Class NistCertPathTest2

java.lang.Object
junit.framework.Assert
junit.framework.TestCase
org.bouncycastle.jce.provider.test.nist.NistCertPathTest2
All Implemented Interfaces:
junit.framework.Test

public class NistCertPathTest2 extends junit.framework.TestCase
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    void
     
    void
    4.1.1 Valid Signatures Test1
    void
    4.1.2 Invalid CA Signature Test2
    void
    4.1.3 Invalid EE Signature Test3
    void
    4.1.4 Valid DSA Signatures Test4
    void
    4.1.5 Valid DSA Parameter Inheritance Test5
    void
    4.1.6 Invalid DSA Signature Test6
    void
    4.10.1 Valid Policy Mapping Test1
    void
    4.10.10 Invalid Policy Mapping Test10
    void
    4.10.11 Valid Policy Mapping Test11
    void
    4.10.12 Valid Policy Mapping Test12
    void
    4.10.13 Valid Policy Mapping Test13
    void
    4.10.14 Valid Policy Mapping Test14
    void
    4.10.2 Invalid Policy Mapping Test2
    void
    4.10.3 Valid Policy Mapping Test3
    void
    4.10.4 Invalid Policy Mapping Test4
    void
    4.10.5 Valid Policy Mapping Test5
    void
    4.10.6 Valid Policy Mapping Test6
    void
    4.10.7 Invalid Mapping From anyPolicy Test7
    void
    4.10.8 Invalid Mapping To anyPolicy Test8
    void
    4.10.9 Valid Policy Mapping Test9
    void
    4.11.1 Invalid inhibitPolicyMapping Test1
    void
    4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10
    void
    4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11
    void
    4.11.2 Valid inhibitPolicyMapping Test2
    void
    4.11.3 Invalid inhibitPolicyMapping Test3
    void
    4.11.4 Valid inhibitPolicyMapping Test4
    void
    4.11.5 Invalid inhibitPolicyMapping Test5
    void
    4.11.6 Invalid inhibitPolicyMapping Test6
    void
    4.11.7 Valid Self-Issued inhibitPolicyMapping Test7
    void
    4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8
    void
    4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9
    void
    4.12.1 Invalid inhibitAnyPolicy Test1
    void
    4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10
    void
    4.12.2 Valid inhibitAnyPolicy Test2
    void
    4.12.3 inhibitAnyPolicy Test3
    void
    4.12.4 Invalid inhibitAnyPolicy Test4
    void
    4.12.5 Invalid inhibitAnyPolicy Test5
    void
    4.12.6 Invalid inhibitAnyPolicy Test6
    void
    4.12.7 Valid Self-Issued inhibitAnyPolicy Test7
    void
    4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8
    void
    4.12.9 Valid Self-Issued inhibitAnyPolicy Test9
    void
    4.13.1 Valid DN nameConstraints Test1
    void
    4.13.10 Invalid DN nameConstraints Test10
    void
    4.13.11 Valid DN nameConstraints Test11
    void
    4.13.12 Invalid DN nameConstraints Test12
    void
    4.13.13 Invalid DN nameConstraints Test13
    void
    4.13.14 Valid DN nameConstraints Test14
    void
    4.13.15 Invalid DN nameConstraints Test15
    void
    4.13.16 Invalid DN nameConstraints Test16
    void
    4.13.17 Invalid DN nameConstraints Test17
    void
    4.13.18 Valid DN nameConstraints Test18
    void
    4.13.19 Valid Self-Issued DN nameConstraints Test19
    void
    4.13.2 Invalid DN nameConstraints Test2
    void
    4.13.20 Invalid Self-Issued DN nameConstraints Test20
    void
    4.13.21 Valid RFC822 nameConstraints Test21
    void
    4.13.22 Invalid RFC822 nameConstraints Test22
    void
    4.13.23 Valid RFC822 nameConstraints Test23
    void
    4.13.24 Invalid RFC822 nameConstraints Test24
    void
    4.13.25 Valid RFC822 nameConstraints Test25
    void
    4.13.26 Invalid RFC822 nameConstraints Test26
    void
    4.13.27 Valid DN and RFC822 nameConstraints Test27
    void
    4.13.28 Invalid DN and RFC822 nameConstraints Test28
    void
    4.13.29 Invalid DN and RFC822 nameConstraints Test29
    void
    4.13.3 Invalid DN nameConstraints Test3
    void
    4.13.30 Valid DNS nameConstraints Test30
    void
    4.13.31 Invalid DNS nameConstraints Test31
    void
    4.13.32 Valid DNS nameConstraints Test32
    void
    4.13.33 Invalid DNS nameConstraints Test33
    void
    4.13.34 Valid URI nameConstraints Test34
    void
    4.13.35 Invalid URI nameConstraints Test35
    void
    4.13.36 Valid URI nameConstraints Test36
    void
    4.13.37 Invalid URI nameConstraints Test37
    void
    4.13.38 Invalid DNS nameConstraints Test38
    void
    4.13.4 Valid DN nameConstraints Test4
    void
    4.13.5 Valid DN nameConstraints Test5
    void
    4.13.6 Valid DN nameConstraints Test6
    void
    4.13.7 Invalid DN nameConstraints Test7
    void
    4.13.8 Invalid DN nameConstraints Test8
    void
    4.13.9 Invalid DN nameConstraints Test9
    void
    4.14.1 Valid distributionPoint Test1
    void
    4.14.10 Valid No issuingDistributionPoint Test10
    void
    4.14.11 Invalid onlyContainsUserCerts CRL Test11
    void
    4.14.12 Invalid onlyContainsCACerts CRL Test12
    void
    4.14.13 Valid onlyContainsCACerts CRL Test13
    void
    4.14.14 Invalid onlyContainsAttributeCerts Test14
    void
    4.14.15 Invalid onlySomeReasons Test15
    void
    4.14.16 Invalid onlySomeReasons Test16
    void
    4.14.17 Invalid onlySomeReasons Test17
    void
    4.14.18 Valid onlySomeReasons Test18
    void
    4.14.19 Valid onlySomeReasons Test19
    void
    4.14.2 Invalid distributionPoint Test2
    void
    4.14.20 Invalid onlySomeReasons Test20
    void
    4.14.21 Invalid onlySomeReasons Test21
    void
    4.14.22 Valid IDP with indirectCRL Test22
    void
    4.14.23 Invalid IDP with indirectCRL Test23
    void
    4.14.3 Invalid distributionPoint Test3
    void
    4.14.34 Invalid cRLIssuer Test34
    void
    4.14.35 Invalid cRLIssuer Test35
    void
    4.14.4 Valid distributionPoint Test4
    void
    4.14.5 Valid distributionPoint Test5
    void
    4.14.6 Invalid distributionPoint Test6
    void
    4.14.7 Valid distributionPoint Test7
    void
    4.14.8 Invalid distributionPoint Test8
    void
    4.14.9 Invalid distributionPoint Test9
    void
    4.15.1 Invalid deltaCRLIndicator No Base Test1
    void
    4.15.10 Invalid delta-CRL Test10
    void
    4.15.2 Valid delta-CRL Test2
    void
    4.15.3 Invalid delta-CRL Test3
    void
    4.15.4 Invalid delta-CRL Test4
    void
    4.15.5 Valid delta-CRL Test5
    void
    4.15.6 Invalid delta-CRL Test6
    void
    4.15.7 Valid delta-CRL Test7
    void
    4.15.8 Valid delta-CRL Test8
    void
    4.15.9 Invalid delta-CRL Test9
    void
    4.16.1 Valid Unknown Not Critical Certificate Extension Test1
    void
    4.16.2 Invalid Unknown Critical Certificate Extension Test2
    void
    4.2.1 Invalid CA notBefore Date Test1
    void
    4.2.2 Invalid EE notBefore Date Test2
    void
    4.2.3 Valid pre2000 UTC notBefore Date Test3
    void
    4.2.4 Valid GeneralizedTime notBefore Date Test4
    void
    4.2.5 Invalid CA notAfter Date Test5
    void
    4.2.6 Invalid EE notAfter Date Test6
    void
    4.2.7 Invalid pre2000 UTC EE notAfter Date Test7
    void
    4.2.8 Valid GeneralizedTime notAfter Date Test8
    void
    4.3.1 Invalid Name Chaining EE Test1
    void
    4.3.10 Valid Rollover from PrintableString to UTF8String Test10
    void
    4.3.11 Valid UTF8String Case Insensitive Match Test11
    void
    4.3.2 Invalid Name Chaining Order Test2
    void
    4.3.3 Valid Name Chaining Whitespace Test3
    void
    4.3.4 Valid Name Chaining Whitespace Test4
    void
    4.3.5 Valid Name Chaining Capitalization Test5
    void
    4.3.6 Valid Name Chaining UIDs Test6
    void
    4.3.7 Valid RFC3280 Mandatory Attribute Types Test7
    void
    4.3.8 Valid RFC3280 Optional Attribute Types Test8
    void
    4.3.9 Valid UTF8String Encoded Names Test9
    void
    4.4.1 Missing CRL Test1
    void
    4.4.10 Invalid Unknown CRL Extension Test10
    void
    4.4.11 Invalid Old CRL nextUpdate Test11
    void
    4.4.12 Invalid pre2000 CRL nextUpdate Test12
    void
    4.4.13 Valid GeneralizedTime CRL nextUpdate Test13
    void
    4.4.14 Valid Negative Serial Number Test14
    void
    4.4.15 Invalid Negative Serial Number Test15
    void
    4.4.16 Valid Long Serial Number Test16
    void
    4.4.17 Valid Long Serial Number Test17
    void
    4.4.18 Invalid Long Serial Number Test18
    void
    4.4.2 Invalid Revoked CA Test2
    void
    4.4.3 Invalid Revoked EE Test3
    void
    4.4.4 Invalid Bad CRL Signature Test4
    void
    4.4.5 Invalid Bad CRL Issuer Name Test5
    void
    4.4.6 Invalid Wrong CRL Test6
    void
    4.4.7 Valid Two CRLs Test7
    void
    4.4.8 Invalid Unknown CRL Entry Extension Test8
    void
    4.4.9 Invalid Unknown CRL Extension Test9
    void
    4.5.1 Valid Basic Self-Issued Old With New Test1
    void
    4.5.2 Invalid Basic Self-Issued Old With New Test2
    void
    4.5.3 Valid Basic Self-Issued New With Old Test3
    void
    4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8
    void
    4.6.1 Invalid Missing basicConstraints Test1
    void
    4.6.10 Invalid pathLenConstraint Test10
    void
    4.6.11 Invalid pathLenConstraint Test11
    void
    4.6.12 Invalid pathLenConstraint Test12
    void
    4.6.13 Valid pathLenConstraint Test13
    void
    4.6.14 Valid pathLenConstraint Test14
    void
    4.6.15 Valid Self-Issued pathLenConstraint Test15
    void
    4.6.16 Invalid Self-Issued pathLenConstraint Test16
    void
    4.6.17 Valid Self-Issued pathLenConstraint Test17
    void
    4.6.2 Invalid cA False Test2
    void
    4.6.3 Invalid cA False Test3
    void
    4.6.4 Valid basicConstraints Not Critical Test4
    void
    4.6.5 Invalid pathLenConstraint Test5
    void
    4.6.6 Invalid pathLenConstraint Test6
    void
    4.6.7 Valid pathLenConstraint Test7
    void
    4.6.8 Valid pathLenConstraint Test8
    void
    4.6.9 Invalid pathLenConstraint Test9
    void
    4.7.1 Invalid keyUsage Critical keyCertSign False Test1
    void
    4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2
    void
    4.7.3 Valid keyUsage Not Critical Test3
    void
    4.7.4 Invalid keyUsage Critical cRLSign False Test4
    void
    4.7.5 Invalid keyUsage Not Critical cRLSign False Test5
    void
    4.8.1 All Certificates Same Policy Test1
    void
    4.8.10 All Certificates Same Policies Test10
    void
    4.8.11 All Certificates AnyPolicy Test11
    void
    4.8.12 Different Policies Test12
    void
    4.8.13 All Certificates Same Policies Test13
    void
    4.8.14 AnyPolicy Test14
    void
    4.8.15 User Notice Qualifier Test15
    void
    4.8.16 User Notice Qualifier Test16
    void
    4.8.17 User Notice Qualifier Test17
    void
    4.8.18 User Notice Qualifier Test18
    void
    4.8.19 User Notice Qualifier Test19
    void
    4.8.2 All Certificates No Policies Test2
    void
    4.8.20 CPS Pointer Qualifier Test20
    void
    4.8.3 Different Policies Test3
    void
    4.8.4 Different Policies Test4
    void
    4.8.5 Different Policies Test5
    void
    4.8.6 Overlapping Policies Test6
    void
    4.8.7 Different Policies Test7
    void
    4.8.8 Different Policies Test8
    void
    4.8.9 Different Policies Test9
    void
    4.9.1 Valid RequireExplicitPolicy Test1
    void
    4.9.2 Valid RequireExplicitPolicy Test2
    void
    4.9.3 Invalid RequireExplicitPolicy Test3
    void
    4.9.4 Valid RequireExplicitPolicy Test4
    void
    4.9.5 Invalid RequireExplicitPolicy Test5
    void
    4.9.6 Valid Self-Issued requireExplicitPolicy Test6
    void
    4.9.7 Invalid Self-Issued requireExplicitPolicy Test7
    void
    4.9.8 Invalid Self-Issued requireExplicitPolicy Test8
    void
    4.14.24 Valid IDP with indirectCRL Test24
    void
    4.14.25 Valid IDP with indirectCRL Test25
    void
    4.14.26 Invalid IDP with indirectCRL Test26
    void
    4.14.27 Invalid cRLIssuer Test27
    void
    4.14.28 Valid cRLIssuer Test28
    void
    4.14.29 Valid cRLIssuer Test29
    void
    4.14.30 Valid cRLIssuer Test30
    void
    4.14.31 Invalid cRLIssuer Test31
    void
    4.14.32 Invalid cRLIssuer Test32
    void
    4.14.33 Valid cRLIssuer Test33
    void
    4.4.19 Valid Separate Certificate and CRL Keys Test19
    void
    4.4.20 Invalid Separate Certificate and CRL Keys Test20
    void
    4.4.21 Invalid Separate Certificate and CRL Keys Test21
    void
    4.5.4 Valid Basic Self-Issued New With Old Test4
    void
    4.5.5 Invalid Basic Self-Issued New With Old Test5
    void
    4.5.6 Valid Basic Self-Issued CRL Signing Key Test6
    void
    4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7

    Methods inherited from class junit.framework.TestCase

    assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertFalse, assertFalse, assertNotNull, assertNotNull, assertNotSame, assertNotSame, assertNull, assertNull, assertSame, assertSame, assertTrue, assertTrue, countTestCases, createResult, fail, fail, failNotEquals, failNotSame, failSame, format, getName, run, run, runBare, runTest, setName, tearDown, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
  • Constructor Details

    • NistCertPathTest2

      public NistCertPathTest2()
  • Method Details

    • setUp

      public void setUp()
      Overrides:
      setUp in class junit.framework.TestCase
    • test4_1_1

      public void test4_1_1() throws Exception
      4.1.1 Valid Signatures Test1

      The purpose of this test is to verify an application's ability to name chain, signature chain, and check validity dates, on certificates in a certification path. It also tests processing of the basic constraints and key usage extensions in intermediate certificates.

      Throws:
      Exception
    • test4_1_2

      public void test4_1_2() throws Exception
      4.1.2 Invalid CA Signature Test2

      The purpose of this test is to verify an application's ability to recognize an invalid signature on an intermediate certificate in a certification path.

      Throws:
      Exception
    • test4_1_3

      public void test4_1_3() throws Exception
      4.1.3 Invalid EE Signature Test3

      The purpose of this test is to verify an application's ability to recognize an invalid signature on an end entity certificate in a certification path.

      Throws:
      Exception
    • test4_1_4

      public void test4_1_4() throws Exception
      4.1.4 Valid DSA Signatures Test4

      The purpose of this test is to verify an application's ability to validate certificate in which DSA signatures are used. The intermediate CA and the end entity have DSA key pairs.

      Throws:
      Exception
    • test4_1_5

      public void test4_1_5() throws Exception
      4.1.5 Valid DSA Parameter Inheritance Test5

      The purpose of this test is to verify an application's ability to validate DSA signatures when the DSA parameters are not included in a certificate and need to be inherited from a previous certificate in the path. The intermediate CAs and the end entity have DSA key pairs.

      Throws:
      Exception
    • test4_1_6

      public void test4_1_6() throws Exception
      4.1.6 Invalid DSA Signature Test6

      The purpose of this test is to verify an application's ability to determine when a DSA signature is invalid. The intermediate CA and the end entity have DSA key pairs.

      Throws:
      Exception
    • test4_2_1

      public void test4_2_1() throws Exception
      4.2.1 Invalid CA notBefore Date Test1

      In this test, the intermediate certificate's notBefore date is after the current date.

      Throws:
      Exception
    • test4_2_2

      public void test4_2_2() throws Exception
      4.2.2 Invalid EE notBefore Date Test2

      In this test, the end entity certificate's notBefore date is after the current date.

      Throws:
      Exception
    • test4_2_3

      public void test4_2_3() throws Exception
      4.2.3 Valid pre2000 UTC notBefore Date Test3

      In this test, the end entity certificate's notBefore date is set to 1950 and is encoded in UTCTime.

      Throws:
      Exception
    • test4_2_4

      public void test4_2_4() throws Exception
      4.2.4 Valid GeneralizedTime notBefore Date Test4

      In this test, the end entity certificate's notBefore date is specified in GeneralizedTime.

      Throws:
      Exception
    • test4_2_5

      public void test4_2_5() throws Exception
      4.2.5 Invalid CA notAfter Date Test5

      In this test, the intermediate certificate's notAfter date is before the current date. 9

      Throws:
      Exception
    • test4_2_6

      public void test4_2_6() throws Exception
      4.2.6 Invalid EE notAfter Date Test6

      In this test, the end entity certificate's notAfter date is before the current date.

      Throws:
      Exception
    • test4_2_7

      public void test4_2_7() throws Exception
      4.2.7 Invalid pre2000 UTC EE notAfter Date Test7

      In this test, the end entity certificate's notAfter date is 1999 and is encoded in UTCTime.

      Throws:
      Exception
    • test4_2_8

      public void test4_2_8() throws Exception
      4.2.8 Valid GeneralizedTime notAfter Date Test8

      In this test, the end entity certificate's notAfter date is 2050 and is encoded in GeneralizedTime.

      Throws:
      Exception
    • test4_3_1

      public void test4_3_1() throws Exception
      4.3.1 Invalid Name Chaining EE Test1

      In this test, the common name (cn=) portion of the issuer's name in the end entity certificate does not match the common name portion of the subject's name in the preceding intermediate certificate.

      Throws:
      Exception
    • test4_3_2

      public void test4_3_2() throws Exception
      4.3.2 Invalid Name Chaining Order Test2

      In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate contain the same relative distinguished names (RDNs), but their ordering is different.

      Throws:
      Exception
    • test4_3_3

      public void test4_3_3() throws Exception
      4.3.3 Valid Name Chaining Whitespace Test3

      In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate differ in internal whitespace, but match once the internal whitespace is compressed.

      Throws:
      Exception
    • test4_3_4

      public void test4_3_4() throws Exception
      4.3.4 Valid Name Chaining Whitespace Test4

      In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate differ in leading and trailing whitespace, but match once all leading and trailing whitespace is removed.

      Throws:
      Exception
    • test4_3_5

      public void test4_3_5() throws Exception
      4.3.5 Valid Name Chaining Capitalization Test5

      In this test, the issuer's name in the end entity certificate and the subject's name in the preceding intermediate certificate differ in capitalization, but match when a case insensitive match is performed.

      Throws:
      Exception
    • test4_3_6

      public void test4_3_6() throws Exception
      4.3.6 Valid Name Chaining UIDs Test6

      In this test, the intermediate certificate includes a subjectUniqueID and the end entity certificate includes a matching issuerUniqueID. 12

      Throws:
      Exception
    • test4_3_7

      public void test4_3_7() throws Exception
      4.3.7 Valid RFC3280 Mandatory Attribute Types Test7

      In this test, this intermediate certificate includes a subject name that includes the attribute types distinguished name qualifier, state or province name, serial number, domain component, organization, and country.

      Throws:
      Exception
    • test4_3_8

      public void test4_3_8() throws Exception
      4.3.8 Valid RFC3280 Optional Attribute Types Test8

      In this test, this intermediate certificate includes a subject name that includes the attribute types locality, title, surname, given name, initials, pseudonym, generation qualifier, organization, and country.

      Throws:
      Exception
    • test4_3_9

      public void test4_3_9() throws Exception
      4.3.9 Valid UTF8String Encoded Names Test9

      In this test, the attribute values for the common name and organization attribute types in the subject fields of the intermediate and end certificates and the issuer fields of the end certificate and the intermediate certificate's CRL are encoded in UTF8String. 13

      Throws:
      Exception
    • test4_3_10

      public void test4_3_10() throws Exception
      4.3.10 Valid Rollover from PrintableString to UTF8String Test10

      In this test, the attribute values for the common name and organization attribute types in the issuer and subject fields of the end certificate and the issuer field of the intermediate certificate's CRL are encoded in UTF8String. However, these attribute types are encoded in PrintableString in the subject field of the intermediate certificate.

      Throws:
      Exception
    • test4_3_11

      public void test4_3_11() throws Exception
      4.3.11 Valid UTF8String Case Insensitive Match Test11

      In this test, the attribute values for the common name and organization attribute types in the subject fields of the intermediate and end certificates and the issuer fields of the end certificate and the intermediate certificate's CRL are encoded in UTF8String. The subject of the intermediate certificate and the issuer of the end certificate differ in capitalization and whitespace, but match when a case insensitive match is performed.

      Throws:
      Exception
    • test4_4_1

      public void test4_4_1() throws Exception
      4.4.1 Missing CRL Test1

      In this test, there is no revocation information available from the intermediate CA, making it impossible to determine the status of the end certificate.

      Throws:
      Exception
    • test4_4_2

      public void test4_4_2() throws Exception
      4.4.2 Invalid Revoked CA Test2

      In this test, the CRL issued by the first intermediate CA indicates that the second intermediate certificate in the path has been revoked.

      Throws:
      Exception
    • test4_4_3

      public void test4_4_3() throws Exception
      4.4.3 Invalid Revoked EE Test3

      In this test, the CRL issued by the intermediate CA indicates that the end entity certificate has been revoked.

      Throws:
      Exception
    • test4_4_4

      public void test4_4_4() throws Exception
      4.4.4 Invalid Bad CRL Signature Test4

      In this test, the signature on the CRL issued by the intermediate CA is invalid.

      Throws:
      Exception
    • test4_4_5

      public void test4_4_5() throws Exception
      4.4.5 Invalid Bad CRL Issuer Name Test5

      In this test, the issuer name in the CRL signed by the intermediate CA does not match the issuer name in the end entity's certificate.

      Throws:
      Exception
    • test4_4_6

      public void test4_4_6() throws Exception
      4.4.6 Invalid Wrong CRL Test6

      In this test, the wrong CRL is in the intermediate certificate's directory entry. There is no CRL available from the intermediate CA making it impossible to determine the status of the end entity's certificate.

      Throws:
      Exception
    • test4_4_7

      public void test4_4_7() throws Exception
      4.4.7 Valid Two CRLs Test7

      In this test, there are two CRLs in the intermediate CAs directory entry, one that is correct and one that contains the wrong issuer name. The correct CRL does not list any certificates as revoked. The incorrect CRL includes the serial number of the end entity's certificate on its list of revoked certificates.

      Throws:
      Exception
    • test4_4_8

      public void test4_4_8() throws Exception
      4.4.8 Invalid Unknown CRL Entry Extension Test8

      In this test, the end entity's certificate has been revoked. In the intermediate CA's CRL, there is a made up critical crlEntryExtension associated with the end entity certificate's serial number. [X.509 7.3] When an implementation processing a CRL encounters the serial number of the certificate of interest in a CRL entry, but does not recognize a critical extension in the crlEntryExtensions field from that CRL entry, that CRL cannot be used to determine the status of the certificate.

      Throws:
      Exception
    • test4_4_9

      public void test4_4_9() throws Exception
      4.4.9 Invalid Unknown CRL Extension Test9

      In this test, the end entity's certificate has been revoked. In the intermediate CA's CRL, there is a made up critical extension in the crlExtensions field. [X.509 7.3] When an implementation does not recognize a critical extension in the crlExtensions field, that CRL cannot be used to determine the status of the certificate, regardless of whether the serial number of the certificate of interest appears in that CRL or not.

      Throws:
      Exception
    • test4_4_10

      public void test4_4_10() throws Exception
      4.4.10 Invalid Unknown CRL Extension Test10

      In this test the intermediate CA's CRL contains a made up critical extension in the crlExtensions field. The end entity certificate's serial number is not listed on the CRL, however, due to the presence of an unknown critical CRL extension, the relying party can not be sure that the list of serial numbers on the revokedCertificates list includes all certificates that have been revoked by the intermediate CA. As a result, the relying party can not verify that the end entity's certificate has not been revoked. 18

      Throws:
      Exception
    • test4_4_11

      public void test4_4_11() throws Exception
      4.4.11 Invalid Old CRL nextUpdate Test11

      In this test the intermediate CA's CRL has a nextUpdate time that is far in the past (January 2010), indicating that the CA has already issued updated revocation information. Since the information in the CRL is out-of-date and a more up-to-date CRL (that should have already been issued) can not be obtained, the certification path should be treated as if the status of the end entity certificate can not be determined.3

      Throws:
      Exception
    • test4_4_12

      public void test4_4_12() throws Exception
      4.4.12 Invalid pre2000 CRL nextUpdate Test12

      In this test the intermediate CA's CRL has a nextUpdate time that is in 1999 indicating that the CA has already issued updated revocation information. Since the information in the CRL is outof-date and a more up-to-date CRL (that should have already been issued) can not be obtained, the certification path should be treated as if the status of the end entity certificate can not be determined.

      Throws:
      Exception
    • test4_4_13

      public void test4_4_13() throws Exception
      4.4.13 Valid GeneralizedTime CRL nextUpdate Test13

      In this test the intermediate CA's CRL has a nextUpdate time that is in 2050. Since the nextUpdate time is in the future, this CRL may contain the most up-to-date certificate status information that is available from the intermediate CA and so the relying party may use this CRL to determine the status of the end entity certificate.

      Throws:
      Exception
    • test4_4_14

      public void test4_4_14() throws Exception
      4.4.14 Valid Negative Serial Number Test14

      RFC 3280 mandates that certificate serial numbers be positive integers, but states that relying parties should be prepared to gracefully handle certificates with serial numbers that are negative, or zero. In this test, the end entity's certificate has a serial number of 255 (DER encoded as "00 FF") and the corresponding CRL lists the certificate with serial number -1 (DER encoded as "FF") as revoked.

      Throws:
      Exception
    • test4_4_15

      public void test4_4_15() throws Exception
      4.4.15 Invalid Negative Serial Number Test15

      RFC 3280 mandates that certificate serial numbers be positive integers, but states that relying parties should be prepared to gracefully handle certificates with serial numbers that are negative, or zero. In this test, the end entity's certificate has a serial number of -1 (DER encoded as "FF") and the corresponding CRL lists this certificate as revoked.

      Throws:
      Exception
    • test4_4_16

      public void test4_4_16() throws Exception
      4.4.16 Valid Long Serial Number Test16

      RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets long. In this test, the end entity's certificate has a 20 octet serial number that is not listed on the corresponding CRL, but the serial number matches the serial number listed on the CRL in all but the least significant octet.

      Throws:
      Exception
    • test4_4_17

      public void test4_4_17() throws Exception
      4.4.17 Valid Long Serial Number Test17

      RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets long. In this test, the end entity's certificate has a 20 octet serial number that is not listed on the corresponding CRL, but the serial number matches the serial number listed on the CRL in all but the most significant octet.

      Throws:
      Exception
    • test4_4_18

      public void test4_4_18() throws Exception
      4.4.18 Invalid Long Serial Number Test18

      RFC 3280 mandates that certificate users be able to handle serial number values up to 20 octets long. In this test, the end entity's certificate has a 20 octet serial number and the certificate's serial number is listed on the corresponding CRL.

      Throws:
      Exception
    • xtest4_4_19

      public void xtest4_4_19() throws Exception
      4.4.19 Valid Separate Certificate and CRL Keys Test19

      In this test, the intermediate CA uses different keys to sign certificates and CRLs. The Trust Anchor CA has issued two certificates to the intermediate CA, one for each key. The end entity's certificate was signed using the intermediate CA's certificate signing key.

      Throws:
      Exception
    • xtest4_4_20

      public void xtest4_4_20() throws Exception
      4.4.20 Invalid Separate Certificate and CRL Keys Test20

      In this test, the intermediate CA uses different keys to sign certificates and CRLs. The Trust Anchor CA has issued two certificates to the intermediate CA, one for each key. The end entity's certificate was signed using the intermediate CA's certificate signing key. The CRL issued by the intermediate CA lists the end entity's certificate as revoked.

      Throws:
      Exception
    • xtest4_4_21

      public void xtest4_4_21() throws Exception
      4.4.21 Invalid Separate Certificate and CRL Keys Test21

      In this test, the intermediate CA uses different keys to sign certificates and CRLs. The Trust Anchor CA has issued two certificates to the intermediate CA, one for each key. The certificate issued to the intermediate CA's CRL verification key has been revoked. The end entity's certificate was signed using the intermediate CA's certificate signing key.

      Throws:
      Exception
    • test4_5_1

      public void test4_5_1() throws Exception
      4.5.1 Valid Basic Self-Issued Old With New Test1

      In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's new public key. The end entity's certificate was signed using the intermediate CA's old private key, requiring the relying party to use the CA's old-signed-with-new self-issued certificate in order to validate the end entity's certificate. The intermediate CA issues one CRL, signed with its new private key, that covers all of the unexpired certificates that it has issued.

      Throws:
      Exception
    • test4_5_2

      public void test4_5_2() throws Exception
      4.5.2 Invalid Basic Self-Issued Old With New Test2

      In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's new public key. The end entity's certificate was signed using the intermediate CA's old private key, requiring the relying party to use the CA's old-signed-with-new self-issued certificate in order to validate the end entity's certificate. The intermediate CA issues one CRL, signed with its new private key, that covers all of the unexpired certificates that it has issued. This CRL indicates that the end entity's certificate has been revoked.

      Throws:
      Exception
    • test4_5_3

      public void test4_5_3() throws Exception
      4.5.3 Valid Basic Self-Issued New With Old Test3

      In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's old public key. The end entity's certificate and a CRL covering all certificates issued by the intermediate CA was signed using the intermediate CA's new private key, requiring the relying party to use the CA's new-signed-with-old self-issued certificate in order to validate both the end entity's certificate and the intermediate CA's CRL. There is a second CRL, signed using the intermediate CA's old private key that only covers the new-signed-with-old self-issued certificate.

      Throws:
      Exception
    • xtest4_5_4

      public void xtest4_5_4() throws Exception
      4.5.4 Valid Basic Self-Issued New With Old Test4

      In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's old public key. The end entity's certificate was signed using the intermediate CA's old private key, so there is no need to use a self-issued certificate to create a certification path from the Trust Anchor to the end entity. However, the CRL covering all certificates issued by the intermediate CA was signed using the intermediate CA's new private key, requiring the relying party to use the CA's new-signed-with-old self-issued certificate in order to validate the intermediate CA's CRL. This CRL must be validated in order to determine the status of the end entity's certificate. There is a second CRL, signed using the intermediate CA's old private key that only covers the new-signed-with-old self-issued certificate.

      Throws:
      Exception
    • xtest4_5_5

      public void xtest4_5_5() throws Exception
      4.5.5 Invalid Basic Self-Issued New With Old Test5

      In this test, the Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's old public key. The end entity's certificate was signed using the intermediate CA's old private key, so there is no need to use a self-issued certificate to create a certification path from the Trust Anchor to the end entity. However, the CRL covering all certificates issued by the intermediate CA was signed using the intermediate CA's new private key, requiring the relying party to use the CA's new-signed-with-old self-issued certificate in order to validate the intermediate CA's CRL. This CRL must be validated in order to determine the status of the end entity's certificate. There is a second CRL, signed using the intermediate CA's old private key that only covers the new-signed-with-old self-issued certificate. The end entity's certificate has been revoked.

      Throws:
      Exception
    • xtest4_5_6

      public void xtest4_5_6() throws Exception
      4.5.6 Valid Basic Self-Issued CRL Signing Key Test6

      In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other for signing CRLs. The Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's certificate verification public key, and the intermediate CA has issued a self-issued certificate that contains its CRL verification key. The intermediate CA's certificate signing private key has been used to sign a CRL that only covers the self-issued certificate.

      Throws:
      Exception
    • xtest4_5_7

      public void xtest4_5_7() throws Exception
      4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7

      In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other for signing CRLs. The Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's certificate verification public key, and the intermediate CA has issued a self-issued certificate that contains its CRL verification key. The intermediate CA's certificate signing private key has been used to sign a CRL that only covers the self-issued certificate. The end entity's certificate has been revoked.

      Throws:
      Exception
    • test4_5_8

      public void test4_5_8() throws Exception
      4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8

      In this test, the intermediate CA maintains two key pairs, one for signing certificates and the other for signing CRLs. The Trust Anchor CA has issued a certificate to the intermediate CA that contains the intermediate CA's certificate verification public key, and the intermediate CA has issued a self-issued certificate that contains its CRL verification key. The intermediate CA's certificate signing private key has been used to sign a CRL that only covers the self-issued certificate. The end entity's certificate was signed using the CRL signing key.

      Throws:
      Exception
    • test4_6_1

      public void test4_6_1() throws Exception
      4.6.1 Invalid Missing basicConstraints Test1

      In this test, the intermediate certificate does not have a basicConstraints extension.

      Throws:
      Exception
    • test4_6_2

      public void test4_6_2() throws Exception
      4.6.2 Invalid cA False Test2

      In this test, the basicConstraints extension is present in the intermediate certificate and is marked critical, but the cA component is false, indicating that the subject public key may not be used to verify signatures on certificates.

      Throws:
      Exception
    • test4_6_3

      public void test4_6_3() throws Exception
      4.6.3 Invalid cA False Test3

      In this test, the basicConstraints extension is present in the intermediate certificate and is marked not critical, but the cA component is false, indicating that the subject public key may not be used to verify signatures on certificates. As specified in section 8.4.2.1 of X.509, the application must reject the path either because the application does not recognize the basicConstraints extension or because cA is set to false.

      Throws:
      Exception
    • test4_6_4

      public void test4_6_4() throws Exception
      4.6.4 Valid basicConstraints Not Critical Test4

      In this test, the basicConstraints extension is present in the intermediate certificate and the cA component is true, but the extension is marked not critical.

      Throws:
      Exception
    • test4_6_5

      public void test4_6_5() throws Exception
      4.6.5 Invalid pathLenConstraint Test5

      In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by a second intermediate certificate and a end entity certificate.

      Throws:
      Exception
    • test4_6_6

      public void test4_6_6() throws Exception
      4.6.6 Invalid pathLenConstraint Test6

      In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by two more CA certificates, the second of which is the end certificate in the path.

      Throws:
      Exception
    • test4_6_7

      public void test4_6_7() throws Exception
      4.6.7 Valid pathLenConstraint Test7

      In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by the end entity certificate.

      Throws:
      Exception
    • test4_6_8

      public void test4_6_8() throws Exception
      4.6.8 Valid pathLenConstraint Test8

      In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional intermediate certificates in the path). This is followed by the end entity certificate, which is a CA certificate.

      Throws:
      Exception
    • test4_6_9

      public void test4_6_9() throws Exception
      4.6.9 Invalid pathLenConstraint Test9

      This test consists of a certification path of length 4. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 0, and the third a pathLenConstraint of 0. The fourth certificate is an end entity certificate.

      Throws:
      Exception
    • test4_6_10

      public void test4_6_10() throws Exception
      4.6.10 Invalid pathLenConstraint Test10

      This test consists of a certification path of length 4. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 0, and the third a pathLenConstraint of 0. The end entity certificate is a CA certificate.

      Throws:
      Exception
    • test4_6_11

      public void test4_6_11() throws Exception
      4.6.11 Invalid pathLenConstraint Test11

      This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 1, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The fifth certificate is an end entity certificate.

      Throws:
      Exception
    • test4_6_12

      public void test4_6_12() throws Exception
      4.6.12 Invalid pathLenConstraint Test12

      This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 1, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The end entity certificate is a CA certificate.

      Throws:
      Exception
    • test4_6_13

      public void test4_6_13() throws Exception
      4.6.13 Valid pathLenConstraint Test13

      This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 4, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The fifth certificate is an end entity certificate.

      Throws:
      Exception
    • test4_6_14

      public void test4_6_14() throws Exception
      4.6.14 Valid pathLenConstraint Test14

      This test consists of a certification path of length 5. The first certificate in the path includes a pathLenConstraint of 6, the second a pathLenConstraint of 4, and the third a pathLenConstraint of 1. The fourth certificate does not include a pathLenConstraint. The end entity certificate is a CA certificate.

      Throws:
      Exception
    • test4_6_15

      public void test4_6_15() throws Exception
      4.6.15 Valid Self-Issued pathLenConstraint Test15

      In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional non-self-issued intermediate certificates in the path). This is followed by a self-issued certificate and the end entity certificate. 32

      Throws:
      Exception
    • test4_6_16

      public void test4_6_16() throws Exception
      4.6.16 Invalid Self-Issued pathLenConstraint Test16

      In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 0 (allowing 0 additional non-self-issued intermediate certificates in the path). This is followed by a self-issued certificate, an non-self-issued certificate, and the end entity certificate.

      Throws:
      Exception
    • test4_6_17

      public void test4_6_17() throws Exception
      4.6.17 Valid Self-Issued pathLenConstraint Test17

      In this test, the first certificate in the path includes a basicConstraints extension with a pathLenConstraint of 1 (allowing 1 additional non-self-issued intermediate certificate in the path). This is followed by a self-issued certificate, a non-self-issued certificate, another self-issued certificate, and the end entity certificate.

      Throws:
      Exception
    • test4_7_1

      public void test4_7_1() throws Exception
      4.7.1 Invalid keyUsage Critical keyCertSign False Test1

      In this test, the intermediate certificate includes a critical keyUsage extension in which keyCertSign is false.

      Throws:
      Exception
    • test4_7_2

      public void test4_7_2() throws Exception
      4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2

      In this test, the intermediate certificate includes a non-critical keyUsage extension in which keyCertSign is false.

      Throws:
      Exception
    • test4_7_3

      public void test4_7_3() throws Exception
      4.7.3 Valid keyUsage Not Critical Test3

      In this test, the intermediate certificate includes a non-critical keyUsage extension. 34

      Throws:
      Exception
    • test4_7_4

      public void test4_7_4() throws Exception
      4.7.4 Invalid keyUsage Critical cRLSign False Test4

      In this test, the intermediate certificate includes a critical keyUsage extension in which cRLSign is false.

      Throws:
      Exception
    • test4_7_5

      public void test4_7_5() throws Exception
      4.7.5 Invalid keyUsage Not Critical cRLSign False Test5

      In this test, the intermediate certificate includes a non-critical keyUsage extension in which cRLSign is false.

      Throws:
      Exception
    • test4_8_1

      public void test4_8_1() throws Exception
      4.8.1 All Certificates Same Policy Test1

      In this test, every certificate in the path asserts the same policy, NIST-test-policy-1. The certification path in this test is the same certification path as in Valid Signatures Test1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-explicit-policy set. The path should validate successfully. 2. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 3. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully. 4. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path should validate successfully.

      Throws:
      Exception
    • test4_8_2

      public void test4_8_2() throws Exception
      4.8.2 All Certificates No Policies Test2

      In this test, the certificatePolicies extension is omitted from every certificate in the path. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-explicit-policy set . The path should not validate successfully.

      Throws:
      Exception
    • test4_8_3

      public void test4_8_3() throws Exception
      4.8.3 Different Policies Test3

      In this test, every certificate in the path asserts the same certificate policy except the first certificate in the path. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-explicit-policy set . The path should not validate successfully. 3. default settings, but with initial-explicit-policy set and initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path should not validate successfully.

      Throws:
      Exception
    • test4_8_4

      public void test4_8_4() throws Exception
      4.8.4 Different Policies Test4

      In this test, every certificate in the path asserts the same certificate policy except the end entity certificate.

      Throws:
      Exception
    • test4_8_5

      public void test4_8_5() throws Exception
      4.8.5 Different Policies Test5

      In this test, every certificate in the path except the second certificate asserts the same policy.

      Throws:
      Exception
    • test4_8_6

      public void test4_8_6() throws Exception
      4.8.6 Overlapping Policies Test6

      The following path is such that the intersection of certificate policies among all the certificates has exactly one policy, NIST-test-policy-1. The final certificate in the path is a CA certificate. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully.

      Throws:
      Exception
    • test4_8_7

      public void test4_8_7() throws Exception
      4.8.7 Different Policies Test7

      The following path is such that the intersection of certificate policies among all the certificates is empty. The final certificate in the path is a CA certificate.

      Throws:
      Exception
    • test4_8_8

      public void test4_8_8() throws Exception
      4.8.8 Different Policies Test8

      The following path is such that the intersection of certificate policies among all the certificates is empty. The final certificate in the path is a CA certificate.

      Throws:
      Exception
    • test4_8_9

      public void test4_8_9() throws Exception
      4.8.9 Different Policies Test9

      The following path is such that the intersection of certificate policies among all the certificates is empty.

      Throws:
      Exception
    • test4_8_10

      public void test4_8_10() throws Exception
      4.8.10 All Certificates Same Policies Test10

      In this test, every certificate in the path asserts the same policies, NIST-test-policy-1 and NISTtest-policy-2. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully.

      Throws:
      Exception
    • test4_8_11

      public void test4_8_11() throws Exception
      4.8.11 All Certificates AnyPolicy Test11

      In this test, every certificate in the path asserts the special policy anyPolicy. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully.

      Throws:
      Exception
    • test4_8_12

      public void test4_8_12() throws Exception
      4.8.12 Different Policies Test12

      In this test, the path consists of two certificates, each of which asserts a different certificate policy.

      Throws:
      Exception
    • test4_8_13

      public void test4_8_13() throws Exception
      4.8.13 All Certificates Same Policies Test13

      In this test, every certificate in the path asserts the same policies, NIST-test-policy-1, NIST-testpolicy-2, and NIST-test-policy-3. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully. 3. default settings, but with initial-policy-set = {NIST-test-policy-3}. The path should validate successfully.

      Throws:
      Exception
    • test4_8_14

      public void test4_8_14() throws Exception
      4.8.14 AnyPolicy Test14

      In this test, the intermediate certificate asserts anyPolicy and the end entity certificate asserts NIST-test-policy-1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully.

      Throws:
      Exception
    • test4_8_15

      public void test4_8_15() throws Exception
      4.8.15 User Notice Qualifier Test15

      In this test, the path consists of a single certificate. The certificate asserts the policy NIST-testpolicy-1 and includes a user notice policy qualifier.

      Display of user notice beyond CertPath API at the moment.

      Throws:
      Exception
    • test4_8_16

      public void test4_8_16() throws Exception
      4.8.16 User Notice Qualifier Test16

      In this test, the path consists of an intermediate certificate and an end entity certificate. The intermediate certificate asserts the policy NIST-test-policy-1. The end entity certificate asserts both NIST-test-policy-1 and NIST-test-policy-2. Each policy in the end entity certificate has a different user notice qualifier associated with it.

      Display of user notice beyond CertPath API at the moment.

      Throws:
      Exception
    • test4_8_17

      public void test4_8_17() throws Exception
      4.8.17 User Notice Qualifier Test17

      In this test, the path consists of an intermediate certificate and an end entity certificate. The intermediate certificate asserts the policy NIST-test-policy-1. The end entity certificate asserts anyPolicy. There is a user notice policy qualifier associated with anyPolicy in the end entity certificate.

      Display of user notice beyond CertPath API at the moment.

      Throws:
      Exception
    • test4_8_18

      public void test4_8_18() throws Exception
      4.8.18 User Notice Qualifier Test18

      In this test, the intermediate certificate asserts policies NIST-test-policy-1 and NIST-test-policy-2. The end certificate asserts NIST-test-policy-1 and anyPolicy. Each of the policies in the end entity certificate asserts a different user notice policy qualifier. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully and the qualifier associated with NIST-test-policy-1 in the end entity certificate should be displayed. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully and the qualifier associated with anyPolicy in the end entity certificate should be displayed. 45

      Display of policy messages beyond CertPath API at the moment.

      Throws:
      Exception
    • test4_8_19

      public void test4_8_19() throws Exception
      4.8.19 User Notice Qualifier Test19

      In this test, the path consists of a single certificate. The certificate asserts the policy NIST-testpolicy-1 and includes a user notice policy qualifier. The user notice qualifier contains explicit text that is longer than 200 bytes. [RFC 3280 4.2.1.5] Note: While the explicitText has a maximum size of 200 characters, some non-conforming CAs exceed this limit. Therefore, certificate users SHOULD gracefully handle explicitText with more than 200 characters.

      Throws:
      Exception
    • test4_8_20

      public void test4_8_20() throws Exception
      4.8.20 CPS Pointer Qualifier Test20

      In this test, the path consists of an intermediate certificate and an end entity certificate, both of which assert the policy NIST-test-policy-1. There is a CPS pointer policy qualifier associated with NIST-test-policy-1 in the end entity certificate.

      Throws:
      Exception
    • test4_9_1

      public void test4_9_1() throws Exception
      4.9.1 Valid RequireExplicitPolicy Test1

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 10. This is followed by three more intermediate certificates and an end entity certificate. The end entity certificate does not include a certificatePolicies extension. 47

      Throws:
      Exception
    • test4_9_2

      public void test4_9_2() throws Exception
      4.9.2 Valid RequireExplicitPolicy Test2

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 5. This is followed by three more intermediate certificates and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.

      Throws:
      Exception
    • test4_9_3

      public void test4_9_3() throws Exception
      4.9.3 Invalid RequireExplicitPolicy Test3

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 4. This is followed by three more intermediate certificates and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.

      Throws:
      Exception
    • test4_9_4

      public void test4_9_4() throws Exception
      4.9.4 Valid RequireExplicitPolicy Test4

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 0. This is followed by three more intermediate certificates and an end entity certificate.

      Throws:
      Exception
    • test4_9_5

      public void test4_9_5() throws Exception
      4.9.5 Invalid RequireExplicitPolicy Test5

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 7. The second certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. The third certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 4. This is followed by one more intermediate certificate and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.

      Throws:
      Exception
    • test4_9_6

      public void test4_9_6() throws Exception
      4.9.6 Valid Self-Issued requireExplicitPolicy Test6

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. This is followed by a self-issued intermediate certificate and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.

      Throws:
      Exception
    • test4_9_7

      public void test4_9_7() throws Exception
      4.9.7 Invalid Self-Issued requireExplicitPolicy Test7

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. This is followed by a self-issued intermediate certificate, a nonself-issued intermediate certificate, and an end entity certificate. The end entity certificate does not include a certificatePolicies extension.

      Throws:
      Exception
    • test4_9_8

      public void test4_9_8() throws Exception
      4.9.8 Invalid Self-Issued requireExplicitPolicy Test8

      In this test, the first certificate in the path includes a policyConstraints extension with requireExplicitPolicy set to 2. This is followed by a self-issued intermediate certificate, a nonself-issued intermediate certificate, a self-issued intermediate certificate, and an end entity certificate. The end entity certificate does not include a certificatePolicies extension. 50

      Throws:
      Exception
    • test4_10_1

      public void test4_10_1() throws Exception
      4.10.1 Valid Policy Mapping Test1

      In this test, the intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-2. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should not validate successfully. 3. default settings, but with initial-policy-mapping-inhibit set. The path should not validate successfully.

      Throws:
      Exception
    • test4_10_2

      public void test4_10_2() throws Exception
      4.10.2 Invalid Policy Mapping Test2

      In this test, the intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should not validate successfully. 2. default settings, but with initial-policy-mapping-inhibit set. The path should not validate successfully.

      Throws:
      Exception
    • test4_10_3

      public void test4_10_3() throws Exception
      4.10.3 Valid Policy Mapping Test3

      In this test, the path is valid under NIST-test-policy-2 as a result of policy mappings. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should not validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully.

      Throws:
      Exception
    • test4_10_4

      public void test4_10_4() throws Exception
      4.10.4 Invalid Policy Mapping Test4

      In this test, the policy asserted in the end entity certificate is not in the authorities-constrainedpolicy-set.

      Throws:
      Exception
    • test4_10_5

      public void test4_10_5() throws Exception
      4.10.5 Valid Policy Mapping Test5

      In this test, the path is valid under NIST-test-policy-1 as a result of policy mappings. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. The path should not validate successfully.

      Throws:
      Exception
    • test4_10_6

      public void test4_10_6() throws Exception
      4.10.6 Valid Policy Mapping Test6

      In this test, the path is valid under NIST-test-policy-1 as a result of policy mappings. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully. 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. The path should not validate successfully.

      Throws:
      Exception
    • test4_10_7

      public void test4_10_7() throws Exception
      4.10.7 Invalid Mapping From anyPolicy Test7

      In this test, the intermediate certificate includes a policyMappings extension that includes a mapping in which the issuerDomainPolicy is anyPolicy. The intermediate certificate also includes a critical policyConstraints extension with requireExplicitPolicy set to 0. [RFC 3280 6.1.4] (a) If a policy mapping extension is present, verify that the special value anyPolicy does not appear as an issuerDomainPolicy or a subjectDomainPolicy.

      Throws:
      Exception
    • test4_10_8

      public void test4_10_8() throws Exception
      4.10.8 Invalid Mapping To anyPolicy Test8

      In this test, the intermediate certificate includes a policyMappings extension that includes a mapping in which the subjectDomainPolicy is anyPolicy. The intermediate certificate also includes a critical policyConstraints extension with requireExplicitPolicy set to 0. [RFC 3280 6.1.4] (a) If a policy mapping extension is present, verify that the special value anyPolicy does not appear as an issuerDomainPolicy or a subjectDomainPolicy.

      Throws:
      Exception
    • test4_10_9

      public void test4_10_9() throws Exception
      4.10.9 Valid Policy Mapping Test9

      In this test, the intermediate certificate asserts anyPolicy and maps NIST-test-policy-1 to NISTtest-policy-2. The end entity certificate asserts NIST-test-policy-1. 55

      Throws:
      Exception
    • test4_10_10

      public void test4_10_10() throws Exception
      4.10.10 Invalid Policy Mapping Test10

      In this test, the first intermediate certificate asserts NIST-test-policy-1. The second intermediate certificate asserts anyPolicy and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-1.

      Throws:
      Exception
    • test4_10_11

      public void test4_10_11() throws Exception
      4.10.11 Valid Policy Mapping Test11

      In this test, the first intermediate certificate asserts NIST-test-policy-1. The second intermediate certificate asserts anyPolicy and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-2.

      Throws:
      Exception
    • test4_10_12

      public void test4_10_12() throws Exception
      4.10.12 Valid Policy Mapping Test12

      In this test, the intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-test-policy-1 to NIST-test-policy-3. The end entity certificate asserts anyPolicy and NIST-test-policy-3, each with a different user notice policy qualifier. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. The path should validate successfully and the application should display the user notice associated with NIST-test-policy-3 in the end entity certificate. 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. The path should validate successfully and the application should display the user notice associated with anyPolicy in the end entity certificate.

      Throws:
      Exception
    • test4_10_13

      public void test4_10_13() throws Exception
      4.10.13 Valid Policy Mapping Test13

      In this test, the intermediate certificate asserts NIST-test-policy-1 and anyPolicy and maps NISTtest-policy-1 to NIST-test-policy-2. There is a user notice policy qualifier associated with each of 57 the policies. The end entity certificate asserts NIST-test-policy-2.

      Throws:
      Exception
    • test4_10_14

      public void test4_10_14() throws Exception
      4.10.14 Valid Policy Mapping Test14

      In this test, the intermediate certificate asserts NIST-test-policy-1 and anyPolicy and maps NISTtest-policy-1 to NIST-test-policy-2. There is a user notice policy qualifier associated with each of the policies. The end entity certificate asserts NIST-test-policy-1.

      Throws:
      Exception
    • test4_11_1

      public void test4_11_1() throws Exception
      4.11.1 Invalid inhibitPolicyMapping Test1

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 0. The second intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-1 and NIST-test-policy-2.

      Throws:
      Exception
    • test4_11_2

      public void test4_11_2() throws Exception
      4.11.2 Valid inhibitPolicyMapping Test2

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-testpolicy-1 to NIST-test-policy-3 and NIST-test-policy-2 to NIST-test-policy-4. The end entity certificate asserts NIST-test-policy-3. 59

      Throws:
      Exception
    • test4_11_3

      public void test4_11_3() throws Exception
      4.11.3 Invalid inhibitPolicyMapping Test3

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-testpolicy-1 to NIST-test-policy-3 and NIST-test-policy-2 to NIST-test-policy-4. The third intermediate certificate asserts NIST-test-policy-3 and NIST-test-policy-4 and maps NIST-testpolicy-3 to NIST-test-policy-5. The end entity certificate asserts NIST-test-policy-5.

      Throws:
      Exception
    • test4_11_4

      public void test4_11_4() throws Exception
      4.11.4 Valid inhibitPolicyMapping Test4

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-testpolicy-1 to NIST-test-policy-3 and NIST-test-policy-2 to NIST-test-policy-4. The third intermediate certificate asserts NIST-test-policy-3 and NIST-test-policy-4 and maps NIST-testpolicy-3 to NIST-test-policy-5. The end entity certificate asserts NIST-test-policy-4. 60

      Throws:
      Exception
    • test4_11_5

      public void test4_11_5() throws Exception
      4.11.5 Invalid inhibitPolicyMapping Test5

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 5. The second intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The third intermediate certificate asserts NIST-test-policy-1. The fourth intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NISTtest-policy-2. The end entity certificate asserts NIST-test-policy-2.

      Throws:
      Exception
    • test4_11_6

      public void test4_11_6() throws Exception
      4.11.6 Invalid inhibitPolicyMapping Test6

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and includes a policyConstraints extension with inhibitPolicyMapping set to 5. The third intermediate certificate asserts NIST-test-policy-1 and NIST-test-policy-2 and maps NIST-test-policy-1 to NIST-test-policy-3. The end entity certificate asserts NIST-test-policy-3. 61

      Throws:
      Exception
    • test4_11_7

      public void test4_11_7() throws Exception
      4.11.7 Valid Self-Issued inhibitPolicyMapping Test7

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The end entity certificate asserts NIST-test-policy-2.

      Throws:
      Exception
    • test4_11_8

      public void test4_11_8() throws Exception
      4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NISTtest-policy-3. The end entity certificate asserts NIST-test-policy-3. 62

      Throws:
      Exception
    • test4_11_9

      public void test4_11_9() throws Exception
      4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NISTtest-policy-3. The end entity certificate asserts NIST-test-policy-2.

      Throws:
      Exception
    • test4_11_10

      public void test4_11_10() throws Exception
      4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate is a self-issued certificate that asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NIST-test-policy-3. The end entity certificate asserts NIST-test-policy-3. 63

      Throws:
      Exception
    • test4_11_11

      public void test4_11_11() throws Exception
      4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes a policyConstraints extension with inhibitPolicyMapping set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts NIST-test-policy-1 and maps NIST-test-policy-1 to NIST-test-policy-2. The fourth intermediate certificate is a self-issued certificate that asserts NIST-test-policy-2 and maps NIST-test-policy-2 to NIST-test-policy-3. The end entity certificate asserts NIST-test-policy-2.

      Throws:
      Exception
    • test4_12_1

      public void test4_12_1() throws Exception
      4.12.1 Invalid inhibitAnyPolicy Test1

      In this test, the intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 0. The end entity certificate asserts anyPolicy.

      Throws:
      Exception
    • test4_12_2

      public void test4_12_2() throws Exception
      4.12.2 Valid inhibitAnyPolicy Test2

      In this test, the intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 0. The end entity certificate asserts anyPolicy and NIST-testpolicy-1.

      Throws:
      Exception
    • test4_12_3

      public void test4_12_3() throws Exception
      4.12.3 inhibitAnyPolicy Test3

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate asserts anyPolicy. The end entity certificate asserts NIST-test-policy-1. If possible, it is recommended that the certification path in this test be validated using the following inputs: 1. default settings. The path should validate successfully. 2. default settings, but with initial-inhibit-any-policy set. The path should not validate successfully.

      Throws:
      Exception
    • test4_12_4

      public void test4_12_4() throws Exception
      4.12.4 Invalid inhibitAnyPolicy Test4

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate asserts anyPolicy. The end entity certificate asserts anyPolicy. 66

      Throws:
      Exception
    • test4_12_5

      public void test4_12_5() throws Exception
      4.12.5 Invalid inhibitAnyPolicy Test5

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 5. The second intermediate certificate asserts NIST-test-policy1 and includes an inhibitAnyPolicy extension set to 1. The third intermediate certificate asserts NIST-test-policy-1 and the end entity certificate asserts anyPolicy.

      Throws:
      Exception
    • test4_12_6

      public void test4_12_6() throws Exception
      4.12.6 Invalid inhibitAnyPolicy Test6

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate asserts NIST-test-policy1 and includes an inhibitAnyPolicy extension set to 5. The end entity certificate asserts anyPolicy.

      Throws:
      Exception
    • test4_12_7

      public void test4_12_7() throws Exception
      4.12.7 Valid Self-Issued inhibitAnyPolicy Test7

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts anyPolicy and the end entity certificate asserts NIST-test-policy-1.

      Throws:
      Exception
    • test4_12_8

      public void test4_12_8() throws Exception
      4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third and fourth intermediate certificates assert anyPolicy and the end entity certificate asserts NIST-test-policy-1. 68

      Throws:
      Exception
    • test4_12_9

      public void test4_12_9() throws Exception
      4.12.9 Valid Self-Issued inhibitAnyPolicy Test9

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts anyPolicy. The fourth intermediate certificate is a self-issued certificate that asserts anyPolicy. The end entity certificate asserts NIST-test-policy-1.

      Throws:
      Exception
    • test4_12_10

      public void test4_12_10() throws Exception
      4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10

      In this test, the first intermediate certificate asserts NIST-test-policy-1 and includes an inhibitAnyPolicy extension set to 1. The second intermediate certificate is a self-issued certificate that asserts NIST-test-policy-1. The third intermediate certificate asserts anyPolicy. The end entity certificate is a self-issued CA certificate that asserts anyPolicy.

      Throws:
      Exception
    • test4_13_1

      public void test4_13_1() throws Exception
      4.13.1 Valid DN nameConstraints Test1

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls within that subtree. 70

      Throws:
      Exception
    • test4_13_2

      public void test4_13_2() throws Exception
      4.13.2 Invalid DN nameConstraints Test2

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls outside that subtree.

      Throws:
      Exception
    • test4_13_3

      public void test4_13_3() throws Exception
      4.13.3 Invalid DN nameConstraints Test3

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls within that subtree and a subjectAltName extension with a DN that falls outside the subtree.

      Throws:
      Exception
    • test4_13_4

      public void test4_13_4() throws Exception
      4.13.4 Valid DN nameConstraints Test4

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subject name that falls within that subtree and a subjectAltName extension with an e-mail address. 71

      Throws:
      Exception
    • test4_13_5

      public void test4_13_5() throws Exception
      4.13.5 Valid DN nameConstraints Test5

      In this test, the intermediate certificate includes a nameConstraints extension that specifies two permitted subtrees. The end entity certificate includes a subject name that falls within one of the subtrees and a subjectAltName extension with a DN that falls within the other subtree.

      Throws:
      Exception
    • test4_13_6

      public void test4_13_6() throws Exception
      4.13.6 Valid DN nameConstraints Test6

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subject name that falls outside that subtree.

      Throws:
      Exception
    • test4_13_7

      public void test4_13_7() throws Exception
      4.13.7 Invalid DN nameConstraints Test7

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subject name that falls within that subtree. 72

      Throws:
      Exception
    • test4_13_8

      public void test4_13_8() throws Exception
      4.13.8 Invalid DN nameConstraints Test8

      In this test, the intermediate certificate includes a nameConstraints extension that specifies two excluded subtrees. The end entity certificate includes a subject name that falls within the first subtree.

      Throws:
      Exception
    • test4_13_9

      public void test4_13_9() throws Exception
      4.13.9 Invalid DN nameConstraints Test9

      In this test, the intermediate certificate includes a nameConstraints extension that specifies two excluded subtrees. The end entity certificate includes a subject name that falls within the second subtree.

      Throws:
      Exception
    • test4_13_10

      public void test4_13_10() throws Exception
      4.13.10 Invalid DN nameConstraints Test10

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a permitted subtree and an excluded subtree. The excluded subtree specifies a subset of the name space specified by the permitted subtree. The end entity certificate includes a subject name that falls within both the permitted and excluded subtrees. 73

      Throws:
      Exception
    • test4_13_11

      public void test4_13_11() throws Exception
      4.13.11 Valid DN nameConstraints Test11

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a permitted subtree and an excluded subtree. The excluded subtree specifies a subset of the name space specified by the permitted subtree. The end entity certificate includes a subject name that falls within the permitted subtree but falls outside the excluded subtree.

      Throws:
      Exception
    • test4_13_12

      public void test4_13_12() throws Exception
      4.13.12 Invalid DN nameConstraints Test12

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree that is a subtree of the constraint specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate but outside the subtree specified by the second intermediate certificate.

      Throws:
      Exception
    • test4_13_13

      public void test4_13_13() throws Exception
      4.13.13 Invalid DN nameConstraints Test13

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree that does not overlap with the permitted subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate.

      Throws:
      Exception
    • test4_13_14

      public void test4_13_14() throws Exception
      4.13.14 Valid DN nameConstraints Test14

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree that does not overlap with the permitted subtree specified in the first intermediate certificate. The end entity certificate has a null subject name (i.e., the subject name is a sequence of zero relative distinguished names) and a critical subjectAltName extension with an e-mail address.

      Throws:
      Exception
    • test4_13_15

      public void test4_13_15() throws Exception
      4.13.15 Invalid DN nameConstraints Test15

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies an excluded subtree that does not overlap with the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified in the first intermediate certificate.

      Throws:
      Exception
    • test4_13_16

      public void test4_13_16() throws Exception
      4.13.16 Invalid DN nameConstraints Test16

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies an excluded subtree that does not overlap with the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the subtree specified in the second intermediate certificate.

      Throws:
      Exception
    • test4_13_17

      public void test4_13_17() throws Exception
      4.13.17 Invalid DN nameConstraints Test17

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies a permitted subtree that is a superset of the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the excluded subtree specified in the first intermediate certificate.

      Throws:
      Exception
    • test4_13_18

      public void test4_13_18() throws Exception
      4.13.18 Valid DN nameConstraints Test18

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The second intermediate certificate has a subject name that falls outside that subtree and includes a nameConstraints extension that specifies a permitted subtree that is a superset of the subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the permitted subtree specified in the second intermediate certificate but outside the excluded subtree specified in the first intermediate certificate.

      Throws:
      Exception
    • test4_13_19

      public void test4_13_19() throws Exception
      4.13.19 Valid Self-Issued DN nameConstraints Test19

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The second intermediate certificate is a self-issued certificate. The subject name in the self-issued certificate does not fall within the permitted subtree specified in the first intermediate certificate. The end entity certificate includes a subject name that falls within the permitted subtree specified in the first intermediate certificate.

      Throws:
      Exception
    • test4_13_20

      public void test4_13_20() throws Exception
      4.13.20 Invalid Self-Issued DN nameConstraints Test20

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate is a self-issued certificate. The subject name in the self-issued certificate does not fall within the permitted subtree specified in the intermediate certificate.

      Throws:
      Exception
    • test4_13_21

      public void test4_13_21() throws Exception
      4.13.21 Valid RFC822 nameConstraints Test21

      � In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls within that subtree.

      Throws:
      Exception
    • test4_13_22

      public void test4_13_22() throws Exception
      4.13.22 Invalid RFC822 nameConstraints Test22

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls outside that subtree.

      Throws:
      Exception
    • test4_13_23

      public void test4_13_23() throws Exception
      4.13.23 Valid RFC822 nameConstraints Test23

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls within that subtree.

      Throws:
      Exception
    • test4_13_24

      public void test4_13_24() throws Exception
      4.13.24 Invalid RFC822 nameConstraints Test24

      � In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls outside that subtree.

      Throws:
      Exception
    • test4_13_25

      public void test4_13_25() throws Exception
      4.13.25 Valid RFC822 nameConstraints Test25

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls outside that subtree.

      Throws:
      Exception
    • test4_13_26

      public void test4_13_26() throws Exception
      4.13.26 Invalid RFC822 nameConstraints Test26

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with an e-mail address that falls within that subtree.

      Throws:
      Exception
    • test4_13_27

      public void test4_13_27() throws Exception
      4.13.27 Valid DN and RFC822 nameConstraints Test27

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree of type directoryName. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree of type rfc822Name. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate and an e-mail address that falls within the permitted subtree specified by the second intermediate certificate.

      Throws:
      Exception
    • test4_13_28

      public void test4_13_28() throws Exception
      4.13.28 Invalid DN and RFC822 nameConstraints Test28

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree of type directoryName. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree of type rfc822Name. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate and an e-mail address that falls outside the permitted subtree specified by the second intermediate certificate.

      Throws:
      Exception
    • test4_13_29

      public void test4_13_29() throws Exception
      4.13.29 Invalid DN and RFC822 nameConstraints Test29

      In this test, the first intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree of type directoryName. The second intermediate certificate includes a subject name that falls within that subtree and a nameConstraints extension that specifies a permitted subtree of type rfc822Name. The end entity certificate includes a subject name that falls within the subtree specified by the first intermediate certificate but the subject name includes an attribute of type EmailAddress whose value falls outside the permitted subtree specified in the second intermediate certificate.

      Throws:
      Exception
    • test4_13_30

      public void test4_13_30() throws Exception
      4.13.30 Valid DNS nameConstraints Test30

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls within that subtree.

      Throws:
      Exception
    • test4_13_31

      public void test4_13_31() throws Exception
      4.13.31 Invalid DNS nameConstraints Test31

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls outside that subtree.

      Throws:
      Exception
    • test4_13_32

      public void test4_13_32() throws Exception
      4.13.32 Valid DNS nameConstraints Test32

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls outside that subtree.

      Throws:
      Exception
    • test4_13_33

      public void test4_13_33() throws Exception
      4.13.33 Invalid DNS nameConstraints Test33

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls within that subtree.

      Throws:
      Exception
    • test4_13_34

      public void test4_13_34() throws Exception
      4.13.34 Valid URI nameConstraints Test34

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls within that subtree.

      Throws:
      Exception
    • test4_13_35

      public void test4_13_35() throws Exception
      4.13.35 Invalid URI nameConstraints Test35

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls outside that subtree.

      Throws:
      Exception
    • test4_13_36

      public void test4_13_36() throws Exception
      4.13.36 Valid URI nameConstraints Test36

      � In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls outside that subtree.

      Throws:
      Exception
    • test4_13_37

      public void test4_13_37() throws Exception
      4.13.37 Invalid URI nameConstraints Test37

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single excluded subtree. The end entity certificate includes a subjectAltName extension with a uniformResourceIdentifier that falls within that subtree.

      Throws:
      Exception
    • test4_13_38

      public void test4_13_38() throws Exception
      4.13.38 Invalid DNS nameConstraints Test38

      In this test, the intermediate certificate includes a nameConstraints extension that specifies a single permitted subtree. The end entity certificate includes a subjectAltName extension with a dNSName that falls outside that subtree. The permitted subtree is “testcertificates.gov” and the subjectAltName is “mytestcertificates.gov”.

      Throws:
      Exception
    • test4_14_1

      public void test4_14_1() throws Exception
      4.14.1 Valid distributionPoint Test1

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint.

      Throws:
      Exception
    • test4_14_2

      public void test4_14_2() throws Exception
      4.14.2 Invalid distributionPoint Test2

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The CRL lists the end entity certificate as being revoked.

      Throws:
      Exception
    • test4_14_3

      public void test4_14_3() throws Exception
      4.14.3 Invalid distributionPoint Test3

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The only CRL available from the issuer of the end entity certificate includes an issuingDistributionPoint extension with a distributionPoint that does not match the distributionPoint specified in the end entity certificate.

      Throws:
      Exception
    • test4_14_4

      public void test4_14_4() throws Exception
      4.14.4 Valid distributionPoint Test4

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in the end entity certificate is specified as a nameRelativeToCRLIssuer while the distributionPoint in the CRL is specified as a fullName.

      Throws:
      Exception
    • test4_14_5

      public void test4_14_5() throws Exception
      4.14.5 Valid distributionPoint Test5

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in both the end entity certificate and the CRL are specified as a nameRelativeToCRLIssuer. 85

      Throws:
      Exception
    • test4_14_6

      public void test4_14_6() throws Exception
      4.14.6 Invalid distributionPoint Test6

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in both the end entity certificate and the CRL are specified as a nameRelativeToCRLIssuer. The CRL lists the end entity certificate as being revoked.

      Throws:
      Exception
    • test4_14_7

      public void test4_14_7() throws Exception
      4.14.7 Valid distributionPoint Test7

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a matching distributionPoint. The distributionPoint in the CRL is specified as a nameRelativeToCRLIssuer and the distributionPoint in the end entity certificate is specified as a fullName.

      Throws:
      Exception
    • test4_14_8

      public void test4_14_8() throws Exception
      4.14.8 Invalid distributionPoint Test8

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a single DistributionPoint consisting of a distributionPoint with a distinguished name. The CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a distributionPoint that does not match. The distributionPoint in the CRL is specified as a nameRelativeToCRLIssuer and the distributionPoint in the end entity certificate is specified as a fullName.

      Throws:
      Exception
    • test4_14_9

      public void test4_14_9() throws Exception
      4.14.9 Invalid distributionPoint Test9

      In this test, the CRL that covers the end entity certificate includes an issuingDistributionPoint extension with a distributionPoint. The distributionPoint does not match the CRL issuer's name. The end entity certificate does not include a cRLDistributionPoints extension

      Throws:
      Exception
    • test4_14_10

      public void test4_14_10() throws Exception
      4.14.10 Valid No issuingDistributionPoint Test10

      In this test, the CRL that covers the end entity certificate does not include an issuingDistributionPoint extension. The end entity certificate includes a cRLDistributionPoints extension with a distributionPoint name.

      Throws:
      Exception
    • test4_14_11

      public void test4_14_11() throws Exception
      4.14.11 Invalid onlyContainsUserCerts CRL Test11

      In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsUserCerts set to TRUE. The final certificate in the path is a CA certificate.

      Throws:
      Exception
    • test4_14_12

      public void test4_14_12() throws Exception
      4.14.12 Invalid onlyContainsCACerts CRL Test12

      In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsCACerts set to TRUE.

      Throws:
      Exception
    • test4_14_13

      public void test4_14_13() throws Exception
      4.14.13 Valid onlyContainsCACerts CRL Test13

      In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsCACerts set to TRUE. The final certificate in the path is a CA certificate.

      Throws:
      Exception
    • test4_14_14

      public void test4_14_14() throws Exception
      4.14.14 Invalid onlyContainsAttributeCerts Test14

      In this test, the only CRL issued by the intermediate CA includes an issuingDistributionPoint extension with onlyContainsAttributeCerts set to TRUE.

      Throws:
      Exception
    • test4_14_15

      public void test4_14_15() throws Exception
      4.14.15 Invalid onlySomeReasons Test15

      In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. The end entity certificate has been revoked for key compromise.

      Throws:
      Exception
    • test4_14_16

      public void test4_14_16() throws Exception
      4.14.16 Invalid onlySomeReasons Test16

      In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. The end entity certificate has been placed on hold.

      Throws:
      Exception
    • test4_14_17

      public void test4_14_17() throws Exception
      4.14.17 Invalid onlySomeReasons Test17

      In this test, the intermediate certificate has issued two CRLs, one covering the affiliationChanged and superseded reason codes and the other covering the cessationOfOperation and certificateHold reason codes. The end entity certificate is not listed on either CRL.

      Throws:
      Exception
    • test4_14_18

      public void test4_14_18() throws Exception
      4.14.18 Valid onlySomeReasons Test18

      In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with the same distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with the same distributionPoint name.

      Throws:
      Exception
    • test4_14_19

      public void test4_14_19() throws Exception
      4.14.19 Valid onlySomeReasons Test19

      In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with a different distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with two DistributionPoints, one for each CRL.

      Throws:
      Exception
    • test4_14_20

      public void test4_14_20() throws Exception
      4.14.20 Invalid onlySomeReasons Test20

      In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with a different distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with two DistributionPoints, one for each CRL. The end entity certificate has been revoked for key compromise.

      Throws:
      Exception
    • test4_14_21

      public void test4_14_21() throws Exception
      4.14.21 Invalid onlySomeReasons Test21

      In this test, the intermediate certificate has issued two CRLs, one covering the keyCompromise and cACompromise reason codes and the other covering the remaining reason codes. Both CRLs include an issuingDistributionPoint extension with a different distributionPoint name. The end entity certificate includes a cRLDistributionPoints extension with two DistributionPoints, one for each CRL. The end entity certificate has been revoked as a result of a change in affiliation.

      Throws:
      Exception
    • test4_14_22

      public void test4_14_22() throws Exception
      4.14.22 Valid IDP with indirectCRL Test22

      In this test, the intermediate CA has issued a CRL that contains an issuingDistributionPoint extension with the indirectCRL flag set. The end entity certificate was issued by the intermediate CA. 91

      Throws:
      Exception
    • test4_14_23

      public void test4_14_23() throws Exception
      4.14.23 Invalid IDP with indirectCRL Test23

      In this test, the intermediate CA has issued a CRL that contains an issuingDistributionPoint extension with the indirectCRL flag set. The end entity certificate was issued by the intermediate CA and is listed as revoked on the CRL.

      Throws:
      Exception
    • xtest4_14_24

      public void xtest4_14_24() throws Exception
      4.14.24 Valid IDP with indirectCRL Test24

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The public key needed to validate the indirect CRL is in a certificate issued by the Trust Anchor.

      Throws:
      Exception
    • xtest4_14_25

      public void xtest4_14_25() throws Exception
      4.14.25 Valid IDP with indirectCRL Test25

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The public key needed to validate the indirect CRL is in a certificate issued by the Trust Anchor. The end entity's serial number is listed on the CRL, but there is no certificateIssuer CRL entry extension, indicating that the revoked certificate was one issued by the CRL issuer. 92

      Throws:
      Exception
    • xtest4_14_26

      public void xtest4_14_26() throws Exception
      4.14.26 Invalid IDP with indirectCRL Test26

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The entity specified in the cRLIssuer field does not exist.

      Throws:
      Exception
    • xtest4_14_27

      public void xtest4_14_27() throws Exception
      4.14.27 Invalid cRLIssuer Test27

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The CRL issued by the entity specified in the cRLIssuer field does not include an issuingDistributionPoint extension.

      Throws:
      Exception
    • xtest4_14_28

      public void xtest4_14_28() throws Exception
      4.14.28 Valid cRLIssuer Test28

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a

      cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL issuer has been issued a certificate by the issuer of the end entity certificate. The certificate issued to the CRL issuer is covered by a CRL issued by the issuer of the end entity certificate.

      Throws:
      Exception
    • xtest4_14_29

      public void xtest4_14_29() throws Exception
      4.14.29 Valid cRLIssuer Test29

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The distributionPoint in the end entity certificate is specified as nameRelativeToCRLIssuer. The indirect CRL issuer has been issued a certificate by the issuer of the end entity certificate. The certificate issued to the CRL issuer is covered by a CRL issued by the issuer of the end entity certificate.

      Throws:
      Exception
    • xtest4_14_30

      public void xtest4_14_30() throws Exception
      4.14.30 Valid cRLIssuer Test30

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL issuer has been issued a certificate by the issuer of the end entity certificate. Both the end entity certificate and the certificate issued to the CRL issuer are covered by the indirect CRL issued by the CRL issuer.

      Throws:
      Exception
    • xtest4_14_31

      public void xtest4_14_31() throws Exception
      4.14.31 Invalid cRLIssuer Test31

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL contains a CRL entry listing the end entity certificate's serial number that includes a certificateIssuer extension specifying the end entity certificate's issuer.

      Throws:
      Exception
    • xtest4_14_32

      public void xtest4_14_32() throws Exception
      4.14.32 Invalid cRLIssuer Test32

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL contains a CRL entry listing the end entity certificate's serial number and the preceding CRL entry includes a certificateIssuer extension specifying the end entity certificate's issuer.

      Throws:
      Exception
    • xtest4_14_33

      public void xtest4_14_33() throws Exception
      4.14.33 Valid cRLIssuer Test33

      In this test, the end entity certificate includes a cRLDistributionPoints extension with a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. The indirect CRL contains a CRL entry listing the end entity certificate's serial number, but the most recent CRL entry to include a certificateIssuer extension specified a different certificate issuer.

      Throws:
      Exception
    • test4_14_34

      public void test4_14_34() throws Exception
      4.14.34 Invalid cRLIssuer Test34

      In this test, the end entity certificate is issued by the same CA that issues the corresponding CRL, but the CRL is also an indirect CRL for other CAs. The end entity certificate's serial number is listed on the CRL and the most recent CRL entry to include a certificateIssuer extension specifies the end entity certificate's issuer.

      Throws:
      Exception
    • test4_14_35

      public void test4_14_35() throws Exception
      4.14.35 Invalid cRLIssuer Test35

      In this test, the end entity certificate includes a cRLDistributionPoints extension with both a distributionPoint name and a cRLIssuer field indicating that the CRL is issued by an entity other than the certificate issuer. There is no CRL available from the entity specified in cRLIssuer, but the certificate issuer has issued a CRL with an issuingDistributionPoint extension that includes a distributionPoint that matches the distributionPoint in the certificate.

      Throws:
      Exception
    • test4_15_1

      public void test4_15_1() throws Exception
      4.15.1 Invalid deltaCRLIndicator No Base Test1

      In this test, the CRL covering the end entity certificate includes a deltaCRLIndicator extension, but no other CRLs are available for the intermediate certificate.

      Throws:
      Exception
    • test4_15_2

      public void test4_15_2() throws Exception
      4.15.2 Valid delta-CRL Test2

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL.

      Throws:
      Exception
    • test4_15_3

      public void test4_15_3() throws Exception
      4.15.3 Invalid delta-CRL Test3

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as revoked on the complete CRL. 97

      Throws:
      Exception
    • test4_15_4

      public void test4_15_4() throws Exception
      4.15.4 Invalid delta-CRL Test4

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as revoked on the delta-CRL.

      Throws:
      Exception
    • test4_15_5

      public void test4_15_5() throws Exception
      4.15.5 Valid delta-CRL Test5

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as on hold on the complete CRL, but the delta-CRL indicates that it should be removed from the CRL.

      Throws:
      Exception
    • test4_15_6

      public void test4_15_6() throws Exception
      4.15.6 Invalid delta-CRL Test6

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is listed as on hold on the complete CRL and the delta-CRL indicates that it has been revoked.

      Throws:
      Exception
    • test4_15_7

      public void test4_15_7() throws Exception
      4.15.7 Valid delta-CRL Test7

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to the complete CRL as its base CRL. The end entity certificate is not listed on the complete CRL and is listed on the delta-CRL as removeFromCRL.

      Throws:
      Exception
    • test4_15_8

      public void test4_15_8() throws Exception
      4.15.8 Valid delta-CRL Test8

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to a CRL that was issued earlier than the complete CRL as its base CRL. The end entity certificate is not listed on either the complete CRL or the delta-CRL.

      Throws:
      Exception
    • test4_15_9

      public void test4_15_9() throws Exception
      4.15.9 Invalid delta-CRL Test9

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to a CRL that was issued earlier than the complete CRL as its base CRL. The end entity certificate is listed as revoked on both the complete CRL and the delta-CRL.

      Throws:
      Exception
    • test4_15_10

      public void test4_15_10() throws Exception
      4.15.10 Invalid delta-CRL Test10

      In this test, the intermediate CA has issued a complete CRL and a delta-CRL. The delta-CRL refers to a CRL that was issued later than the complete CRL as its base CRL. The end entity certificate is not listed as revoked on either the complete CRL or the delta-CRL, but the delta-CRL can not be used in conjunction with the provided complete CRL. The complete CRL has a nextUpdate time that is in the past.

      Throws:
      Exception
    • test4_16_1

      public void test4_16_1() throws Exception
      4.16.1 Valid Unknown Not Critical Certificate Extension Test1

      In this test, the end entity certificate contains a private, non-critical certificate extension.

      Throws:
      Exception
    • test4_16_2

      public void test4_16_2() throws Exception
      4.16.2 Invalid Unknown Critical Certificate Extension Test2

      In this test, the end entity certificate contains a private, critical certificate extension.

      Throws:
      Exception