public class NistCertPathTest2
extends junit.framework.TestCase
| Constructor and Description |
|---|
NistCertPathTest2() |
| Modifier and Type | Method and Description |
|---|---|
void |
setUp() |
void |
test4_1_1()
4.1.1 Valid Signatures Test1
The purpose of this test is to verify an application's ability to name chain, signature chain, and
check validity dates, on certificates in a certification path.
|
void |
test4_1_2()
4.1.2 Invalid CA Signature Test2
The purpose of this test is to verify an application's ability to recognize an invalid signature on an
intermediate certificate in a certification path.
|
void |
test4_1_3()
4.1.3 Invalid EE Signature Test3
The purpose of this test is to verify an application's ability to recognize an invalid signature on an
end entity certificate in a certification path.
|
void |
test4_1_4()
4.1.4 Valid DSA Signatures Test4
The purpose of this test is to verify an application's ability to validate certificate in which DSA
signatures are used.
|
void |
test4_1_5()
4.1.5 Valid DSA Parameter Inheritance Test5
The purpose of this test is to verify an application's ability to validate DSA signatures when the
DSA parameters are not included in a certificate and need to be inherited from a previous
certificate in the path.
|
void |
test4_1_6()
4.1.6 Invalid DSA Signature Test6
The purpose of this test is to verify an application's ability to determine when a DSA signature is
invalid.
|
void |
test4_10_1()
4.10.1 Valid Policy Mapping Test1
In this test, the intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to
NIST-test-policy-2.
|
void |
test4_10_10()
4.10.10 Invalid Policy Mapping Test10
In this test, the first intermediate certificate asserts NIST-test-policy-1.
|
void |
test4_10_11()
4.10.11 Valid Policy Mapping Test11
In this test, the first intermediate certificate asserts NIST-test-policy-1.
|
void |
test4_10_12()
4.10.12 Valid Policy Mapping Test12
In this test, the intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and
maps NIST-test-policy-1 to NIST-test-policy-3.
|
void |
test4_10_13()
4.10.13 Valid Policy Mapping Test13
In this test, the intermediate certificate asserts NIST-test-policy-1 and anyPolicy and maps NISTtest-policy-1 to NIST-test-policy-2.
|
void |
test4_10_14()
4.10.14 Valid Policy Mapping Test14
In this test, the intermediate certificate asserts NIST-test-policy-1 and anyPolicy and maps NISTtest-policy-1 to NIST-test-policy-2.
|
void |
test4_10_2()
4.10.2 Invalid Policy Mapping Test2
In this test, the intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to
NIST-test-policy-2.
|
void |
test4_10_3()
4.10.3 Valid Policy Mapping Test3
In this test, the path is valid under NIST-test-policy-2 as a result of policy mappings.
|
void |
test4_10_4()
4.10.4 Invalid Policy Mapping Test4
In this test, the policy asserted in the end entity certificate is not in the authorities-constrainedpolicy-set.
|
void |
test4_10_5()
4.10.5 Valid Policy Mapping Test5
In this test, the path is valid under NIST-test-policy-1 as a result of policy mappings.
|
void |
test4_10_6()
4.10.6 Valid Policy Mapping Test6
In this test, the path is valid under NIST-test-policy-1 as a result of policy mappings.
|
void |
test4_10_7()
4.10.7 Invalid Mapping From anyPolicy Test7
In this test, the intermediate certificate includes a policyMappings extension that includes a
mapping in which the issuerDomainPolicy is anyPolicy.
|
void |
test4_10_8()
4.10.8 Invalid Mapping To anyPolicy Test8
In this test, the intermediate certificate includes a policyMappings extension that includes a
mapping in which the subjectDomainPolicy is anyPolicy.
|
void |
test4_10_9()
4.10.9 Valid Policy Mapping Test9
In this test, the intermediate certificate asserts anyPolicy and maps NIST-test-policy-1 to NISTtest-policy-2.
|
void |
test4_11_1()
4.11.1 Invalid inhibitPolicyMapping Test1
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a
policyConstraints extension with inhibitPolicyMapping set to 0.
|
void |
test4_11_10()
4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a
policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_11()
4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a
policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_2()
4.11.2 Valid inhibitPolicyMapping Test2
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and
includes a policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_3()
4.11.3 Invalid inhibitPolicyMapping Test3
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and
includes a policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_4()
4.11.4 Valid inhibitPolicyMapping Test4
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and
includes a policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_5()
4.11.5 Invalid inhibitPolicyMapping Test5
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a
policyConstraints extension with inhibitPolicyMapping set to 5.
|
void |
test4_11_6()
4.11.6 Invalid inhibitPolicyMapping Test6
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and
includes a policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_7()
4.11.7 Valid Self-Issued inhibitPolicyMapping Test7
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a
policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_8()
4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a
policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_11_9()
4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a
policyConstraints extension with inhibitPolicyMapping set to 1.
|
void |
test4_12_1()
4.12.1 Invalid inhibitAnyPolicy Test1
In this test, the intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 0.
|
void |
test4_12_10()
4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 1.
|
void |
test4_12_2()
4.12.2 Valid inhibitAnyPolicy Test2
In this test, the intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 0.
|
void |
test4_12_3()
4.12.3 inhibitAnyPolicy Test3
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 1.
|
void |
test4_12_4()
4.12.4 Invalid inhibitAnyPolicy Test4
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 1.
|
void |
test4_12_5()
4.12.5 Invalid inhibitAnyPolicy Test5
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 5.
|
void |
test4_12_6()
4.12.6 Invalid inhibitAnyPolicy Test6
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 1.
|
void |
test4_12_7()
4.12.7 Valid Self-Issued inhibitAnyPolicy Test7
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 1.
|
void |
test4_12_8()
4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 1.
|
void |
test4_12_9()
4.12.9 Valid Self-Issued inhibitAnyPolicy Test9
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an
inhibitAnyPolicy extension set to 1.
|
void |
test4_13_1()
4.13.1 Valid DN nameConstraints Test1
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_10()
4.13.10 Invalid DN nameConstraints Test10
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
permitted subtree and an excluded subtree.
|
void |
test4_13_11()
4.13.11 Valid DN nameConstraints Test11
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
permitted subtree and an excluded subtree.
|
void |
test4_13_12()
4.13.12 Invalid DN nameConstraints Test12
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_13()
4.13.13 Invalid DN nameConstraints Test13
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_14()
4.13.14 Valid DN nameConstraints Test14
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_15()
4.13.15 Invalid DN nameConstraints Test15
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_16()
4.13.16 Invalid DN nameConstraints Test16
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_17()
4.13.17 Invalid DN nameConstraints Test17
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_18()
4.13.18 Valid DN nameConstraints Test18
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_19()
4.13.19 Valid Self-Issued DN nameConstraints Test19
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_2()
4.13.2 Invalid DN nameConstraints Test2
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_20()
4.13.20 Invalid Self-Issued DN nameConstraints Test20
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_21()
4.13.21 Valid RFC822 nameConstraints Test21
�
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_22()
4.13.22 Invalid RFC822 nameConstraints Test22
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_23()
4.13.23 Valid RFC822 nameConstraints Test23
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_24()
4.13.24 Invalid RFC822 nameConstraints Test24
�
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_25()
4.13.25 Valid RFC822 nameConstraints Test25
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_26()
4.13.26 Invalid RFC822 nameConstraints Test26
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_27()
4.13.27 Valid DN and RFC822 nameConstraints Test27
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree of type directoryName.
|
void |
test4_13_28()
4.13.28 Invalid DN and RFC822 nameConstraints Test28
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree of type directoryName.
|
void |
test4_13_29()
4.13.29 Invalid DN and RFC822 nameConstraints Test29
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree of type directoryName.
|
void |
test4_13_3()
4.13.3 Invalid DN nameConstraints Test3
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_30()
4.13.30 Valid DNS nameConstraints Test30
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_31()
4.13.31 Invalid DNS nameConstraints Test31
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_32()
4.13.32 Valid DNS nameConstraints Test32
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_33()
4.13.33 Invalid DNS nameConstraints Test33
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_34()
4.13.34 Valid URI nameConstraints Test34
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_35()
4.13.35 Invalid URI nameConstraints Test35
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_36()
4.13.36 Valid URI nameConstraints Test36
�
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_37()
4.13.37 Invalid URI nameConstraints Test37
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_38()
4.13.38 Invalid DNS nameConstraints Test38
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_4()
4.13.4 Valid DN nameConstraints Test4
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single permitted subtree.
|
void |
test4_13_5()
4.13.5 Valid DN nameConstraints Test5
In this test, the intermediate certificate includes a nameConstraints extension that specifies two
permitted subtrees.
|
void |
test4_13_6()
4.13.6 Valid DN nameConstraints Test6
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_7()
4.13.7 Invalid DN nameConstraints Test7
In this test, the intermediate certificate includes a nameConstraints extension that specifies a
single excluded subtree.
|
void |
test4_13_8()
4.13.8 Invalid DN nameConstraints Test8
In this test, the intermediate certificate includes a nameConstraints extension that specifies two
excluded subtrees.
|
void |
test4_13_9()
4.13.9 Invalid DN nameConstraints Test9
In this test, the intermediate certificate includes a nameConstraints extension that specifies two
excluded subtrees.
|
void |
test4_14_1()
4.14.1 Valid distributionPoint Test1
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_10()
4.14.10 Valid No issuingDistributionPoint Test10
In this test, the CRL that covers the end entity certificate does not include an
issuingDistributionPoint extension.
|
void |
test4_14_11()
4.14.11 Invalid onlyContainsUserCerts CRL Test11
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint
extension with onlyContainsUserCerts set to TRUE.
|
void |
test4_14_12()
4.14.12 Invalid onlyContainsCACerts CRL Test12
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint
extension with onlyContainsCACerts set to TRUE.
|
void |
test4_14_13()
4.14.13 Valid onlyContainsCACerts CRL Test13
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint
extension with onlyContainsCACerts set to TRUE.
|
void |
test4_14_14()
4.14.14 Invalid onlyContainsAttributeCerts Test14
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint
extension with onlyContainsAttributeCerts set to TRUE.
|
void |
test4_14_15()
4.14.15 Invalid onlySomeReasons Test15
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise
and cACompromise reason codes and the other covering the remaining reason codes.
|
void |
test4_14_16()
4.14.16 Invalid onlySomeReasons Test16
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise
and cACompromise reason codes and the other covering the remaining reason codes.
|
void |
test4_14_17()
4.14.17 Invalid onlySomeReasons Test17
In this test, the intermediate certificate has issued two CRLs, one covering the affiliationChanged
and superseded reason codes and the other covering the cessationOfOperation and
certificateHold reason codes.
|
void |
test4_14_18()
4.14.18 Valid onlySomeReasons Test18
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise
and cACompromise reason codes and the other covering the remaining reason codes.
|
void |
test4_14_19()
4.14.19 Valid onlySomeReasons Test19
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise
and cACompromise reason codes and the other covering the remaining reason codes.
|
void |
test4_14_2()
4.14.2 Invalid distributionPoint Test2
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_20()
4.14.20 Invalid onlySomeReasons Test20
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise
and cACompromise reason codes and the other covering the remaining reason codes.
|
void |
test4_14_21()
4.14.21 Invalid onlySomeReasons Test21
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise
and cACompromise reason codes and the other covering the remaining reason codes.
|
void |
test4_14_22()
4.14.22 Valid IDP with indirectCRL Test22
In this test, the intermediate CA has issued a CRL that contains an issuingDistributionPoint
extension with the indirectCRL flag set.
|
void |
test4_14_23()
4.14.23 Invalid IDP with indirectCRL Test23
In this test, the intermediate CA has issued a CRL that contains an issuingDistributionPoint
extension with the indirectCRL flag set.
|
void |
test4_14_3()
4.14.3 Invalid distributionPoint Test3
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_34()
4.14.34 Invalid cRLIssuer Test34
In this test, the end entity certificate is issued by the same CA that issues the corresponding CRL,
but the CRL is also an indirect CRL for other CAs.
|
void |
test4_14_35()
4.14.35 Invalid cRLIssuer Test35
In this test, the end entity certificate includes a cRLDistributionPoints extension with both a
distributionPoint name and a cRLIssuer field indicating that the CRL is issued by an entity other
than the certificate issuer.
|
void |
test4_14_4()
4.14.4 Valid distributionPoint Test4
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_5()
4.14.5 Valid distributionPoint Test5
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_6()
4.14.6 Invalid distributionPoint Test6
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_7()
4.14.7 Valid distributionPoint Test7
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_8()
4.14.8 Invalid distributionPoint Test8
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single
DistributionPoint consisting of a distributionPoint with a distinguished name.
|
void |
test4_14_9()
4.14.9 Invalid distributionPoint Test9
In this test, the CRL that covers the end entity certificate includes an issuingDistributionPoint
extension with a distributionPoint.
|
void |
test4_15_1()
4.15.1 Invalid deltaCRLIndicator No Base Test1
In this test, the CRL covering the end entity certificate includes a deltaCRLIndicator extension,
but no other CRLs are available for the intermediate certificate.
|
void |
test4_15_10()
4.15.10 Invalid delta-CRL Test10
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_2()
4.15.2 Valid delta-CRL Test2
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_3()
4.15.3 Invalid delta-CRL Test3
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_4()
4.15.4 Invalid delta-CRL Test4
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_5()
4.15.5 Valid delta-CRL Test5
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_6()
4.15.6 Invalid delta-CRL Test6
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_7()
4.15.7 Valid delta-CRL Test7
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_8()
4.15.8 Valid delta-CRL Test8
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_15_9()
4.15.9 Invalid delta-CRL Test9
In this test, the intermediate CA has issued a complete CRL and a delta-CRL.
|
void |
test4_16_1()
4.16.1 Valid Unknown Not Critical Certificate Extension Test1
In this test, the end entity certificate contains a private, non-critical certificate extension.
|
void |
test4_16_2()
4.16.2 Invalid Unknown Critical Certificate Extension Test2
In this test, the end entity certificate contains a private, critical certificate extension.
|
void |
test4_2_1()
4.2.1 Invalid CA notBefore Date Test1
In this test, the intermediate certificate's notBefore date is after the current date.
|
void |
test4_2_2()
4.2.2 Invalid EE notBefore Date Test2
In this test, the end entity certificate's notBefore date is after the current date.
|
void |
test4_2_3()
4.2.3 Valid pre2000 UTC notBefore Date Test3
In this test, the end entity certificate's notBefore date is set to 1950 and is encoded in UTCTime.
|
void |
test4_2_4()
4.2.4 Valid GeneralizedTime notBefore Date Test4
In this test, the end entity certificate's notBefore date is specified in GeneralizedTime.
|
void |
test4_2_5()
4.2.5 Invalid CA notAfter Date Test5
In this test, the intermediate certificate's notAfter date is before the current date.
9
|
void |
test4_2_6()
4.2.6 Invalid EE notAfter Date Test6
In this test, the end entity certificate's notAfter date is before the current date.
|
void |
test4_2_7()
4.2.7 Invalid pre2000 UTC EE notAfter Date Test7
In this test, the end entity certificate's notAfter date is 1999 and is encoded in UTCTime.
|
void |
test4_2_8()
4.2.8 Valid GeneralizedTime notAfter Date Test8
In this test, the end entity certificate's notAfter date is 2050 and is encoded in GeneralizedTime.
|
void |
test4_3_1()
4.3.1 Invalid Name Chaining EE Test1
In this test, the common name (cn=) portion of the issuer's name in the end entity certificate does
not match the common name portion of the subject's name in the preceding intermediate certificate.
|
void |
test4_3_10()
4.3.10 Valid Rollover from PrintableString to UTF8String Test10
In this test, the attribute values for the common name and organization attribute types in the issuer
and subject fields of the end certificate and the issuer field of the intermediate certificate's CRL
are encoded in UTF8String.
|
void |
test4_3_11()
4.3.11 Valid UTF8String Case Insensitive Match Test11
In this test, the attribute values for the common name and organization attribute types in the
subject fields of the intermediate and end certificates and the issuer fields of the end certificate
and the intermediate certificate's CRL are encoded in UTF8String.
|
void |
test4_3_2()
4.3.2 Invalid Name Chaining Order Test2
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding
intermediate certificate contain the same relative distinguished names (RDNs), but their ordering is
different.
|
void |
test4_3_3()
4.3.3 Valid Name Chaining Whitespace Test3
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding
intermediate certificate differ in internal whitespace, but match once the internal whitespace is
compressed.
|
void |
test4_3_4()
4.3.4 Valid Name Chaining Whitespace Test4
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding
intermediate certificate differ in leading and trailing whitespace, but match once all leading and
trailing whitespace is removed.
|
void |
test4_3_5()
4.3.5 Valid Name Chaining Capitalization Test5
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding
intermediate certificate differ in capitalization, but match when a case insensitive match is
performed.
|
void |
test4_3_6()
4.3.6 Valid Name Chaining UIDs Test6
In this test, the intermediate certificate includes a subjectUniqueID and the end entity certificate
includes a matching issuerUniqueID.
12
|
void |
test4_3_7()
4.3.7 Valid RFC3280 Mandatory Attribute Types Test7
In this test, this intermediate certificate includes a subject name that includes the attribute types
distinguished name qualifier, state or province name, serial number, domain component,
organization, and country.
|
void |
test4_3_8()
4.3.8 Valid RFC3280 Optional Attribute Types Test8
In this test, this intermediate certificate includes a subject name that includes the attribute types
locality, title, surname, given name, initials, pseudonym, generation qualifier, organization, and
country.
|
void |
test4_3_9()
4.3.9 Valid UTF8String Encoded Names Test9
In this test, the attribute values for the common name and organization attribute types in the
subject fields of the intermediate and end certificates and the issuer fields of the end certificate
and the intermediate certificate's CRL are encoded in UTF8String.
13
|
void |
test4_4_1()
4.4.1 Missing CRL Test1
In this test, there is no revocation information available from the intermediate CA, making it
impossible to determine the status of the end certificate.
|
void |
test4_4_10()
4.4.10 Invalid Unknown CRL Extension Test10
In this test the intermediate CA's CRL contains a made up critical extension in the crlExtensions
field.
|
void |
test4_4_11()
4.4.11 Invalid Old CRL nextUpdate Test11
In this test the intermediate CA's CRL has a nextUpdate time that is far in the past (January
2010), indicating that the CA has already issued updated revocation information.
|
void |
test4_4_12()
4.4.12 Invalid pre2000 CRL nextUpdate Test12
In this test the intermediate CA's CRL has a nextUpdate time that is in 1999 indicating that the
CA has already issued updated revocation information.
|
void |
test4_4_13()
4.4.13 Valid GeneralizedTime CRL nextUpdate Test13
In this test the intermediate CA's CRL has a nextUpdate time that is in 2050.
|
void |
test4_4_14()
4.4.14 Valid Negative Serial Number Test14
RFC 3280 mandates that certificate serial numbers be positive integers, but states that relying
parties should be prepared to gracefully handle certificates with serial numbers that are negative,
or zero.
|
void |
test4_4_15()
4.4.15 Invalid Negative Serial Number Test15
RFC 3280 mandates that certificate serial numbers be positive integers, but states that relying
parties should be prepared to gracefully handle certificates with serial numbers that are negative,
or zero.
|
void |
test4_4_16()
4.4.16 Valid Long Serial Number Test16
RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets
long.
|
void |
test4_4_17()
4.4.17 Valid Long Serial Number Test17
RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets
long.
|
void |
test4_4_18()
4.4.18 Invalid Long Serial Number Test18
RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets
long.
|
void |
test4_4_2()
4.4.2 Invalid Revoked CA Test2
In this test, the CRL issued by the first intermediate CA indicates that the second intermediate
certificate in the path has been revoked.
|
void |
test4_4_3()
4.4.3 Invalid Revoked EE Test3
In this test, the CRL issued by the intermediate CA indicates that the end entity certificate has been
revoked.
|
void |
test4_4_4()
4.4.4 Invalid Bad CRL Signature Test4
In this test, the signature on the CRL issued by the intermediate CA is invalid.
|
void |
test4_4_5()
4.4.5 Invalid Bad CRL Issuer Name Test5
In this test, the issuer name in the CRL signed by the intermediate CA does not match the issuer
name in the end entity's certificate.
|
void |
test4_4_6()
4.4.6 Invalid Wrong CRL Test6
In this test, the wrong CRL is in the intermediate certificate's directory entry.
|
void |
test4_4_7()
4.4.7 Valid Two CRLs Test7
In this test, there are two CRLs in the intermediate CAs directory entry, one that is correct and one
that contains the wrong issuer name.
|
void |
test4_4_8()
4.4.8 Invalid Unknown CRL Entry Extension Test8
In this test, the end entity's certificate has been revoked.
|
void |
test4_4_9()
4.4.9 Invalid Unknown CRL Extension Test9
In this test, the end entity's certificate has been revoked.
|
void |
test4_5_1()
4.5.1 Valid Basic Self-Issued Old With New Test1
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the
intermediate CA's new public key.
|
void |
test4_5_2()
4.5.2 Invalid Basic Self-Issued Old With New Test2
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the
intermediate CA's new public key.
|
void |
test4_5_3()
4.5.3 Valid Basic Self-Issued New With Old Test3
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the
intermediate CA's old public key.
|
void |
test4_5_8()
4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8
In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other
for signing CRLs.
|
void |
test4_6_1()
4.6.1 Invalid Missing basicConstraints Test1
In this test, the intermediate certificate does not have a basicConstraints extension.
|
void |
test4_6_10()
4.6.10 Invalid pathLenConstraint Test10
This test consists of a certification path of length 4.
|
void |
test4_6_11()
4.6.11 Invalid pathLenConstraint Test11
This test consists of a certification path of length 5.
|
void |
test4_6_12()
4.6.12 Invalid pathLenConstraint Test12
This test consists of a certification path of length 5.
|
void |
test4_6_13()
4.6.13 Valid pathLenConstraint Test13
This test consists of a certification path of length 5.
|
void |
test4_6_14()
4.6.14 Valid pathLenConstraint Test14
This test consists of a certification path of length 5.
|
void |
test4_6_15()
4.6.15 Valid Self-Issued pathLenConstraint Test15
In this test, the first certificate in the path includes a basicConstraints extension with a
pathLenConstraint of 0 (allowing 0 additional non-self-issued intermediate certificates in the
path).
|
void |
test4_6_16()
4.6.16 Invalid Self-Issued pathLenConstraint Test16
In this test, the first certificate in the path includes a basicConstraints extension with a
pathLenConstraint of 0 (allowing 0 additional non-self-issued intermediate certificates in the
path).
|
void |
test4_6_17()
4.6.17 Valid Self-Issued pathLenConstraint Test17
In this test, the first certificate in the path includes a basicConstraints extension with a
pathLenConstraint of 1 (allowing 1 additional non-self-issued intermediate certificate in the
path).
|
void |
test4_6_2()
4.6.2 Invalid cA False Test2
In this test, the basicConstraints extension is present in the intermediate certificate and is marked
critical, but the cA component is false, indicating that the subject public key may not be used to
verify signatures on certificates.
|
void |
test4_6_3()
4.6.3 Invalid cA False Test3
In this test, the basicConstraints extension is present in the intermediate certificate and is marked
not critical, but the cA component is false, indicating that the subject public key may not be used to
verify signatures on certificates.
|
void |
test4_6_4()
4.6.4 Valid basicConstraints Not Critical Test4
In this test, the basicConstraints extension is present in the intermediate certificate and the cA
component is true, but the extension is marked not critical.
|
void |
test4_6_5()
4.6.5 Invalid pathLenConstraint Test5
In this test, the first certificate in the path includes a basicConstraints extension with a
pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path).
|
void |
test4_6_6()
4.6.6 Invalid pathLenConstraint Test6
In this test, the first certificate in the path includes a basicConstraints extension with a
pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path).
|
void |
test4_6_7()
4.6.7 Valid pathLenConstraint Test7
In this test, the first certificate in the path includes a basicConstraints extension with a
pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path).
|
void |
test4_6_8()
4.6.8 Valid pathLenConstraint Test8
In this test, the first certificate in the path includes a basicConstraints extension with a
pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path).
|
void |
test4_6_9()
4.6.9 Invalid pathLenConstraint Test9
This test consists of a certification path of length 4.
|
void |
test4_7_1()
4.7.1 Invalid keyUsage Critical keyCertSign False Test1
In this test, the intermediate certificate includes a critical keyUsage extension in which
keyCertSign is false.
|
void |
test4_7_2()
4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2
In this test, the intermediate certificate includes a non-critical keyUsage extension in which
keyCertSign is false.
|
void |
test4_7_3()
4.7.3 Valid keyUsage Not Critical Test3
In this test, the intermediate certificate includes a non-critical keyUsage extension.
34
|
void |
test4_7_4()
4.7.4 Invalid keyUsage Critical cRLSign False Test4
In this test, the intermediate certificate includes a critical keyUsage extension in which cRLSign
is false.
|
void |
test4_7_5()
4.7.5 Invalid keyUsage Not Critical cRLSign False Test5
In this test, the intermediate certificate includes a non-critical keyUsage extension in which
cRLSign is false.
|
void |
test4_8_1()
4.8.1 All Certificates Same Policy Test1
In this test, every certificate in the path asserts the same policy, NIST-test-policy-1.
|
void |
test4_8_10()
4.8.10 All Certificates Same Policies Test10
In this test, every certificate in the path asserts the same policies, NIST-test-policy-1 and NISTtest-policy-2.
|
void |
test4_8_11()
4.8.11 All Certificates AnyPolicy Test11
In this test, every certificate in the path asserts the special policy anyPolicy.
|
void |
test4_8_12()
4.8.12 Different Policies Test12
In this test, the path consists of two certificates, each of which asserts a different certificate policy.
|
void |
test4_8_13()
4.8.13 All Certificates Same Policies Test13
In this test, every certificate in the path asserts the same policies, NIST-test-policy-1, NIST-testpolicy-2, and NIST-test-policy-3.
|
void |
test4_8_14()
4.8.14 AnyPolicy Test14
In this test, the intermediate certificate asserts anyPolicy and the end entity certificate asserts
NIST-test-policy-1.
|
void |
test4_8_15()
4.8.15 User Notice Qualifier Test15
In this test, the path consists of a single certificate.
|
void |
test4_8_16()
4.8.16 User Notice Qualifier Test16
In this test, the path consists of an intermediate certificate and an end entity certificate.
|
void |
test4_8_17()
4.8.17 User Notice Qualifier Test17
In this test, the path consists of an intermediate certificate and an end entity certificate.
|
void |
test4_8_18()
4.8.18 User Notice Qualifier Test18
In this test, the intermediate certificate asserts policies NIST-test-policy-1 and NIST-test-policy-2.
|
void |
test4_8_19()
4.8.19 User Notice Qualifier Test19
In this test, the path consists of a single certificate.
|
void |
test4_8_2()
4.8.2 All Certificates No Policies Test2
In this test, the certificatePolicies extension is omitted from every certificate in the path.
|
void |
test4_8_20()
4.8.20 CPS Pointer Qualifier Test20
In this test, the path consists of an intermediate certificate and an end entity certificate, both of
which assert the policy NIST-test-policy-1.
|
void |
test4_8_3()
4.8.3 Different Policies Test3
In this test, every certificate in the path asserts the same certificate policy except the first certificate
in the path.
|
void |
test4_8_4()
4.8.4 Different Policies Test4
In this test, every certificate in the path asserts the same certificate policy except the end entity
certificate.
|
void |
test4_8_5()
4.8.5 Different Policies Test5
In this test, every certificate in the path except the second certificate asserts the same policy.
|
void |
test4_8_6()
4.8.6 Overlapping Policies Test6
The following path is such that the intersection of certificate policies among all the certificates has
exactly one policy, NIST-test-policy-1.
|
void |
test4_8_7()
4.8.7 Different Policies Test7
The following path is such that the intersection of certificate policies among all the certificates is
empty.
|
void |
test4_8_8()
4.8.8 Different Policies Test8
The following path is such that the intersection of certificate policies among all the certificates is
empty.
|
void |
test4_8_9()
4.8.9 Different Policies Test9
The following path is such that the intersection of certificate policies among all the certificates is
empty.
|
void |
test4_9_1()
4.9.1 Valid RequireExplicitPolicy Test1
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 10.
|
void |
test4_9_2()
4.9.2 Valid RequireExplicitPolicy Test2
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 5.
|
void |
test4_9_3()
4.9.3 Invalid RequireExplicitPolicy Test3
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 4.
|
void |
test4_9_4()
4.9.4 Valid RequireExplicitPolicy Test4
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 0.
|
void |
test4_9_5()
4.9.5 Invalid RequireExplicitPolicy Test5
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 7.
|
void |
test4_9_6()
4.9.6 Valid Self-Issued requireExplicitPolicy Test6
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 2.
|
void |
test4_9_7()
4.9.7 Invalid Self-Issued requireExplicitPolicy Test7
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 2.
|
void |
test4_9_8()
4.9.8 Invalid Self-Issued requireExplicitPolicy Test8
In this test, the first certificate in the path includes a policyConstraints extension with
requireExplicitPolicy set to 2.
|
void |
xtest4_14_24()
4.14.24 Valid IDP with indirectCRL Test24
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_25()
4.14.25 Valid IDP with indirectCRL Test25
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_26()
4.14.26 Invalid IDP with indirectCRL Test26
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_27()
4.14.27 Invalid cRLIssuer Test27
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_28()
4.14.28 Valid cRLIssuer Test28
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_29()
4.14.29 Valid cRLIssuer Test29
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_30()
4.14.30 Valid cRLIssuer Test30
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_31()
4.14.31 Invalid cRLIssuer Test31
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_32()
4.14.32 Invalid cRLIssuer Test32
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_14_33()
4.14.33 Valid cRLIssuer Test33
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer.
|
void |
xtest4_4_19()
4.4.19 Valid Separate Certificate and CRL Keys Test19
In this test, the intermediate CA uses different keys to sign certificates and CRLs.
|
void |
xtest4_4_20()
4.4.20 Invalid Separate Certificate and CRL Keys Test20
In this test, the intermediate CA uses different keys to sign certificates and CRLs.
|
void |
xtest4_4_21()
4.4.21 Invalid Separate Certificate and CRL Keys Test21
In this test, the intermediate CA uses different keys to sign certificates and CRLs.
|
void |
xtest4_5_4()
4.5.4 Valid Basic Self-Issued New With Old Test4
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the
intermediate CA's old public key.
|
void |
xtest4_5_5()
4.5.5 Invalid Basic Self-Issued New With Old Test5
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the
intermediate CA's old public key.
|
void |
xtest4_5_6()
4.5.6 Valid Basic Self-Issued CRL Signing Key Test6
In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other
for signing CRLs.
|
void |
xtest4_5_7()
4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7
In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other
for signing CRLs.
|
assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertFalse, assertFalse, assertNotNull, assertNotNull, assertNotSame, assertNotSame, assertNull, assertNull, assertSame, assertSame, assertTrue, assertTrue, countTestCases, createResult, fail, fail, failNotEquals, failNotSame, failSame, format, getName, run, run, runBare, runTest, setName, tearDown, toStringpublic void setUp()
setUp in class junit.framework.TestCasepublic void test4_1_1()
throws java.lang.Exception
The purpose of this test is to verify an application's ability to name chain, signature chain, and check validity dates, on certificates in a certification path. It also tests processing of the basic constraints and key usage extensions in intermediate certificates.
java.lang.Exceptionpublic void test4_1_2()
throws java.lang.Exception
The purpose of this test is to verify an application's ability to recognize an invalid signature on an intermediate certificate in a certification path.
java.lang.Exceptionpublic void test4_1_3()
throws java.lang.Exception
The purpose of this test is to verify an application's ability to recognize an invalid signature on an end entity certificate in a certification path.
java.lang.Exceptionpublic void test4_1_4()
throws java.lang.Exception
The purpose of this test is to verify an application's ability to validate certificate in which DSA signatures are used. The intermediate CA and the end entity have DSA key pairs.
java.lang.Exceptionpublic void test4_1_5()
throws java.lang.Exception
The purpose of this test is to verify an application's ability to validate DSA signatures when the DSA parameters are not included in a certificate and need to be inherited from a previous certificate in the path. The intermediate CAs and the end entity have DSA key pairs.
java.lang.Exceptionpublic void test4_1_6()
throws java.lang.Exception
The purpose of this test is to verify an application's ability to determine when a DSA signature is invalid. The intermediate CA and the end entity have DSA key pairs.
java.lang.Exceptionpublic void test4_2_1()
throws java.lang.Exception
In this test, the intermediate certificate's notBefore date is after the current date.
java.lang.Exceptionpublic void test4_2_2()
throws java.lang.Exception
In this test, the end entity certificate's notBefore date is after the current date.
java.lang.Exceptionpublic void test4_2_3()
throws java.lang.Exception
In this test, the end entity certificate's notBefore date is set to 1950 and is encoded in UTCTime.
java.lang.Exceptionpublic void test4_2_4()
throws java.lang.Exception
In this test, the end entity certificate's notBefore date is specified in GeneralizedTime.
java.lang.Exceptionpublic void test4_2_5()
throws java.lang.Exception
In this test, the intermediate certificate's notAfter date is before the current date. 9
java.lang.Exceptionpublic void test4_2_6()
throws java.lang.Exception
In this test, the end entity certificate's notAfter date is before the current date.
java.lang.Exceptionpublic void test4_2_7()
throws java.lang.Exception
In this test, the end entity certificate's notAfter date is 1999 and is encoded in UTCTime.
java.lang.Exceptionpublic void test4_2_8()
throws java.lang.Exception
In this test, the end entity certificate's notAfter date is 2050 and is encoded in GeneralizedTime.
java.lang.Exceptionpublic void test4_3_1()
throws java.lang.Exception
In this test, the common name (cn=) portion of the issuer's name in the end entity certificate does not match the common name portion of the subject's name in the preceding intermediate certificate.
java.lang.Exceptionpublic void test4_3_2()
throws java.lang.Exception
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate contain the same relative distinguished names (RDNs), but their ordering is different.
java.lang.Exceptionpublic void test4_3_3()
throws java.lang.Exception
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate differ in internal whitespace, but match once the internal whitespace is compressed.
java.lang.Exceptionpublic void test4_3_4()
throws java.lang.Exception
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate differ in leading and trailing whitespace, but match once all leading and trailing whitespace is removed.
java.lang.Exceptionpublic void test4_3_5()
throws java.lang.Exception
In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate differ in capitalization, but match when a case insensitive match is performed.
java.lang.Exceptionpublic void test4_3_6()
throws java.lang.Exception
In this test, the intermediate certificate includes a subjectUniqueID and the end entity certificate includes a matching issuerUniqueID. 12
java.lang.Exceptionpublic void test4_3_7()
throws java.lang.Exception
In this test, this intermediate certificate includes a subject name that includes the attribute types distinguished name qualifier, state or province name, serial number, domain component, organization, and country.
java.lang.Exceptionpublic void test4_3_8()
throws java.lang.Exception
In this test, this intermediate certificate includes a subject name that includes the attribute types locality, title, surname, given name, initials, pseudonym, generation qualifier, organization, and country.
java.lang.Exceptionpublic void test4_3_9()
throws java.lang.Exception
In this test, the attribute values for the common name and organization attribute types in the subject fields of the intermediate and end certificates and the issuer fields of the end certificate and the intermediate certificate's CRL are encoded in UTF8String. 13
java.lang.Exceptionpublic void test4_3_10()
throws java.lang.Exception
In this test, the attribute values for the common name and organization attribute types in the issuer and subject fields of the end certificate and the issuer field of the intermediate certificate's CRL are encoded in UTF8String. However, these attribute types are encoded in PrintableString in the subject field of the intermediate certificate.
java.lang.Exceptionpublic void test4_3_11()
throws java.lang.Exception
In this test, the attribute values for the common name and organization attribute types in the subject fields of the intermediate and end certificates and the issuer fields of the end certificate and the intermediate certificate's CRL are encoded in UTF8String. The subject of the intermediate certificate and the issuer of the end certificate differ in capitalization and whitespace, but match when a case insensitive match is performed.
java.lang.Exceptionpublic void test4_4_1()
throws java.lang.Exception
In this test, there is no revocation information available from the intermediate CA, making it impossible to determine the status of the end certificate.
java.lang.Exceptionpublic void test4_4_2()
throws java.lang.Exception
In this test, the CRL issued by the first intermediate CA indicates that the second intermediate certificate in the path has been revoked.
java.lang.Exceptionpublic void test4_4_3()
throws java.lang.Exception
In this test, the CRL issued by the intermediate CA indicates that the end entity certificate has been revoked.
java.lang.Exceptionpublic void test4_4_4()
throws java.lang.Exception
In this test, the signature on the CRL issued by the intermediate CA is invalid.
java.lang.Exceptionpublic void test4_4_5()
throws java.lang.Exception
In this test, the issuer name in the CRL signed by the intermediate CA does not match the issuer name in the end entity's certificate.
java.lang.Exceptionpublic void test4_4_6()
throws java.lang.Exception
In this test, the wrong CRL is in the intermediate certificate's directory entry. There is no CRL available from the intermediate CA making it impossible to determine the status of the end entity's certificate.
java.lang.Exceptionpublic void test4_4_7()
throws java.lang.Exception
In this test, there are two CRLs in the intermediate CAs directory entry, one that is correct and one that contains the wrong issuer name. The correct CRL does not list any certificates as revoked. The incorrect CRL includes the serial number of the end entity's certificate on its list of revoked certificates.
java.lang.Exceptionpublic void test4_4_8()
throws java.lang.Exception
In this test, the end entity's certificate has been revoked. In the intermediate CA's CRL, there is a made up critical crlEntryExtension associated with the end entity certificate's serial number. [X.509 7.3] When an implementation processing a CRL encounters the serial number of the certificate of interest in a CRL entry, but does not recognize a critical extension in the crlEntryExtensions field from that CRL entry, that CRL cannot be used to determine the status of the certificate.
java.lang.Exceptionpublic void test4_4_9()
throws java.lang.Exception
In this test, the end entity's certificate has been revoked. In the intermediate CA's CRL, there is a made up critical extension in the crlExtensions field. [X.509 7.3] When an implementation does not recognize a critical extension in the crlExtensions field, that CRL cannot be used to determine the status of the certificate, regardless of whether the serial number of the certificate of interest appears in that CRL or not.
java.lang.Exceptionpublic void test4_4_10()
throws java.lang.Exception
In this test the intermediate CA's CRL contains a made up critical extension in the crlExtensions field. The end entity certificate's serial number is not listed on the CRL, however, due to the presence of an unknown critical CRL extension, the relying party can not be sure that the list of serial numbers on the revokedCertificates list includes all certificates that have been revoked by the intermediate CA. As a result, the relying party can not verify that the end entity's certificate has not been revoked. 18
java.lang.Exceptionpublic void test4_4_11()
throws java.lang.Exception
In this test the intermediate CA's CRL has a nextUpdate time that is far in the past (January 2010), indicating that the CA has already issued updated revocation information. Since the information in the CRL is out-of-date and a more up-to-date CRL (that should have already been issued) can not be obtained, the certification path should be treated as if the status of the end entity certificate can not be determined.3
java.lang.Exceptionpublic void test4_4_12()
throws java.lang.Exception
In this test the intermediate CA's CRL has a nextUpdate time that is in 1999 indicating that the CA has already issued updated revocation information. Since the information in the CRL is outof-date and a more up-to-date CRL (that should have already been issued) can not be obtained, the certification path should be treated as if the status of the end entity certificate can not be determined.
java.lang.Exceptionpublic void test4_4_13()
throws java.lang.Exception
In this test the intermediate CA's CRL has a nextUpdate time that is in 2050. Since the nextUpdate time is in the future, this CRL may contain the most up-to-date certificate status information that is available from the intermediate CA and so the relying party may use this CRL to determine the status of the end entity certificate.
java.lang.Exceptionpublic void test4_4_14()
throws java.lang.Exception
RFC 3280 mandates that certificate serial numbers be positive integers, but states that relying parties should be prepared to gracefully handle certificates with serial numbers that are negative, or zero. In this test, the end entity's certificate has a serial number of 255 (DER encoded as "00 FF") and the corresponding CRL lists the certificate with serial number -1 (DER encoded as "FF") as revoked.
java.lang.Exceptionpublic void test4_4_15()
throws java.lang.Exception
RFC 3280 mandates that certificate serial numbers be positive integers, but states that relying parties should be prepared to gracefully handle certificates with serial numbers that are negative, or zero. In this test, the end entity's certificate has a serial number of -1 (DER encoded as "FF") and the corresponding CRL lists this certificate as revoked.
java.lang.Exceptionpublic void test4_4_16()
throws java.lang.Exception
RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets long. In this test, the end entity's certificate has a 20 octet serial number that is not listed on the corresponding CRL, but the serial number matches the serial number listed on the CRL in all but the least significant octet.
java.lang.Exceptionpublic void test4_4_17()
throws java.lang.Exception
RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets long. In this test, the end entity's certificate has a 20 octet serial number that is not listed on the corresponding CRL, but the serial number matches the serial number listed on the CRL in all but the most significant octet.
java.lang.Exceptionpublic void test4_4_18()
throws java.lang.Exception
RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets long. In this test, the end entity's certificate has a 20 octet serial number and the certificate's serial number is listed on the corresponding CRL.
java.lang.Exceptionpublic void xtest4_4_19()
throws java.lang.Exception
In this test, the intermediate CA uses different keys to sign certificates and CRLs. The Trust Anchor CA has issued two certificates to the intermediate CA, one for each key. The end entity's certificate was signed using the intermediate CA's certificate signing key.
java.lang.Exceptionpublic void xtest4_4_20()
throws java.lang.Exception
In this test, the intermediate CA uses different keys to sign certificates and CRLs. The Trust Anchor CA has issued two certificates to the intermediate CA, one for each key. The end entity's certificate was signed using the intermediate CA's certificate signing key. The CRL issued by the intermediate CA lists the end entity's certificate as revoked.
java.lang.Exceptionpublic void xtest4_4_21()
throws java.lang.Exception
In this test, the intermediate CA uses different keys to sign certificates and CRLs. The Trust Anchor CA has issued two certificates to the intermediate CA, one for each key. The certificate issued to the intermediate CA's CRL verification key has been revoked. The end entity's certificate was signed using the intermediate CA's certificate signing key.
java.lang.Exceptionpublic void test4_5_1()
throws java.lang.Exception
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's new public key. The end entity's certificate was signed using the intermediate CA's old private key, requiring the relying party to use the CA's old-signed-with-new self-issued certificate in order to validate the end entity's certificate. The intermediate CA issues one CRL, signed with its new private key, that covers all of the unexpired certificates that it has issued.
java.lang.Exceptionpublic void test4_5_2()
throws java.lang.Exception
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's new public key. The end entity's certificate was signed using the intermediate CA's old private key, requiring the relying party to use the CA's old-signed-with-new self-issued certificate in order to validate the end entity's certificate. The intermediate CA issues one CRL, signed with its new private key, that covers all of the unexpired certificates that it has issued. This CRL indicates that the end entity's certificate has been revoked.
java.lang.Exceptionpublic void test4_5_3()
throws java.lang.Exception
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's old public key. The end entity's certificate and a CRL covering all certificates issued by the intermediate CA was signed using the intermediate CA's new private key, requiring the relying party to use the CA's new-signed-with-old self-issued certificate in order to validate both the end entity's certificate and the intermediate CA's CRL. There is a second CRL, signed using the intermediate CA's old private key that only covers the new-signed-with-old self-issued certificate.
java.lang.Exceptionpublic void xtest4_5_4()
throws java.lang.Exception
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's old public key. The end entity's certificate was signed using the intermediate CA's old private key, so there is no need to use a self-issued certificate to create a certification path from the Trust Anchor to the end entity. However, the CRL covering all certificates issued by the intermediate CA was signed using the intermediate CA's new private key, requiring the relying party to use the CA's new-signed-with-old self-issued certificate in order to validate the intermediate CA's CRL. This CRL must be validated in order to determine the status of the end entity's certificate. There is a second CRL, signed using the intermediate CA's old private key that only covers the new-signed-with-old self-issued certificate.
java.lang.Exceptionpublic void xtest4_5_5()
throws java.lang.Exception
In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's old public key. The end entity's certificate was signed using the intermediate CA's old private key, so there is no need to use a self-issued certificate to create a certification path from the Trust Anchor to the end entity. However, the CRL covering all certificates issued by the intermediate CA was signed using the intermediate CA's new private key, requiring the relying party to use the CA's new-signed-with-old self-issued certificate in order to validate the intermediate CA's CRL. This CRL must be validated in order to determine the status of the end entity's certificate. There is a second CRL, signed using the intermediate CA's old private key that only covers the new-signed-with-old self-issued certificate. The end entity's certificate has been revoked.
java.lang.Exceptionpublic void xtest4_5_6()
throws java.lang.Exception
In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other for signing CRLs. The Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's certificate verification public key, and the intermediate CA has issued a self-issued certificate that contains its CRL verification key. The intermediate CA's certificate signing private key has been used to sign a CRL that only covers the self-issued certificate.
java.lang.Exceptionpublic void xtest4_5_7()
throws java.lang.Exception
In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other for signing CRLs. The Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's certificate verification public key, and the intermediate CA has issued a self-issued certificate that contains its CRL verification key. The intermediate CA's certificate signing private key has been used to sign a CRL that only covers the self-issued certificate. The end entity's certificate has been revoked.
java.lang.Exceptionpublic void test4_5_8()
throws java.lang.Exception
In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other for signing CRLs. The Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's certificate verification public key, and the intermediate CA has issued a self-issued certificate that contains its CRL verification key. The intermediate CA's certificate signing private key has been used to sign a CRL that only covers the self-issued certificate. The end entity's certificate was signed using the CRL signing key.
java.lang.Exceptionpublic void test4_6_1()
throws java.lang.Exception
In this test, the intermediate certificate does not have a basicConstraints extension.
java.lang.Exceptionpublic void test4_6_2()
throws java.lang.Exception
In this test, the basicConstraints extension is present in the intermediate certificate and is marked critical, but the cA component is false, indicating that the subject public key may not be used to verify signatures on certificates.
java.lang.Exceptionpublic void test4_6_3()
throws java.lang.Exception
In this test, the basicConstraints extension is present in the intermediate certificate and is marked not critical, but the cA component is false, indicating that the subject public key may not be used to verify signatures on certificates. As specified in section 8.4.2.1 of X.509, the application must reject the path either because the application does not recognize the basicConstraints extension or because cA is set to false.
java.lang.Exceptionpublic void test4_6_4()
throws java.lang.Exception
In this test, the basicConstraints extension is present in the intermediate certificate and the cA component is true, but the extension is marked not critical.
java.lang.Exceptionpublic void test4_6_5()
throws java.lang.Exception
In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by a second intermediate certificate and a end entity certificate.
java.lang.Exceptionpublic void test4_6_6()
throws java.lang.Exception
In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by two more CA certificates, the second of which is the end certificate in the path.
java.lang.Exceptionpublic void test4_6_7()
throws java.lang.Exception
In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by the end entity certificate.
java.lang.Exceptionpublic void test4_6_8()
throws java.lang.Exception
In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by the end entity certificate, which is a CA certificate.
java.lang.Exceptionpublic void test4_6_9()
throws java.lang.Exception
This test consists of a certification path of length 4. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 0, and the third a pathLenConstraint of 0. The fourth certificate is an end entity certificate.
java.lang.Exceptionpublic void test4_6_10()
throws java.lang.Exception
This test consists of a certification path of length 4. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 0, and the third a pathLenConstraint of 0. The end entity certificate is a CA certificate.
java.lang.Exceptionpublic void test4_6_11()
throws java.lang.Exception
This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 1, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The fifth certificate is an end entity certificate.
java.lang.Exceptionpublic void test4_6_12()
throws java.lang.Exception
This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 1, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The end entity certificate is a CA certificate.
java.lang.Exceptionpublic void test4_6_13()
throws java.lang.Exception
This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 4, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The fifth certificate is an end entity certificate.
java.lang.Exceptionpublic void test4_6_14()
throws java.lang.Exception
This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 4, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The end entity certificate is a CA certificate.
java.lang.Exceptionpublic void test4_6_15()
throws java.lang.Exception
In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional non-self-issued intermediate certificates in the path). This is followed by a self-issued certificate and the end entity certificate. 32
java.lang.Exceptionpublic void test4_6_16()
throws java.lang.Exception
In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional non-self-issued intermediate certificates in the path). This is followed by a self-issued certificate, an non-self-issued certificate, and the end entity certificate.
java.lang.Exceptionpublic void test4_6_17()
throws java.lang.Exception
In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 1 (allowing 1 additional non-self-issued intermediate certificate in the path). This is followed by a self-issued certificate, a non-self-issued certificate, another self-issued certificate, and the end entity certificate.
java.lang.Exceptionpublic void test4_7_1()
throws java.lang.Exception
In this test, the intermediate certificate includes a critical keyUsage extension in which keyCertSign is false.
java.lang.Exceptionpublic void test4_7_2()
throws java.lang.Exception
In this test, the intermediate certificate includes a non-critical keyUsage extension in which keyCertSign is false.
java.lang.Exceptionpublic void test4_7_3()
throws java.lang.Exception
In this test, the intermediate certificate includes a non-critical keyUsage extension. 34
java.lang.Exceptionpublic void test4_7_4()
throws java.lang.Exception
In this test, the intermediate certificate includes a critical keyUsage extension in which cRLSign is false.
java.lang.Exceptionpublic void test4_7_5()
throws java.lang.Exception
In this test, the intermediate certificate includes a non-critical keyUsage extension in which cRLSign is false.
java.lang.Exceptionpublic void test4_8_1()
throws java.lang.Exception
In this test, every certificate in the path asserts the same policy, NIST-test-policy-1. The certification path in this test is the same certification path as in Valid Signatures Test1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-explicit-policy set. The path should validate successfully. 2. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 3. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully. 4. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path should validate successfully.
java.lang.Exceptionpublic void test4_8_2()
throws java.lang.Exception
In this test, the certificatePolicies extension is omitted from every certificate in the path. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-explicit-policy set . The path should not validate successfully.
java.lang.Exceptionpublic void test4_8_3()
throws java.lang.Exception
In this test, every certificate in the path asserts the same certificate policy except the first certificate in the path. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-explicit-policy set . The path should not validate successfully. 3. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path should not validate successfully.
java.lang.Exceptionpublic void test4_8_4()
throws java.lang.Exception
In this test, every certificate in the path asserts the same certificate policy except the end entity certificate.
java.lang.Exceptionpublic void test4_8_5()
throws java.lang.Exception
In this test, every certificate in the path except the second certificate asserts the same policy.
java.lang.Exceptionpublic void test4_8_6()
throws java.lang.Exception
The following path is such that the intersection of certificate policies among all the certificates has exactly one policy, NIST-test-policy-1. The final certificate in the path is a CA certificate. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully.
java.lang.Exceptionpublic void test4_8_7()
throws java.lang.Exception
The following path is such that the intersection of certificate policies among all the certificates is empty. The final certificate in the path is a CA certificate.
java.lang.Exceptionpublic void test4_8_8()
throws java.lang.Exception
The following path is such that the intersection of certificate policies among all the certificates is empty. The final certificate in the path is a CA certificate.
java.lang.Exceptionpublic void test4_8_9()
throws java.lang.Exception
The following path is such that the intersection of certificate policies among all the certificates is empty.
java.lang.Exceptionpublic void test4_8_10()
throws java.lang.Exception
In this test, every certificate in the path asserts the same policies, NIST-test-policy-1 and NISTtest-policy-2. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully.
java.lang.Exceptionpublic void test4_8_11()
throws java.lang.Exception
In this test, every certificate in the path asserts the special policy anyPolicy. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully.
java.lang.Exceptionpublic void test4_8_12()
throws java.lang.Exception
In this test, the path consists of two certificates, each of which asserts a different certificate policy.
java.lang.Exceptionpublic void test4_8_13()
throws java.lang.Exception
In this test, every certificate in the path asserts the same policies, NIST-test-policy-1, NIST-testpolicy-2, and NIST-test-policy-3. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully. 3. default settings, but with initial-policy-set = {NIST-test-policy-3}. The path should validate successfully.
java.lang.Exceptionpublic void test4_8_14()
throws java.lang.Exception
In this test, the intermediate certificate asserts anyPolicy and the end entity certificate asserts NIST-test-policy-1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully.
java.lang.Exceptionpublic void test4_8_15()
throws java.lang.Exception
In this test, the path consists of a single certificate. The certificate asserts the policy NIST-testpolicy-1 and includes a user notice policy qualifier.
Display of user notice beyond CertPath API at the moment.
java.lang.Exceptionpublic void test4_8_16()
throws java.lang.Exception
In this test, the path consists of an intermediate certificate and an end entity certificate. The intermediate certificate asserts the policy NIST-test-policy-1. The end entity certificate asserts both NIST-test-policy-1 and NIST-test-policy-2. Each policy in the end entity certificate has a different user notice qualifier associated with it.
Display of user notice beyond CertPath API at the moment.
java.lang.Exceptionpublic void test4_8_17()
throws java.lang.Exception
In this test, the path consists of an intermediate certificate and an end entity certificate. The intermediate certificate asserts the policy NIST-test-policy-1. The end entity certificate asserts anyPolicy. There is a user notice policy qualifier associated with anyPolicy in the end entity certificate.
Display of user notice beyond CertPath API at the moment.
java.lang.Exceptionpublic void test4_8_18()
throws java.lang.Exception
In this test, the intermediate certificate asserts policies NIST-test-policy-1 and NIST-test-policy-2. The end certificate asserts NIST-test-policy-1 and anyPolicy. Each of the policies in the end entity certificate asserts a different user notice policy qualifier. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully and the qualifier associated with NIST-test-policy-1 in the end entity certificate should be displayed. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully and the qualifier associated with anyPolicy in the end entity certificate should be displayed. 45
Display of policy messages beyond CertPath API at the moment.
java.lang.Exceptionpublic void test4_8_19()
throws java.lang.Exception
In this test, the path consists of a single certificate. The certificate asserts the policy NIST-testpolicy-1 and includes a user notice policy qualifier. The user notice qualifier contains explicit text that is longer than 200 bytes. [RFC 3280 4.2.1.5] Note: While the explicitText has a maximum size of 200 characters, some non-conforming CAs exceed this limit. Therefore, certificate users SHOULD gracefully handle explicitText with more than 200 characters.
java.lang.Exceptionpublic void test4_8_20()
throws java.lang.Exception
In this test, the path consists of an intermediate certificate and an end entity certificate, both of which assert the policy NIST-test-policy-1. There is a CPS pointer policy qualifier associated with NIST-test-policy-1 in the end entity certificate.
java.lang.Exceptionpublic void test4_9_1()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 10. This is followed by three more intermediate certificates and an end entity certificate. The end entity certificate does not include a certificatePolicies extension. 47
java.lang.Exceptionpublic void test4_9_2()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 5. This is followed by three more intermediate certificates and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.
java.lang.Exceptionpublic void test4_9_3()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 4. This is followed by three more intermediate certificates and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.
java.lang.Exceptionpublic void test4_9_4()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 0. This is followed by three more intermediate certificates and an end entity certificate.
java.lang.Exceptionpublic void test4_9_5()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 7. The second certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. The third certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 4. This is followed by one more intermediate certificate and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.
java.lang.Exceptionpublic void test4_9_6()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. This is followed by a self-issued intermediate certificate and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.
java.lang.Exceptionpublic void test4_9_7()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. This is followed by a self-issued intermediate certificate, a nonself-issued intermediate certificate, and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.
java.lang.Exceptionpublic void test4_9_8()
throws java.lang.Exception
In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. This is followed by a self-issued intermediate certificate, a nonself-issued intermediate certificate, a self-issued intermediate certificate, and an end entity certificate. The end entity certificate does not include a certificatePolicies extension. 50
java.lang.Exceptionpublic void test4_10_1()
throws java.lang.Exception
In this test, the intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-2. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully. 3. default settings, but with initial-policy-mapping-inhibit set. The path should not validate successfully.
java.lang.Exceptionpublic void test4_10_2()
throws java.lang.Exception
In this test, the intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should not validate successfully. 2. default settings, but with initial-policy-mapping-inhibit set. The path should not validate successfully.
java.lang.Exceptionpublic void test4_10_3()
throws java.lang.Exception
In this test, the path is valid under NIST-test-policy-2 as a result of policy mappings. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should not validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully.
java.lang.Exceptionpublic void test4_10_4()
throws java.lang.Exception
In this test, the policy asserted in the end entity certificate is not in the authorities-constrainedpolicy-set.
java.lang.Exceptionpublic void test4_10_5()
throws java.lang.Exception
In this test, the path is valid under NIST-test-policy-1 as a result of policy mappings. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. The path should not validate successfully.
java.lang.Exceptionpublic void test4_10_6()
throws java.lang.Exception
In this test, the path is valid under NIST-test-policy-1 as a result of policy mappings. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. The path should not validate successfully.
java.lang.Exceptionpublic void test4_10_7()
throws java.lang.Exception
In this test, the intermediate certificate includes a policyMappings extension that includes a mapping in which the issuerDomainPolicy is anyPolicy. The intermediate certificate also includes a critical policyConstraints extension with requireExplicitPolicy set to 0. [RFC 3280 6.1.4] (a) If a policy mapping extension is present, verify that the special value anyPolicy does not appear as an issuerDomainPolicy or a subjectDomainPolicy.
java.lang.Exceptionpublic void test4_10_8()
throws java.lang.Exception
In this test, the intermediate certificate includes a policyMappings extension that includes a mapping in which the subjectDomainPolicy is anyPolicy. The intermediate certificate also includes a critical policyConstraints extension with requireExplicitPolicy set to 0. [RFC 3280 6.1.4] (a) If a policy mapping extension is present, verify that the special value anyPolicy does not appear as an issuerDomainPolicy or a subjectDomainPolicy.
java.lang.Exceptionpublic void test4_10_9()
throws java.lang.Exception
In this test, the intermediate certificate asserts anyPolicy and maps NIST-test-policy-1 to NISTtest-policy-2. The end entity certificate asserts NIST-test-policy-1. 55
java.lang.Exceptionpublic void test4_10_10()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1. The second intermediate certificate asserts anyPolicy and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-1.
java.lang.Exceptionpublic void test4_10_11()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1. The second intermediate certificate asserts anyPolicy and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-2.
java.lang.Exceptionpublic void test4_10_12()
throws java.lang.Exception
In this test, the intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-test-policy-1 to NIST-test-policy-3. The end entity certificate asserts anyPolicy and NIST-test-policy-3, each with a different user notice policy qualifier. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully and the application should display the user notice associated with NIST-test-policy-3 in the end entity certificate. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully and the application should display the user notice associated with anyPolicy in the end entity certificate.
java.lang.Exceptionpublic void test4_10_13()
throws java.lang.Exception
In this test, the intermediate certificate asserts NIST-test-policy-1 and anyPolicy and maps NISTtest-policy-1 to NIST-test-policy-2. There is a user notice policy qualifier associated with each of 57 the policies. The end entity certificate asserts NIST-test-policy-2.
java.lang.Exceptionpublic void test4_10_14()
throws java.lang.Exception
In this test, the intermediate certificate asserts NIST-test-policy-1 and anyPolicy and maps NISTtest-policy-1 to NIST-test-policy-2. There is a user notice policy qualifier associated with each of the policies. The end entity certificate asserts NIST-test-policy-1.
java.lang.Exceptionpublic void test4_11_1()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 0. The second intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-1 and NIST-test-policy-2.
java.lang.Exceptionpublic void test4_11_2()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-testpolicy-1 to NIST-test-policy-3 and NIST-test-policy-2 to NIST-test-policy-4. The end entity certificate asserts NIST-test-policy-3. 59
java.lang.Exceptionpublic void test4_11_3()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-testpolicy-1 to NIST-test-policy-3 and NIST-test-policy-2 to NIST-test-policy-4. The third intermediate certificate asserts NIST-test-policy-3 and NIST-test-policy-4 and maps NIST-testpolicy-3 to NIST-test-policy-5. The end entity certificate asserts NIST-test-policy-5.
java.lang.Exceptionpublic void test4_11_4()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-testpolicy-1 to NIST-test-policy-3 and NIST-test-policy-2 to NIST-test-policy-4. The third intermediate certificate asserts NIST-test-policy-3 and NIST-test-policy-4 and maps NIST-testpolicy-3 to NIST-test-policy-5. The end entity certificate asserts NIST-test-policy-4. 60
java.lang.Exceptionpublic void test4_11_5()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 5. The second intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The third intermediate certificate asserts NIST-test-policy-1. The fourth intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NISTtest-policy-2. The end entity certificate asserts NIST-test-policy-2.
java.lang.Exceptionpublic void test4_11_6()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 5. The third intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-test-policy-1 to NIST-test-policy-3. The end entity certificate asserts NIST-test-policy-3. 61
java.lang.Exceptionpublic void test4_11_7()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-2.
java.lang.Exceptionpublic void test4_11_8()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NISTtest-policy-3. The end entity certificate asserts NIST-test-policy-3. 62
java.lang.Exceptionpublic void test4_11_9()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NISTtest-policy-3. The end entity certificate asserts NIST-test-policy-2.
java.lang.Exceptionpublic void test4_11_10()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate is a self-issued certificate that asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NIST-test-policy-3. The end entity certificate asserts NIST-test-policy-3. 63
java.lang.Exceptionpublic void test4_11_11()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate is a self-issued certificate that asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NIST-test-policy-3. The end entity certificate asserts NIST-test-policy-2.
java.lang.Exceptionpublic void test4_12_1()
throws java.lang.Exception
In this test, the intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 0. The end entity certificate asserts anyPolicy.
java.lang.Exceptionpublic void test4_12_2()
throws java.lang.Exception
In this test, the intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 0. The end entity certificate asserts anyPolicy and NIST-testpolicy-1.
java.lang.Exceptionpublic void test4_12_3()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate asserts anyPolicy. The end entity certificate asserts NIST-test-policy-1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-inhibit-any-policy set. The path should not validate successfully.
java.lang.Exceptionpublic void test4_12_4()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate asserts anyPolicy. The end entity certificate asserts anyPolicy. 66
java.lang.Exceptionpublic void test4_12_5()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 5. The second intermediate certificate asserts NIST-test-policy1 and includes an inhibitAnyPolicy extension set to 1. The third intermediate certificate asserts NIST-test-policy-1 and the end entity certificate asserts anyPolicy.
java.lang.Exceptionpublic void test4_12_6()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate asserts NIST-test-policy1 and includes an inhibitAnyPolicy extension set to 5. The end entity certificate asserts anyPolicy.
java.lang.Exceptionpublic void test4_12_7()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts anyPolicy and the end entity certificate asserts NIST-test-policy-1.
java.lang.Exceptionpublic void test4_12_8()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third and fourth intermediate certificates assert anyPolicy and the end entity certificate asserts NIST-test-policy-1. 68
java.lang.Exceptionpublic void test4_12_9()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts anyPolicy. The fourth intermediate certificate is a self-issued certificate that asserts anyPolicy. The end entity certificate asserts NIST-test-policy-1.
java.lang.Exceptionpublic void test4_12_10()
throws java.lang.Exception
In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts anyPolicy. The end entity certificate is a self-issued CA certificate that asserts anyPolicy.
java.lang.Exceptionpublic void test4_13_1()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls within that subtree. 70
java.lang.Exceptionpublic void test4_13_2()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_3()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls within that subtree and a subjectAltName extension with a DN that falls outside the subtree.
java.lang.Exceptionpublic void test4_13_4()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls within that subtree and a subjectAltName extension with an e-mail address. 71
java.lang.Exceptionpublic void test4_13_5()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies two permitted subtrees. The end entity certificate includes a subject name that falls within one of the subtrees and a subjectAltName extension with a DN that falls within the other subtree.
java.lang.Exceptionpublic void test4_13_6()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subject name that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_7()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subject name that falls within that subtree. 72
java.lang.Exceptionpublic void test4_13_8()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies two excluded subtrees. The end entity certificate includes a subject name that falls within the first subtree.
java.lang.Exceptionpublic void test4_13_9()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies two excluded subtrees. The end entity certificate includes a subject name that falls within the second subtree.
java.lang.Exceptionpublic void test4_13_10()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a permitted subtree and an excluded subtree. The excluded subtree specifies a subset of the name space specified by the permitted subtree. The end entity certificate includes a subject name that falls within both the permitted and excluded subtrees. 73
java.lang.Exceptionpublic void test4_13_11()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a permitted subtree and an excluded subtree. The excluded subtree specifies a subset of the name space specified by the permitted subtree. The end entity certificate includes a subject name that falls within the permitted subtree but falls outside the excluded subtree.
java.lang.Exceptionpublic void test4_13_12()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree that is a subtree of the constraint specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate but outside the subtree specified by the second intermediate certificate.
java.lang.Exceptionpublic void test4_13_13()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree that does not overlap with the permitted subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate.
java.lang.Exceptionpublic void test4_13_14()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree that does not overlap with the permitted subtree specified in the first intermediate certificate. The end entity certificate has a null subject name (i.e., the subject name is a sequence of zero relative distinguished names) and a critical subjectAltName extension with an e-mail address.
java.lang.Exceptionpublic void test4_13_15()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies an excluded subtree that does not overlap with the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified in the first intermediate certificate.
java.lang.Exceptionpublic void test4_13_16()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies an excluded subtree that does not overlap with the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified in the second intermediate certificate.
java.lang.Exceptionpublic void test4_13_17()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies a permitted subtree that is a superset of the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the excluded subtree specified in the first intermediate certificate.
java.lang.Exceptionpublic void test4_13_18()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies a permitted subtree that is a superset of the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the permitted subtree specified in the second intermediate certificate but outside the excluded subtree specified in the first intermediate certificate.
java.lang.Exceptionpublic void test4_13_19()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate is a self-issued certificate. The subject name in the self-issued certificate does not fall within the permitted subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the permitted subtree specified in the first intermediate certificate.
java.lang.Exceptionpublic void test4_13_20()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate is a self-issued certificate. The subject name in the self-issued certificate does not fall within the permitted subtree specified in the intermediate certificate.
java.lang.Exceptionpublic void test4_13_21()
throws java.lang.Exception
� In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls within that subtree.
java.lang.Exceptionpublic void test4_13_22()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_23()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls within that subtree.
java.lang.Exceptionpublic void test4_13_24()
throws java.lang.Exception
� In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_25()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_26()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls within that subtree.
java.lang.Exceptionpublic void test4_13_27()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree of type directoryName. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree of type rfc822Name. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate and an e-mail address that falls within the permitted subtree specified by the second intermediate certificate.
java.lang.Exceptionpublic void test4_13_28()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree of type directoryName. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree of type rfc822Name. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate and an e-mail address that falls outside the permitted subtree specified by the second intermediate certificate.
java.lang.Exceptionpublic void test4_13_29()
throws java.lang.Exception
In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree of type directoryName. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree of type rfc822Name. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate but the subject name includes an attribute of type EmailAddress whose value falls outside the permitted subtree specified in the second intermediate certificate.
java.lang.Exceptionpublic void test4_13_30()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls within that subtree.
java.lang.Exceptionpublic void test4_13_31()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_32()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_33()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls within that subtree.
java.lang.Exceptionpublic void test4_13_34()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls within that subtree.
java.lang.Exceptionpublic void test4_13_35()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_36()
throws java.lang.Exception
� In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls outside that subtree.
java.lang.Exceptionpublic void test4_13_37()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls within that subtree.
java.lang.Exceptionpublic void test4_13_38()
throws java.lang.Exception
In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls outside that subtree. The permitted subtree is “testcertificates.gov” and the subjectAltName is “mytestcertificates.gov”.
java.lang.Exceptionpublic void test4_14_1()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint.
java.lang.Exceptionpublic void test4_14_2()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The CRL lists the end entity certificate as being revoked.
java.lang.Exceptionpublic void test4_14_3()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The only CRL available from the issuer of the end entity certificate includes an issuingDistributionPoint extension with a distributionPoint that does not match the distributionPoint specified in the end entity certificate.
java.lang.Exceptionpublic void test4_14_4()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in the end entity certificate is specified as a nameRelativeToCRLIssuer while the distributionPoint in the CRL is specified as a fullName.
java.lang.Exceptionpublic void test4_14_5()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in both the end entity certificate and the CRL are specified as a nameRelativeToCRLIssuer. 85
java.lang.Exceptionpublic void test4_14_6()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in both the end entity certificate and the CRL are specified as a nameRelativeToCRLIssuer. The CRL lists the end entity certificate as being revoked.
java.lang.Exceptionpublic void test4_14_7()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in the CRL is specified as a nameRelativeToCRLIssuer and the distributionPoint in the end entity certificate is specified as a fullName.
java.lang.Exceptionpublic void test4_14_8()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a distributionPoint that does not match. The distributionPoint in the CRL is specified as a nameRelativeToCRLIssuer and the distributionPoint in the end entity certificate is specified as a fullName.
java.lang.Exceptionpublic void test4_14_9()
throws java.lang.Exception
In this test, the CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a distributionPoint. The distributionPoint does not match the CRL issuer's name. The end entity certificate does not include a cRLDistributionPoints extension
java.lang.Exceptionpublic void test4_14_10()
throws java.lang.Exception
In this test, the CRL that covers the end entity certificate does not include an issuingDistributionPoint extension. The end entity certificate includes a cRLDistributionPoints extension with a distributionPoint name.
java.lang.Exceptionpublic void test4_14_11()
throws java.lang.Exception
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsUserCerts set to TRUE. The final certificate in the path is a CA certificate.
java.lang.Exceptionpublic void test4_14_12()
throws java.lang.Exception
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsCACerts set to TRUE.
java.lang.Exceptionpublic void test4_14_13()
throws java.lang.Exception
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsCACerts set to TRUE. The final certificate in the path is a CA certificate.
java.lang.Exceptionpublic void test4_14_14()
throws java.lang.Exception
In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsAttributeCerts set to TRUE.
java.lang.Exceptionpublic void test4_14_15()
throws java.lang.Exception
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. The end entity certificate has been revoked for key compromise.
java.lang.Exceptionpublic void test4_14_16()
throws java.lang.Exception
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. The end entity certificate has been placed on hold.
java.lang.Exceptionpublic void test4_14_17()
throws java.lang.Exception
In this test, the intermediate certificate has issued two CRLs, one covering the affiliationChanged and superseded reason codes and the other covering the cessationOfOperation and certificateHold reason codes. The end entity certificate is not listed on either CRL.
java.lang.Exceptionpublic void test4_14_18()
throws java.lang.Exception
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with the same distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with the same distributionPoint name.
java.lang.Exceptionpublic void test4_14_19()
throws java.lang.Exception
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with a different distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with two DistributionPoints, one for each CRL.
java.lang.Exceptionpublic void test4_14_20()
throws java.lang.Exception
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with a different distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with two DistributionPoints, one for each CRL. The end entity certificate has been revoked for key compromise.
java.lang.Exceptionpublic void test4_14_21()
throws java.lang.Exception
In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with a different distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with two DistributionPoints, one for each CRL. The end entity certificate has been revoked as a result of a change in affiliation.
java.lang.Exceptionpublic void test4_14_22()
throws java.lang.Exception
In this test, the intermediate CA has issued a CRL that contains an issuingDistributionPoint extension with the indirectCRL flag set. The end entity certificate was issued by the intermediate CA. 91
java.lang.Exceptionpublic void test4_14_23()
throws java.lang.Exception
In this test, the intermediate CA has issued a CRL that contains an issuingDistributionPoint extension with the indirectCRL flag set. The end entity certificate was issued by the intermediate CA and is listed as revoked on the CRL.
java.lang.Exceptionpublic void xtest4_14_24()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The public key needed to validate the indirect CRL is in a certificate issued by the Trust Anchor.
java.lang.Exceptionpublic void xtest4_14_25()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The public key needed to validate the indirect CRL is in a certificate issued by the Trust Anchor. The end entity's serial number is listed on the CRL, but there is no certificateIssuer CRL entry extension, indicating that the revoked certificate was one issued by the CRL issuer. 92
java.lang.Exceptionpublic void xtest4_14_26()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The entity specified in the cRLIssuer field does not exist.
java.lang.Exceptionpublic void xtest4_14_27()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The CRL issued by the entity specified in the cRLIssuer field does not include an issuingDistributionPoint extension.
java.lang.Exceptionpublic void xtest4_14_28()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a
cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL issuer has been issued a certificate by the issuer of the end entity certificate. The certificate issued to the CRL issuer is covered by a CRL issued by the issuer of the end entity certificate.
java.lang.Exceptionpublic void xtest4_14_29()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The distributionPoint in the end entity certificate is specified as nameRelativeToCRLIssuer. The indirect CRL issuer has been issued a certificate by the issuer of the end entity certificate. The certificate issued to the CRL issuer is covered by a CRL issued by the issuer of the end entity certificate.
java.lang.Exceptionpublic void xtest4_14_30()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL issuer has been issued a certificate by the issuer of the end entity certificate. Both the end entity certificate and the certificate issued to the CRL issuer are covered by the indirect CRL issued by the CRL issuer.
java.lang.Exceptionpublic void xtest4_14_31()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL contains a CRL entry listing the end entity certificate's serial number that includes a certificateIssuer extension specifying the end entity certificate's issuer.
java.lang.Exceptionpublic void xtest4_14_32()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL contains a CRL entry listing the end entity certificate's serial number and the preceding CRL entry includes a certificateIssuer extension specifying the end entity certificate's issuer.
java.lang.Exceptionpublic void xtest4_14_33()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL contains a CRL entry listing the end entity certificate's serial number, but the most recent CRL entry to include a certificateIssuer extension specified a different certificate issuer.
java.lang.Exceptionpublic void test4_14_34()
throws java.lang.Exception
In this test, the end entity certificate is issued by the same CA that issues the corresponding CRL, but the CRL is also an indirect CRL for other CAs. The end entity certificate's serial number is listed on the CRL and the most recent CRL entry to include a certificateIssuer extension specifies the end entity certificate's issuer.
java.lang.Exceptionpublic void test4_14_35()
throws java.lang.Exception
In this test, the end entity certificate includes a cRLDistributionPoints extension with both a distributionPoint name and a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. There is no CRL available from the entity specified in cRLIssuer, but the certificate issuer has issued a CRL with an issuingDistributionPoint extension that includes a distributionPoint that matches the distributionPoint in the certificate.
java.lang.Exceptionpublic void test4_15_1()
throws java.lang.Exception
In this test, the CRL covering the end entity certificate includes a deltaCRLIndicator extension, but no other CRLs are available for the intermediate certificate.
java.lang.Exceptionpublic void test4_15_2()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL.
java.lang.Exceptionpublic void test4_15_3()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as revoked on the complete CRL. 97
java.lang.Exceptionpublic void test4_15_4()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as revoked on the delta-CRL.
java.lang.Exceptionpublic void test4_15_5()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as on hold on the complete CRL, but the delta-CRL indicates that it should be removed from the CRL.
java.lang.Exceptionpublic void test4_15_6()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as on hold on the complete CRL and the delta-CRL indicates that it has been revoked.
java.lang.Exceptionpublic void test4_15_7()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is not listed on the complete CRL and is listed on the delta-CRL as removeFromCRL.
java.lang.Exceptionpublic void test4_15_8()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to a CRL that was issued earlier than the complete CRL as its base CRL. The end entity certificate is not listed on either the complete CRL or the delta-CRL.
java.lang.Exceptionpublic void test4_15_9()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to a CRL that was issued earlier than the complete CRL as its base CRL. The end entity certificate is listed as revoked on both the complete CRL and the delta-CRL.
java.lang.Exceptionpublic void test4_15_10()
throws java.lang.Exception
In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to a CRL that was issued later than the complete CRL as its base CRL. The end entity certificate is not listed as revoked on either the complete CRL or the delta-CRL, but the delta-CRL can not be used in conjunction with the provided complete CRL. The complete CRL has a nextUpdate time that is in the past.
java.lang.Exceptionpublic void test4_16_1()
throws java.lang.Exception
In this test, the end entity certificate contains a private, non-critical certificate extension.
java.lang.Exceptionpublic void test4_16_2()
throws java.lang.Exception
In this test, the end entity certificate contains a private, critical certificate extension.
java.lang.Exception