1 /*
2  * Copyright (C) 2013 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package libcore.java.security.cert;
18 
19 import java.io.File;
20 import java.io.FileInputStream;
21 import java.io.IOException;
22 import java.io.InputStream;
23 import java.security.InvalidAlgorithmParameterException;
24 import java.security.NoSuchAlgorithmException;
25 import java.security.cert.CertPath;
26 import java.security.cert.CertPathValidator;
27 import java.security.cert.CertPathValidatorException;
28 import java.security.cert.CertStore;
29 import java.security.cert.CertificateFactory;
30 import java.security.cert.CollectionCertStoreParameters;
31 import java.security.cert.PKIXCertPathValidatorResult;
32 import java.security.cert.PKIXParameters;
33 import java.security.cert.TrustAnchor;
34 import java.security.cert.X509CRL;
35 import java.security.cert.X509Certificate;
36 import java.util.ArrayList;
37 import java.util.Arrays;
38 import java.util.Calendar;
39 import java.util.Collection;
40 import java.util.Collections;
41 import java.util.Date;
42 import java.util.HashSet;
43 import java.util.Set;
44 import java.util.TimeZone;
45 
46 import junit.framework.TestCase;
47 
48 public class X509CertificateNistPkitsTest extends TestCase {
49     public static final String ANY_POLICY_OID = "2.5.29.32.0";
50     public static final String RESOURCE_PACKAGE = "/tests/resources/";
51 
52     /*
53      * All the certificates in this test should be verified with the same date.
54      * Since none of the built-in roots-of-trust (CA cerificates) are needed,
55      * it should be safe to set this to a fixed date until the certificates
56      * in the tests are updated.
57      */
58     private static final Date TEST_DATE;
59     static {
60         Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
61         cal.set(2015, 0, 1);
62         TEST_DATE = cal.getTime();
63     }
64 
getStream(String name)65     public static InputStream getStream(String name) {
66         // If we have the resources packaged up in our jar file, get them that way.
67         String path = RESOURCE_PACKAGE + name;
68         InputStream result = X509CertificateNistPkitsTest.class.getResourceAsStream(path);
69         if (result != null) {
70             return result;
71         }
72         // Otherwise, if we're in an Android build tree, get the files directly.
73         String ANDROID_BUILD_TOP = System.getenv("ANDROID_BUILD_TOP");
74         if (ANDROID_BUILD_TOP != null) {
75             File resource = new File(ANDROID_BUILD_TOP + "/external/nist-pkits/res" + path);
76             if (resource.exists()) {
77                 try {
78                     return new FileInputStream(resource);
79                 } catch (IOException ex) {
80                     throw new IllegalArgumentException("Couldn't open: " + resource, ex);
81                 }
82             }
83         }
84         throw new IllegalArgumentException("No such resource: " + path);
85     }
86 
getCertificate(CertificateFactory f, String name)87     private final X509Certificate getCertificate(CertificateFactory f, String name)
88             throws Exception {
89         final String fileName = "nist-pkits/certs/" + name;
90         final InputStream is = getStream(fileName);
91         assertNotNull("File does not exist: " + fileName, is);
92         try {
93             return (X509Certificate) f.generateCertificate(is);
94         } finally {
95             try {
96                 is.close();
97             } catch (IOException ignored) {
98             }
99         }
100     }
101 
getCertificates(CertificateFactory f, String[] names)102     private final X509Certificate[] getCertificates(CertificateFactory f, String[] names)
103             throws Exception {
104         X509Certificate[] certs = new X509Certificate[names.length];
105 
106         for (int i = 0; i < names.length; i++) {
107             certs[i] = getCertificate(f, names[i]);
108         }
109 
110         return certs;
111     }
112 
getCRL(CertificateFactory f, String name)113     private final X509CRL getCRL(CertificateFactory f, String name) throws Exception {
114         final String fileName = "nist-pkits/crls/" + name;
115         final InputStream is = getStream(fileName);
116         assertNotNull("File does not exist: " + fileName, is);
117         try {
118             return (X509CRL) f.generateCRL(is);
119         } finally {
120             try {
121                 is.close();
122             } catch (IOException ignored) {
123             }
124         }
125     }
126 
getCRLs(CertificateFactory f, String[] names)127     private final X509CRL[] getCRLs(CertificateFactory f, String[] names) throws Exception {
128         X509CRL[] crls = new X509CRL[names.length];
129 
130         for (int i = 0; i < names.length; i++) {
131             crls[i] = getCRL(f, names[i]);
132         }
133 
134         return crls;
135     }
136 
getTestPath(CertificateFactory f, String[] pathCerts)137     private CertPath getTestPath(CertificateFactory f, String[] pathCerts) throws Exception {
138         X509Certificate[] certs = getCertificates(f, pathCerts);
139         return f.generateCertPath(Arrays.asList(certs));
140     }
141 
getTestPathParams(CertificateFactory f, String trustedCAName, String[] pathCerts, String[] pathCRLs)142     private PKIXParameters getTestPathParams(CertificateFactory f, String trustedCAName,
143             String[] pathCerts, String[] pathCRLs) throws Exception {
144         X509Certificate[] certs = getCertificates(f, pathCerts);
145         X509CRL[] crls = getCRLs(f, pathCRLs);
146         X509Certificate trustedCA = getCertificate(f, trustedCAName);
147 
148         Collection<Object> certCollection = new ArrayList<Object>();
149         certCollection.addAll(Arrays.asList(crls));
150         certCollection.addAll(Arrays.asList(certs));
151         certCollection.add(trustedCA);
152         CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(
153                 certCollection);
154         CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
155 
156         Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
157         anchors.add(new TrustAnchor(trustedCA, null));
158 
159         PKIXParameters params = new PKIXParameters(anchors);
160         params.addCertStore(certStore);
161         params.setExplicitPolicyRequired(false);
162         params.setInitialPolicies(Collections.singleton(ANY_POLICY_OID));
163         params.setPolicyMappingInhibited(false);
164         params.setAnyPolicyInhibited(false);
165         params.setDate(TEST_DATE);
166 
167         return params;
168     }
169 
assertInvalidPath(String trustAnchor, String[] certs, String[] crls)170     private void assertInvalidPath(String trustAnchor, String[] certs, String[] crls)
171             throws Exception, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
172         assertInvalidPath(trustAnchor, certs, certs, crls);
173     }
174 
assertInvalidPath(String trustAnchor, String[] path, String[] certs, String[] crls)175     private void assertInvalidPath(String trustAnchor, String[] path, String[] certs,
176             String[] crls) throws Exception, NoSuchAlgorithmException,
177             InvalidAlgorithmParameterException {
178         CertificateFactory f = CertificateFactory.getInstance("X.509");
179 
180         PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls);
181         CertPath cp = getTestPath(f, certs);
182         CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
183 
184         try {
185             PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp,
186                     params);
187             fail();
188         } catch (CertPathValidatorException expected) {
189         }
190     }
191 
assertValidPath(String trustAnchor, String[] certs, String[] crls)192     private void assertValidPath(String trustAnchor, String[] certs, String[] crls)
193             throws Exception, NoSuchAlgorithmException, CertPathValidatorException,
194             InvalidAlgorithmParameterException {
195         assertValidPath(trustAnchor, certs, certs, crls);
196     }
197 
assertValidPath(String trustAnchor, String[] path, String[] certs, String[] crls)198     private void assertValidPath(String trustAnchor, String[] path, String[] certs, String[] crls)
199             throws Exception, NoSuchAlgorithmException, CertPathValidatorException,
200             InvalidAlgorithmParameterException {
201         CertificateFactory f = CertificateFactory.getInstance("X.509");
202 
203         PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls);
204         CertPath cp = getTestPath(f, path);
205         CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
206 
207         PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp,
208                 params);
209     }
210 
211     /* DO NOT MANUALLY EDIT -- BEGIN AUTOMATICALLY GENERATED TESTS */
212     /** NIST PKITS test 4.1.1 */
testSignatureVerification_ValidSignaturesTest1()213     public void testSignatureVerification_ValidSignaturesTest1() throws Exception {
214         String trustAnchor = "TrustAnchorRootCertificate.crt";
215 
216         String[] certs = {
217                 "ValidCertificatePathTest1EE.crt",
218                 "GoodCACert.crt",
219         };
220 
221         String[] crls = {
222                 "TrustAnchorRootCRL.crl",
223                 "GoodCACRL.crl",
224         };
225 
226         assertValidPath(trustAnchor, certs, crls);
227     }
228 
229     /** NIST PKITS test 4.1.2 */
testSignatureVerification_InvalidCASignatureTest2()230     public void testSignatureVerification_InvalidCASignatureTest2() throws Exception {
231         String trustAnchor = "TrustAnchorRootCertificate.crt";
232 
233         String[] certs = {
234                 "InvalidCASignatureTest2EE.crt",
235                 "BadSignedCACert.crt",
236         };
237 
238         String[] crls = {
239                 "TrustAnchorRootCRL.crl",
240                 "BadSignedCACRL.crl",
241         };
242 
243         assertInvalidPath(trustAnchor, certs, crls);
244     }
245 
246     /** NIST PKITS test 4.1.3 */
testSignatureVerification_InvalidEESignatureTest3()247     public void testSignatureVerification_InvalidEESignatureTest3() throws Exception {
248         String trustAnchor = "TrustAnchorRootCertificate.crt";
249 
250         String[] certs = {
251                 "InvalidEESignatureTest3EE.crt",
252                 "GoodCACert.crt",
253         };
254 
255         String[] crls = {
256                 "TrustAnchorRootCRL.crl",
257                 "GoodCACRL.crl",
258         };
259 
260         assertInvalidPath(trustAnchor, certs, crls);
261     }
262 
263     /** NIST PKITS test 4.1.4 */
testSignatureVerification_ValidDSASignaturesTest4()264     public void testSignatureVerification_ValidDSASignaturesTest4() throws Exception {
265         String trustAnchor = "TrustAnchorRootCertificate.crt";
266 
267         String[] certs = {
268                 "ValidDSASignaturesTest4EE.crt",
269                 "DSACACert.crt",
270         };
271 
272         String[] crls = {
273                 "TrustAnchorRootCRL.crl",
274                 "DSACACRL.crl",
275         };
276 
277         assertValidPath(trustAnchor, certs, crls);
278     }
279 
280     /** NIST PKITS test 4.1.5 */
testSignatureVerification_ValidDSAParameterInheritanceTest5()281     public void testSignatureVerification_ValidDSAParameterInheritanceTest5() throws Exception {
282         String trustAnchor = "TrustAnchorRootCertificate.crt";
283 
284         String[] certs = {
285                 "ValidDSAParameterInheritanceTest5EE.crt",
286                 "DSAParametersInheritedCACert.crt",
287                 "DSACACert.crt",
288         };
289 
290         String[] crls = {
291                 "TrustAnchorRootCRL.crl",
292                 "DSACACRL.crl",
293                 "DSAParametersInheritedCACRL.crl",
294         };
295 
296         assertValidPath(trustAnchor, certs, crls);
297     }
298 
299     /** NIST PKITS test 4.1.6 */
testSignatureVerification_InvalidDSASignatureTest6()300     public void testSignatureVerification_InvalidDSASignatureTest6() throws Exception {
301         String trustAnchor = "TrustAnchorRootCertificate.crt";
302 
303         String[] certs = {
304                 "InvalidDSASignatureTest6EE.crt",
305                 "DSACACert.crt",
306         };
307 
308         String[] crls = {
309                 "TrustAnchorRootCRL.crl",
310                 "DSACACRL.crl",
311         };
312 
313         assertInvalidPath(trustAnchor, certs, crls);
314     }
315 
316     /** NIST PKITS test 4.2.1 */
testValidityPeriods_InvalidCAnotBeforeDateTest1()317     public void testValidityPeriods_InvalidCAnotBeforeDateTest1() throws Exception {
318         String trustAnchor = "TrustAnchorRootCertificate.crt";
319 
320         String[] certs = {
321                 "InvalidCAnotBeforeDateTest1EE.crt",
322                 "BadnotBeforeDateCACert.crt",
323         };
324 
325         String[] crls = {
326                 "TrustAnchorRootCRL.crl",
327                 "BadnotBeforeDateCACRL.crl",
328         };
329 
330         assertInvalidPath(trustAnchor, certs, crls);
331     }
332 
333     /** NIST PKITS test 4.2.2 */
testValidityPeriods_InvalidEEnotBeforeDateTest2()334     public void testValidityPeriods_InvalidEEnotBeforeDateTest2() throws Exception {
335         String trustAnchor = "TrustAnchorRootCertificate.crt";
336 
337         String[] certs = {
338                 "InvalidEEnotBeforeDateTest2EE.crt",
339                 "GoodCACert.crt",
340         };
341 
342         String[] crls = {
343                 "TrustAnchorRootCRL.crl",
344                 "GoodCACRL.crl",
345         };
346 
347         assertInvalidPath(trustAnchor, certs, crls);
348     }
349 
350     /** NIST PKITS test 4.2.3 */
testValidityPeriods_Validpre2000UTCnotBeforeDateTest3()351     public void testValidityPeriods_Validpre2000UTCnotBeforeDateTest3() throws Exception {
352         String trustAnchor = "TrustAnchorRootCertificate.crt";
353 
354         String[] certs = {
355                 "Validpre2000UTCnotBeforeDateTest3EE.crt",
356                 "GoodCACert.crt",
357         };
358 
359         String[] crls = {
360                 "TrustAnchorRootCRL.crl",
361                 "GoodCACRL.crl",
362         };
363 
364         assertValidPath(trustAnchor, certs, crls);
365     }
366 
367     /** NIST PKITS test 4.2.4 */
testValidityPeriods_ValidGeneralizedTimenotBeforeDateTest4()368     public void testValidityPeriods_ValidGeneralizedTimenotBeforeDateTest4() throws Exception {
369         String trustAnchor = "TrustAnchorRootCertificate.crt";
370 
371         String[] certs = {
372                 "ValidGeneralizedTimenotBeforeDateTest4EE.crt",
373                 "GoodCACert.crt",
374         };
375 
376         String[] crls = {
377                 "TrustAnchorRootCRL.crl",
378                 "GoodCACRL.crl",
379         };
380 
381         assertValidPath(trustAnchor, certs, crls);
382     }
383 
384     /** NIST PKITS test 4.2.5 */
testValidityPeriods_InvalidCAnotAfterDateTest5()385     public void testValidityPeriods_InvalidCAnotAfterDateTest5() throws Exception {
386         String trustAnchor = "TrustAnchorRootCertificate.crt";
387 
388         String[] certs = {
389                 "InvalidCAnotAfterDateTest5EE.crt",
390                 "BadnotAfterDateCACert.crt",
391         };
392 
393         String[] crls = {
394                 "TrustAnchorRootCRL.crl",
395                 "BadnotAfterDateCACRL.crl",
396         };
397 
398         assertInvalidPath(trustAnchor, certs, crls);
399     }
400 
401     /** NIST PKITS test 4.2.6 */
testValidityPeriods_InvalidEEnotAfterDateTest6()402     public void testValidityPeriods_InvalidEEnotAfterDateTest6() throws Exception {
403         String trustAnchor = "TrustAnchorRootCertificate.crt";
404 
405         String[] certs = {
406                 "InvalidEEnotAfterDateTest6EE.crt",
407                 "GoodCACert.crt",
408         };
409 
410         String[] crls = {
411                 "TrustAnchorRootCRL.crl",
412                 "GoodCACRL.crl",
413         };
414 
415         assertInvalidPath(trustAnchor, certs, crls);
416     }
417 
418     /** NIST PKITS test 4.2.7 */
testValidityPeriods_Invalidpre2000UTCEEnotAfterDateTest7()419     public void testValidityPeriods_Invalidpre2000UTCEEnotAfterDateTest7() throws Exception {
420         String trustAnchor = "TrustAnchorRootCertificate.crt";
421 
422         String[] certs = {
423                 "Invalidpre2000UTCEEnotAfterDateTest7EE.crt",
424                 "GoodCACert.crt",
425         };
426 
427         String[] crls = {
428                 "TrustAnchorRootCRL.crl",
429                 "GoodCACRL.crl",
430         };
431 
432         assertInvalidPath(trustAnchor, certs, crls);
433     }
434 
435     /** NIST PKITS test 4.2.8 */
testValidityPeriods_ValidGeneralizedTimenotAfterDateTest8()436     public void testValidityPeriods_ValidGeneralizedTimenotAfterDateTest8() throws Exception {
437         String trustAnchor = "TrustAnchorRootCertificate.crt";
438 
439         String[] certs = {
440                 "ValidGeneralizedTimenotAfterDateTest8EE.crt",
441                 "GoodCACert.crt",
442         };
443 
444         String[] crls = {
445                 "TrustAnchorRootCRL.crl",
446                 "GoodCACRL.crl",
447         };
448 
449         assertValidPath(trustAnchor, certs, crls);
450     }
451 
452     /** NIST PKITS test 4.3.1 */
testVerifyingNameChaining_InvalidNameChainingEETest1()453     public void testVerifyingNameChaining_InvalidNameChainingEETest1() throws Exception {
454         String trustAnchor = "TrustAnchorRootCertificate.crt";
455 
456         String[] certs = {
457                 "InvalidNameChainingTest1EE.crt",
458                 "GoodCACert.crt",
459         };
460 
461         String[] crls = {
462                 "TrustAnchorRootCRL.crl",
463                 "GoodCACRL.crl",
464         };
465 
466         assertInvalidPath(trustAnchor, certs, crls);
467     }
468 
469     /** NIST PKITS test 4.3.2 */
testVerifyingNameChaining_InvalidNameChainingOrderTest2()470     public void testVerifyingNameChaining_InvalidNameChainingOrderTest2() throws Exception {
471         String trustAnchor = "TrustAnchorRootCertificate.crt";
472 
473         String[] certs = {
474                 "InvalidNameChainingOrderTest2EE.crt",
475                 "NameOrderingCACert.crt",
476         };
477 
478         String[] crls = {
479                 "TrustAnchorRootCRL.crl",
480                 "NameOrderCACRL.crl",
481         };
482 
483         assertInvalidPath(trustAnchor, certs, crls);
484     }
485 
486     /** NIST PKITS test 4.3.3 */
testVerifyingNameChaining_ValidNameChainingWhitespaceTest3()487     public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest3() throws Exception {
488         String trustAnchor = "TrustAnchorRootCertificate.crt";
489 
490         String[] certs = {
491                 "ValidNameChainingWhitespaceTest3EE.crt",
492                 "GoodCACert.crt",
493         };
494 
495         String[] crls = {
496                 "TrustAnchorRootCRL.crl",
497                 "GoodCACRL.crl",
498         };
499 
500         assertValidPath(trustAnchor, certs, crls);
501     }
502 
503     /** NIST PKITS test 4.3.4 */
testVerifyingNameChaining_ValidNameChainingWhitespaceTest4()504     public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest4() throws Exception {
505         String trustAnchor = "TrustAnchorRootCertificate.crt";
506 
507         String[] certs = {
508                 "ValidNameChainingWhitespaceTest4EE.crt",
509                 "GoodCACert.crt",
510         };
511 
512         String[] crls = {
513                 "TrustAnchorRootCRL.crl",
514                 "GoodCACRL.crl",
515         };
516 
517         assertValidPath(trustAnchor, certs, crls);
518     }
519 
520     /** NIST PKITS test 4.3.5 */
testVerifyingNameChaining_ValidNameChainingCapitalizationTest5()521     public void testVerifyingNameChaining_ValidNameChainingCapitalizationTest5() throws Exception {
522         String trustAnchor = "TrustAnchorRootCertificate.crt";
523 
524         String[] certs = {
525                 "ValidNameChainingCapitalizationTest5EE.crt",
526                 "GoodCACert.crt",
527         };
528 
529         String[] crls = {
530                 "TrustAnchorRootCRL.crl",
531                 "GoodCACRL.crl",
532         };
533 
534         assertValidPath(trustAnchor, certs, crls);
535     }
536 
537     /** NIST PKITS test 4.3.6 */
testVerifyingNameChaining_ValidNameChainingUIDsTest6()538     public void testVerifyingNameChaining_ValidNameChainingUIDsTest6() throws Exception {
539         String trustAnchor = "TrustAnchorRootCertificate.crt";
540 
541         String[] certs = {
542                 "ValidNameUIDsTest6EE.crt",
543                 "UIDCACert.crt",
544         };
545 
546         String[] crls = {
547                 "TrustAnchorRootCRL.crl",
548                 "UIDCACRL.crl",
549         };
550 
551         assertValidPath(trustAnchor, certs, crls);
552     }
553 
554     /** NIST PKITS test 4.3.7 */
testVerifyingNameChaining_ValidRFC3280MandatoryAttributeTypesTest7()555     public void testVerifyingNameChaining_ValidRFC3280MandatoryAttributeTypesTest7() throws Exception {
556         String trustAnchor = "TrustAnchorRootCertificate.crt";
557 
558         String[] certs = {
559                 "ValidRFC3280MandatoryAttributeTypesTest7EE.crt",
560                 "RFC3280MandatoryAttributeTypesCACert.crt",
561         };
562 
563         String[] crls = {
564                 "TrustAnchorRootCRL.crl",
565                 "RFC3280MandatoryAttributeTypesCACRL.crl",
566         };
567 
568         assertValidPath(trustAnchor, certs, crls);
569     }
570 
571     /** NIST PKITS test 4.3.8 */
testVerifyingNameChaining_ValidRFC3280OptionalAttributeTypesTest8()572     public void testVerifyingNameChaining_ValidRFC3280OptionalAttributeTypesTest8() throws Exception {
573         String trustAnchor = "TrustAnchorRootCertificate.crt";
574 
575         String[] certs = {
576                 "ValidRFC3280OptionalAttributeTypesTest8EE.crt",
577                 "RFC3280OptionalAttributeTypesCACert.crt",
578         };
579 
580         String[] crls = {
581                 "TrustAnchorRootCRL.crl",
582                 "RFC3280OptionalAttributeTypesCACRL.crl",
583         };
584 
585         assertValidPath(trustAnchor, certs, crls);
586     }
587 
588     /** NIST PKITS test 4.3.9 */
testVerifyingNameChaining_ValidUTF8StringEncodedNamesTest9()589     public void testVerifyingNameChaining_ValidUTF8StringEncodedNamesTest9() throws Exception {
590         String trustAnchor = "TrustAnchorRootCertificate.crt";
591 
592         String[] certs = {
593                 "ValidUTF8StringEncodedNamesTest9EE.crt",
594                 "UTF8StringEncodedNamesCACert.crt",
595         };
596 
597         String[] crls = {
598                 "TrustAnchorRootCRL.crl",
599                 "UTF8StringEncodedNamesCACRL.crl",
600         };
601 
602         assertValidPath(trustAnchor, certs, crls);
603     }
604 
605     /** NIST PKITS test 4.3.10 */
testVerifyingNameChaining_ValidRolloverfromPrintableStringtoUTF8StringTest10()606     public void testVerifyingNameChaining_ValidRolloverfromPrintableStringtoUTF8StringTest10() throws Exception {
607         String trustAnchor = "TrustAnchorRootCertificate.crt";
608 
609         String[] certs = {
610                 "ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt",
611                 "RolloverfromPrintableStringtoUTF8StringCACert.crt",
612         };
613 
614         String[] crls = {
615                 "TrustAnchorRootCRL.crl",
616                 "RolloverfromPrintableStringtoUTF8StringCACRL.crl",
617         };
618 
619         assertValidPath(trustAnchor, certs, crls);
620     }
621 
622     /** NIST PKITS test 4.3.11 */
testVerifyingNameChaining_ValidUTF8StringCaseInsensitiveMatchTest11()623     public void testVerifyingNameChaining_ValidUTF8StringCaseInsensitiveMatchTest11() throws Exception {
624         String trustAnchor = "TrustAnchorRootCertificate.crt";
625 
626         String[] certs = {
627                 "ValidUTF8StringCaseInsensitiveMatchTest11EE.crt",
628                 "UTF8StringCaseInsensitiveMatchCACert.crt",
629         };
630 
631         String[] crls = {
632                 "TrustAnchorRootCRL.crl",
633                 "UTF8StringCaseInsensitiveMatchCACRL.crl",
634         };
635 
636         assertValidPath(trustAnchor, certs, crls);
637     }
638 
639     /** NIST PKITS test 4.4.1 */
testBasicCertificateRevocationTests_MissingCRLTest1()640     public void testBasicCertificateRevocationTests_MissingCRLTest1() throws Exception {
641         String trustAnchor = "TrustAnchorRootCertificate.crt";
642 
643         String[] certs = {
644                 "InvalidMissingCRLTest1EE.crt",
645                 "NoCRLCACert.crt",
646         };
647 
648         String[] crls = {
649                 "TrustAnchorRootCRL.crl",
650         };
651 
652         assertInvalidPath(trustAnchor, certs, crls);
653     }
654 
655     /** NIST PKITS test 4.4.2 */
testBasicCertificateRevocationTests_InvalidRevokedCATest2()656     public void testBasicCertificateRevocationTests_InvalidRevokedCATest2() throws Exception {
657         String trustAnchor = "TrustAnchorRootCertificate.crt";
658 
659         String[] certs = {
660                 "InvalidRevokedCATest2EE.crt",
661                 "RevokedsubCACert.crt",
662                 "GoodCACert.crt",
663         };
664 
665         String[] crls = {
666                 "TrustAnchorRootCRL.crl",
667                 "GoodCACRL.crl",
668                 "RevokedsubCACRL.crl",
669         };
670 
671         assertInvalidPath(trustAnchor, certs, crls);
672     }
673 
674     /** NIST PKITS test 4.4.3 */
testBasicCertificateRevocationTests_InvalidRevokedEETest3()675     public void testBasicCertificateRevocationTests_InvalidRevokedEETest3() throws Exception {
676         String trustAnchor = "TrustAnchorRootCertificate.crt";
677 
678         String[] certs = {
679                 "InvalidRevokedEETest3EE.crt",
680                 "GoodCACert.crt",
681         };
682 
683         String[] crls = {
684                 "TrustAnchorRootCRL.crl",
685                 "GoodCACRL.crl",
686         };
687 
688         assertInvalidPath(trustAnchor, certs, crls);
689     }
690 
691     /** NIST PKITS test 4.4.4 */
testBasicCertificateRevocationTests_InvalidBadCRLSignatureTest4()692     public void testBasicCertificateRevocationTests_InvalidBadCRLSignatureTest4() throws Exception {
693         String trustAnchor = "TrustAnchorRootCertificate.crt";
694 
695         String[] certs = {
696                 "InvalidBadCRLSignatureTest4EE.crt",
697                 "BadCRLSignatureCACert.crt",
698         };
699 
700         String[] crls = {
701                 "TrustAnchorRootCRL.crl",
702                 "BadCRLSignatureCACRL.crl",
703         };
704 
705         assertInvalidPath(trustAnchor, certs, crls);
706     }
707 
708     /** NIST PKITS test 4.4.5 */
testBasicCertificateRevocationTests_InvalidBadCRLIssuerNameTest5()709     public void testBasicCertificateRevocationTests_InvalidBadCRLIssuerNameTest5() throws Exception {
710         String trustAnchor = "TrustAnchorRootCertificate.crt";
711 
712         String[] certs = {
713                 "InvalidBadCRLIssuerNameTest5EE.crt",
714                 "BadCRLIssuerNameCACert.crt",
715         };
716 
717         String[] crls = {
718                 "TrustAnchorRootCRL.crl",
719                 "BadCRLIssuerNameCACRL.crl",
720         };
721 
722         assertInvalidPath(trustAnchor, certs, crls);
723     }
724 
725     /** NIST PKITS test 4.4.6 */
testBasicCertificateRevocationTests_InvalidWrongCRLTest6()726     public void testBasicCertificateRevocationTests_InvalidWrongCRLTest6() throws Exception {
727         String trustAnchor = "TrustAnchorRootCertificate.crt";
728 
729         String[] certs = {
730                 "InvalidWrongCRLTest6EE.crt",
731                 "WrongCRLCACert.crt",
732         };
733 
734         String[] crls = {
735                 "TrustAnchorRootCRL.crl",
736                 "WrongCRLCACRL.crl",
737         };
738 
739         assertInvalidPath(trustAnchor, certs, crls);
740     }
741 
742     /** NIST PKITS test 4.4.7 */
testBasicCertificateRevocationTests_ValidTwoCRLsTest7()743     public void testBasicCertificateRevocationTests_ValidTwoCRLsTest7() throws Exception {
744         String trustAnchor = "TrustAnchorRootCertificate.crt";
745 
746         String[] certs = {
747                 "ValidTwoCRLsTest7EE.crt",
748                 "TwoCRLsCACert.crt",
749         };
750 
751         String[] crls = {
752                 "TrustAnchorRootCRL.crl",
753                 "TwoCRLsCAGoodCRL.crl",
754                 "TwoCRLsCABadCRL.crl",
755         };
756 
757         assertValidPath(trustAnchor, certs, crls);
758     }
759 
760     /** NIST PKITS test 4.4.8 */
testBasicCertificateRevocationTests_InvalidUnknownCRLEntryExtensionTest8()761     public void testBasicCertificateRevocationTests_InvalidUnknownCRLEntryExtensionTest8() throws Exception {
762         String trustAnchor = "TrustAnchorRootCertificate.crt";
763 
764         String[] certs = {
765                 "InvalidUnknownCRLEntryExtensionTest8EE.crt",
766                 "UnknownCRLEntryExtensionCACert.crt",
767         };
768 
769         String[] crls = {
770                 "TrustAnchorRootCRL.crl",
771                 "UnknownCRLEntryExtensionCACRL.crl",
772         };
773 
774         assertInvalidPath(trustAnchor, certs, crls);
775     }
776 
777     /** NIST PKITS test 4.4.9 */
testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest9()778     public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest9() throws Exception {
779         String trustAnchor = "TrustAnchorRootCertificate.crt";
780 
781         String[] certs = {
782                 "InvalidUnknownCRLExtensionTest9EE.crt",
783                 "UnknownCRLExtensionCACert.crt",
784         };
785 
786         String[] crls = {
787                 "TrustAnchorRootCRL.crl",
788                 "UnknownCRLExtensionCACRL.crl",
789         };
790 
791         assertInvalidPath(trustAnchor, certs, crls);
792     }
793 
794     /** NIST PKITS test 4.4.10 */
testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest10()795     public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest10() throws Exception {
796         String trustAnchor = "TrustAnchorRootCertificate.crt";
797 
798         String[] certs = {
799                 "InvalidUnknownCRLExtensionTest10EE.crt",
800                 "UnknownCRLExtensionCACert.crt",
801         };
802 
803         String[] crls = {
804                 "TrustAnchorRootCRL.crl",
805                 "UnknownCRLExtensionCACRL.crl",
806         };
807 
808         assertInvalidPath(trustAnchor, certs, crls);
809     }
810 
811     /** NIST PKITS test 4.4.11 */
testBasicCertificateRevocationTests_InvalidOldCRLnextUpdateTest11()812     public void testBasicCertificateRevocationTests_InvalidOldCRLnextUpdateTest11() throws Exception {
813         String trustAnchor = "TrustAnchorRootCertificate.crt";
814 
815         String[] certs = {
816                 "InvalidOldCRLnextUpdateTest11EE.crt",
817                 "OldCRLnextUpdateCACert.crt",
818         };
819 
820         String[] crls = {
821                 "TrustAnchorRootCRL.crl",
822                 "OldCRLnextUpdateCACRL.crl",
823         };
824 
825         assertInvalidPath(trustAnchor, certs, crls);
826     }
827 
828     /** NIST PKITS test 4.4.12 */
testBasicCertificateRevocationTests_Invalidpre2000CRLnextUpdateTest12()829     public void testBasicCertificateRevocationTests_Invalidpre2000CRLnextUpdateTest12() throws Exception {
830         String trustAnchor = "TrustAnchorRootCertificate.crt";
831 
832         String[] certs = {
833                 "Invalidpre2000CRLnextUpdateTest12EE.crt",
834                 "pre2000CRLnextUpdateCACert.crt",
835         };
836 
837         String[] crls = {
838                 "TrustAnchorRootCRL.crl",
839                 "pre2000CRLnextUpdateCACRL.crl",
840         };
841 
842         assertInvalidPath(trustAnchor, certs, crls);
843     }
844 
845     /** NIST PKITS test 4.4.13 */
testBasicCertificateRevocationTests_ValidGeneralizedTimeCRLnextUpdateTest13()846     public void testBasicCertificateRevocationTests_ValidGeneralizedTimeCRLnextUpdateTest13() throws Exception {
847         String trustAnchor = "TrustAnchorRootCertificate.crt";
848 
849         String[] certs = {
850                 "ValidGeneralizedTimeCRLnextUpdateTest13EE.crt",
851                 "GeneralizedTimeCRLnextUpdateCACert.crt",
852         };
853 
854         String[] crls = {
855                 "TrustAnchorRootCRL.crl",
856                 "GeneralizedTimeCRLnextUpdateCACRL.crl",
857         };
858 
859         assertValidPath(trustAnchor, certs, crls);
860     }
861 
862     /** NIST PKITS test 4.4.14 */
testBasicCertificateRevocationTests_ValidNegativeSerialNumberTest14()863     public void testBasicCertificateRevocationTests_ValidNegativeSerialNumberTest14() throws Exception {
864         String trustAnchor = "TrustAnchorRootCertificate.crt";
865 
866         String[] certs = {
867                 "ValidNegativeSerialNumberTest14EE.crt",
868                 "NegativeSerialNumberCACert.crt",
869         };
870 
871         String[] crls = {
872                 "TrustAnchorRootCRL.crl",
873                 "NegativeSerialNumberCACRL.crl",
874         };
875 
876         assertValidPath(trustAnchor, certs, crls);
877     }
878 
879     /** NIST PKITS test 4.4.15 */
testBasicCertificateRevocationTests_InvalidNegativeSerialNumberTest15()880     public void testBasicCertificateRevocationTests_InvalidNegativeSerialNumberTest15() throws Exception {
881         String trustAnchor = "TrustAnchorRootCertificate.crt";
882 
883         String[] certs = {
884                 "InvalidNegativeSerialNumberTest15EE.crt",
885                 "NegativeSerialNumberCACert.crt",
886         };
887 
888         String[] crls = {
889                 "TrustAnchorRootCRL.crl",
890                 "NegativeSerialNumberCACRL.crl",
891         };
892 
893         assertInvalidPath(trustAnchor, certs, crls);
894     }
895 
896     /** NIST PKITS test 4.4.16 */
testBasicCertificateRevocationTests_ValidLongSerialNumberTest16()897     public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest16() throws Exception {
898         String trustAnchor = "TrustAnchorRootCertificate.crt";
899 
900         String[] certs = {
901                 "ValidLongSerialNumberTest16EE.crt",
902                 "LongSerialNumberCACert.crt",
903         };
904 
905         String[] crls = {
906                 "TrustAnchorRootCRL.crl",
907                 "LongSerialNumberCACRL.crl",
908         };
909 
910         assertValidPath(trustAnchor, certs, crls);
911     }
912 
913     /** NIST PKITS test 4.4.17 */
testBasicCertificateRevocationTests_ValidLongSerialNumberTest17()914     public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest17() throws Exception {
915         String trustAnchor = "TrustAnchorRootCertificate.crt";
916 
917         String[] certs = {
918                 "ValidLongSerialNumberTest17EE.crt",
919                 "LongSerialNumberCACert.crt",
920         };
921 
922         String[] crls = {
923                 "TrustAnchorRootCRL.crl",
924                 "LongSerialNumberCACRL.crl",
925         };
926 
927         assertValidPath(trustAnchor, certs, crls);
928     }
929 
930     /** NIST PKITS test 4.4.18 */
testBasicCertificateRevocationTests_InvalidLongSerialNumberTest18()931     public void testBasicCertificateRevocationTests_InvalidLongSerialNumberTest18() throws Exception {
932         String trustAnchor = "TrustAnchorRootCertificate.crt";
933 
934         String[] certs = {
935                 "InvalidLongSerialNumberTest18EE.crt",
936                 "LongSerialNumberCACert.crt",
937         };
938 
939         String[] crls = {
940                 "TrustAnchorRootCRL.crl",
941                 "LongSerialNumberCACRL.crl",
942         };
943 
944         assertInvalidPath(trustAnchor, certs, crls);
945     }
946 
947     /** NIST PKITS test 4.4.19 */
testBasicCertificateRevocationTests_ValidSeparateCertificateandCRLKeysTest19()948     public void testBasicCertificateRevocationTests_ValidSeparateCertificateandCRLKeysTest19() throws Exception {
949         String trustAnchor = "TrustAnchorRootCertificate.crt";
950 
951         String[] path = {
952                 "ValidSeparateCertificateandCRLKeysTest19EE.crt",
953                 "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
954         };
955 
956         String[] certs = {
957                 "ValidSeparateCertificateandCRLKeysTest19EE.crt",
958                 "SeparateCertificateandCRLKeysCRLSigningCert.crt",
959                 "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
960         };
961 
962         String[] crls = {
963                 "TrustAnchorRootCRL.crl",
964                 "SeparateCertificateandCRLKeysCRL.crl",
965         };
966 
967         assertValidPath(trustAnchor, path, certs, crls);
968     }
969 
970     /** NIST PKITS test 4.4.20 */
testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest20()971     public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest20() throws Exception {
972         String trustAnchor = "TrustAnchorRootCertificate.crt";
973 
974         String[] path = {
975                 "InvalidSeparateCertificateandCRLKeysTest20EE.crt",
976                 "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
977         };
978 
979         String[] certs = {
980                 "InvalidSeparateCertificateandCRLKeysTest20EE.crt",
981                 "SeparateCertificateandCRLKeysCRLSigningCert.crt",
982                 "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
983         };
984 
985         String[] crls = {
986                 "TrustAnchorRootCRL.crl",
987                 "SeparateCertificateandCRLKeysCRL.crl",
988         };
989 
990         assertInvalidPath(trustAnchor, path, certs, crls);
991     }
992 
993     /** NIST PKITS test 4.4.21 */
testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest21()994     public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest21() throws Exception {
995         String trustAnchor = "TrustAnchorRootCertificate.crt";
996 
997         String[] path = {
998                 "InvalidSeparateCertificateandCRLKeysTest21EE.crt",
999                 "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt",
1000         };
1001 
1002         String[] certs = {
1003                 "InvalidSeparateCertificateandCRLKeysTest21EE.crt",
1004                 "SeparateCertificateandCRLKeysCA2CRLSigningCert.crt",
1005                 "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt",
1006         };
1007 
1008         String[] crls = {
1009                 "TrustAnchorRootCRL.crl",
1010                 "SeparateCertificateandCRLKeysCA2CRL.crl",
1011         };
1012 
1013         assertInvalidPath(trustAnchor, path, certs, crls);
1014     }
1015 
1016     /** NIST PKITS test 4.5.1 */
testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedOldWithNewTest1()1017     public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedOldWithNewTest1() throws Exception {
1018         String trustAnchor = "TrustAnchorRootCertificate.crt";
1019 
1020         String[] certs = {
1021                 "ValidBasicSelfIssuedOldWithNewTest1EE.crt",
1022                 "BasicSelfIssuedNewKeyOldWithNewCACert.crt",
1023                 "BasicSelfIssuedNewKeyCACert.crt",
1024         };
1025 
1026         String[] crls = {
1027                 "TrustAnchorRootCRL.crl",
1028                 "BasicSelfIssuedNewKeyCACRL.crl",
1029         };
1030 
1031         assertValidPath(trustAnchor, certs, crls);
1032     }
1033 
1034     /** NIST PKITS test 4.5.2 */
testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedOldWithNewTest2()1035     public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedOldWithNewTest2() throws Exception {
1036         String trustAnchor = "TrustAnchorRootCertificate.crt";
1037 
1038         String[] certs = {
1039                 "InvalidBasicSelfIssuedOldWithNewTest2EE.crt",
1040                 "BasicSelfIssuedNewKeyOldWithNewCACert.crt",
1041                 "BasicSelfIssuedNewKeyCACert.crt",
1042         };
1043 
1044         String[] crls = {
1045                 "TrustAnchorRootCRL.crl",
1046                 "BasicSelfIssuedNewKeyCACRL.crl",
1047         };
1048 
1049         assertInvalidPath(trustAnchor, certs, crls);
1050     }
1051 
1052     /** NIST PKITS test 4.5.3 */
testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest3()1053     public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest3() throws Exception {
1054         String trustAnchor = "TrustAnchorRootCertificate.crt";
1055 
1056         String[] certs = {
1057                 "ValidBasicSelfIssuedNewWithOldTest3EE.crt",
1058                 "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
1059                 "BasicSelfIssuedOldKeyCACert.crt",
1060         };
1061 
1062         String[] crls = {
1063                 "TrustAnchorRootCRL.crl",
1064                 "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
1065                 "BasicSelfIssuedOldKeyCACRL.crl",
1066         };
1067 
1068         assertValidPath(trustAnchor, certs, crls);
1069     }
1070 
1071     /** NIST PKITS test 4.5.4 */
testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest4()1072     public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest4() throws Exception {
1073         String trustAnchor = "TrustAnchorRootCertificate.crt";
1074 
1075         String[] path = {
1076                 "ValidBasicSelfIssuedNewWithOldTest4EE.crt",
1077                 "BasicSelfIssuedOldKeyCACert.crt",
1078         };
1079 
1080         String[] certs = {
1081                 "ValidBasicSelfIssuedNewWithOldTest4EE.crt",
1082                 "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
1083                 "BasicSelfIssuedOldKeyCACert.crt",
1084         };
1085 
1086         String[] crls = {
1087                 "TrustAnchorRootCRL.crl",
1088                 "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
1089                 "BasicSelfIssuedOldKeyCACRL.crl",
1090         };
1091 
1092         assertValidPath(trustAnchor, path, certs, crls);
1093     }
1094 
1095     /** NIST PKITS test 4.5.5 */
testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedNewWithOldTest5()1096     public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedNewWithOldTest5() throws Exception {
1097         String trustAnchor = "TrustAnchorRootCertificate.crt";
1098 
1099         String[] certs = {
1100                 "InvalidBasicSelfIssuedNewWithOldTest5EE.crt",
1101                 "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
1102                 "BasicSelfIssuedOldKeyCACert.crt",
1103         };
1104 
1105         String[] crls = {
1106                 "TrustAnchorRootCRL.crl",
1107                 "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
1108                 "BasicSelfIssuedOldKeyCACRL.crl",
1109         };
1110 
1111         assertInvalidPath(trustAnchor, certs, crls);
1112     }
1113 
1114     /** NIST PKITS test 4.5.6 */
testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedCRLSigningKeyTest6()1115     public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedCRLSigningKeyTest6() throws Exception {
1116         String trustAnchor = "TrustAnchorRootCertificate.crt";
1117 
1118         String[] path = {
1119                 "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt",
1120                 "BasicSelfIssuedCRLSigningKeyCACert.crt",
1121         };
1122 
1123         String[] certs = {
1124                 "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt",
1125                 "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
1126                 "BasicSelfIssuedCRLSigningKeyCACert.crt",
1127         };
1128 
1129         String[] crls = {
1130                 "TrustAnchorRootCRL.crl",
1131                 "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
1132                 "BasicSelfIssuedCRLSigningKeyCACRL.crl",
1133         };
1134 
1135         assertValidPath(trustAnchor, path, certs, crls);
1136     }
1137 
1138     /** NIST PKITS test 4.5.7 */
testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest7()1139     public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest7() throws Exception {
1140         String trustAnchor = "TrustAnchorRootCertificate.crt";
1141 
1142         String[] certs = {
1143                 "InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt",
1144                 "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
1145                 "BasicSelfIssuedCRLSigningKeyCACert.crt",
1146         };
1147 
1148         String[] crls = {
1149                 "TrustAnchorRootCRL.crl",
1150                 "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
1151                 "BasicSelfIssuedCRLSigningKeyCACRL.crl",
1152         };
1153 
1154         assertInvalidPath(trustAnchor, certs, crls);
1155     }
1156 
1157     /** NIST PKITS test 4.5.8 */
testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest8()1158     public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest8() throws Exception {
1159         String trustAnchor = "TrustAnchorRootCertificate.crt";
1160 
1161         String[] certs = {
1162                 "InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt",
1163                 "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
1164                 "BasicSelfIssuedCRLSigningKeyCACert.crt",
1165         };
1166 
1167         String[] crls = {
1168                 "TrustAnchorRootCRL.crl",
1169                 "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
1170                 "BasicSelfIssuedCRLSigningKeyCACRL.crl",
1171         };
1172 
1173         assertInvalidPath(trustAnchor, certs, crls);
1174     }
1175 
1176     /** NIST PKITS test 4.6.1 */
testVerifyingBasicConstraints_InvalidMissingbasicConstraintsTest1()1177     public void testVerifyingBasicConstraints_InvalidMissingbasicConstraintsTest1() throws Exception {
1178         String trustAnchor = "TrustAnchorRootCertificate.crt";
1179 
1180         String[] certs = {
1181                 "InvalidMissingbasicConstraintsTest1EE.crt",
1182                 "MissingbasicConstraintsCACert.crt",
1183         };
1184 
1185         String[] crls = {
1186                 "TrustAnchorRootCRL.crl",
1187                 "MissingbasicConstraintsCACRL.crl",
1188         };
1189 
1190         assertInvalidPath(trustAnchor, certs, crls);
1191     }
1192 
1193     /** NIST PKITS test 4.6.2 */
testVerifyingBasicConstraints_InvalidcAFalseTest2()1194     public void testVerifyingBasicConstraints_InvalidcAFalseTest2() throws Exception {
1195         String trustAnchor = "TrustAnchorRootCertificate.crt";
1196 
1197         String[] certs = {
1198                 "InvalidcAFalseTest2EE.crt",
1199                 "basicConstraintsCriticalcAFalseCACert.crt",
1200         };
1201 
1202         String[] crls = {
1203                 "TrustAnchorRootCRL.crl",
1204                 "basicConstraintsCriticalcAFalseCACRL.crl",
1205         };
1206 
1207         assertInvalidPath(trustAnchor, certs, crls);
1208     }
1209 
1210     /** NIST PKITS test 4.6.3 */
testVerifyingBasicConstraints_InvalidcAFalseTest3()1211     public void testVerifyingBasicConstraints_InvalidcAFalseTest3() throws Exception {
1212         String trustAnchor = "TrustAnchorRootCertificate.crt";
1213 
1214         String[] certs = {
1215                 "InvalidcAFalseTest3EE.crt",
1216                 "basicConstraintsNotCriticalcAFalseCACert.crt",
1217         };
1218 
1219         String[] crls = {
1220                 "TrustAnchorRootCRL.crl",
1221                 "basicConstraintsNotCriticalcAFalseCACRL.crl",
1222         };
1223 
1224         assertInvalidPath(trustAnchor, certs, crls);
1225     }
1226 
1227     /** NIST PKITS test 4.6.4 */
testVerifyingBasicConstraints_ValidbasicConstraintsNotCriticalTest4()1228     public void testVerifyingBasicConstraints_ValidbasicConstraintsNotCriticalTest4() throws Exception {
1229         String trustAnchor = "TrustAnchorRootCertificate.crt";
1230 
1231         String[] certs = {
1232                 "ValidbasicConstraintsNotCriticalTest4EE.crt",
1233                 "basicConstraintsNotCriticalCACert.crt",
1234         };
1235 
1236         String[] crls = {
1237                 "TrustAnchorRootCRL.crl",
1238                 "basicConstraintsNotCriticalCACRL.crl",
1239         };
1240 
1241         assertValidPath(trustAnchor, certs, crls);
1242     }
1243 
1244     /** NIST PKITS test 4.6.5 */
testVerifyingBasicConstraints_InvalidpathLenConstraintTest5()1245     public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest5() throws Exception {
1246         String trustAnchor = "TrustAnchorRootCertificate.crt";
1247 
1248         String[] certs = {
1249                 "InvalidpathLenConstraintTest5EE.crt",
1250                 "pathLenConstraint0subCACert.crt",
1251                 "pathLenConstraint0CACert.crt",
1252         };
1253 
1254         String[] crls = {
1255                 "TrustAnchorRootCRL.crl",
1256                 "pathLenConstraint0CACRL.crl",
1257                 "pathLenConstraint0subCACRL.crl",
1258         };
1259 
1260         assertInvalidPath(trustAnchor, certs, crls);
1261     }
1262 
1263     /** NIST PKITS test 4.6.6 */
testVerifyingBasicConstraints_InvalidpathLenConstraintTest6()1264     public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest6() throws Exception {
1265         String trustAnchor = "TrustAnchorRootCertificate.crt";
1266 
1267         String[] certs = {
1268                 "InvalidpathLenConstraintTest6EE.crt",
1269                 "pathLenConstraint0subCACert.crt",
1270                 "pathLenConstraint0CACert.crt",
1271         };
1272 
1273         String[] crls = {
1274                 "TrustAnchorRootCRL.crl",
1275                 "pathLenConstraint0CACRL.crl",
1276                 "pathLenConstraint0subCACRL.crl",
1277         };
1278 
1279         assertInvalidPath(trustAnchor, certs, crls);
1280     }
1281 
1282     /** NIST PKITS test 4.6.7 */
testVerifyingBasicConstraints_ValidpathLenConstraintTest7()1283     public void testVerifyingBasicConstraints_ValidpathLenConstraintTest7() throws Exception {
1284         String trustAnchor = "TrustAnchorRootCertificate.crt";
1285 
1286         String[] certs = {
1287                 "ValidpathLenConstraintTest7EE.crt",
1288                 "pathLenConstraint0CACert.crt",
1289         };
1290 
1291         String[] crls = {
1292                 "TrustAnchorRootCRL.crl",
1293                 "pathLenConstraint0CACRL.crl",
1294         };
1295 
1296         assertValidPath(trustAnchor, certs, crls);
1297     }
1298 
1299     /** NIST PKITS test 4.6.8 */
testVerifyingBasicConstraints_ValidpathLenConstraintTest8()1300     public void testVerifyingBasicConstraints_ValidpathLenConstraintTest8() throws Exception {
1301         String trustAnchor = "TrustAnchorRootCertificate.crt";
1302 
1303         String[] certs = {
1304                 "ValidpathLenConstraintTest8EE.crt",
1305                 "pathLenConstraint0CACert.crt",
1306         };
1307 
1308         String[] crls = {
1309                 "TrustAnchorRootCRL.crl",
1310                 "pathLenConstraint0CACRL.crl",
1311         };
1312 
1313         assertValidPath(trustAnchor, certs, crls);
1314     }
1315 
1316     /** NIST PKITS test 4.6.9 */
testVerifyingBasicConstraints_InvalidpathLenConstraintTest9()1317     public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest9() throws Exception {
1318         String trustAnchor = "TrustAnchorRootCertificate.crt";
1319 
1320         String[] certs = {
1321                 "InvalidpathLenConstraintTest9EE.crt",
1322                 "pathLenConstraint6subsubCA00Cert.crt",
1323                 "pathLenConstraint6subCA0Cert.crt",
1324                 "pathLenConstraint6CACert.crt",
1325         };
1326 
1327         String[] crls = {
1328                 "TrustAnchorRootCRL.crl",
1329                 "pathLenConstraint6CACRL.crl",
1330                 "pathLenConstraint6subCA0CRL.crl",
1331                 "pathLenConstraint6subsubCA00CRL.crl",
1332         };
1333 
1334         assertInvalidPath(trustAnchor, certs, crls);
1335     }
1336 
1337     /** NIST PKITS test 4.6.10 */
testVerifyingBasicConstraints_InvalidpathLenConstraintTest10()1338     public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest10() throws Exception {
1339         String trustAnchor = "TrustAnchorRootCertificate.crt";
1340 
1341         String[] certs = {
1342                 "InvalidpathLenConstraintTest10EE.crt",
1343                 "pathLenConstraint6subsubCA00Cert.crt",
1344                 "pathLenConstraint6subCA0Cert.crt",
1345                 "pathLenConstraint6CACert.crt",
1346         };
1347 
1348         String[] crls = {
1349                 "TrustAnchorRootCRL.crl",
1350                 "pathLenConstraint6CACRL.crl",
1351                 "pathLenConstraint6subCA0CRL.crl",
1352                 "pathLenConstraint6subsubCA00CRL.crl",
1353         };
1354 
1355         assertInvalidPath(trustAnchor, certs, crls);
1356     }
1357 
1358     /** NIST PKITS test 4.6.11 */
testVerifyingBasicConstraints_InvalidpathLenConstraintTest11()1359     public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest11() throws Exception {
1360         String trustAnchor = "TrustAnchorRootCertificate.crt";
1361 
1362         String[] certs = {
1363                 "InvalidpathLenConstraintTest11EE.crt",
1364                 "pathLenConstraint6subsubsubCA11XCert.crt",
1365                 "pathLenConstraint6subsubCA11Cert.crt",
1366                 "pathLenConstraint6subCA1Cert.crt",
1367                 "pathLenConstraint6CACert.crt",
1368         };
1369 
1370         String[] crls = {
1371                 "TrustAnchorRootCRL.crl",
1372                 "pathLenConstraint6CACRL.crl",
1373                 "pathLenConstraint6subCA1CRL.crl",
1374                 "pathLenConstraint6subsubCA11CRL.crl",
1375                 "pathLenConstraint6subsubsubCA11XCRL.crl",
1376         };
1377 
1378         assertInvalidPath(trustAnchor, certs, crls);
1379     }
1380 
1381     /** NIST PKITS test 4.6.12 */
testVerifyingBasicConstraints_InvalidpathLenConstraintTest12()1382     public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest12() throws Exception {
1383         String trustAnchor = "TrustAnchorRootCertificate.crt";
1384 
1385         String[] certs = {
1386                 "InvalidpathLenConstraintTest12EE.crt",
1387                 "pathLenConstraint6subsubsubCA11XCert.crt",
1388                 "pathLenConstraint6subsubCA11Cert.crt",
1389                 "pathLenConstraint6subCA1Cert.crt",
1390                 "pathLenConstraint6CACert.crt",
1391         };
1392 
1393         String[] crls = {
1394                 "TrustAnchorRootCRL.crl",
1395                 "pathLenConstraint6CACRL.crl",
1396                 "pathLenConstraint6subCA1CRL.crl",
1397                 "pathLenConstraint6subsubCA11CRL.crl",
1398                 "pathLenConstraint6subsubsubCA11XCRL.crl",
1399         };
1400 
1401         assertInvalidPath(trustAnchor, certs, crls);
1402     }
1403 
1404     /** NIST PKITS test 4.6.13 */
testVerifyingBasicConstraints_ValidpathLenConstraintTest13()1405     public void testVerifyingBasicConstraints_ValidpathLenConstraintTest13() throws Exception {
1406         String trustAnchor = "TrustAnchorRootCertificate.crt";
1407 
1408         String[] certs = {
1409                 "ValidpathLenConstraintTest13EE.crt",
1410                 "pathLenConstraint6subsubsubCA41XCert.crt",
1411                 "pathLenConstraint6subsubCA41Cert.crt",
1412                 "pathLenConstraint6subCA4Cert.crt",
1413                 "pathLenConstraint6CACert.crt",
1414         };
1415 
1416         String[] crls = {
1417                 "TrustAnchorRootCRL.crl",
1418                 "pathLenConstraint6CACRL.crl",
1419                 "pathLenConstraint6subCA4CRL.crl",
1420                 "pathLenConstraint6subsubCA41CRL.crl",
1421                 "pathLenConstraint6subsubsubCA41XCRL.crl",
1422         };
1423 
1424         assertValidPath(trustAnchor, certs, crls);
1425     }
1426 
1427     /** NIST PKITS test 4.6.14 */
testVerifyingBasicConstraints_ValidpathLenConstraintTest14()1428     public void testVerifyingBasicConstraints_ValidpathLenConstraintTest14() throws Exception {
1429         String trustAnchor = "TrustAnchorRootCertificate.crt";
1430 
1431         String[] certs = {
1432                 "ValidpathLenConstraintTest14EE.crt",
1433                 "pathLenConstraint6subsubsubCA41XCert.crt",
1434                 "pathLenConstraint6subsubCA41Cert.crt",
1435                 "pathLenConstraint6subCA4Cert.crt",
1436                 "pathLenConstraint6CACert.crt",
1437         };
1438 
1439         String[] crls = {
1440                 "TrustAnchorRootCRL.crl",
1441                 "pathLenConstraint6CACRL.crl",
1442                 "pathLenConstraint6subCA4CRL.crl",
1443                 "pathLenConstraint6subsubCA41CRL.crl",
1444                 "pathLenConstraint6subsubsubCA41XCRL.crl",
1445         };
1446 
1447         assertValidPath(trustAnchor, certs, crls);
1448     }
1449 
1450     /** NIST PKITS test 4.6.15 */
testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest15()1451     public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest15() throws Exception {
1452         String trustAnchor = "TrustAnchorRootCertificate.crt";
1453 
1454         String[] certs = {
1455                 "ValidSelfIssuedpathLenConstraintTest15EE.crt",
1456                 "pathLenConstraint0SelfIssuedCACert.crt",
1457                 "pathLenConstraint0CACert.crt",
1458         };
1459 
1460         String[] crls = {
1461                 "TrustAnchorRootCRL.crl",
1462                 "pathLenConstraint0CACRL.crl",
1463         };
1464 
1465         assertValidPath(trustAnchor, certs, crls);
1466     }
1467 
1468     /** NIST PKITS test 4.6.16 */
testVerifyingBasicConstraints_InvalidSelfIssuedpathLenConstraintTest16()1469     public void testVerifyingBasicConstraints_InvalidSelfIssuedpathLenConstraintTest16() throws Exception {
1470         String trustAnchor = "TrustAnchorRootCertificate.crt";
1471 
1472         String[] certs = {
1473                 "InvalidSelfIssuedpathLenConstraintTest16EE.crt",
1474                 "pathLenConstraint0subCA2Cert.crt",
1475                 "pathLenConstraint0SelfIssuedCACert.crt",
1476                 "pathLenConstraint0CACert.crt",
1477         };
1478 
1479         String[] crls = {
1480                 "TrustAnchorRootCRL.crl",
1481                 "pathLenConstraint0CACRL.crl",
1482                 "pathLenConstraint0subCA2CRL.crl",
1483         };
1484 
1485         assertInvalidPath(trustAnchor, certs, crls);
1486     }
1487 
1488     /** NIST PKITS test 4.6.17 */
testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest17()1489     public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest17() throws Exception {
1490         String trustAnchor = "TrustAnchorRootCertificate.crt";
1491 
1492         String[] certs = {
1493                 "ValidSelfIssuedpathLenConstraintTest17EE.crt",
1494                 "pathLenConstraint1SelfIssuedsubCACert.crt",
1495                 "pathLenConstraint1subCACert.crt",
1496                 "pathLenConstraint1SelfIssuedCACert.crt",
1497                 "pathLenConstraint1CACert.crt",
1498         };
1499 
1500         String[] crls = {
1501                 "TrustAnchorRootCRL.crl",
1502                 "pathLenConstraint1CACRL.crl",
1503                 "pathLenConstraint1subCACRL.crl",
1504         };
1505 
1506         assertValidPath(trustAnchor, certs, crls);
1507     }
1508 
1509     /** NIST PKITS test 4.7.1 */
testKeyUsage_InvalidkeyUsageCriticalkeyCertSignFalseTest1()1510     public void testKeyUsage_InvalidkeyUsageCriticalkeyCertSignFalseTest1() throws Exception {
1511         String trustAnchor = "TrustAnchorRootCertificate.crt";
1512 
1513         String[] certs = {
1514                 "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt",
1515                 "keyUsageCriticalkeyCertSignFalseCACert.crt",
1516         };
1517 
1518         String[] crls = {
1519                 "TrustAnchorRootCRL.crl",
1520                 "keyUsageCriticalkeyCertSignFalseCACRL.crl",
1521         };
1522 
1523         assertInvalidPath(trustAnchor, certs, crls);
1524     }
1525 
1526     /** NIST PKITS test 4.7.2 */
testKeyUsage_InvalidkeyUsageNotCriticalkeyCertSignFalseTest2()1527     public void testKeyUsage_InvalidkeyUsageNotCriticalkeyCertSignFalseTest2() throws Exception {
1528         String trustAnchor = "TrustAnchorRootCertificate.crt";
1529 
1530         String[] certs = {
1531                 "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt",
1532                 "keyUsageNotCriticalkeyCertSignFalseCACert.crt",
1533         };
1534 
1535         String[] crls = {
1536                 "TrustAnchorRootCRL.crl",
1537                 "keyUsageNotCriticalkeyCertSignFalseCACRL.crl",
1538         };
1539 
1540         assertInvalidPath(trustAnchor, certs, crls);
1541     }
1542 
1543     /** NIST PKITS test 4.7.3 */
testKeyUsage_ValidkeyUsageNotCriticalTest3()1544     public void testKeyUsage_ValidkeyUsageNotCriticalTest3() throws Exception {
1545         String trustAnchor = "TrustAnchorRootCertificate.crt";
1546 
1547         String[] certs = {
1548                 "ValidkeyUsageNotCriticalTest3EE.crt",
1549                 "keyUsageNotCriticalCACert.crt",
1550         };
1551 
1552         String[] crls = {
1553                 "TrustAnchorRootCRL.crl",
1554                 "keyUsageNotCriticalCACRL.crl",
1555         };
1556 
1557         assertValidPath(trustAnchor, certs, crls);
1558     }
1559 
1560     /** NIST PKITS test 4.7.4 */
testKeyUsage_InvalidkeyUsageCriticalcRLSignFalseTest4()1561     public void testKeyUsage_InvalidkeyUsageCriticalcRLSignFalseTest4() throws Exception {
1562         String trustAnchor = "TrustAnchorRootCertificate.crt";
1563 
1564         String[] certs = {
1565                 "InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt",
1566                 "keyUsageCriticalcRLSignFalseCACert.crt",
1567         };
1568 
1569         String[] crls = {
1570                 "TrustAnchorRootCRL.crl",
1571                 "keyUsageCriticalcRLSignFalseCACRL.crl",
1572         };
1573 
1574         assertInvalidPath(trustAnchor, certs, crls);
1575     }
1576 
1577     /** NIST PKITS test 4.7.5 */
testKeyUsage_InvalidkeyUsageNotCriticalcRLSignFalseTest5()1578     public void testKeyUsage_InvalidkeyUsageNotCriticalcRLSignFalseTest5() throws Exception {
1579         String trustAnchor = "TrustAnchorRootCertificate.crt";
1580 
1581         String[] certs = {
1582                 "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt",
1583                 "keyUsageNotCriticalcRLSignFalseCACert.crt",
1584         };
1585 
1586         String[] crls = {
1587                 "TrustAnchorRootCRL.crl",
1588                 "keyUsageNotCriticalcRLSignFalseCACRL.crl",
1589         };
1590 
1591         assertInvalidPath(trustAnchor, certs, crls);
1592     }
1593 
1594     // skipping sections 4.8 to 4.12
1595 
1596     /** NIST PKITS test 4.13.1 */
testKeyUsage_ValidDNnameConstraintsTest1()1597     public void testKeyUsage_ValidDNnameConstraintsTest1() throws Exception {
1598         String trustAnchor = "TrustAnchorRootCertificate.crt";
1599 
1600         String[] certs = {
1601                 "ValidDNnameConstraintsTest1EE.crt",
1602                 "nameConstraintsDN1CACert.crt",
1603         };
1604 
1605         String[] crls = {
1606                 "TrustAnchorRootCRL.crl",
1607                 "nameConstraintsDN1CACRL.crl",
1608         };
1609 
1610         assertValidPath(trustAnchor, certs, crls);
1611     }
1612 
1613     /** NIST PKITS test 4.13.2 */
testKeyUsage_InvalidDNnameConstraintsTest2()1614     public void testKeyUsage_InvalidDNnameConstraintsTest2() throws Exception {
1615         String trustAnchor = "TrustAnchorRootCertificate.crt";
1616 
1617         String[] certs = {
1618                 "InvalidDNnameConstraintsTest2EE.crt",
1619                 "nameConstraintsDN1CACert.crt",
1620         };
1621 
1622         String[] crls = {
1623                 "TrustAnchorRootCRL.crl",
1624                 "nameConstraintsDN1CACRL.crl",
1625         };
1626 
1627         assertInvalidPath(trustAnchor, certs, crls);
1628     }
1629 
1630     /** NIST PKITS test 4.13.3 */
testKeyUsage_InvalidDNnameConstraintsTest3()1631     public void testKeyUsage_InvalidDNnameConstraintsTest3() throws Exception {
1632         String trustAnchor = "TrustAnchorRootCertificate.crt";
1633 
1634         String[] certs = {
1635                 "InvalidDNnameConstraintsTest3EE.crt",
1636                 "nameConstraintsDN1CACert.crt",
1637         };
1638 
1639         String[] crls = {
1640                 "TrustAnchorRootCRL.crl",
1641                 "nameConstraintsDN1CACRL.crl",
1642         };
1643 
1644         assertInvalidPath(trustAnchor, certs, crls);
1645     }
1646 
1647     /** NIST PKITS test 4.13.4 */
testKeyUsage_ValidDNnameConstraintsTest4()1648     public void testKeyUsage_ValidDNnameConstraintsTest4() throws Exception {
1649         String trustAnchor = "TrustAnchorRootCertificate.crt";
1650 
1651         String[] certs = {
1652                 "ValidDNnameConstraintsTest4EE.crt",
1653                 "nameConstraintsDN1CACert.crt",
1654         };
1655 
1656         String[] crls = {
1657                 "TrustAnchorRootCRL.crl",
1658                 "nameConstraintsDN1CACRL.crl",
1659         };
1660 
1661         assertValidPath(trustAnchor, certs, crls);
1662     }
1663 
1664     /** NIST PKITS test 4.13.5 */
testKeyUsage_ValidDNnameConstraintsTest5()1665     public void testKeyUsage_ValidDNnameConstraintsTest5() throws Exception {
1666         String trustAnchor = "TrustAnchorRootCertificate.crt";
1667 
1668         String[] certs = {
1669                 "ValidDNnameConstraintsTest5EE.crt",
1670                 "nameConstraintsDN2CACert.crt",
1671         };
1672 
1673         String[] crls = {
1674                 "TrustAnchorRootCRL.crl",
1675                 "nameConstraintsDN2CACRL.crl",
1676         };
1677 
1678         assertValidPath(trustAnchor, certs, crls);
1679     }
1680 
1681     /** NIST PKITS test 4.13.6 */
testKeyUsage_ValidDNnameConstraintsTest6()1682     public void testKeyUsage_ValidDNnameConstraintsTest6() throws Exception {
1683         String trustAnchor = "TrustAnchorRootCertificate.crt";
1684 
1685         String[] certs = {
1686                 "ValidDNnameConstraintsTest6EE.crt",
1687                 "nameConstraintsDN3CACert.crt",
1688         };
1689 
1690         String[] crls = {
1691                 "TrustAnchorRootCRL.crl",
1692                 "nameConstraintsDN3CACRL.crl",
1693         };
1694 
1695         assertValidPath(trustAnchor, certs, crls);
1696     }
1697 
1698     /** NIST PKITS test 4.13.7 */
testKeyUsage_InvalidDNnameConstraintsTest7()1699     public void testKeyUsage_InvalidDNnameConstraintsTest7() throws Exception {
1700         String trustAnchor = "TrustAnchorRootCertificate.crt";
1701 
1702         String[] certs = {
1703                 "InvalidDNnameConstraintsTest7EE.crt",
1704                 "nameConstraintsDN3CACert.crt",
1705         };
1706 
1707         String[] crls = {
1708                 "TrustAnchorRootCRL.crl",
1709                 "nameConstraintsDN3CACRL.crl",
1710         };
1711 
1712         assertInvalidPath(trustAnchor, certs, crls);
1713     }
1714 
1715     /** NIST PKITS test 4.13.8 */
testKeyUsage_InvalidDNnameConstraintsTest8()1716     public void testKeyUsage_InvalidDNnameConstraintsTest8() throws Exception {
1717         String trustAnchor = "TrustAnchorRootCertificate.crt";
1718 
1719         String[] certs = {
1720                 "InvalidDNnameConstraintsTest8EE.crt",
1721                 "nameConstraintsDN4CACert.crt",
1722         };
1723 
1724         String[] crls = {
1725                 "TrustAnchorRootCRL.crl",
1726                 "nameConstraintsDN4CACRL.crl",
1727         };
1728 
1729         assertInvalidPath(trustAnchor, certs, crls);
1730     }
1731 
1732     /** NIST PKITS test 4.13.9 */
testKeyUsage_InvalidDNnameConstraintsTest9()1733     public void testKeyUsage_InvalidDNnameConstraintsTest9() throws Exception {
1734         String trustAnchor = "TrustAnchorRootCertificate.crt";
1735 
1736         String[] certs = {
1737                 "InvalidDNnameConstraintsTest9EE.crt",
1738                 "nameConstraintsDN4CACert.crt",
1739         };
1740 
1741         String[] crls = {
1742                 "TrustAnchorRootCRL.crl",
1743                 "nameConstraintsDN4CACRL.crl",
1744         };
1745 
1746         assertInvalidPath(trustAnchor, certs, crls);
1747     }
1748 
1749     /** NIST PKITS test 4.13.10 */
testKeyUsage_InvalidDNnameConstraintsTest10()1750     public void testKeyUsage_InvalidDNnameConstraintsTest10() throws Exception {
1751         String trustAnchor = "TrustAnchorRootCertificate.crt";
1752 
1753         String[] certs = {
1754                 "InvalidDNnameConstraintsTest10EE.crt",
1755                 "nameConstraintsDN5CACert.crt",
1756         };
1757 
1758         String[] crls = {
1759                 "TrustAnchorRootCRL.crl",
1760                 "nameConstraintsDN5CACRL.crl",
1761         };
1762 
1763         assertInvalidPath(trustAnchor, certs, crls);
1764     }
1765 
1766     /** NIST PKITS test 4.13.11 */
testKeyUsage_ValidDNnameConstraintsTest11()1767     public void testKeyUsage_ValidDNnameConstraintsTest11() throws Exception {
1768         String trustAnchor = "TrustAnchorRootCertificate.crt";
1769 
1770         String[] certs = {
1771                 "ValidDNnameConstraintsTest11EE.crt",
1772                 "nameConstraintsDN5CACert.crt",
1773         };
1774 
1775         String[] crls = {
1776                 "TrustAnchorRootCRL.crl",
1777                 "nameConstraintsDN5CACRL.crl",
1778         };
1779 
1780         assertValidPath(trustAnchor, certs, crls);
1781     }
1782 
1783     /** NIST PKITS test 4.13.12 */
testKeyUsage_InvalidDNnameConstraintsTest12()1784     public void testKeyUsage_InvalidDNnameConstraintsTest12() throws Exception {
1785         String trustAnchor = "TrustAnchorRootCertificate.crt";
1786 
1787         String[] certs = {
1788                 "InvalidDNnameConstraintsTest12EE.crt",
1789                 "nameConstraintsDN1subCA1Cert.crt",
1790                 "nameConstraintsDN1CACert.crt",
1791         };
1792 
1793         String[] crls = {
1794                 "TrustAnchorRootCRL.crl",
1795                 "nameConstraintsDN1CACRL.crl",
1796                 "nameConstraintsDN1subCA1CRL.crl",
1797         };
1798 
1799         assertInvalidPath(trustAnchor, certs, crls);
1800     }
1801 
1802     /** NIST PKITS test 4.13.13 */
testKeyUsage_InvalidDNnameConstraintsTest13()1803     public void testKeyUsage_InvalidDNnameConstraintsTest13() throws Exception {
1804         String trustAnchor = "TrustAnchorRootCertificate.crt";
1805 
1806         String[] certs = {
1807                 "InvalidDNnameConstraintsTest13EE.crt",
1808                 "nameConstraintsDN1subCA2Cert.crt",
1809                 "nameConstraintsDN1CACert.crt",
1810         };
1811 
1812         String[] crls = {
1813                 "TrustAnchorRootCRL.crl",
1814                 "nameConstraintsDN1CACRL.crl",
1815                 "nameConstraintsDN1subCA2CRL.crl",
1816         };
1817 
1818         assertInvalidPath(trustAnchor, certs, crls);
1819     }
1820 
1821     /** NIST PKITS test 4.13.14 */
testKeyUsage_ValidDNnameConstraintsTest14()1822     public void testKeyUsage_ValidDNnameConstraintsTest14() throws Exception {
1823         String trustAnchor = "TrustAnchorRootCertificate.crt";
1824 
1825         String[] certs = {
1826                 "ValidDNnameConstraintsTest14EE.crt",
1827                 "nameConstraintsDN1subCA2Cert.crt",
1828                 "nameConstraintsDN1CACert.crt",
1829         };
1830 
1831         String[] crls = {
1832                 "TrustAnchorRootCRL.crl",
1833                 "nameConstraintsDN1CACRL.crl",
1834                 "nameConstraintsDN1subCA2CRL.crl",
1835         };
1836 
1837         assertValidPath(trustAnchor, certs, crls);
1838     }
1839 
1840     /** NIST PKITS test 4.13.15 */
testKeyUsage_InvalidDNnameConstraintsTest15()1841     public void testKeyUsage_InvalidDNnameConstraintsTest15() throws Exception {
1842         String trustAnchor = "TrustAnchorRootCertificate.crt";
1843 
1844         String[] certs = {
1845                 "InvalidDNnameConstraintsTest15EE.crt",
1846                 "nameConstraintsDN3subCA1Cert.crt",
1847                 "nameConstraintsDN3CACert.crt",
1848         };
1849 
1850         String[] crls = {
1851                 "TrustAnchorRootCRL.crl",
1852                 "nameConstraintsDN3CACRL.crl",
1853                 "nameConstraintsDN3subCA1CRL.crl",
1854         };
1855 
1856         assertInvalidPath(trustAnchor, certs, crls);
1857     }
1858 
1859     /** NIST PKITS test 4.13.16 */
testKeyUsage_InvalidDNnameConstraintsTest16()1860     public void testKeyUsage_InvalidDNnameConstraintsTest16() throws Exception {
1861         String trustAnchor = "TrustAnchorRootCertificate.crt";
1862 
1863         String[] certs = {
1864                 "InvalidDNnameConstraintsTest16EE.crt",
1865                 "nameConstraintsDN3subCA1Cert.crt",
1866                 "nameConstraintsDN3CACert.crt",
1867         };
1868 
1869         String[] crls = {
1870                 "TrustAnchorRootCRL.crl",
1871                 "nameConstraintsDN3CACRL.crl",
1872                 "nameConstraintsDN3subCA1CRL.crl",
1873         };
1874 
1875         assertInvalidPath(trustAnchor, certs, crls);
1876     }
1877 
1878     /** NIST PKITS test 4.13.17 */
testKeyUsage_InvalidDNnameConstraintsTest17()1879     public void testKeyUsage_InvalidDNnameConstraintsTest17() throws Exception {
1880         String trustAnchor = "TrustAnchorRootCertificate.crt";
1881 
1882         String[] certs = {
1883                 "InvalidDNnameConstraintsTest17EE.crt",
1884                 "nameConstraintsDN3subCA2Cert.crt",
1885                 "nameConstraintsDN3CACert.crt",
1886         };
1887 
1888         String[] crls = {
1889                 "TrustAnchorRootCRL.crl",
1890                 "nameConstraintsDN3CACRL.crl",
1891                 "nameConstraintsDN3subCA2CRL.crl",
1892         };
1893 
1894         assertInvalidPath(trustAnchor, certs, crls);
1895     }
1896 
1897     /** NIST PKITS test 4.13.18 */
testKeyUsage_ValidDNnameConstraintsTest18()1898     public void testKeyUsage_ValidDNnameConstraintsTest18() throws Exception {
1899         String trustAnchor = "TrustAnchorRootCertificate.crt";
1900 
1901         String[] certs = {
1902                 "ValidDNnameConstraintsTest18EE.crt",
1903                 "nameConstraintsDN3subCA2Cert.crt",
1904                 "nameConstraintsDN3CACert.crt",
1905         };
1906 
1907         String[] crls = {
1908                 "TrustAnchorRootCRL.crl",
1909                 "nameConstraintsDN3CACRL.crl",
1910                 "nameConstraintsDN3subCA2CRL.crl",
1911         };
1912 
1913         assertValidPath(trustAnchor, certs, crls);
1914     }
1915 
1916     /** NIST PKITS test 4.13.19 */
testKeyUsage_ValidSelfIssuedDNnameConstraintsTest19()1917     public void testKeyUsage_ValidSelfIssuedDNnameConstraintsTest19() throws Exception {
1918         String trustAnchor = "TrustAnchorRootCertificate.crt";
1919 
1920         String[] certs = {
1921                 "ValidDNnameConstraintsTest19EE.crt",
1922                 "nameConstraintsDN1SelfIssuedCACert.crt",
1923                 "nameConstraintsDN1CACert.crt",
1924         };
1925 
1926         String[] crls = {
1927                 "TrustAnchorRootCRL.crl",
1928                 "nameConstraintsDN1CACRL.crl",
1929         };
1930 
1931         assertValidPath(trustAnchor, certs, crls);
1932     }
1933 
1934     /** NIST PKITS test 4.13.20 */
testKeyUsage_InvalidSelfIssuedDNnameConstraintsTest20()1935     public void testKeyUsage_InvalidSelfIssuedDNnameConstraintsTest20() throws Exception {
1936         String trustAnchor = "TrustAnchorRootCertificate.crt";
1937 
1938         String[] certs = {
1939                 "InvalidDNnameConstraintsTest20EE.crt",
1940                 "nameConstraintsDN1CACert.crt",
1941         };
1942 
1943         String[] crls = {
1944                 "TrustAnchorRootCRL.crl",
1945                 "nameConstraintsDN1CACRL.crl",
1946         };
1947 
1948         assertInvalidPath(trustAnchor, certs, crls);
1949     }
1950 
1951     /** NIST PKITS test 4.13.21 */
testKeyUsage_ValidRFC822nameConstraintsTest21()1952     public void testKeyUsage_ValidRFC822nameConstraintsTest21() throws Exception {
1953         String trustAnchor = "TrustAnchorRootCertificate.crt";
1954 
1955         String[] certs = {
1956                 "ValidRFC822nameConstraintsTest21EE.crt",
1957                 "nameConstraintsRFC822CA1Cert.crt",
1958         };
1959 
1960         String[] crls = {
1961                 "TrustAnchorRootCRL.crl",
1962                 "nameConstraintsRFC822CA1CRL.crl",
1963         };
1964 
1965         assertValidPath(trustAnchor, certs, crls);
1966     }
1967 
1968     /** NIST PKITS test 4.13.22 */
testKeyUsage_InvalidRFC822nameConstraintsTest22()1969     public void testKeyUsage_InvalidRFC822nameConstraintsTest22() throws Exception {
1970         String trustAnchor = "TrustAnchorRootCertificate.crt";
1971 
1972         String[] certs = {
1973                 "InvalidRFC822nameConstraintsTest22EE.crt",
1974                 "nameConstraintsRFC822CA1Cert.crt",
1975         };
1976 
1977         String[] crls = {
1978                 "TrustAnchorRootCRL.crl",
1979                 "nameConstraintsRFC822CA1CRL.crl",
1980         };
1981 
1982         assertInvalidPath(trustAnchor, certs, crls);
1983     }
1984 
1985     /** NIST PKITS test 4.13.23 */
testKeyUsage_ValidRFC822nameConstraintsTest23()1986     public void testKeyUsage_ValidRFC822nameConstraintsTest23() throws Exception {
1987         String trustAnchor = "TrustAnchorRootCertificate.crt";
1988 
1989         String[] certs = {
1990                 "ValidRFC822nameConstraintsTest23EE.crt",
1991                 "nameConstraintsRFC822CA2Cert.crt",
1992         };
1993 
1994         String[] crls = {
1995                 "TrustAnchorRootCRL.crl",
1996                 "nameConstraintsRFC822CA2CRL.crl",
1997         };
1998 
1999         assertValidPath(trustAnchor, certs, crls);
2000     }
2001 
2002     /** NIST PKITS test 4.13.24 */
testKeyUsage_InvalidRFC822nameConstraintsTest24()2003     public void testKeyUsage_InvalidRFC822nameConstraintsTest24() throws Exception {
2004         String trustAnchor = "TrustAnchorRootCertificate.crt";
2005 
2006         String[] certs = {
2007                 "InvalidRFC822nameConstraintsTest24EE.crt",
2008                 "nameConstraintsRFC822CA2Cert.crt",
2009         };
2010 
2011         String[] crls = {
2012                 "TrustAnchorRootCRL.crl",
2013                 "nameConstraintsRFC822CA2CRL.crl",
2014         };
2015 
2016         assertInvalidPath(trustAnchor, certs, crls);
2017     }
2018 
2019     /** NIST PKITS test 4.13.25 */
testKeyUsage_ValidRFC822nameConstraintsTest25()2020     public void testKeyUsage_ValidRFC822nameConstraintsTest25() throws Exception {
2021         String trustAnchor = "TrustAnchorRootCertificate.crt";
2022 
2023         String[] certs = {
2024                 "ValidRFC822nameConstraintsTest25EE.crt",
2025                 "nameConstraintsRFC822CA3Cert.crt",
2026         };
2027 
2028         String[] crls = {
2029                 "TrustAnchorRootCRL.crl",
2030                 "nameConstraintsRFC822CA3CRL.crl",
2031         };
2032 
2033         assertValidPath(trustAnchor, certs, crls);
2034     }
2035 
2036     /** NIST PKITS test 4.13.26 */
testKeyUsage_InvalidRFC822nameConstraintsTest26()2037     public void testKeyUsage_InvalidRFC822nameConstraintsTest26() throws Exception {
2038         String trustAnchor = "TrustAnchorRootCertificate.crt";
2039 
2040         String[] certs = {
2041                 "InvalidRFC822nameConstraintsTest26EE.crt",
2042                 "nameConstraintsRFC822CA3Cert.crt",
2043         };
2044 
2045         String[] crls = {
2046                 "TrustAnchorRootCRL.crl",
2047                 "nameConstraintsRFC822CA3CRL.crl",
2048         };
2049 
2050         assertInvalidPath(trustAnchor, certs, crls);
2051     }
2052 
2053     /** NIST PKITS test 4.13.27 */
testKeyUsage_ValidDNandRFC822nameConstraintsTest27()2054     public void testKeyUsage_ValidDNandRFC822nameConstraintsTest27() throws Exception {
2055         String trustAnchor = "TrustAnchorRootCertificate.crt";
2056 
2057         String[] certs = {
2058                 "ValidDNandRFC822nameConstraintsTest27EE.crt",
2059                 "nameConstraintsDN1subCA3Cert.crt",
2060                 "nameConstraintsDN1CACert.crt",
2061         };
2062 
2063         String[] crls = {
2064                 "TrustAnchorRootCRL.crl",
2065                 "nameConstraintsDN1CACRL.crl",
2066                 "nameConstraintsDN1subCA3CRL.crl",
2067         };
2068 
2069         assertValidPath(trustAnchor, certs, crls);
2070     }
2071 
2072     /** NIST PKITS test 4.13.28 */
testKeyUsage_InvalidDNandRFC822nameConstraintsTest28()2073     public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest28() throws Exception {
2074         String trustAnchor = "TrustAnchorRootCertificate.crt";
2075 
2076         String[] certs = {
2077                 "InvalidDNandRFC822nameConstraintsTest28EE.crt",
2078                 "nameConstraintsDN1subCA3Cert.crt",
2079                 "nameConstraintsDN1CACert.crt",
2080         };
2081 
2082         String[] crls = {
2083                 "TrustAnchorRootCRL.crl",
2084                 "nameConstraintsDN1CACRL.crl",
2085                 "nameConstraintsDN1subCA3CRL.crl",
2086         };
2087 
2088         assertInvalidPath(trustAnchor, certs, crls);
2089     }
2090 
2091     /** NIST PKITS test 4.13.29 */
testKeyUsage_InvalidDNandRFC822nameConstraintsTest29()2092     public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest29() throws Exception {
2093         String trustAnchor = "TrustAnchorRootCertificate.crt";
2094 
2095         String[] certs = {
2096                 "InvalidDNandRFC822nameConstraintsTest29EE.crt",
2097                 "nameConstraintsDN1subCA3Cert.crt",
2098                 "nameConstraintsDN1CACert.crt",
2099         };
2100 
2101         String[] crls = {
2102                 "TrustAnchorRootCRL.crl",
2103                 "nameConstraintsDN1CACRL.crl",
2104                 "nameConstraintsDN1subCA3CRL.crl",
2105         };
2106 
2107         assertInvalidPath(trustAnchor, certs, crls);
2108     }
2109 
2110     /** NIST PKITS test 4.13.30 */
testKeyUsage_ValidDNSnameConstraintsTest30()2111     public void testKeyUsage_ValidDNSnameConstraintsTest30() throws Exception {
2112         String trustAnchor = "TrustAnchorRootCertificate.crt";
2113 
2114         String[] certs = {
2115                 "ValidDNSnameConstraintsTest30EE.crt",
2116                 "nameConstraintsDNS1CACert.crt",
2117         };
2118 
2119         String[] crls = {
2120                 "TrustAnchorRootCRL.crl",
2121                 "nameConstraintsDNS1CACRL.crl",
2122         };
2123 
2124         assertValidPath(trustAnchor, certs, crls);
2125     }
2126 
2127     /** NIST PKITS test 4.13.31 */
testKeyUsage_InvalidDNSnameConstraintsTest31()2128     public void testKeyUsage_InvalidDNSnameConstraintsTest31() throws Exception {
2129         String trustAnchor = "TrustAnchorRootCertificate.crt";
2130 
2131         String[] certs = {
2132                 "InvalidDNSnameConstraintsTest31EE.crt",
2133                 "nameConstraintsDNS1CACert.crt",
2134         };
2135 
2136         String[] crls = {
2137                 "TrustAnchorRootCRL.crl",
2138                 "nameConstraintsDNS1CACRL.crl",
2139         };
2140 
2141         assertInvalidPath(trustAnchor, certs, crls);
2142     }
2143 
2144     /** NIST PKITS test 4.13.32 */
testKeyUsage_ValidDNSnameConstraintsTest32()2145     public void testKeyUsage_ValidDNSnameConstraintsTest32() throws Exception {
2146         String trustAnchor = "TrustAnchorRootCertificate.crt";
2147 
2148         String[] certs = {
2149                 "ValidDNSnameConstraintsTest32EE.crt",
2150                 "nameConstraintsDNS2CACert.crt",
2151         };
2152 
2153         String[] crls = {
2154                 "TrustAnchorRootCRL.crl",
2155                 "nameConstraintsDNS2CACRL.crl",
2156         };
2157 
2158         assertValidPath(trustAnchor, certs, crls);
2159     }
2160 
2161     /** NIST PKITS test 4.13.33 */
testKeyUsage_InvalidDNSnameConstraintsTest33()2162     public void testKeyUsage_InvalidDNSnameConstraintsTest33() throws Exception {
2163         String trustAnchor = "TrustAnchorRootCertificate.crt";
2164 
2165         String[] certs = {
2166                 "InvalidDNSnameConstraintsTest33EE.crt",
2167                 "nameConstraintsDNS2CACert.crt",
2168         };
2169 
2170         String[] crls = {
2171                 "TrustAnchorRootCRL.crl",
2172                 "nameConstraintsDNS2CACRL.crl",
2173         };
2174 
2175         assertInvalidPath(trustAnchor, certs, crls);
2176     }
2177 
2178     /** NIST PKITS test 4.13.34 */
testKeyUsage_ValidURInameConstraintsTest34()2179     public void testKeyUsage_ValidURInameConstraintsTest34() throws Exception {
2180         String trustAnchor = "TrustAnchorRootCertificate.crt";
2181 
2182         String[] certs = {
2183                 "ValidURInameConstraintsTest34EE.crt",
2184                 "nameConstraintsURI1CACert.crt",
2185         };
2186 
2187         String[] crls = {
2188                 "TrustAnchorRootCRL.crl",
2189                 "nameConstraintsURI1CACRL.crl",
2190         };
2191 
2192         assertValidPath(trustAnchor, certs, crls);
2193     }
2194 
2195     /** NIST PKITS test 4.13.35 */
testKeyUsage_InvalidURInameConstraintsTest35()2196     public void testKeyUsage_InvalidURInameConstraintsTest35() throws Exception {
2197         String trustAnchor = "TrustAnchorRootCertificate.crt";
2198 
2199         String[] certs = {
2200                 "InvalidURInameConstraintsTest35EE.crt",
2201                 "nameConstraintsURI1CACert.crt",
2202         };
2203 
2204         String[] crls = {
2205                 "TrustAnchorRootCRL.crl",
2206                 "nameConstraintsURI1CACRL.crl",
2207         };
2208 
2209         assertInvalidPath(trustAnchor, certs, crls);
2210     }
2211 
2212     /** NIST PKITS test 4.13.36 */
testKeyUsage_ValidURInameConstraintsTest36()2213     public void testKeyUsage_ValidURInameConstraintsTest36() throws Exception {
2214         String trustAnchor = "TrustAnchorRootCertificate.crt";
2215 
2216         String[] certs = {
2217                 "ValidURInameConstraintsTest36EE.crt",
2218                 "nameConstraintsURI2CACert.crt",
2219         };
2220 
2221         String[] crls = {
2222                 "TrustAnchorRootCRL.crl",
2223                 "nameConstraintsURI2CACRL.crl",
2224         };
2225 
2226         assertValidPath(trustAnchor, certs, crls);
2227     }
2228 
2229     /** NIST PKITS test 4.13.37 */
testKeyUsage_InvalidURInameConstraintsTest37()2230     public void testKeyUsage_InvalidURInameConstraintsTest37() throws Exception {
2231         String trustAnchor = "TrustAnchorRootCertificate.crt";
2232 
2233         String[] certs = {
2234                 "InvalidURInameConstraintsTest37EE.crt",
2235                 "nameConstraintsURI2CACert.crt",
2236         };
2237 
2238         String[] crls = {
2239                 "TrustAnchorRootCRL.crl",
2240                 "nameConstraintsURI2CACRL.crl",
2241         };
2242 
2243         assertInvalidPath(trustAnchor, certs, crls);
2244     }
2245 
2246     /** NIST PKITS test 4.13.38 */
testKeyUsage_InvalidDNSnameConstraintsTest38()2247     public void testKeyUsage_InvalidDNSnameConstraintsTest38() throws Exception {
2248         String trustAnchor = "TrustAnchorRootCertificate.crt";
2249 
2250         String[] certs = {
2251                 "InvalidDNSnameConstraintsTest38EE.crt",
2252                 "nameConstraintsDNS1CACert.crt",
2253         };
2254 
2255         String[] crls = {
2256                 "TrustAnchorRootCRL.crl",
2257                 "nameConstraintsDNS1CACRL.crl",
2258         };
2259 
2260         assertInvalidPath(trustAnchor, certs, crls);
2261     }
2262 
2263     /** NIST PKITS test 4.14.1 */
testDistributionPoints_ValiddistributionPointTest1()2264     public void testDistributionPoints_ValiddistributionPointTest1() throws Exception {
2265         String trustAnchor = "TrustAnchorRootCertificate.crt";
2266 
2267         String[] certs = {
2268                 "ValiddistributionPointTest1EE.crt",
2269                 "distributionPoint1CACert.crt",
2270         };
2271 
2272         String[] crls = {
2273                 "TrustAnchorRootCRL.crl",
2274                 "distributionPoint1CACRL.crl",
2275         };
2276 
2277         assertValidPath(trustAnchor, certs, crls);
2278     }
2279 
2280     /** NIST PKITS test 4.14.2 */
testDistributionPoints_InvaliddistributionPointTest2()2281     public void testDistributionPoints_InvaliddistributionPointTest2() throws Exception {
2282         String trustAnchor = "TrustAnchorRootCertificate.crt";
2283 
2284         String[] certs = {
2285                 "InvaliddistributionPointTest2EE.crt",
2286                 "distributionPoint1CACert.crt",
2287         };
2288 
2289         String[] crls = {
2290                 "TrustAnchorRootCRL.crl",
2291                 "distributionPoint1CACRL.crl",
2292         };
2293 
2294         assertInvalidPath(trustAnchor, certs, crls);
2295     }
2296 
2297     /** NIST PKITS test 4.14.3 */
testDistributionPoints_InvaliddistributionPointTest3()2298     public void testDistributionPoints_InvaliddistributionPointTest3() throws Exception {
2299         String trustAnchor = "TrustAnchorRootCertificate.crt";
2300 
2301         String[] certs = {
2302                 "InvaliddistributionPointTest3EE.crt",
2303                 "distributionPoint1CACert.crt",
2304         };
2305 
2306         String[] crls = {
2307                 "TrustAnchorRootCRL.crl",
2308                 "distributionPoint1CACRL.crl",
2309         };
2310 
2311         assertInvalidPath(trustAnchor, certs, crls);
2312     }
2313 
2314     /** NIST PKITS test 4.14.4 */
testDistributionPoints_ValiddistributionPointTest4()2315     public void testDistributionPoints_ValiddistributionPointTest4() throws Exception {
2316         String trustAnchor = "TrustAnchorRootCertificate.crt";
2317 
2318         String[] certs = {
2319                 "ValiddistributionPointTest4EE.crt",
2320                 "distributionPoint1CACert.crt",
2321         };
2322 
2323         String[] crls = {
2324                 "TrustAnchorRootCRL.crl",
2325                 "distributionPoint1CACRL.crl",
2326         };
2327 
2328         assertValidPath(trustAnchor, certs, crls);
2329     }
2330 
2331     /** NIST PKITS test 4.14.5 */
testDistributionPoints_ValiddistributionPointTest5()2332     public void testDistributionPoints_ValiddistributionPointTest5() throws Exception {
2333         String trustAnchor = "TrustAnchorRootCertificate.crt";
2334 
2335         String[] certs = {
2336                 "ValiddistributionPointTest5EE.crt",
2337                 "distributionPoint2CACert.crt",
2338         };
2339 
2340         String[] crls = {
2341                 "TrustAnchorRootCRL.crl",
2342                 "distributionPoint2CACRL.crl",
2343         };
2344 
2345         assertValidPath(trustAnchor, certs, crls);
2346     }
2347 
2348     /** NIST PKITS test 4.14.6 */
testDistributionPoints_InvaliddistributionPointTest6()2349     public void testDistributionPoints_InvaliddistributionPointTest6() throws Exception {
2350         String trustAnchor = "TrustAnchorRootCertificate.crt";
2351 
2352         String[] certs = {
2353                 "InvaliddistributionPointTest6EE.crt",
2354                 "distributionPoint2CACert.crt",
2355         };
2356 
2357         String[] crls = {
2358                 "TrustAnchorRootCRL.crl",
2359                 "distributionPoint2CACRL.crl",
2360         };
2361 
2362         assertInvalidPath(trustAnchor, certs, crls);
2363     }
2364 
2365     /** NIST PKITS test 4.14.7 */
testDistributionPoints_ValiddistributionPointTest7()2366     public void testDistributionPoints_ValiddistributionPointTest7() throws Exception {
2367         String trustAnchor = "TrustAnchorRootCertificate.crt";
2368 
2369         String[] certs = {
2370                 "ValiddistributionPointTest7EE.crt",
2371                 "distributionPoint2CACert.crt",
2372         };
2373 
2374         String[] crls = {
2375                 "TrustAnchorRootCRL.crl",
2376                 "distributionPoint2CACRL.crl",
2377         };
2378 
2379         assertValidPath(trustAnchor, certs, crls);
2380     }
2381 
2382     /** NIST PKITS test 4.14.8 */
testDistributionPoints_InvaliddistributionPointTest8()2383     public void testDistributionPoints_InvaliddistributionPointTest8() throws Exception {
2384         String trustAnchor = "TrustAnchorRootCertificate.crt";
2385 
2386         String[] certs = {
2387                 "InvaliddistributionPointTest8EE.crt",
2388                 "distributionPoint2CACert.crt",
2389         };
2390 
2391         String[] crls = {
2392                 "TrustAnchorRootCRL.crl",
2393                 "distributionPoint2CACRL.crl",
2394         };
2395 
2396         assertInvalidPath(trustAnchor, certs, crls);
2397     }
2398 
2399     /** NIST PKITS test 4.14.9 */
testDistributionPoints_InvaliddistributionPointTest9()2400     public void testDistributionPoints_InvaliddistributionPointTest9() throws Exception {
2401         String trustAnchor = "TrustAnchorRootCertificate.crt";
2402 
2403         String[] certs = {
2404                 "InvaliddistributionPointTest9EE.crt",
2405                 "distributionPoint2CACert.crt",
2406         };
2407 
2408         String[] crls = {
2409                 "TrustAnchorRootCRL.crl",
2410                 "distributionPoint2CACRL.crl",
2411         };
2412 
2413         assertInvalidPath(trustAnchor, certs, crls);
2414     }
2415 
2416     /** NIST PKITS test 4.14.10 */
testDistributionPoints_ValidNoissuingDistributionPointTest10()2417     public void testDistributionPoints_ValidNoissuingDistributionPointTest10() throws Exception {
2418         String trustAnchor = "TrustAnchorRootCertificate.crt";
2419 
2420         String[] certs = {
2421                 "ValidNoissuingDistributionPointTest10EE.crt",
2422                 "NoissuingDistributionPointCACert.crt",
2423         };
2424 
2425         String[] crls = {
2426                 "TrustAnchorRootCRL.crl",
2427                 "NoissuingDistributionPointCACRL.crl",
2428         };
2429 
2430         assertValidPath(trustAnchor, certs, crls);
2431     }
2432 
2433     /** NIST PKITS test 4.14.11 */
testDistributionPoints_InvalidonlyContainsUserCertsCRLTest11()2434     public void testDistributionPoints_InvalidonlyContainsUserCertsCRLTest11() throws Exception {
2435         String trustAnchor = "TrustAnchorRootCertificate.crt";
2436 
2437         String[] certs = {
2438                 "InvalidonlyContainsUserCertsTest11EE.crt",
2439                 "onlyContainsUserCertsCACert.crt",
2440         };
2441 
2442         String[] crls = {
2443                 "TrustAnchorRootCRL.crl",
2444                 "onlyContainsUserCertsCACRL.crl",
2445         };
2446 
2447         assertInvalidPath(trustAnchor, certs, crls);
2448     }
2449 
2450     /** NIST PKITS test 4.14.12 */
testDistributionPoints_InvalidonlyContainsCACertsCRLTest12()2451     public void testDistributionPoints_InvalidonlyContainsCACertsCRLTest12() throws Exception {
2452         String trustAnchor = "TrustAnchorRootCertificate.crt";
2453 
2454         String[] certs = {
2455                 "InvalidonlyContainsCACertsTest12EE.crt",
2456                 "onlyContainsCACertsCACert.crt",
2457         };
2458 
2459         String[] crls = {
2460                 "TrustAnchorRootCRL.crl",
2461                 "onlyContainsCACertsCACRL.crl",
2462         };
2463 
2464         assertInvalidPath(trustAnchor, certs, crls);
2465     }
2466 
2467     /** NIST PKITS test 4.14.13 */
testDistributionPoints_ValidonlyContainsCACertsCRLTest13()2468     public void testDistributionPoints_ValidonlyContainsCACertsCRLTest13() throws Exception {
2469         String trustAnchor = "TrustAnchorRootCertificate.crt";
2470 
2471         String[] certs = {
2472                 "ValidonlyContainsCACertsTest13EE.crt",
2473                 "onlyContainsCACertsCACert.crt",
2474         };
2475 
2476         String[] crls = {
2477                 "TrustAnchorRootCRL.crl",
2478                 "onlyContainsCACertsCACRL.crl",
2479         };
2480 
2481         assertValidPath(trustAnchor, certs, crls);
2482     }
2483 
2484     /** NIST PKITS test 4.14.14 */
testDistributionPoints_InvalidonlyContainsAttributeCertsTest14()2485     public void testDistributionPoints_InvalidonlyContainsAttributeCertsTest14() throws Exception {
2486         String trustAnchor = "TrustAnchorRootCertificate.crt";
2487 
2488         String[] certs = {
2489                 "InvalidonlyContainsAttributeCertsTest14EE.crt",
2490                 "onlyContainsAttributeCertsCACert.crt",
2491         };
2492 
2493         String[] crls = {
2494                 "TrustAnchorRootCRL.crl",
2495                 "onlyContainsAttributeCertsCACRL.crl",
2496         };
2497 
2498         assertInvalidPath(trustAnchor, certs, crls);
2499     }
2500 
2501     /** NIST PKITS test 4.14.15 */
testDistributionPoints_InvalidonlySomeReasonsTest15()2502     public void testDistributionPoints_InvalidonlySomeReasonsTest15() throws Exception {
2503         String trustAnchor = "TrustAnchorRootCertificate.crt";
2504 
2505         String[] certs = {
2506                 "InvalidonlySomeReasonsTest15EE.crt",
2507                 "onlySomeReasonsCA1Cert.crt",
2508         };
2509 
2510         String[] crls = {
2511                 "TrustAnchorRootCRL.crl",
2512                 "onlySomeReasonsCA1compromiseCRL.crl",
2513                 "onlySomeReasonsCA1otherreasonsCRL.crl",
2514         };
2515 
2516         assertInvalidPath(trustAnchor, certs, crls);
2517     }
2518 
2519     /** NIST PKITS test 4.14.16 */
testDistributionPoints_InvalidonlySomeReasonsTest16()2520     public void testDistributionPoints_InvalidonlySomeReasonsTest16() throws Exception {
2521         String trustAnchor = "TrustAnchorRootCertificate.crt";
2522 
2523         String[] certs = {
2524                 "InvalidonlySomeReasonsTest16EE.crt",
2525                 "onlySomeReasonsCA1Cert.crt",
2526         };
2527 
2528         String[] crls = {
2529                 "TrustAnchorRootCRL.crl",
2530                 "onlySomeReasonsCA1compromiseCRL.crl",
2531                 "onlySomeReasonsCA1otherreasonsCRL.crl",
2532         };
2533 
2534         assertInvalidPath(trustAnchor, certs, crls);
2535     }
2536 
2537     /** NIST PKITS test 4.14.17 */
testDistributionPoints_InvalidonlySomeReasonsTest17()2538     public void testDistributionPoints_InvalidonlySomeReasonsTest17() throws Exception {
2539         String trustAnchor = "TrustAnchorRootCertificate.crt";
2540 
2541         String[] certs = {
2542                 "InvalidonlySomeReasonsTest17EE.crt",
2543                 "onlySomeReasonsCA2Cert.crt",
2544         };
2545 
2546         String[] crls = {
2547                 "TrustAnchorRootCRL.crl",
2548                 "onlySomeReasonsCA2CRL1.crl",
2549                 "onlySomeReasonsCA2CRL2.crl",
2550         };
2551 
2552         assertInvalidPath(trustAnchor, certs, crls);
2553     }
2554 
2555     /** NIST PKITS test 4.14.18 */
testDistributionPoints_ValidonlySomeReasonsTest18()2556     public void testDistributionPoints_ValidonlySomeReasonsTest18() throws Exception {
2557         String trustAnchor = "TrustAnchorRootCertificate.crt";
2558 
2559         String[] certs = {
2560                 "ValidonlySomeReasonsTest18EE.crt",
2561                 "onlySomeReasonsCA3Cert.crt",
2562         };
2563 
2564         String[] crls = {
2565                 "TrustAnchorRootCRL.crl",
2566                 "onlySomeReasonsCA3compromiseCRL.crl",
2567                 "onlySomeReasonsCA3otherreasonsCRL.crl",
2568         };
2569 
2570         assertValidPath(trustAnchor, certs, crls);
2571     }
2572 
2573     /** NIST PKITS test 4.14.19 */
testDistributionPoints_ValidonlySomeReasonsTest19()2574     public void testDistributionPoints_ValidonlySomeReasonsTest19() throws Exception {
2575         String trustAnchor = "TrustAnchorRootCertificate.crt";
2576 
2577         String[] certs = {
2578                 "ValidonlySomeReasonsTest19EE.crt",
2579                 "onlySomeReasonsCA4Cert.crt",
2580         };
2581 
2582         String[] crls = {
2583                 "TrustAnchorRootCRL.crl",
2584                 "onlySomeReasonsCA4compromiseCRL.crl",
2585                 "onlySomeReasonsCA4otherreasonsCRL.crl",
2586         };
2587 
2588         assertValidPath(trustAnchor, certs, crls);
2589     }
2590 
2591     /** NIST PKITS test 4.14.20 */
testDistributionPoints_InvalidonlySomeReasonsTest20()2592     public void testDistributionPoints_InvalidonlySomeReasonsTest20() throws Exception {
2593         String trustAnchor = "TrustAnchorRootCertificate.crt";
2594 
2595         String[] certs = {
2596                 "InvalidonlySomeReasonsTest20EE.crt",
2597                 "onlySomeReasonsCA4Cert.crt",
2598         };
2599 
2600         String[] crls = {
2601                 "TrustAnchorRootCRL.crl",
2602                 "onlySomeReasonsCA4compromiseCRL.crl",
2603                 "onlySomeReasonsCA4otherreasonsCRL.crl",
2604         };
2605 
2606         assertInvalidPath(trustAnchor, certs, crls);
2607     }
2608 
2609     /** NIST PKITS test 4.14.21 */
testDistributionPoints_InvalidonlySomeReasonsTest21()2610     public void testDistributionPoints_InvalidonlySomeReasonsTest21() throws Exception {
2611         String trustAnchor = "TrustAnchorRootCertificate.crt";
2612 
2613         String[] certs = {
2614                 "InvalidonlySomeReasonsTest21EE.crt",
2615                 "onlySomeReasonsCA4Cert.crt",
2616         };
2617 
2618         String[] crls = {
2619                 "TrustAnchorRootCRL.crl",
2620                 "onlySomeReasonsCA4compromiseCRL.crl",
2621                 "onlySomeReasonsCA4otherreasonsCRL.crl",
2622         };
2623 
2624         assertInvalidPath(trustAnchor, certs, crls);
2625     }
2626 
2627     /** NIST PKITS test 4.14.22 */
testDistributionPoints_ValidIDPwithindirectCRLTest22()2628     public void testDistributionPoints_ValidIDPwithindirectCRLTest22() throws Exception {
2629         String trustAnchor = "TrustAnchorRootCertificate.crt";
2630 
2631         String[] certs = {
2632                 "ValidIDPwithindirectCRLTest22EE.crt",
2633                 "indirectCRLCA1Cert.crt",
2634         };
2635 
2636         String[] crls = {
2637                 "TrustAnchorRootCRL.crl",
2638                 "indirectCRLCA1CRL.crl",
2639         };
2640 
2641         assertValidPath(trustAnchor, certs, crls);
2642     }
2643 
2644     /** NIST PKITS test 4.14.23 */
testDistributionPoints_InvalidIDPwithindirectCRLTest23()2645     public void testDistributionPoints_InvalidIDPwithindirectCRLTest23() throws Exception {
2646         String trustAnchor = "TrustAnchorRootCertificate.crt";
2647 
2648         String[] certs = {
2649                 "InvalidIDPwithindirectCRLTest23EE.crt",
2650                 "indirectCRLCA1Cert.crt",
2651         };
2652 
2653         String[] crls = {
2654                 "TrustAnchorRootCRL.crl",
2655                 "indirectCRLCA1CRL.crl",
2656         };
2657 
2658         assertInvalidPath(trustAnchor, certs, crls);
2659     }
2660 
2661     /** NIST PKITS test 4.14.24 */
testDistributionPoints_ValidIDPwithindirectCRLTest24()2662     public void testDistributionPoints_ValidIDPwithindirectCRLTest24() throws Exception {
2663         String trustAnchor = "TrustAnchorRootCertificate.crt";
2664 
2665         String[] path = {
2666                 "ValidIDPwithindirectCRLTest24EE.crt",
2667                 "indirectCRLCA2Cert.crt",
2668         };
2669 
2670         String[] certs = {
2671                 "ValidIDPwithindirectCRLTest24EE.crt",
2672                 "indirectCRLCA1Cert.crt",
2673                 "indirectCRLCA2Cert.crt",
2674         };
2675 
2676         String[] crls = {
2677                 "TrustAnchorRootCRL.crl",
2678                 "indirectCRLCA1CRL.crl",
2679         };
2680 
2681         assertValidPath(trustAnchor, path, certs, crls);
2682     }
2683 
2684     /** NIST PKITS test 4.14.25 */
testDistributionPoints_ValidIDPwithindirectCRLTest25()2685     public void testDistributionPoints_ValidIDPwithindirectCRLTest25() throws Exception {
2686         String trustAnchor = "TrustAnchorRootCertificate.crt";
2687 
2688         String[] path = {
2689                 "ValidIDPwithindirectCRLTest25EE.crt",
2690                 "indirectCRLCA2Cert.crt",
2691         };
2692 
2693         String[] certs = {
2694                 "ValidIDPwithindirectCRLTest25EE.crt",
2695                 "indirectCRLCA1Cert.crt",
2696                 "indirectCRLCA2Cert.crt",
2697         };
2698 
2699         String[] crls = {
2700                 "TrustAnchorRootCRL.crl",
2701                 "indirectCRLCA1CRL.crl",
2702         };
2703 
2704         assertValidPath(trustAnchor, path, certs, crls);
2705     }
2706 
2707     /** NIST PKITS test 4.14.26 */
testDistributionPoints_InvalidIDPwithindirectCRLTest26()2708     public void testDistributionPoints_InvalidIDPwithindirectCRLTest26() throws Exception {
2709         String trustAnchor = "TrustAnchorRootCertificate.crt";
2710 
2711         String[] certs = {
2712                 "InvalidIDPwithindirectCRLTest26EE.crt",
2713                 "indirectCRLCA1Cert.crt",
2714                 "indirectCRLCA2Cert.crt",
2715         };
2716 
2717         String[] crls = {
2718                 "TrustAnchorRootCRL.crl",
2719                 "indirectCRLCA1CRL.crl",
2720         };
2721 
2722         assertInvalidPath(trustAnchor, certs, crls);
2723     }
2724 
2725     /** NIST PKITS test 4.14.27 */
testDistributionPoints_InvalidcRLIssuerTest27()2726     public void testDistributionPoints_InvalidcRLIssuerTest27() throws Exception {
2727         String trustAnchor = "TrustAnchorRootCertificate.crt";
2728 
2729         String[] certs = {
2730                 "InvalidcRLIssuerTest27EE.crt",
2731                 "GoodCACert.crt",
2732                 "indirectCRLCA2Cert.crt",
2733         };
2734 
2735         String[] crls = {
2736                 "TrustAnchorRootCRL.crl",
2737                 "GoodCACRL.crl",
2738         };
2739 
2740         assertInvalidPath(trustAnchor, certs, crls);
2741     }
2742 
2743     /** NIST PKITS test 4.14.28 */
testDistributionPoints_ValidcRLIssuerTest28()2744     public void testDistributionPoints_ValidcRLIssuerTest28() throws Exception {
2745         String trustAnchor = "TrustAnchorRootCertificate.crt";
2746 
2747         String[] path = {
2748                 "ValidcRLIssuerTest28EE.crt",
2749                 "indirectCRLCA3Cert.crt",
2750         };
2751 
2752         String[] certs = {
2753                 "ValidcRLIssuerTest28EE.crt",
2754                 "indirectCRLCA3cRLIssuerCert.crt",
2755                 "indirectCRLCA3Cert.crt",
2756         };
2757 
2758         String[] crls = {
2759                 "TrustAnchorRootCRL.crl",
2760                 "indirectCRLCA3CRL.crl",
2761                 "indirectCRLCA3cRLIssuerCRL.crl",
2762         };
2763 
2764         assertValidPath(trustAnchor, path, certs, crls);
2765     }
2766 
2767     /** NIST PKITS test 4.14.29 */
testDistributionPoints_ValidcRLIssuerTest29()2768     public void testDistributionPoints_ValidcRLIssuerTest29() throws Exception {
2769         String trustAnchor = "TrustAnchorRootCertificate.crt";
2770 
2771         String[] path = {
2772                 "ValidcRLIssuerTest29EE.crt",
2773                 "indirectCRLCA3Cert.crt",
2774         };
2775 
2776         String[] certs = {
2777                 "ValidcRLIssuerTest29EE.crt",
2778                 "indirectCRLCA3cRLIssuerCert.crt",
2779                 "indirectCRLCA3Cert.crt",
2780         };
2781 
2782         String[] crls = {
2783                 "TrustAnchorRootCRL.crl",
2784                 "indirectCRLCA3CRL.crl",
2785                 "indirectCRLCA3cRLIssuerCRL.crl",
2786         };
2787 
2788         assertValidPath(trustAnchor, path, certs, crls);
2789     }
2790 
2791     /** NIST PKITS test 4.14.30 */
testDistributionPoints_ValidcRLIssuerTest30()2792     public void testDistributionPoints_ValidcRLIssuerTest30() throws Exception {
2793         String trustAnchor = "TrustAnchorRootCertificate.crt";
2794 
2795         String[] path = {
2796                 "ValidcRLIssuerTest30EE.crt",
2797                 "indirectCRLCA4Cert.crt",
2798         };
2799 
2800         String[] certs = {
2801                 "ValidcRLIssuerTest30EE.crt",
2802                 "indirectCRLCA4cRLIssuerCert.crt",
2803                 "indirectCRLCA4Cert.crt",
2804         };
2805 
2806         String[] crls = {
2807                 "TrustAnchorRootCRL.crl",
2808                 "indirectCRLCA4cRLIssuerCRL.crl",
2809         };
2810 
2811         assertValidPath(trustAnchor, path, certs, crls);
2812     }
2813 
2814     /** NIST PKITS test 4.14.31 */
testDistributionPoints_InvalidcRLIssuerTest31()2815     public void testDistributionPoints_InvalidcRLIssuerTest31() throws Exception {
2816         String trustAnchor = "TrustAnchorRootCertificate.crt";
2817 
2818         String[] certs = {
2819                 "InvalidcRLIssuerTest31EE.crt",
2820                 "indirectCRLCA6Cert.crt",
2821                 "indirectCRLCA5Cert.crt",
2822         };
2823 
2824         String[] crls = {
2825                 "TrustAnchorRootCRL.crl",
2826                 "indirectCRLCA5CRL.crl",
2827         };
2828 
2829         assertInvalidPath(trustAnchor, certs, crls);
2830     }
2831 
2832     /** NIST PKITS test 4.14.32 */
testDistributionPoints_InvalidcRLIssuerTest32()2833     public void testDistributionPoints_InvalidcRLIssuerTest32() throws Exception {
2834         String trustAnchor = "TrustAnchorRootCertificate.crt";
2835 
2836         String[] certs = {
2837                 "InvalidcRLIssuerTest32EE.crt",
2838                 "indirectCRLCA6Cert.crt",
2839                 "indirectCRLCA5Cert.crt",
2840         };
2841 
2842         String[] crls = {
2843                 "TrustAnchorRootCRL.crl",
2844                 "indirectCRLCA5CRL.crl",
2845         };
2846 
2847         assertInvalidPath(trustAnchor, certs, crls);
2848     }
2849 
2850     /** NIST PKITS test 4.14.33 */
testDistributionPoints_ValidcRLIssuerTest33()2851     public void testDistributionPoints_ValidcRLIssuerTest33() throws Exception {
2852         String trustAnchor = "TrustAnchorRootCertificate.crt";
2853 
2854         String[] path = {
2855                 "ValidcRLIssuerTest33EE.crt",
2856                 "indirectCRLCA6Cert.crt",
2857         };
2858 
2859         String[] certs = {
2860                 "ValidcRLIssuerTest33EE.crt",
2861                 "indirectCRLCA6Cert.crt",
2862                 "indirectCRLCA5Cert.crt",
2863         };
2864 
2865         String[] crls = {
2866                 "TrustAnchorRootCRL.crl",
2867                 "indirectCRLCA5CRL.crl",
2868         };
2869 
2870         assertValidPath(trustAnchor, path, certs, crls);
2871     }
2872 
2873     /** NIST PKITS test 4.14.34 */
testDistributionPoints_InvalidcRLIssuerTest34()2874     public void testDistributionPoints_InvalidcRLIssuerTest34() throws Exception {
2875         String trustAnchor = "TrustAnchorRootCertificate.crt";
2876 
2877         String[] certs = {
2878                 "InvalidcRLIssuerTest34EE.crt",
2879                 "indirectCRLCA5Cert.crt",
2880         };
2881 
2882         String[] crls = {
2883                 "TrustAnchorRootCRL.crl",
2884                 "indirectCRLCA5CRL.crl",
2885         };
2886 
2887         assertInvalidPath(trustAnchor, certs, crls);
2888     }
2889 
2890     /** NIST PKITS test 4.14.35 */
testDistributionPoints_InvalidcRLIssuerTest35()2891     public void testDistributionPoints_InvalidcRLIssuerTest35() throws Exception {
2892         String trustAnchor = "TrustAnchorRootCertificate.crt";
2893 
2894         String[] certs = {
2895                 "InvalidcRLIssuerTest35EE.crt",
2896                 "indirectCRLCA5Cert.crt",
2897         };
2898 
2899         String[] crls = {
2900                 "TrustAnchorRootCRL.crl",
2901                 "indirectCRLCA5CRL.crl",
2902         };
2903 
2904         assertInvalidPath(trustAnchor, certs, crls);
2905     }
2906 
2907     /** NIST PKITS test 4.15.1 */
testDeltaCRLs_InvaliddeltaCRLIndicatorNoBaseTest1()2908     public void testDeltaCRLs_InvaliddeltaCRLIndicatorNoBaseTest1() throws Exception {
2909         String trustAnchor = "TrustAnchorRootCertificate.crt";
2910 
2911         String[] certs = {
2912                 "InvaliddeltaCRLIndicatorNoBaseTest1EE.crt",
2913                 "deltaCRLIndicatorNoBaseCACert.crt",
2914         };
2915 
2916         String[] crls = {
2917                 "TrustAnchorRootCRL.crl",
2918                 "deltaCRLIndicatorNoBaseCACRL.crl",
2919         };
2920 
2921         assertInvalidPath(trustAnchor, certs, crls);
2922     }
2923 
2924     /** NIST PKITS test 4.15.2 */
testDeltaCRLs_ValiddeltaCRLTest2()2925     public void testDeltaCRLs_ValiddeltaCRLTest2() throws Exception {
2926         String trustAnchor = "TrustAnchorRootCertificate.crt";
2927 
2928         String[] certs = {
2929                 "ValiddeltaCRLTest2EE.crt",
2930                 "deltaCRLCA1Cert.crt",
2931         };
2932 
2933         String[] crls = {
2934                 "TrustAnchorRootCRL.crl",
2935                 "deltaCRLCA1CRL.crl",
2936                 "deltaCRLCA1deltaCRL.crl",
2937         };
2938 
2939         assertValidPath(trustAnchor, certs, crls);
2940     }
2941 
2942     /** NIST PKITS test 4.15.3 */
testDeltaCRLs_InvaliddeltaCRLTest3()2943     public void testDeltaCRLs_InvaliddeltaCRLTest3() throws Exception {
2944         String trustAnchor = "TrustAnchorRootCertificate.crt";
2945 
2946         String[] certs = {
2947                 "InvaliddeltaCRLTest3EE.crt",
2948                 "deltaCRLCA1Cert.crt",
2949         };
2950 
2951         String[] crls = {
2952                 "TrustAnchorRootCRL.crl",
2953                 "deltaCRLCA1CRL.crl",
2954                 "deltaCRLCA1deltaCRL.crl",
2955         };
2956 
2957         assertInvalidPath(trustAnchor, certs, crls);
2958     }
2959 
2960     /** NIST PKITS test 4.15.4 */
testDeltaCRLs_InvaliddeltaCRLTest4()2961     public void testDeltaCRLs_InvaliddeltaCRLTest4() throws Exception {
2962         String trustAnchor = "TrustAnchorRootCertificate.crt";
2963 
2964         String[] certs = {
2965                 "InvaliddeltaCRLTest4EE.crt",
2966                 "deltaCRLCA1Cert.crt",
2967         };
2968 
2969         String[] crls = {
2970                 "TrustAnchorRootCRL.crl",
2971                 "deltaCRLCA1CRL.crl",
2972                 "deltaCRLCA1deltaCRL.crl",
2973         };
2974 
2975         assertInvalidPath(trustAnchor, certs, crls);
2976     }
2977 
2978     /** NIST PKITS test 4.15.5 */
testDeltaCRLs_ValiddeltaCRLTest5()2979     public void testDeltaCRLs_ValiddeltaCRLTest5() throws Exception {
2980         String trustAnchor = "TrustAnchorRootCertificate.crt";
2981 
2982         String[] certs = {
2983                 "ValiddeltaCRLTest5EE.crt",
2984                 "deltaCRLCA1Cert.crt",
2985         };
2986 
2987         String[] crls = {
2988                 "TrustAnchorRootCRL.crl",
2989                 "deltaCRLCA1CRL.crl",
2990                 "deltaCRLCA1deltaCRL.crl",
2991         };
2992 
2993         assertValidPath(trustAnchor, certs, crls);
2994     }
2995 
2996     /** NIST PKITS test 4.15.6 */
testDeltaCRLs_InvaliddeltaCRLTest6()2997     public void testDeltaCRLs_InvaliddeltaCRLTest6() throws Exception {
2998         String trustAnchor = "TrustAnchorRootCertificate.crt";
2999 
3000         String[] certs = {
3001                 "InvaliddeltaCRLTest6EE.crt",
3002                 "deltaCRLCA1Cert.crt",
3003         };
3004 
3005         String[] crls = {
3006                 "TrustAnchorRootCRL.crl",
3007                 "deltaCRLCA1CRL.crl",
3008                 "deltaCRLCA1deltaCRL.crl",
3009         };
3010 
3011         assertInvalidPath(trustAnchor, certs, crls);
3012     }
3013 
3014     /** NIST PKITS test 4.15.7 */
testDeltaCRLs_ValiddeltaCRLTest7()3015     public void testDeltaCRLs_ValiddeltaCRLTest7() throws Exception {
3016         String trustAnchor = "TrustAnchorRootCertificate.crt";
3017 
3018         String[] certs = {
3019                 "ValiddeltaCRLTest7EE.crt",
3020                 "deltaCRLCA1Cert.crt",
3021         };
3022 
3023         String[] crls = {
3024                 "TrustAnchorRootCRL.crl",
3025                 "deltaCRLCA1CRL.crl",
3026                 "deltaCRLCA1deltaCRL.crl",
3027         };
3028 
3029         assertValidPath(trustAnchor, certs, crls);
3030     }
3031 
3032     /** NIST PKITS test 4.15.8 */
testDeltaCRLs_ValiddeltaCRLTest8()3033     public void testDeltaCRLs_ValiddeltaCRLTest8() throws Exception {
3034         String trustAnchor = "TrustAnchorRootCertificate.crt";
3035 
3036         String[] certs = {
3037                 "ValiddeltaCRLTest8EE.crt",
3038                 "deltaCRLCA2Cert.crt",
3039         };
3040 
3041         String[] crls = {
3042                 "TrustAnchorRootCRL.crl",
3043                 "deltaCRLCA2CRL.crl",
3044                 "deltaCRLCA2deltaCRL.crl",
3045         };
3046 
3047         assertValidPath(trustAnchor, certs, crls);
3048     }
3049 
3050     /** NIST PKITS test 4.15.9 */
testDeltaCRLs_InvaliddeltaCRLTest9()3051     public void testDeltaCRLs_InvaliddeltaCRLTest9() throws Exception {
3052         String trustAnchor = "TrustAnchorRootCertificate.crt";
3053 
3054         String[] certs = {
3055                 "InvaliddeltaCRLTest9EE.crt",
3056                 "deltaCRLCA2Cert.crt",
3057         };
3058 
3059         String[] crls = {
3060                 "TrustAnchorRootCRL.crl",
3061                 "deltaCRLCA2CRL.crl",
3062                 "deltaCRLCA2deltaCRL.crl",
3063         };
3064 
3065         assertInvalidPath(trustAnchor, certs, crls);
3066     }
3067 
3068     /** NIST PKITS test 4.15.10 */
testDeltaCRLs_InvaliddeltaCRLTest10()3069     public void testDeltaCRLs_InvaliddeltaCRLTest10() throws Exception {
3070         String trustAnchor = "TrustAnchorRootCertificate.crt";
3071 
3072         String[] certs = {
3073                 "InvaliddeltaCRLTest10EE.crt",
3074                 "deltaCRLCA3Cert.crt",
3075         };
3076 
3077         String[] crls = {
3078                 "TrustAnchorRootCRL.crl",
3079                 "deltaCRLCA3CRL.crl",
3080                 "deltaCRLCA3deltaCRL.crl",
3081         };
3082 
3083         assertInvalidPath(trustAnchor, certs, crls);
3084     }
3085 
3086     /** NIST PKITS test 4.16.1 */
testPrivateCertificateExtensions_ValidUnknownNotCriticalCertificateExtensionTest1()3087     public void testPrivateCertificateExtensions_ValidUnknownNotCriticalCertificateExtensionTest1() throws Exception {
3088         String trustAnchor = "TrustAnchorRootCertificate.crt";
3089 
3090         String[] certs = {
3091                 "ValidUnknownNotCriticalCertificateExtensionTest1EE.crt",
3092         };
3093 
3094         String[] crls = {
3095                 "TrustAnchorRootCRL.crl",
3096         };
3097 
3098         assertValidPath(trustAnchor, certs, crls);
3099     }
3100 
3101     /* DO NOT MANUALLY EDIT -- END AUTOMATICALLY GENERATED TESTS */
3102 }
3103