCRLnextUpdateTest13EE.crt",
+ "GeneralizedTimeCRLnextUpdateCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GeneralizedTimeCRLnextUpdateCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.14 */
+ public void testBasicCertificateRevocationTests_ValidNegativeSerialNumberTest14() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidNegativeSerialNumberTest14EE.crt",
+ "NegativeSerialNumberCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "NegativeSerialNumberCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.15 */
+ public void testBasicCertificateRevocationTests_InvalidNegativeSerialNumberTest15() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidNegativeSerialNumberTest15EE.crt",
+ "NegativeSerialNumberCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "NegativeSerialNumberCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.16 */
+ public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest16() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidLongSerialNumberTest16EE.crt",
+ "LongSerialNumberCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "LongSerialNumberCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.17 */
+ public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest17() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidLongSerialNumberTest17EE.crt",
+ "LongSerialNumberCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "LongSerialNumberCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.18 */
+ public void testBasicCertificateRevocationTests_InvalidLongSerialNumberTest18() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidLongSerialNumberTest18EE.crt",
+ "LongSerialNumberCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "LongSerialNumberCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.19 */
+ public void testBasicCertificateRevocationTests_ValidSeparateCertificateandCRLKeysTest19() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidSeparateCertificateandCRLKeysTest19EE.crt",
+ "SeparateCertificateandCRLKeysCRLSigningCert.crt",
+ "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "SeparateCertificateandCRLKeysCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.20 */
+ public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest20() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidSeparateCertificateandCRLKeysTest20EE.crt",
+ "SeparateCertificateandCRLKeysCRLSigningCert.crt",
+ "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "SeparateCertificateandCRLKeysCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.4.21 */
+ public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest21() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidSeparateCertificateandCRLKeysTest21EE.crt",
+ "SeparateCertificateandCRLKeysCA2CRLSigningCert.crt",
+ "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "SeparateCertificateandCRLKeysCA2CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.1 */
+ public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedOldWithNewTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidBasicSelfIssuedOldWithNewTest1EE.crt",
+ "BasicSelfIssuedNewKeyOldWithNewCACert.crt",
+ "BasicSelfIssuedNewKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedNewKeyCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.2 */
+ public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedOldWithNewTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidBasicSelfIssuedOldWithNewTest2EE.crt",
+ "BasicSelfIssuedNewKeyOldWithNewCACert.crt",
+ "BasicSelfIssuedNewKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedNewKeyCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.3 */
+ public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidBasicSelfIssuedNewWithOldTest3EE.crt",
+ "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
+ "BasicSelfIssuedOldKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
+ "BasicSelfIssuedOldKeyCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.4 */
+ public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidBasicSelfIssuedNewWithOldTest4EE.crt",
+ "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
+ "BasicSelfIssuedOldKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
+ "BasicSelfIssuedOldKeyCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.5 */
+ public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedNewWithOldTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidBasicSelfIssuedNewWithOldTest5EE.crt",
+ "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
+ "BasicSelfIssuedOldKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
+ "BasicSelfIssuedOldKeyCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.6 */
+ public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedCRLSigningKeyTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt",
+ "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
+ "BasicSelfIssuedCRLSigningKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
+ "BasicSelfIssuedCRLSigningKeyCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.7 */
+ public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt",
+ "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
+ "BasicSelfIssuedCRLSigningKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
+ "BasicSelfIssuedCRLSigningKeyCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.5.8 */
+ public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt",
+ "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
+ "BasicSelfIssuedCRLSigningKeyCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
+ "BasicSelfIssuedCRLSigningKeyCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.1 */
+ public void testVerifyingBasicConstraints_InvalidMissingbasicConstraintsTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidMissingbasicConstraintsTest1EE.crt",
+ "MissingbasicConstraintsCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "MissingbasicConstraintsCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.2 */
+ public void testVerifyingBasicConstraints_InvalidcAFalseTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidcAFalseTest2EE.crt",
+ "basicConstraintsCriticalcAFalseCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "basicConstraintsCriticalcAFalseCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.3 */
+ public void testVerifyingBasicConstraints_InvalidcAFalseTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidcAFalseTest3EE.crt",
+ "basicConstraintsNotCriticalcAFalseCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "basicConstraintsNotCriticalcAFalseCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.4 */
+ public void testVerifyingBasicConstraints_ValidbasicConstraintsNotCriticalTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidbasicConstraintsNotCriticalTest4EE.crt",
+ "basicConstraintsNotCriticalCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "basicConstraintsNotCriticalCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.5 */
+ public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidpathLenConstraintTest5EE.crt",
+ "pathLenConstraint0subCACert.crt",
+ "pathLenConstraint0CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint0CACRL.crl",
+ "pathLenConstraint0subCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.6 */
+ public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidpathLenConstraintTest6EE.crt",
+ "pathLenConstraint0subCACert.crt",
+ "pathLenConstraint0CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint0CACRL.crl",
+ "pathLenConstraint0subCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.7 */
+ public void testVerifyingBasicConstraints_ValidpathLenConstraintTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidpathLenConstraintTest7EE.crt",
+ "pathLenConstraint0CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint0CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.8 */
+ public void testVerifyingBasicConstraints_ValidpathLenConstraintTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidpathLenConstraintTest8EE.crt",
+ "pathLenConstraint0CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint0CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.9 */
+ public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest9() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidpathLenConstraintTest9EE.crt",
+ "pathLenConstraint6subsubCA00Cert.crt",
+ "pathLenConstraint6subCA0Cert.crt",
+ "pathLenConstraint6CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint6CACRL.crl",
+ "pathLenConstraint6subCA0CRL.crl",
+ "pathLenConstraint6subsubCA00CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.10 */
+ public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest10() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidpathLenConstraintTest10EE.crt",
+ "pathLenConstraint6subsubCA00Cert.crt",
+ "pathLenConstraint6subCA0Cert.crt",
+ "pathLenConstraint6CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint6CACRL.crl",
+ "pathLenConstraint6subCA0CRL.crl",
+ "pathLenConstraint6subsubCA00CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.11 */
+ public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest11() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidpathLenConstraintTest11EE.crt",
+ "pathLenConstraint6subsubsubCA11XCert.crt",
+ "pathLenConstraint6subsubCA11Cert.crt",
+ "pathLenConstraint6subCA1Cert.crt",
+ "pathLenConstraint6CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint6CACRL.crl",
+ "pathLenConstraint6subCA1CRL.crl",
+ "pathLenConstraint6subsubCA11CRL.crl",
+ "pathLenConstraint6subsubsubCA11XCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.12 */
+ public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest12() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidpathLenConstraintTest12EE.crt",
+ "pathLenConstraint6subsubsubCA11XCert.crt",
+ "pathLenConstraint6subsubCA11Cert.crt",
+ "pathLenConstraint6subCA1Cert.crt",
+ "pathLenConstraint6CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint6CACRL.crl",
+ "pathLenConstraint6subCA1CRL.crl",
+ "pathLenConstraint6subsubCA11CRL.crl",
+ "pathLenConstraint6subsubsubCA11XCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.13 */
+ public void testVerifyingBasicConstraints_ValidpathLenConstraintTest13() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidpathLenConstraintTest13EE.crt",
+ "pathLenConstraint6subsubsubCA41XCert.crt",
+ "pathLenConstraint6subsubCA41Cert.crt",
+ "pathLenConstraint6subCA4Cert.crt",
+ "pathLenConstraint6CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint6CACRL.crl",
+ "pathLenConstraint6subCA4CRL.crl",
+ "pathLenConstraint6subsubCA41CRL.crl",
+ "pathLenConstraint6subsubsubCA41XCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.14 */
+ public void testVerifyingBasicConstraints_ValidpathLenConstraintTest14() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidpathLenConstraintTest14EE.crt",
+ "pathLenConstraint6subsubsubCA41XCert.crt",
+ "pathLenConstraint6subsubCA41Cert.crt",
+ "pathLenConstraint6subCA4Cert.crt",
+ "pathLenConstraint6CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint6CACRL.crl",
+ "pathLenConstraint6subCA4CRL.crl",
+ "pathLenConstraint6subsubCA41CRL.crl",
+ "pathLenConstraint6subsubsubCA41XCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.15 */
+ public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest15() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidSelfIssuedpathLenConstraintTest15EE.crt",
+ "pathLenConstraint0SelfIssuedCACert.crt",
+ "pathLenConstraint0CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint0CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.16 */
+ public void testVerifyingBasicConstraints_InvalidSelfIssuedpathLenConstraintTest16() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidSelfIssuedpathLenConstraintTest16EE.crt",
+ "pathLenConstraint0subCA2Cert.crt",
+ "pathLenConstraint0SelfIssuedCACert.crt",
+ "pathLenConstraint0CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint0CACRL.crl",
+ "pathLenConstraint0subCA2CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.6.17 */
+ public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest17() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidSelfIssuedpathLenConstraintTest17EE.crt",
+ "pathLenConstraint1SelfIssuedsubCACert.crt",
+ "pathLenConstraint1subCACert.crt",
+ "pathLenConstraint1SelfIssuedCACert.crt",
+ "pathLenConstraint1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "pathLenConstraint1CACRL.crl",
+ "pathLenConstraint1subCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.7.1 */
+ public void testKeyUsage_InvalidkeyUsageCriticalkeyCertSignFalseTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt",
+ "keyUsageCriticalkeyCertSignFalseCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "keyUsageCriticalkeyCertSignFalseCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.7.2 */
+ public void testKeyUsage_InvalidkeyUsageNotCriticalkeyCertSignFalseTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt",
+ "keyUsageNotCriticalkeyCertSignFalseCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "keyUsageNotCriticalkeyCertSignFalseCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.7.3 */
+ public void testKeyUsage_ValidkeyUsageNotCriticalTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidkeyUsageNotCriticalTest3EE.crt",
+ "keyUsageNotCriticalCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "keyUsageNotCriticalCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.7.4 */
+ public void testKeyUsage_InvalidkeyUsageCriticalcRLSignFalseTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt",
+ "keyUsageCriticalcRLSignFalseCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "keyUsageCriticalcRLSignFalseCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.7.5 */
+ public void testKeyUsage_InvalidkeyUsageNotCriticalcRLSignFalseTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt",
+ "keyUsageNotCriticalcRLSignFalseCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "keyUsageNotCriticalcRLSignFalseCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ // skipping sections 4.8 to 4.12
+
+ /** NIST PKITS test 4.13.1 */
+ public void testKeyUsage_ValidDNnameConstraintsTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest1EE.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.2 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest2EE.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.3 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest3EE.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.4 */
+ public void testKeyUsage_ValidDNnameConstraintsTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest4EE.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.5 */
+ public void testKeyUsage_ValidDNnameConstraintsTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest5EE.crt",
+ "nameConstraintsDN2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN2CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.6 */
+ public void testKeyUsage_ValidDNnameConstraintsTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest6EE.crt",
+ "nameConstraintsDN3CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN3CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.7 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest7EE.crt",
+ "nameConstraintsDN3CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN3CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.8 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest8EE.crt",
+ "nameConstraintsDN4CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN4CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.9 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest9() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest9EE.crt",
+ "nameConstraintsDN4CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN4CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.10 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest10() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest10EE.crt",
+ "nameConstraintsDN5CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN5CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.11 */
+ public void testKeyUsage_ValidDNnameConstraintsTest11() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest11EE.crt",
+ "nameConstraintsDN5CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN5CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.12 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest12() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest12EE.crt",
+ "nameConstraintsDN1subCA1Cert.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ "nameConstraintsDN1subCA1CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.13 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest13() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest13EE.crt",
+ "nameConstraintsDN1subCA2Cert.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ "nameConstraintsDN1subCA2CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.14 */
+ public void testKeyUsage_ValidDNnameConstraintsTest14() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest14EE.crt",
+ "nameConstraintsDN1subCA2Cert.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ "nameConstraintsDN1subCA2CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.15 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest15() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest15EE.crt",
+ "nameConstraintsDN3subCA1Cert.crt",
+ "nameConstraintsDN3CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN3CACRL.crl",
+ "nameConstraintsDN3subCA1CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.16 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest16() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest16EE.crt",
+ "nameConstraintsDN3subCA1Cert.crt",
+ "nameConstraintsDN3CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN3CACRL.crl",
+ "nameConstraintsDN3subCA1CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.17 */
+ public void testKeyUsage_InvalidDNnameConstraintsTest17() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest17EE.crt",
+ "nameConstraintsDN3subCA2Cert.crt",
+ "nameConstraintsDN3CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN3CACRL.crl",
+ "nameConstraintsDN3subCA2CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.18 */
+ public void testKeyUsage_ValidDNnameConstraintsTest18() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest18EE.crt",
+ "nameConstraintsDN3subCA2Cert.crt",
+ "nameConstraintsDN3CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN3CACRL.crl",
+ "nameConstraintsDN3subCA2CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.19 */
+ public void testKeyUsage_ValidSelfIssuedDNnameConstraintsTest19() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNnameConstraintsTest19EE.crt",
+ "nameConstraintsDN1SelfIssuedCACert.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.20 */
+ public void testKeyUsage_InvalidSelfIssuedDNnameConstraintsTest20() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNnameConstraintsTest20EE.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.21 */
+ public void testKeyUsage_ValidRFC822nameConstraintsTest21() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidRFC822nameConstraintsTest21EE.crt",
+ "nameConstraintsRFC822CA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsRFC822CA1CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.22 */
+ public void testKeyUsage_InvalidRFC822nameConstraintsTest22() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidRFC822nameConstraintsTest22EE.crt",
+ "nameConstraintsRFC822CA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsRFC822CA1CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.23 */
+ public void testKeyUsage_ValidRFC822nameConstraintsTest23() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidRFC822nameConstraintsTest23EE.crt",
+ "nameConstraintsRFC822CA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsRFC822CA2CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.24 */
+ public void testKeyUsage_InvalidRFC822nameConstraintsTest24() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidRFC822nameConstraintsTest24EE.crt",
+ "nameConstraintsRFC822CA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsRFC822CA2CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.25 */
+ public void testKeyUsage_ValidRFC822nameConstraintsTest25() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidRFC822nameConstraintsTest25EE.crt",
+ "nameConstraintsRFC822CA3Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsRFC822CA3CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.26 */
+ public void testKeyUsage_InvalidRFC822nameConstraintsTest26() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidRFC822nameConstraintsTest26EE.crt",
+ "nameConstraintsRFC822CA3Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsRFC822CA3CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.27 */
+ public void testKeyUsage_ValidDNandRFC822nameConstraintsTest27() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNandRFC822nameConstraintsTest27EE.crt",
+ "nameConstraintsDN1subCA3Cert.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ "nameConstraintsDN1subCA3CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.28 */
+ public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest28() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNandRFC822nameConstraintsTest28EE.crt",
+ "nameConstraintsDN1subCA3Cert.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ "nameConstraintsDN1subCA3CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.29 */
+ public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest29() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNandRFC822nameConstraintsTest29EE.crt",
+ "nameConstraintsDN1subCA3Cert.crt",
+ "nameConstraintsDN1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDN1CACRL.crl",
+ "nameConstraintsDN1subCA3CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.30 */
+ public void testKeyUsage_ValidDNSnameConstraintsTest30() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNSnameConstraintsTest30EE.crt",
+ "nameConstraintsDNS1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDNS1CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.31 */
+ public void testKeyUsage_InvalidDNSnameConstraintsTest31() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNSnameConstraintsTest31EE.crt",
+ "nameConstraintsDNS1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDNS1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.32 */
+ public void testKeyUsage_ValidDNSnameConstraintsTest32() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidDNSnameConstraintsTest32EE.crt",
+ "nameConstraintsDNS2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDNS2CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.33 */
+ public void testKeyUsage_InvalidDNSnameConstraintsTest33() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNSnameConstraintsTest33EE.crt",
+ "nameConstraintsDNS2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDNS2CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.34 */
+ public void testKeyUsage_ValidURInameConstraintsTest34() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidURInameConstraintsTest34EE.crt",
+ "nameConstraintsURI1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsURI1CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.35 */
+ public void testKeyUsage_InvalidURInameConstraintsTest35() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidURInameConstraintsTest35EE.crt",
+ "nameConstraintsURI1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsURI1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.36 */
+ public void testKeyUsage_ValidURInameConstraintsTest36() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidURInameConstraintsTest36EE.crt",
+ "nameConstraintsURI2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsURI2CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.37 */
+ public void testKeyUsage_InvalidURInameConstraintsTest37() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidURInameConstraintsTest37EE.crt",
+ "nameConstraintsURI2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsURI2CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.13.38 */
+ public void testKeyUsage_InvalidDNSnameConstraintsTest38() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidDNSnameConstraintsTest38EE.crt",
+ "nameConstraintsDNS1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "nameConstraintsDNS1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.1 */
+ public void testDistributionPoints_ValiddistributionPointTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddistributionPointTest1EE.crt",
+ "distributionPoint1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint1CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.2 */
+ public void testDistributionPoints_InvaliddistributionPointTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddistributionPointTest2EE.crt",
+ "distributionPoint1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.3 */
+ public void testDistributionPoints_InvaliddistributionPointTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddistributionPointTest3EE.crt",
+ "distributionPoint1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint1CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.4 */
+ public void testDistributionPoints_ValiddistributionPointTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddistributionPointTest4EE.crt",
+ "distributionPoint1CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint1CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.5 */
+ public void testDistributionPoints_ValiddistributionPointTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddistributionPointTest5EE.crt",
+ "distributionPoint2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint2CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.6 */
+ public void testDistributionPoints_InvaliddistributionPointTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddistributionPointTest6EE.crt",
+ "distributionPoint2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint2CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.7 */
+ public void testDistributionPoints_ValiddistributionPointTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddistributionPointTest7EE.crt",
+ "distributionPoint2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint2CACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.8 */
+ public void testDistributionPoints_InvaliddistributionPointTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddistributionPointTest8EE.crt",
+ "distributionPoint2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint2CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.9 */
+ public void testDistributionPoints_InvaliddistributionPointTest9() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddistributionPointTest9EE.crt",
+ "distributionPoint2CACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "distributionPoint2CACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.10 */
+ public void testDistributionPoints_ValidNoissuingDistributionPointTest10() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidNoissuingDistributionPointTest10EE.crt",
+ "NoissuingDistributionPointCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "NoissuingDistributionPointCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.11 */
+ public void testDistributionPoints_InvalidonlyContainsUserCertsCRLTest11() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlyContainsUserCertsTest11EE.crt",
+ "onlyContainsUserCertsCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlyContainsUserCertsCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.12 */
+ public void testDistributionPoints_InvalidonlyContainsCACertsCRLTest12() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlyContainsCACertsTest12EE.crt",
+ "onlyContainsCACertsCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlyContainsCACertsCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.13 */
+ public void testDistributionPoints_ValidonlyContainsCACertsCRLTest13() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidonlyContainsCACertsTest13EE.crt",
+ "onlyContainsCACertsCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlyContainsCACertsCACRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.14 */
+ public void testDistributionPoints_InvalidonlyContainsAttributeCertsTest14() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlyContainsAttributeCertsTest14EE.crt",
+ "onlyContainsAttributeCertsCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlyContainsAttributeCertsCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.15 */
+ public void testDistributionPoints_InvalidonlySomeReasonsTest15() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlySomeReasonsTest15EE.crt",
+ "onlySomeReasonsCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlySomeReasonsCA1compromiseCRL.crl",
+ "onlySomeReasonsCA1otherreasonsCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.16 */
+ public void testDistributionPoints_InvalidonlySomeReasonsTest16() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlySomeReasonsTest16EE.crt",
+ "onlySomeReasonsCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlySomeReasonsCA1compromiseCRL.crl",
+ "onlySomeReasonsCA1otherreasonsCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.17 */
+ public void testDistributionPoints_InvalidonlySomeReasonsTest17() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlySomeReasonsTest17EE.crt",
+ "onlySomeReasonsCA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlySomeReasonsCA2CRL1.crl",
+ "onlySomeReasonsCA2CRL2.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.18 */
+ public void testDistributionPoints_ValidonlySomeReasonsTest18() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidonlySomeReasonsTest18EE.crt",
+ "onlySomeReasonsCA3Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlySomeReasonsCA3compromiseCRL.crl",
+ "onlySomeReasonsCA3otherreasonsCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.19 */
+ public void testDistributionPoints_ValidonlySomeReasonsTest19() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidonlySomeReasonsTest19EE.crt",
+ "onlySomeReasonsCA4Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlySomeReasonsCA4compromiseCRL.crl",
+ "onlySomeReasonsCA4otherreasonsCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.20 */
+ public void testDistributionPoints_InvalidonlySomeReasonsTest20() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlySomeReasonsTest20EE.crt",
+ "onlySomeReasonsCA4Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlySomeReasonsCA4compromiseCRL.crl",
+ "onlySomeReasonsCA4otherreasonsCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.21 */
+ public void testDistributionPoints_InvalidonlySomeReasonsTest21() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidonlySomeReasonsTest21EE.crt",
+ "onlySomeReasonsCA4Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "onlySomeReasonsCA4compromiseCRL.crl",
+ "onlySomeReasonsCA4otherreasonsCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.22 */
+ public void testDistributionPoints_ValidIDPwithindirectCRLTest22() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidIDPwithindirectCRLTest22EE.crt",
+ "indirectCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA1CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.23 */
+ public void testDistributionPoints_InvalidIDPwithindirectCRLTest23() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidIDPwithindirectCRLTest23EE.crt",
+ "indirectCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA1CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.24 */
+ public void testDistributionPoints_ValidIDPwithindirectCRLTest24() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidIDPwithindirectCRLTest24EE.crt",
+ "indirectCRLCA1Cert.crt",
+ "indirectCRLCA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA1CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.25 */
+ public void testDistributionPoints_ValidIDPwithindirectCRLTest25() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidIDPwithindirectCRLTest25EE.crt",
+ "indirectCRLCA1Cert.crt",
+ "indirectCRLCA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA1CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.26 */
+ public void testDistributionPoints_InvalidIDPwithindirectCRLTest26() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidIDPwithindirectCRLTest26EE.crt",
+ "indirectCRLCA1Cert.crt",
+ "indirectCRLCA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA1CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.27 */
+ public void testDistributionPoints_InvalidcRLIssuerTest27() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidcRLIssuerTest27EE.crt",
+ "GoodCACert.crt",
+ "indirectCRLCA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "GoodCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.28 */
+ public void testDistributionPoints_ValidcRLIssuerTest28() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidcRLIssuerTest28EE.crt",
+ "indirectCRLCA3cRLIssuerCert.crt",
+ "indirectCRLCA3Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA3CRL.crl",
+ "indirectCRLCA3cRLIssuerCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.29 */
+ public void testDistributionPoints_ValidcRLIssuerTest29() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidcRLIssuerTest29EE.crt",
+ "indirectCRLCA3cRLIssuerCert.crt",
+ "indirectCRLCA3Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA3CRL.crl",
+ "indirectCRLCA3cRLIssuerCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.30 */
+ public void testDistributionPoints_ValidcRLIssuerTest30() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidcRLIssuerTest30EE.crt",
+ "indirectCRLCA4cRLIssuerCert.crt",
+ "indirectCRLCA4Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA4cRLIssuerCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.31 */
+ public void testDistributionPoints_InvalidcRLIssuerTest31() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidcRLIssuerTest31EE.crt",
+ "indirectCRLCA6Cert.crt",
+ "indirectCRLCA5Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA5CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.32 */
+ public void testDistributionPoints_InvalidcRLIssuerTest32() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidcRLIssuerTest32EE.crt",
+ "indirectCRLCA6Cert.crt",
+ "indirectCRLCA5Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA5CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.33 */
+ public void testDistributionPoints_ValidcRLIssuerTest33() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidcRLIssuerTest33EE.crt",
+ "indirectCRLCA6Cert.crt",
+ "indirectCRLCA5Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA5CRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.34 */
+ public void testDistributionPoints_InvalidcRLIssuerTest34() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidcRLIssuerTest34EE.crt",
+ "indirectCRLCA5Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA5CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.14.35 */
+ public void testDistributionPoints_InvalidcRLIssuerTest35() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvalidcRLIssuerTest35EE.crt",
+ "indirectCRLCA5Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "indirectCRLCA5CRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.1 */
+ public void testDeltaCRLs_InvaliddeltaCRLIndicatorNoBaseTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddeltaCRLIndicatorNoBaseTest1EE.crt",
+ "deltaCRLIndicatorNoBaseCACert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLIndicatorNoBaseCACRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.2 */
+ public void testDeltaCRLs_ValiddeltaCRLTest2() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddeltaCRLTest2EE.crt",
+ "deltaCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA1CRL.crl",
+ "deltaCRLCA1deltaCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.3 */
+ public void testDeltaCRLs_InvaliddeltaCRLTest3() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddeltaCRLTest3EE.crt",
+ "deltaCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA1CRL.crl",
+ "deltaCRLCA1deltaCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.4 */
+ public void testDeltaCRLs_InvaliddeltaCRLTest4() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddeltaCRLTest4EE.crt",
+ "deltaCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA1CRL.crl",
+ "deltaCRLCA1deltaCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.5 */
+ public void testDeltaCRLs_ValiddeltaCRLTest5() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddeltaCRLTest5EE.crt",
+ "deltaCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA1CRL.crl",
+ "deltaCRLCA1deltaCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.6 */
+ public void testDeltaCRLs_InvaliddeltaCRLTest6() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddeltaCRLTest6EE.crt",
+ "deltaCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA1CRL.crl",
+ "deltaCRLCA1deltaCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.7 */
+ public void testDeltaCRLs_ValiddeltaCRLTest7() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddeltaCRLTest7EE.crt",
+ "deltaCRLCA1Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA1CRL.crl",
+ "deltaCRLCA1deltaCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.8 */
+ public void testDeltaCRLs_ValiddeltaCRLTest8() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValiddeltaCRLTest8EE.crt",
+ "deltaCRLCA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA2CRL.crl",
+ "deltaCRLCA2deltaCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.9 */
+ public void testDeltaCRLs_InvaliddeltaCRLTest9() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddeltaCRLTest9EE.crt",
+ "deltaCRLCA2Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA2CRL.crl",
+ "deltaCRLCA2deltaCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.15.10 */
+ public void testDeltaCRLs_InvaliddeltaCRLTest10() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "InvaliddeltaCRLTest10EE.crt",
+ "deltaCRLCA3Cert.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ "deltaCRLCA3CRL.crl",
+ "deltaCRLCA3deltaCRL.crl",
+ };
+
+ assertInvalidPath(trustAnchor, certs, crls);
+ }
+
+ /** NIST PKITS test 4.16.1 */
+ public void testPrivateCertificateExtensions_ValidUnknownNotCriticalCertificateExtensionTest1() throws Exception {
+ String trustAnchor = "TrustAnchorRootCertificate.crt";
+
+ String[] certs = {
+ "ValidUnknownNotCriticalCertificateExtensionTest1EE.crt",
+ };
+
+ String[] crls = {
+ "TrustAnchorRootCRL.crl",
+ };
+
+ assertValidPath(trustAnchor, certs, crls);
+ }
+
+ /* DO NOT MANUALLY EDIT -- END AUTOMATICALLY GENERATED TESTS */
+}