xref: /external/nist-pkits/src/libcore/java/security/cert/X509CertificateNistPkitsTest.java

/*
 * Copyright (C) 2013 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package libcore.java.security.cert;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.TimeZone;

import junit.framework.TestCase;

public class X509CertificateNistPkitsTest extends TestCase {
    public static final String ANY_POLICY_OID = "2.5.29.32.0";
    public static final String RESOURCE_PACKAGE = "/tests/resources/";

    /*
     * All the certificates in this test should be verified with the same date.
     * Since none of the built-in roots-of-trust (CA cerificates) are needed,
     * it should be safe to set this to a fixed date until the certificates
     * in the tests are updated.
     */
    private static final Date TEST_DATE;
    static {
        Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        cal.set(2015, 0, 1);
        TEST_DATE = cal.getTime();
    }

    public static InputStream getStream(String name) {
        // If we have the resources packaged up in our jar file, get them that way.
        String path = RESOURCE_PACKAGE + name;
        InputStream result = X509CertificateNistPkitsTest.class.getResourceAsStream(path);
        if (result != null) {
            return result;
        }
        // Otherwise, if we're in an Android build tree, get the files directly.
        String ANDROID_BUILD_TOP = System.getenv("ANDROID_BUILD_TOP");
        if (ANDROID_BUILD_TOP != null) {
            File resource = new File(ANDROID_BUILD_TOP + "/external/nist-pkits/res" + path);
            if (resource.exists()) {
                try {
                    return new FileInputStream(resource);
                } catch (IOException ex) {
                    throw new IllegalArgumentException("Couldn't open: " + resource, ex);
                }
            }
        }
        throw new IllegalArgumentException("No such resource: " + path);
    }

    private final X509Certificate getCertificate(CertificateFactory f, String name)
            throws Exception {
        final String fileName = "nist-pkits/certs/" + name;
        final InputStream is = getStream(fileName);
        assertNotNull("File does not exist: " + fileName, is);
        try {
            return (X509Certificate) f.generateCertificate(is);
        } finally {
            try {
                is.close();
            } catch (IOException ignored) {
            }
        }
    }

    private final X509Certificate[] getCertificates(CertificateFactory f, String[] names)
            throws Exception {
        X509Certificate[] certs = new X509Certificate[names.length];

        for (int i = 0; i < names.length; i++) {
            certs[i] = getCertificate(f, names[i]);
        }

        return certs;
    }

    private final X509CRL getCRL(CertificateFactory f, String name) throws Exception {
        final String fileName = "nist-pkits/crls/" + name;
        final InputStream is = getStream(fileName);
        assertNotNull("File does not exist: " + fileName, is);
        try {
            return (X509CRL) f.generateCRL(is);
        } finally {
            try {
                is.close();
            } catch (IOException ignored) {
            }
        }
    }

    private final X509CRL[] getCRLs(CertificateFactory f, String[] names) throws Exception {
        X509CRL[] crls = new X509CRL[names.length];

        for (int i = 0; i < names.length; i++) {
            crls[i] = getCRL(f, names[i]);
        }

        return crls;
    }

    private CertPath getTestPath(CertificateFactory f, String[] pathCerts) throws Exception {
        X509Certificate[] certs = getCertificates(f, pathCerts);
        return f.generateCertPath(Arrays.asList(certs));
    }

    private PKIXParameters getTestPathParams(CertificateFactory f, String trustedCAName,
            String[] pathCerts, String[] pathCRLs) throws Exception {
        X509Certificate[] certs = getCertificates(f, pathCerts);
        X509CRL[] crls = getCRLs(f, pathCRLs);
        X509Certificate trustedCA = getCertificate(f, trustedCAName);

        Collection<Object> certCollection = new ArrayList<Object>();
        certCollection.addAll(Arrays.asList(crls));
        certCollection.addAll(Arrays.asList(certs));
        certCollection.add(trustedCA);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(
                certCollection);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
        anchors.add(new TrustAnchor(trustedCA, null));

        PKIXParameters params = new PKIXParameters(anchors);
        params.addCertStore(certStore);
        params.setExplicitPolicyRequired(false);
        params.setInitialPolicies(Collections.singleton(ANY_POLICY_OID));
        params.setPolicyMappingInhibited(false);
        params.setAnyPolicyInhibited(false);
        params.setDate(TEST_DATE);

        return params;
    }

    private void assertInvalidPath(String trustAnchor, String[] certs, String[] crls)
            throws Exception, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        assertInvalidPath(trustAnchor, certs, certs, crls);
    }

    private void assertInvalidPath(String trustAnchor, String[] path, String[] certs,
            String[] crls) throws Exception, NoSuchAlgorithmException,
            InvalidAlgorithmParameterException {
        CertificateFactory f = CertificateFactory.getInstance("X.509");

        PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls);
        CertPath cp = getTestPath(f, certs);
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

        try {
            PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp,
                    params);
            fail();
        } catch (CertPathValidatorException expected) {
        }
    }

    private void assertValidPath(String trustAnchor, String[] certs, String[] crls)
            throws Exception, NoSuchAlgorithmException, CertPathValidatorException,
            InvalidAlgorithmParameterException {
        assertValidPath(trustAnchor, certs, certs, crls);
    }

    private void assertValidPath(String trustAnchor, String[] path, String[] certs, String[] crls)
            throws Exception, NoSuchAlgorithmException, CertPathValidatorException,
            InvalidAlgorithmParameterException {
        CertificateFactory f = CertificateFactory.getInstance("X.509");

        PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls);
        CertPath cp = getTestPath(f, path);
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

        PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp,
                params);
    }

    /* DO NOT MANUALLY EDIT -- BEGIN AUTOMATICALLY GENERATED TESTS */
    /** NIST PKITS test 4.1.1 */
    public void testSignatureVerification_ValidSignaturesTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidCertificatePathTest1EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.1.2 */
    public void testSignatureVerification_InvalidCASignatureTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidCASignatureTest2EE.crt",
                "BadSignedCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BadSignedCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.1.3 */
    public void testSignatureVerification_InvalidEESignatureTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidEESignatureTest3EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.1.4 */
    public void testSignatureVerification_ValidDSASignaturesTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDSASignaturesTest4EE.crt",
                "DSACACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "DSACACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.1.5 */
    public void testSignatureVerification_ValidDSAParameterInheritanceTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDSAParameterInheritanceTest5EE.crt",
                "DSAParametersInheritedCACert.crt",
                "DSACACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "DSACACRL.crl",
                "DSAParametersInheritedCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.1.6 */
    public void testSignatureVerification_InvalidDSASignatureTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDSASignatureTest6EE.crt",
                "DSACACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "DSACACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.1 */
    public void testValidityPeriods_InvalidCAnotBeforeDateTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidCAnotBeforeDateTest1EE.crt",
                "BadnotBeforeDateCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BadnotBeforeDateCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.2 */
    public void testValidityPeriods_InvalidEEnotBeforeDateTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidEEnotBeforeDateTest2EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.3 */
    public void testValidityPeriods_Validpre2000UTCnotBeforeDateTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "Validpre2000UTCnotBeforeDateTest3EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.4 */
    public void testValidityPeriods_ValidGeneralizedTimenotBeforeDateTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidGeneralizedTimenotBeforeDateTest4EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.5 */
    public void testValidityPeriods_InvalidCAnotAfterDateTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidCAnotAfterDateTest5EE.crt",
                "BadnotAfterDateCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BadnotAfterDateCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.6 */
    public void testValidityPeriods_InvalidEEnotAfterDateTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidEEnotAfterDateTest6EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.7 */
    public void testValidityPeriods_Invalidpre2000UTCEEnotAfterDateTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "Invalidpre2000UTCEEnotAfterDateTest7EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.2.8 */
    public void testValidityPeriods_ValidGeneralizedTimenotAfterDateTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidGeneralizedTimenotAfterDateTest8EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.1 */
    public void testVerifyingNameChaining_InvalidNameChainingEETest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidNameChainingTest1EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.2 */
    public void testVerifyingNameChaining_InvalidNameChainingOrderTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidNameChainingOrderTest2EE.crt",
                "NameOrderingCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "NameOrderCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.3 */
    public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidNameChainingWhitespaceTest3EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.4 */
    public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidNameChainingWhitespaceTest4EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.5 */
    public void testVerifyingNameChaining_ValidNameChainingCapitalizationTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidNameChainingCapitalizationTest5EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.6 */
    public void testVerifyingNameChaining_ValidNameChainingUIDsTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidNameUIDsTest6EE.crt",
                "UIDCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "UIDCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.7 */
    public void testVerifyingNameChaining_ValidRFC3280MandatoryAttributeTypesTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidRFC3280MandatoryAttributeTypesTest7EE.crt",
                "RFC3280MandatoryAttributeTypesCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "RFC3280MandatoryAttributeTypesCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.8 */
    public void testVerifyingNameChaining_ValidRFC3280OptionalAttributeTypesTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidRFC3280OptionalAttributeTypesTest8EE.crt",
                "RFC3280OptionalAttributeTypesCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "RFC3280OptionalAttributeTypesCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.9 */
    public void testVerifyingNameChaining_ValidUTF8StringEncodedNamesTest9() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidUTF8StringEncodedNamesTest9EE.crt",
                "UTF8StringEncodedNamesCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "UTF8StringEncodedNamesCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.10 */
    public void testVerifyingNameChaining_ValidRolloverfromPrintableStringtoUTF8StringTest10() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt",
                "RolloverfromPrintableStringtoUTF8StringCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "RolloverfromPrintableStringtoUTF8StringCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.3.11 */
    public void testVerifyingNameChaining_ValidUTF8StringCaseInsensitiveMatchTest11() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidUTF8StringCaseInsensitiveMatchTest11EE.crt",
                "UTF8StringCaseInsensitiveMatchCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "UTF8StringCaseInsensitiveMatchCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.1 */
    public void testBasicCertificateRevocationTests_MissingCRLTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidMissingCRLTest1EE.crt",
                "NoCRLCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.2 */
    public void testBasicCertificateRevocationTests_InvalidRevokedCATest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidRevokedCATest2EE.crt",
                "RevokedsubCACert.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
                "RevokedsubCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.3 */
    public void testBasicCertificateRevocationTests_InvalidRevokedEETest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidRevokedEETest3EE.crt",
                "GoodCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.4 */
    public void testBasicCertificateRevocationTests_InvalidBadCRLSignatureTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidBadCRLSignatureTest4EE.crt",
                "BadCRLSignatureCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BadCRLSignatureCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.5 */
    public void testBasicCertificateRevocationTests_InvalidBadCRLIssuerNameTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidBadCRLIssuerNameTest5EE.crt",
                "BadCRLIssuerNameCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BadCRLIssuerNameCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.6 */
    public void testBasicCertificateRevocationTests_InvalidWrongCRLTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidWrongCRLTest6EE.crt",
                "WrongCRLCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "WrongCRLCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.7 */
    public void testBasicCertificateRevocationTests_ValidTwoCRLsTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidTwoCRLsTest7EE.crt",
                "TwoCRLsCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "TwoCRLsCAGoodCRL.crl",
                "TwoCRLsCABadCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.8 */
    public void testBasicCertificateRevocationTests_InvalidUnknownCRLEntryExtensionTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidUnknownCRLEntryExtensionTest8EE.crt",
                "UnknownCRLEntryExtensionCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "UnknownCRLEntryExtensionCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.9 */
    public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest9() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidUnknownCRLExtensionTest9EE.crt",
                "UnknownCRLExtensionCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "UnknownCRLExtensionCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.10 */
    public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest10() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidUnknownCRLExtensionTest10EE.crt",
                "UnknownCRLExtensionCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "UnknownCRLExtensionCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.11 */
    public void testBasicCertificateRevocationTests_InvalidOldCRLnextUpdateTest11() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidOldCRLnextUpdateTest11EE.crt",
                "OldCRLnextUpdateCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "OldCRLnextUpdateCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.12 */
    public void testBasicCertificateRevocationTests_Invalidpre2000CRLnextUpdateTest12() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "Invalidpre2000CRLnextUpdateTest12EE.crt",
                "pre2000CRLnextUpdateCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pre2000CRLnextUpdateCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.13 */
    public void testBasicCertificateRevocationTests_ValidGeneralizedTimeCRLnextUpdateTest13() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidGeneralizedTimeCRLnextUpdateTest13EE.crt",
                "GeneralizedTimeCRLnextUpdateCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GeneralizedTimeCRLnextUpdateCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.14 */
    public void testBasicCertificateRevocationTests_ValidNegativeSerialNumberTest14() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidNegativeSerialNumberTest14EE.crt",
                "NegativeSerialNumberCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "NegativeSerialNumberCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.15 */
    public void testBasicCertificateRevocationTests_InvalidNegativeSerialNumberTest15() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidNegativeSerialNumberTest15EE.crt",
                "NegativeSerialNumberCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "NegativeSerialNumberCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.16 */
    public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest16() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidLongSerialNumberTest16EE.crt",
                "LongSerialNumberCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "LongSerialNumberCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.17 */
    public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest17() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidLongSerialNumberTest17EE.crt",
                "LongSerialNumberCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "LongSerialNumberCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.18 */
    public void testBasicCertificateRevocationTests_InvalidLongSerialNumberTest18() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidLongSerialNumberTest18EE.crt",
                "LongSerialNumberCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "LongSerialNumberCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.4.19 */
    public void testBasicCertificateRevocationTests_ValidSeparateCertificateandCRLKeysTest19() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidSeparateCertificateandCRLKeysTest19EE.crt",
                "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
        };

        String[] certs = {
                "ValidSeparateCertificateandCRLKeysTest19EE.crt",
                "SeparateCertificateandCRLKeysCRLSigningCert.crt",
                "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "SeparateCertificateandCRLKeysCRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.4.20 */
    public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest20() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "InvalidSeparateCertificateandCRLKeysTest20EE.crt",
                "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
        };

        String[] certs = {
                "InvalidSeparateCertificateandCRLKeysTest20EE.crt",
                "SeparateCertificateandCRLKeysCRLSigningCert.crt",
                "SeparateCertificateandCRLKeysCertificateSigningCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "SeparateCertificateandCRLKeysCRL.crl",
        };

        assertInvalidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.4.21 */
    public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest21() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "InvalidSeparateCertificateandCRLKeysTest21EE.crt",
                "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt",
        };

        String[] certs = {
                "InvalidSeparateCertificateandCRLKeysTest21EE.crt",
                "SeparateCertificateandCRLKeysCA2CRLSigningCert.crt",
                "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "SeparateCertificateandCRLKeysCA2CRL.crl",
        };

        assertInvalidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.5.1 */
    public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedOldWithNewTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidBasicSelfIssuedOldWithNewTest1EE.crt",
                "BasicSelfIssuedNewKeyOldWithNewCACert.crt",
                "BasicSelfIssuedNewKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedNewKeyCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.5.2 */
    public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedOldWithNewTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidBasicSelfIssuedOldWithNewTest2EE.crt",
                "BasicSelfIssuedNewKeyOldWithNewCACert.crt",
                "BasicSelfIssuedNewKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedNewKeyCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.5.3 */
    public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidBasicSelfIssuedNewWithOldTest3EE.crt",
                "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
                "BasicSelfIssuedOldKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
                "BasicSelfIssuedOldKeyCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.5.4 */
    public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidBasicSelfIssuedNewWithOldTest4EE.crt",
                "BasicSelfIssuedOldKeyCACert.crt",
        };

        String[] certs = {
                "ValidBasicSelfIssuedNewWithOldTest4EE.crt",
                "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
                "BasicSelfIssuedOldKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
                "BasicSelfIssuedOldKeyCACRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.5.5 */
    public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedNewWithOldTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidBasicSelfIssuedNewWithOldTest5EE.crt",
                "BasicSelfIssuedOldKeyNewWithOldCACert.crt",
                "BasicSelfIssuedOldKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl",
                "BasicSelfIssuedOldKeyCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.5.6 */
    public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedCRLSigningKeyTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt",
                "BasicSelfIssuedCRLSigningKeyCACert.crt",
        };

        String[] certs = {
                "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt",
                "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
                "BasicSelfIssuedCRLSigningKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
                "BasicSelfIssuedCRLSigningKeyCACRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.5.7 */
    public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt",
                "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
                "BasicSelfIssuedCRLSigningKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
                "BasicSelfIssuedCRLSigningKeyCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.5.8 */
    public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt",
                "BasicSelfIssuedCRLSigningKeyCRLCert.crt",
                "BasicSelfIssuedCRLSigningKeyCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl",
                "BasicSelfIssuedCRLSigningKeyCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.1 */
    public void testVerifyingBasicConstraints_InvalidMissingbasicConstraintsTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidMissingbasicConstraintsTest1EE.crt",
                "MissingbasicConstraintsCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "MissingbasicConstraintsCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.2 */
    public void testVerifyingBasicConstraints_InvalidcAFalseTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidcAFalseTest2EE.crt",
                "basicConstraintsCriticalcAFalseCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "basicConstraintsCriticalcAFalseCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.3 */
    public void testVerifyingBasicConstraints_InvalidcAFalseTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidcAFalseTest3EE.crt",
                "basicConstraintsNotCriticalcAFalseCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "basicConstraintsNotCriticalcAFalseCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.4 */
    public void testVerifyingBasicConstraints_ValidbasicConstraintsNotCriticalTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidbasicConstraintsNotCriticalTest4EE.crt",
                "basicConstraintsNotCriticalCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "basicConstraintsNotCriticalCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.5 */
    public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidpathLenConstraintTest5EE.crt",
                "pathLenConstraint0subCACert.crt",
                "pathLenConstraint0CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint0CACRL.crl",
                "pathLenConstraint0subCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.6 */
    public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidpathLenConstraintTest6EE.crt",
                "pathLenConstraint0subCACert.crt",
                "pathLenConstraint0CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint0CACRL.crl",
                "pathLenConstraint0subCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.7 */
    public void testVerifyingBasicConstraints_ValidpathLenConstraintTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidpathLenConstraintTest7EE.crt",
                "pathLenConstraint0CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint0CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.8 */
    public void testVerifyingBasicConstraints_ValidpathLenConstraintTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidpathLenConstraintTest8EE.crt",
                "pathLenConstraint0CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint0CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.9 */
    public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest9() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidpathLenConstraintTest9EE.crt",
                "pathLenConstraint6subsubCA00Cert.crt",
                "pathLenConstraint6subCA0Cert.crt",
                "pathLenConstraint6CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint6CACRL.crl",
                "pathLenConstraint6subCA0CRL.crl",
                "pathLenConstraint6subsubCA00CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.10 */
    public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest10() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidpathLenConstraintTest10EE.crt",
                "pathLenConstraint6subsubCA00Cert.crt",
                "pathLenConstraint6subCA0Cert.crt",
                "pathLenConstraint6CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint6CACRL.crl",
                "pathLenConstraint6subCA0CRL.crl",
                "pathLenConstraint6subsubCA00CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.11 */
    public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest11() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidpathLenConstraintTest11EE.crt",
                "pathLenConstraint6subsubsubCA11XCert.crt",
                "pathLenConstraint6subsubCA11Cert.crt",
                "pathLenConstraint6subCA1Cert.crt",
                "pathLenConstraint6CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint6CACRL.crl",
                "pathLenConstraint6subCA1CRL.crl",
                "pathLenConstraint6subsubCA11CRL.crl",
                "pathLenConstraint6subsubsubCA11XCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.12 */
    public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest12() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidpathLenConstraintTest12EE.crt",
                "pathLenConstraint6subsubsubCA11XCert.crt",
                "pathLenConstraint6subsubCA11Cert.crt",
                "pathLenConstraint6subCA1Cert.crt",
                "pathLenConstraint6CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint6CACRL.crl",
                "pathLenConstraint6subCA1CRL.crl",
                "pathLenConstraint6subsubCA11CRL.crl",
                "pathLenConstraint6subsubsubCA11XCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.13 */
    public void testVerifyingBasicConstraints_ValidpathLenConstraintTest13() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidpathLenConstraintTest13EE.crt",
                "pathLenConstraint6subsubsubCA41XCert.crt",
                "pathLenConstraint6subsubCA41Cert.crt",
                "pathLenConstraint6subCA4Cert.crt",
                "pathLenConstraint6CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint6CACRL.crl",
                "pathLenConstraint6subCA4CRL.crl",
                "pathLenConstraint6subsubCA41CRL.crl",
                "pathLenConstraint6subsubsubCA41XCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.14 */
    public void testVerifyingBasicConstraints_ValidpathLenConstraintTest14() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidpathLenConstraintTest14EE.crt",
                "pathLenConstraint6subsubsubCA41XCert.crt",
                "pathLenConstraint6subsubCA41Cert.crt",
                "pathLenConstraint6subCA4Cert.crt",
                "pathLenConstraint6CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint6CACRL.crl",
                "pathLenConstraint6subCA4CRL.crl",
                "pathLenConstraint6subsubCA41CRL.crl",
                "pathLenConstraint6subsubsubCA41XCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.15 */
    public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest15() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidSelfIssuedpathLenConstraintTest15EE.crt",
                "pathLenConstraint0SelfIssuedCACert.crt",
                "pathLenConstraint0CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint0CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.16 */
    public void testVerifyingBasicConstraints_InvalidSelfIssuedpathLenConstraintTest16() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidSelfIssuedpathLenConstraintTest16EE.crt",
                "pathLenConstraint0subCA2Cert.crt",
                "pathLenConstraint0SelfIssuedCACert.crt",
                "pathLenConstraint0CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint0CACRL.crl",
                "pathLenConstraint0subCA2CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.6.17 */
    public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest17() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidSelfIssuedpathLenConstraintTest17EE.crt",
                "pathLenConstraint1SelfIssuedsubCACert.crt",
                "pathLenConstraint1subCACert.crt",
                "pathLenConstraint1SelfIssuedCACert.crt",
                "pathLenConstraint1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "pathLenConstraint1CACRL.crl",
                "pathLenConstraint1subCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.7.1 */
    public void testKeyUsage_InvalidkeyUsageCriticalkeyCertSignFalseTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt",
                "keyUsageCriticalkeyCertSignFalseCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "keyUsageCriticalkeyCertSignFalseCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.7.2 */
    public void testKeyUsage_InvalidkeyUsageNotCriticalkeyCertSignFalseTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt",
                "keyUsageNotCriticalkeyCertSignFalseCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "keyUsageNotCriticalkeyCertSignFalseCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.7.3 */
    public void testKeyUsage_ValidkeyUsageNotCriticalTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidkeyUsageNotCriticalTest3EE.crt",
                "keyUsageNotCriticalCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "keyUsageNotCriticalCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.7.4 */
    public void testKeyUsage_InvalidkeyUsageCriticalcRLSignFalseTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt",
                "keyUsageCriticalcRLSignFalseCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "keyUsageCriticalcRLSignFalseCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.7.5 */
    public void testKeyUsage_InvalidkeyUsageNotCriticalcRLSignFalseTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt",
                "keyUsageNotCriticalcRLSignFalseCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "keyUsageNotCriticalcRLSignFalseCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    // skipping sections 4.8 to 4.12

    /** NIST PKITS test 4.13.1 */
    public void testKeyUsage_ValidDNnameConstraintsTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest1EE.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.2 */
    public void testKeyUsage_InvalidDNnameConstraintsTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest2EE.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.3 */
    public void testKeyUsage_InvalidDNnameConstraintsTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest3EE.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.4 */
    public void testKeyUsage_ValidDNnameConstraintsTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest4EE.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.5 */
    public void testKeyUsage_ValidDNnameConstraintsTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest5EE.crt",
                "nameConstraintsDN2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN2CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.6 */
    public void testKeyUsage_ValidDNnameConstraintsTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest6EE.crt",
                "nameConstraintsDN3CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN3CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.7 */
    public void testKeyUsage_InvalidDNnameConstraintsTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest7EE.crt",
                "nameConstraintsDN3CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN3CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.8 */
    public void testKeyUsage_InvalidDNnameConstraintsTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest8EE.crt",
                "nameConstraintsDN4CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN4CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.9 */
    public void testKeyUsage_InvalidDNnameConstraintsTest9() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest9EE.crt",
                "nameConstraintsDN4CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN4CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.10 */
    public void testKeyUsage_InvalidDNnameConstraintsTest10() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest10EE.crt",
                "nameConstraintsDN5CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN5CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.11 */
    public void testKeyUsage_ValidDNnameConstraintsTest11() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest11EE.crt",
                "nameConstraintsDN5CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN5CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.12 */
    public void testKeyUsage_InvalidDNnameConstraintsTest12() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest12EE.crt",
                "nameConstraintsDN1subCA1Cert.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
                "nameConstraintsDN1subCA1CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.13 */
    public void testKeyUsage_InvalidDNnameConstraintsTest13() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest13EE.crt",
                "nameConstraintsDN1subCA2Cert.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
                "nameConstraintsDN1subCA2CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.14 */
    public void testKeyUsage_ValidDNnameConstraintsTest14() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest14EE.crt",
                "nameConstraintsDN1subCA2Cert.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
                "nameConstraintsDN1subCA2CRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.15 */
    public void testKeyUsage_InvalidDNnameConstraintsTest15() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest15EE.crt",
                "nameConstraintsDN3subCA1Cert.crt",
                "nameConstraintsDN3CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN3CACRL.crl",
                "nameConstraintsDN3subCA1CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.16 */
    public void testKeyUsage_InvalidDNnameConstraintsTest16() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest16EE.crt",
                "nameConstraintsDN3subCA1Cert.crt",
                "nameConstraintsDN3CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN3CACRL.crl",
                "nameConstraintsDN3subCA1CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.17 */
    public void testKeyUsage_InvalidDNnameConstraintsTest17() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest17EE.crt",
                "nameConstraintsDN3subCA2Cert.crt",
                "nameConstraintsDN3CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN3CACRL.crl",
                "nameConstraintsDN3subCA2CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.18 */
    public void testKeyUsage_ValidDNnameConstraintsTest18() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest18EE.crt",
                "nameConstraintsDN3subCA2Cert.crt",
                "nameConstraintsDN3CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN3CACRL.crl",
                "nameConstraintsDN3subCA2CRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.19 */
    public void testKeyUsage_ValidSelfIssuedDNnameConstraintsTest19() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNnameConstraintsTest19EE.crt",
                "nameConstraintsDN1SelfIssuedCACert.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.20 */
    public void testKeyUsage_InvalidSelfIssuedDNnameConstraintsTest20() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNnameConstraintsTest20EE.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.21 */
    public void testKeyUsage_ValidRFC822nameConstraintsTest21() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidRFC822nameConstraintsTest21EE.crt",
                "nameConstraintsRFC822CA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsRFC822CA1CRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.22 */
    public void testKeyUsage_InvalidRFC822nameConstraintsTest22() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidRFC822nameConstraintsTest22EE.crt",
                "nameConstraintsRFC822CA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsRFC822CA1CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.23 */
    public void testKeyUsage_ValidRFC822nameConstraintsTest23() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidRFC822nameConstraintsTest23EE.crt",
                "nameConstraintsRFC822CA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsRFC822CA2CRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.24 */
    public void testKeyUsage_InvalidRFC822nameConstraintsTest24() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidRFC822nameConstraintsTest24EE.crt",
                "nameConstraintsRFC822CA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsRFC822CA2CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.25 */
    public void testKeyUsage_ValidRFC822nameConstraintsTest25() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidRFC822nameConstraintsTest25EE.crt",
                "nameConstraintsRFC822CA3Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsRFC822CA3CRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.26 */
    public void testKeyUsage_InvalidRFC822nameConstraintsTest26() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidRFC822nameConstraintsTest26EE.crt",
                "nameConstraintsRFC822CA3Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsRFC822CA3CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.27 */
    public void testKeyUsage_ValidDNandRFC822nameConstraintsTest27() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNandRFC822nameConstraintsTest27EE.crt",
                "nameConstraintsDN1subCA3Cert.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
                "nameConstraintsDN1subCA3CRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.28 */
    public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest28() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNandRFC822nameConstraintsTest28EE.crt",
                "nameConstraintsDN1subCA3Cert.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
                "nameConstraintsDN1subCA3CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.29 */
    public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest29() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNandRFC822nameConstraintsTest29EE.crt",
                "nameConstraintsDN1subCA3Cert.crt",
                "nameConstraintsDN1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDN1CACRL.crl",
                "nameConstraintsDN1subCA3CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.30 */
    public void testKeyUsage_ValidDNSnameConstraintsTest30() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNSnameConstraintsTest30EE.crt",
                "nameConstraintsDNS1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDNS1CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.31 */
    public void testKeyUsage_InvalidDNSnameConstraintsTest31() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNSnameConstraintsTest31EE.crt",
                "nameConstraintsDNS1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDNS1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.32 */
    public void testKeyUsage_ValidDNSnameConstraintsTest32() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidDNSnameConstraintsTest32EE.crt",
                "nameConstraintsDNS2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDNS2CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.33 */
    public void testKeyUsage_InvalidDNSnameConstraintsTest33() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNSnameConstraintsTest33EE.crt",
                "nameConstraintsDNS2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDNS2CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.34 */
    public void testKeyUsage_ValidURInameConstraintsTest34() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidURInameConstraintsTest34EE.crt",
                "nameConstraintsURI1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsURI1CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.35 */
    public void testKeyUsage_InvalidURInameConstraintsTest35() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidURInameConstraintsTest35EE.crt",
                "nameConstraintsURI1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsURI1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.36 */
    public void testKeyUsage_ValidURInameConstraintsTest36() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidURInameConstraintsTest36EE.crt",
                "nameConstraintsURI2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsURI2CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.37 */
    public void testKeyUsage_InvalidURInameConstraintsTest37() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidURInameConstraintsTest37EE.crt",
                "nameConstraintsURI2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsURI2CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.13.38 */
    public void testKeyUsage_InvalidDNSnameConstraintsTest38() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidDNSnameConstraintsTest38EE.crt",
                "nameConstraintsDNS1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "nameConstraintsDNS1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.1 */
    public void testDistributionPoints_ValiddistributionPointTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddistributionPointTest1EE.crt",
                "distributionPoint1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint1CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.2 */
    public void testDistributionPoints_InvaliddistributionPointTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddistributionPointTest2EE.crt",
                "distributionPoint1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.3 */
    public void testDistributionPoints_InvaliddistributionPointTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddistributionPointTest3EE.crt",
                "distributionPoint1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint1CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.4 */
    public void testDistributionPoints_ValiddistributionPointTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddistributionPointTest4EE.crt",
                "distributionPoint1CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint1CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.5 */
    public void testDistributionPoints_ValiddistributionPointTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddistributionPointTest5EE.crt",
                "distributionPoint2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint2CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.6 */
    public void testDistributionPoints_InvaliddistributionPointTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddistributionPointTest6EE.crt",
                "distributionPoint2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint2CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.7 */
    public void testDistributionPoints_ValiddistributionPointTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddistributionPointTest7EE.crt",
                "distributionPoint2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint2CACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.8 */
    public void testDistributionPoints_InvaliddistributionPointTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddistributionPointTest8EE.crt",
                "distributionPoint2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint2CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.9 */
    public void testDistributionPoints_InvaliddistributionPointTest9() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddistributionPointTest9EE.crt",
                "distributionPoint2CACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "distributionPoint2CACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.10 */
    public void testDistributionPoints_ValidNoissuingDistributionPointTest10() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidNoissuingDistributionPointTest10EE.crt",
                "NoissuingDistributionPointCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "NoissuingDistributionPointCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.11 */
    public void testDistributionPoints_InvalidonlyContainsUserCertsCRLTest11() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlyContainsUserCertsTest11EE.crt",
                "onlyContainsUserCertsCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlyContainsUserCertsCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.12 */
    public void testDistributionPoints_InvalidonlyContainsCACertsCRLTest12() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlyContainsCACertsTest12EE.crt",
                "onlyContainsCACertsCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlyContainsCACertsCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.13 */
    public void testDistributionPoints_ValidonlyContainsCACertsCRLTest13() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidonlyContainsCACertsTest13EE.crt",
                "onlyContainsCACertsCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlyContainsCACertsCACRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.14 */
    public void testDistributionPoints_InvalidonlyContainsAttributeCertsTest14() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlyContainsAttributeCertsTest14EE.crt",
                "onlyContainsAttributeCertsCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlyContainsAttributeCertsCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.15 */
    public void testDistributionPoints_InvalidonlySomeReasonsTest15() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlySomeReasonsTest15EE.crt",
                "onlySomeReasonsCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlySomeReasonsCA1compromiseCRL.crl",
                "onlySomeReasonsCA1otherreasonsCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.16 */
    public void testDistributionPoints_InvalidonlySomeReasonsTest16() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlySomeReasonsTest16EE.crt",
                "onlySomeReasonsCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlySomeReasonsCA1compromiseCRL.crl",
                "onlySomeReasonsCA1otherreasonsCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.17 */
    public void testDistributionPoints_InvalidonlySomeReasonsTest17() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlySomeReasonsTest17EE.crt",
                "onlySomeReasonsCA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlySomeReasonsCA2CRL1.crl",
                "onlySomeReasonsCA2CRL2.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.18 */
    public void testDistributionPoints_ValidonlySomeReasonsTest18() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidonlySomeReasonsTest18EE.crt",
                "onlySomeReasonsCA3Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlySomeReasonsCA3compromiseCRL.crl",
                "onlySomeReasonsCA3otherreasonsCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.19 */
    public void testDistributionPoints_ValidonlySomeReasonsTest19() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidonlySomeReasonsTest19EE.crt",
                "onlySomeReasonsCA4Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlySomeReasonsCA4compromiseCRL.crl",
                "onlySomeReasonsCA4otherreasonsCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.20 */
    public void testDistributionPoints_InvalidonlySomeReasonsTest20() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlySomeReasonsTest20EE.crt",
                "onlySomeReasonsCA4Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlySomeReasonsCA4compromiseCRL.crl",
                "onlySomeReasonsCA4otherreasonsCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.21 */
    public void testDistributionPoints_InvalidonlySomeReasonsTest21() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidonlySomeReasonsTest21EE.crt",
                "onlySomeReasonsCA4Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "onlySomeReasonsCA4compromiseCRL.crl",
                "onlySomeReasonsCA4otherreasonsCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.22 */
    public void testDistributionPoints_ValidIDPwithindirectCRLTest22() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidIDPwithindirectCRLTest22EE.crt",
                "indirectCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA1CRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.23 */
    public void testDistributionPoints_InvalidIDPwithindirectCRLTest23() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidIDPwithindirectCRLTest23EE.crt",
                "indirectCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA1CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.24 */
    public void testDistributionPoints_ValidIDPwithindirectCRLTest24() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidIDPwithindirectCRLTest24EE.crt",
                "indirectCRLCA2Cert.crt",
        };

        String[] certs = {
                "ValidIDPwithindirectCRLTest24EE.crt",
                "indirectCRLCA1Cert.crt",
                "indirectCRLCA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA1CRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.14.25 */
    public void testDistributionPoints_ValidIDPwithindirectCRLTest25() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidIDPwithindirectCRLTest25EE.crt",
                "indirectCRLCA2Cert.crt",
        };

        String[] certs = {
                "ValidIDPwithindirectCRLTest25EE.crt",
                "indirectCRLCA1Cert.crt",
                "indirectCRLCA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA1CRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.14.26 */
    public void testDistributionPoints_InvalidIDPwithindirectCRLTest26() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidIDPwithindirectCRLTest26EE.crt",
                "indirectCRLCA1Cert.crt",
                "indirectCRLCA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA1CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.27 */
    public void testDistributionPoints_InvalidcRLIssuerTest27() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidcRLIssuerTest27EE.crt",
                "GoodCACert.crt",
                "indirectCRLCA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "GoodCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.28 */
    public void testDistributionPoints_ValidcRLIssuerTest28() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidcRLIssuerTest28EE.crt",
                "indirectCRLCA3Cert.crt",
        };

        String[] certs = {
                "ValidcRLIssuerTest28EE.crt",
                "indirectCRLCA3cRLIssuerCert.crt",
                "indirectCRLCA3Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA3CRL.crl",
                "indirectCRLCA3cRLIssuerCRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.14.29 */
    public void testDistributionPoints_ValidcRLIssuerTest29() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidcRLIssuerTest29EE.crt",
                "indirectCRLCA3Cert.crt",
        };

        String[] certs = {
                "ValidcRLIssuerTest29EE.crt",
                "indirectCRLCA3cRLIssuerCert.crt",
                "indirectCRLCA3Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA3CRL.crl",
                "indirectCRLCA3cRLIssuerCRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.14.30 */
    public void testDistributionPoints_ValidcRLIssuerTest30() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidcRLIssuerTest30EE.crt",
                "indirectCRLCA4Cert.crt",
        };

        String[] certs = {
                "ValidcRLIssuerTest30EE.crt",
                "indirectCRLCA4cRLIssuerCert.crt",
                "indirectCRLCA4Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA4cRLIssuerCRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.14.31 */
    public void testDistributionPoints_InvalidcRLIssuerTest31() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidcRLIssuerTest31EE.crt",
                "indirectCRLCA6Cert.crt",
                "indirectCRLCA5Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA5CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.32 */
    public void testDistributionPoints_InvalidcRLIssuerTest32() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidcRLIssuerTest32EE.crt",
                "indirectCRLCA6Cert.crt",
                "indirectCRLCA5Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA5CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.33 */
    public void testDistributionPoints_ValidcRLIssuerTest33() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] path = {
                "ValidcRLIssuerTest33EE.crt",
                "indirectCRLCA6Cert.crt",
        };

        String[] certs = {
                "ValidcRLIssuerTest33EE.crt",
                "indirectCRLCA6Cert.crt",
                "indirectCRLCA5Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA5CRL.crl",
        };

        assertValidPath(trustAnchor, path, certs, crls);
    }

    /** NIST PKITS test 4.14.34 */
    public void testDistributionPoints_InvalidcRLIssuerTest34() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidcRLIssuerTest34EE.crt",
                "indirectCRLCA5Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA5CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.14.35 */
    public void testDistributionPoints_InvalidcRLIssuerTest35() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvalidcRLIssuerTest35EE.crt",
                "indirectCRLCA5Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "indirectCRLCA5CRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.1 */
    public void testDeltaCRLs_InvaliddeltaCRLIndicatorNoBaseTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddeltaCRLIndicatorNoBaseTest1EE.crt",
                "deltaCRLIndicatorNoBaseCACert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLIndicatorNoBaseCACRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.2 */
    public void testDeltaCRLs_ValiddeltaCRLTest2() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddeltaCRLTest2EE.crt",
                "deltaCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA1CRL.crl",
                "deltaCRLCA1deltaCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.3 */
    public void testDeltaCRLs_InvaliddeltaCRLTest3() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddeltaCRLTest3EE.crt",
                "deltaCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA1CRL.crl",
                "deltaCRLCA1deltaCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.4 */
    public void testDeltaCRLs_InvaliddeltaCRLTest4() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddeltaCRLTest4EE.crt",
                "deltaCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA1CRL.crl",
                "deltaCRLCA1deltaCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.5 */
    public void testDeltaCRLs_ValiddeltaCRLTest5() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddeltaCRLTest5EE.crt",
                "deltaCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA1CRL.crl",
                "deltaCRLCA1deltaCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.6 */
    public void testDeltaCRLs_InvaliddeltaCRLTest6() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddeltaCRLTest6EE.crt",
                "deltaCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA1CRL.crl",
                "deltaCRLCA1deltaCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.7 */
    public void testDeltaCRLs_ValiddeltaCRLTest7() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddeltaCRLTest7EE.crt",
                "deltaCRLCA1Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA1CRL.crl",
                "deltaCRLCA1deltaCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.8 */
    public void testDeltaCRLs_ValiddeltaCRLTest8() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValiddeltaCRLTest8EE.crt",
                "deltaCRLCA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA2CRL.crl",
                "deltaCRLCA2deltaCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.9 */
    public void testDeltaCRLs_InvaliddeltaCRLTest9() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddeltaCRLTest9EE.crt",
                "deltaCRLCA2Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA2CRL.crl",
                "deltaCRLCA2deltaCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.15.10 */
    public void testDeltaCRLs_InvaliddeltaCRLTest10() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "InvaliddeltaCRLTest10EE.crt",
                "deltaCRLCA3Cert.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
                "deltaCRLCA3CRL.crl",
                "deltaCRLCA3deltaCRL.crl",
        };

        assertInvalidPath(trustAnchor, certs, crls);
    }

    /** NIST PKITS test 4.16.1 */
    public void testPrivateCertificateExtensions_ValidUnknownNotCriticalCertificateExtensionTest1() throws Exception {
        String trustAnchor = "TrustAnchorRootCertificate.crt";

        String[] certs = {
                "ValidUnknownNotCriticalCertificateExtensionTest1EE.crt",
        };

        String[] crls = {
                "TrustAnchorRootCRL.crl",
        };

        assertValidPath(trustAnchor, certs, crls);
    }

    /* DO NOT MANUALLY EDIT -- END AUTOMATICALLY GENERATED TESTS */
}