directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [12/36] directory-kerby git commit: Moved the source codes of not-so-commons-ssl into kerby-pkix module and cleaned up accordingly
Date Sun, 13 Dec 2015 02:02:03 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
new file mode 100644
index 0000000..53be109
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
@@ -0,0 +1,65 @@
+package org.apache.commons.ssl;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+
+public class TestTrustMaterial {
+
+    File pemFile = new File(TEST_HOME + "x509/certificate.pem");
+    File derFile = new File(TEST_HOME + "x509/certificate.der");
+
+    @Test
+    public void theTest() throws GeneralSecurityException, IOException {
+        // TrustMaterial in 0.3.13 couldn't load cacerts if it contained any private keys.
+        TrustMaterial tm = new TrustMaterial(TEST_HOME + "cacerts-with-78-entries-and-one-private-key.jks");
+        Assert.assertEquals(78, tm.getCertificates().size());
+    }
+
+    @Test
+    public void testLoadByFile() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile);
+        TrustMaterial tm2 = new TrustMaterial(derFile);
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    @Test
+    public void testLoadByBytes() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(Util.fileToBytes(pemFile));
+        TrustMaterial tm2 = new TrustMaterial(Util.fileToBytes(derFile));
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+
+    }
+
+    @Test
+    public void testLoadByURL() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile.toURI().toURL());
+        TrustMaterial tm2 = new TrustMaterial(derFile.toURI().toURL());
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    @Test
+    public void testLoadByStream() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(new FileInputStream(pemFile));
+        TrustMaterial tm2 = new TrustMaterial(new FileInputStream(derFile));
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+
+    }
+
+    @Test
+    public void testLoadByPath() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile.getPath());
+        TrustMaterial tm2 = new TrustMaterial(derFile.getPath());
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    private static boolean equalKeystores(TrustMaterial tm1, TrustMaterial tm2) throws KeyStoreException {
+        return Util.equals(tm1.getKeyStore(), tm2.getKeyStore());
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt b/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
new file mode 100644
index 0000000..ceda279
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
@@ -0,0 +1,3 @@
+Password for decrypting any of these files is
+always "changeit".
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt b/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
new file mode 100644
index 0000000..ceda279
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
@@ -0,0 +1,3 @@
+Password for decrypting any of these files is
+always "changeit".
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
new file mode 100644
index 0000000..22e9df6
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+echo
+echo "WARNING:  This script creates fake test SSL certificates that expire after 2038."
+echo "          Because of date/time issues on 32 bit unix with dates after 2038, this"
+echo "          script can only be run on 64 bit unix machines."
+echo
+
+export DAYS=14610 # 40 years
+export ROOT_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=root/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export  RSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=rsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export  DSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=dsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export TEST_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=test/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+
+export CA=root
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+export ROOT_PRIV=$PRIV
+mkdir -p       $PRIV
+mkdir -p       $CA/newcerts
+touch          $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+  date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $ROOT_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config $CA.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -selfsign -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=rsa-intermediate
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+mkdir -p       $PRIV
+mkdir -p       $CA/newcerts
+touch          $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+  date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $RSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=dsa-intermediate
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+mkdir -p       $PRIV
+mkdir -p       $CA/newcerts
+touch          $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+  date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl dsaparam -genkey 2048 -out $CA/dsa.params
+openssl req -newkey dsa:$CA/dsa.params -days $DAYS -nodes -subj $DSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=dsa-intermediate
+export PRIV=$CA/private
+echo
+echo "Attempting to make test-dsa-cert.pem"
+openssl req -new -key rsa.key -days $DAYS -subj $TEST_SUBJ -out testreq.pem
+openssl ca -config dsa-intermediate.cnf -create_serial -out test-dsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
+
+export CA=rsa-intermediate
+export PRIV=$CA/private
+echo
+echo "Attempting to make test-rsa-cert.pem"
+openssl ca -config rsa-intermediate.cnf -create_serial -out test-rsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
+
+cat test-rsa-cert.pem rsa-intermediate/cacert.pem root/cacert.pem > test-rsa-chain.pem
+cat test-dsa-cert.pem dsa-intermediate/cacert.pem root/cacert.pem > test-dsa-chain.pem

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
new file mode 100644
index 0000000..e190163
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+find -iname \*.pem  -exec rm {} \;
+find -iname \*.txt\*  -exec rm {} \;
+find -iname \*serial\*  -exec rm {} \;
+rm -f root.cnf rsa-intermediate.cnf dsa-intermediate.cnf dsa-intermediate/dsa.params

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
new file mode 100644
index 0000000..5431c90
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
@@ -0,0 +1,137 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462055 (0x20090527)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:31 2009 GMT
+            Not After : May 25 21:44:31 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    7a:a9:65:fb:76:ba:be:f3:fa:94:59:52:ed:4e:fc:
+                    e4:70:5e:8f:7c:14:e7:73:d6:d2:36:6b:62:d2:56:
+                    c9:6e:7a:91:63:72:4e:a9:ce:2e:eb:38:5e:c4:72:
+                    f6:2c:52:aa:51:f4:ce:3b:28:55:39:c3:ad:5d:52:
+                    fa:ac:0c:32:48:fc:00:9f:c3:d9:75:09:8d:82:e0:
+                    cb:07:65:29:25:7a:34:2e:bb:a0:2d:30:91:59:0e:
+                    ce:82:fb:2d:ad:a5:b2:b9:2b:ec:6b:b1:04:07:0c:
+                    52:16:7d:6c:0c:b2:64:c7:c6:cb:ab:18:ab:a6:fa:
+                    3e:31:f3:8f:49:75:33:69:d3:2a:2a:e7:2c:38:b5:
+                    d6:7d:33:94:ba:a6:3e:2f:e5:3b:cc:4a:27:d1:59:
+                    f3:9c:71:b1:46:64:3f:28:f1:33:d1:bc:c2:8b:47:
+                    92:2d:c6:1f:fb:23:34:56:f1:6e:18:8e:7c:0b:75:
+                    42:8a:bb:92:44:04:58:41:d1:9b:6e:d6:14:98:94:
+                    3d:77:8d:93:d3:1f:e9:7b:a7:71:94:10:ee:e9:d3:
+                    5a:4a:b8:91:61:35:4c:00:76:f2:b2:3a:bd:9f:42:
+                    f9:f0:8e:da:bd:8c:60:fd:7d:65:85:98:c5:7d:42:
+                    b9:27:de:09:0a:1c:85:a7:63:e5:71:3c:ab:78:de:
+                    cf
+                P:   
+                    00:8f:5a:80:34:53:e1:52:68:8c:cf:9b:d5:7a:01:
+                    60:57:63:f9:f8:01:55:9e:55:17:7f:f4:cc:cd:d7:
+                    fb:f7:1e:36:00:1c:ae:5c:70:e8:1b:33:ef:b8:8d:
+                    aa:69:2a:66:f0:48:fd:bb:25:82:eb:56:be:ac:ca:
+                    49:6e:7f:17:fd:3b:61:57:a7:14:c1:eb:99:5d:6b:
+                    82:03:db:1c:18:2a:25:05:19:ec:34:b8:c3:1b:2c:
+                    69:89:37:7b:85:9b:c0:a9:39:84:43:f1:60:0b:91:
+                    50:e0:b5:93:3c:ad:1c:b8:33:4e:9b:00:ed:cd:60:
+                    59:9b:57:04:7b:c0:fb:2d:49:45:e3:ce:c0:8a:aa:
+                    4d:07:3a:43:a3:3d:06:70:66:fc:9f:b2:8f:d6:c5:
+                    1f:a5:7b:00:36:a9:42:5e:50:db:38:34:8c:4a:c6:
+                    f6:3a:58:9a:a6:57:93:f7:4e:55:8b:46:f0:b0:1b:
+                    9c:a0:cb:fc:57:91:be:6d:47:56:a9:d1:46:cd:43:
+                    7b:ff:24:96:0a:dd:d7:d8:b7:58:8e:6a:a1:eb:2a:
+                    ba:40:0a:f6:d1:53:7c:84:06:fc:14:1c:d5:33:79:
+                    88:bb:4f:fa:b5:87:35:61:0d:b0:7b:07:bb:74:7c:
+                    30:a7:a3:60:7d:76:a6:d1:46:2b:84:a2:9a:28:61:
+                    f2:89
+                Q:   
+                    00:bf:87:b6:dd:a6:62:0f:88:a2:44:a5:99:ac:b9:
+                    12:82:05:7b:2e:af
+                G:   
+                    00:86:37:bd:1d:60:12:25:f5:01:7f:7e:e0:e7:de:
+                    26:f4:3d:d4:75:fe:91:41:41:b3:c6:70:7f:71:c6:
+                    5e:4e:c1:0f:3e:cc:be:9c:0b:df:b4:8f:6e:2a:0f:
+                    90:5b:20:14:75:c7:31:13:e2:d8:73:73:76:b6:c4:
+                    f5:5f:ac:b4:2a:26:4e:8c:af:87:2e:f5:1d:78:69:
+                    15:b5:b4:b7:d3:52:ec:f4:c8:6e:c5:65:bd:88:e5:
+                    c4:da:0c:48:ac:d3:2d:a2:da:b0:72:75:09:1d:aa:
+                    d9:64:80:b7:18:31:54:07:d6:7a:8b:f3:be:b7:22:
+                    87:1c:3a:c7:2f:a9:4b:8d:79:06:a1:ff:1c:db:f3:
+                    17:9b:32:a0:61:20:6e:37:92:eb:27:a1:6f:b8:22:
+                    0e:26:4d:71:9a:b3:a0:9a:fb:fb:91:68:5b:52:3b:
+                    20:75:d5:36:a6:aa:c3:dc:52:01:87:06:58:68:62:
+                    20:b8:aa:bd:2b:c9:58:60:b7:02:2e:c4:4f:bf:ec:
+                    b7:43:13:3f:90:51:65:65:a9:ba:48:74:9e:3c:ad:
+                    93:b6:00:3f:93:11:e7:cd:ea:5f:11:44:b2:4f:d1:
+                    e3:fd:19:a8:bc:4a:c6:ae:4c:ec:83:85:fa:98:ed:
+                    0b:a3:8f:a0:35:38:d4:9f:96:fd:f3:b2:b5:80:d5:
+                    1e:a4
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        30:75:fb:1e:e2:d0:ff:18:3a:de:7d:49:8a:20:33:bc:0e:0c:
+        ad:7a:68:f8:57:91:3a:bd:2b:07:a7:25:a6:c6:d0:f7:30:57:
+        73:a3:34:af:ee:d3:5d:06:9f:80:f5:41:b7:7f:e8:0e:e2:28:
+        6c:a5:d7:82:9b:81:89:85:9f:47:5d:af:17:ab:f6:e1:02:4c:
+        01:2b:07:7c:2b:e1:77:1c:a4:e9:a6:89:97:50:49:87:73:04:
+        6e:32:50:f5:b7:be:f2:60:b3:9c:5f:b4:2a:d2:2f:c0:0b:82:
+        47:71:70:62:cc:98:ad:47:20:58:61:d6:c0:c5:30:65:3f:97:
+        43:47:50:cb:90:4c:c3:7c:50:c4:28:27:b7:2d:c8:2a:61:40:
+        18:7e:fa:ce:03:39:20:f9:96:a2:da:1c:fe:5e:c7:9f:f1:bc:
+        98:18:c1:63:e6:f6:35:35:d8:5d:18:2e:ef:87:7d:af:00:a3:
+        bc:12:18:c3:11:1e:8a:6d:bf:5d:10:87:6f:79:f3:8f:11:9d:
+        cb:0d:fe:f6:fe:4f:d0:2b:de:8e:3a:da:f3:46:11:ca:12:bb:
+        ca:22:67:05:45:e6:fd:9f:71:09:98:0b:1e:cf:51:73:b2:ad:
+        48:f9:06:2a:b5:5c:9f:f3:97:e0:8e:a3:df:57:1c:a7:94:ca:
+        f2:97:8e:56
+-----BEGIN CERTIFICATE-----
+MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
+NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
+gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
+/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
+hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
+j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
+e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
+YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
+JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
+c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
+HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
+Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
+kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
+n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
+VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
+ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
+dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
+8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
+Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
+BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
+wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
+GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
+b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
+Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
+MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
+LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
+bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
++QYqtVyf85fgjqPfVxynlMryl45W
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
new file mode 100644
index 0000000..5b4d97f
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
@@ -0,0 +1,34 @@
+-----BEGIN DSA PARAMETERS-----
+MIICIQKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByuXHDo
+GzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRnsNLjD
+GyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487AiqpN
+BzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBucoMv8
+V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6tYc1
+YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIFey6v
+AoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0j24q
+D5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I5cTa
+DEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xebMqBh
+IG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0ryVhg
+twIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8SsauTOyD
+hfqY7Qujj6A1ONSflv3zsrWA1R6k
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPwIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
+XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
+NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
+iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
+oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
+tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
+ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
+j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
+5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
+MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
+yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
+TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAEv2b206JjZOeRVQ6R4gmCGhxCL6
+v8K/geGdHOzveYLGc+eaSfEP2X9F64rq4lf7kZSfjlwbCa7wPFiudQwTqIvtz6AO
+7tYfDk5BKsSqxfHChYHbTK5bUIvPapMH+aATdX0haXRRvNGY/V7lAPoBSwpWpPzG
+17rz29tysLZWvaDJK05Vwg+UmJB3AG4zyJGD/Zw2Ub/Eik1rL2N7p6ewa7EsTG4H
+pZAYwCJvAhidpaLfpoFxmF7VsMU+e/SwV++sbElb/a9szjbRc80jTyDHdxTO+hCS
+6MJjQkev4Bzy4+DO/PrCESoZymg4skRkVVc0knpSuGUviPZejvkdVo26mlsCFQCW
+c8bFDKclUXmeh6vxr7RGih+SKg==
+-----END DSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
new file mode 100644
index 0000000..adc6d0b
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPgIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
+XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
+NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
+iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
+oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
+tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
+ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
+j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
+5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
+MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
+yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
+TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98
+FOdz1tI2a2LSVsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACf
+w9l1CY2C4MsHZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsur
+GKum+j4x849JdTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKL
+R5Itxh/7IzRW8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pK
+uJFhNUwAdvKyOr2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s8CFDIz
+Am1wgwvcQt/K9JADNgPY9gyS
+-----END DSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
new file mode 100644
index 0000000..9e59020
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
@@ -0,0 +1,313 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
new file mode 100644
index 0000000..bb8bf4b
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
@@ -0,0 +1,85 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462053 (0x20090525)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:28 2009 GMT
+            Not After : May 25 21:44:28 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+                    59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+                    e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+                    dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+                    29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+                    28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+                    f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+                    49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+                    89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+                    f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+                    4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+                    3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+                    1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+                    8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+                    a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+                    3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+                    7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+                    d2:15
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+        af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+        18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+        7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+        ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+        35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+        65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+        6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+        2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+        67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+        fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+        b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+        29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+        f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+        52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
new file mode 100644
index 0000000..d4bb17a
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAudsEFoxB65HEuNEacyhZCbh6tQVA208rY3u/AXDhDUwJOjtj
+niIT+lXRvOjdMXHfDaYLKSnM2r1pXMspfmyMk4LHiwDqC4w1XP4oEs+6ESRIvAru
+N1Sj8pvydpR9VsBSNfD/yIwIfrBJxS/9QZIG6MJxDfZw5ZOJgKITQ6xTVroaRESY
+zbr5OpMgcTSTDz80NC5TstdKIj6JCsNuEkC68yJtOGM78O9CKy300vipds4TN84a
+pL1CoHtx3w4/kxCdIgqLYZLGTP7nv1b0XNOFmJKi3NE9+G4+rOGHL+H7MNU9JPzZ
+0ay5ypxB/2Cq5Fd+sZOsT2S1CtNXThJoWxjSFQIDAQABAoIBAH6oCRMspkfZYQzq
+Q3IzDuqW89ilKdvLCjCTxkk/Gb+sD6XFj0/WvXKeRX7N2t+1UGLGw1hcCiUPa9w2
+/6IOa4ajW0UZbGZOOJeVBM49DfpclczATjMa1VeiewvgicIy8lOcV1PeSnO7w6pD
+1/11fIvm5pCzX6C0eMJWsXYu2+R/abc1VJPsm+lJ4dTErAM0MQNjbpSB7rth5AAh
+V4e1W6SU0IqMZbTfFYwwgwUHSW8Q3wk30yY0tiMoblNaDfYomoGK1ekfCpdE9eve
+okGGs5Nv3q4h1gJsUPF9oSWcCuMW3zTKH6DUtuuE08Q9x1Z/g1YralWV4WnApSSS
+iZy3k4kCgYEA4G5lOblwaZ3rmV4h76lwwOderqwdLs0T4p7TUalgg+fiy2ifC37d
+VXyk/ZEw9nqWH1C9QIUpM6VH0l/cYxCAt94ioYkZZYQmGZVGzBOdIA4LEdP1juN4
+fCOuesxSaRu2DEVf3J7U1XsOsLPT9cUb/UtgmUqVrcprSiYDmYWU+cMCgYEA0/+J
+qytZi5PFZWa+rBxm6zb1WXrIzs3AavVWG2ryGjZuLjO0ADLDDPTvNI6WGo807PpX
+2ISq7VAFCWm1kukgUFNc7a+uIAMHV4USW5MRnTtc91C71iBabYs2uYJnP9KZKjnz
+1kji6+jz4wbHyIddkMwKVCmMmdHHlhXpj4vUb0cCgYAdUE4IbCAyq13KenEUTJ1d
+lNrZFcH6Cu89+mC/mc/xaqhEyTV82uUt9UnXlM9AYmKZVIJjmwD2re/jmoG+rrkh
+SvJbBv06NTiEvuqwXR94wFzRx02bjDqAfGidwXJCKExu7eDHgDdsatZQXiyhPU2a
+l+3WF9fVC0tYM/7kXn5G4QKBgF1AnrIok28ORVphY6YZqDv3JN2DYSl24BksagAN
+fwmAv96a56berWXZqA8aWXS9Ya6MQHABi55wAIcvdKt22Lv8r3fuO03hhy08X+Lg
+QnNDVZWEcduyx5RAFIZtkjVE0hL9AwFTdl4HTqCirubKhKHY3wI+dJaE7KJcaSy3
+eW6pAoGAayYZFNrDqHJJl8urrX2k6K+m+VE0xU94h9Vx4MpRa/f9bZ0U8YVNdTkZ
+BR6kUHOpOFO166jcBZJX3V305IbQB5TeysIyYqBaMATDc6tAEB+Celoz3+hw/Je2
+bIiQgdtctH4MarQkGlokUGjEz2aMg0l7vecgxQE88l/svAF3vmA=
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
new file mode 100644
index 0000000..ac2c117
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
@@ -0,0 +1,86 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462054 (0x20090526)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:29 2009 GMT
+            Not After : May 25 21:44:29 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ce:1b:db:73:49:85:a4:3c:42:14:84:6a:7d:47:
+                    78:d2:e1:58:27:ed:e4:78:5e:5d:2b:ee:c3:29:c5:
+                    a2:d2:6f:f3:0e:0a:d6:d6:7f:5a:f7:30:6f:c9:8f:
+                    ad:fe:53:22:46:aa:5e:0b:f6:e8:21:f3:dc:5f:75:
+                    9b:55:c5:07:ab:75:54:fd:9b:2e:31:da:12:45:3c:
+                    7b:1e:27:f6:a1:5b:5d:ac:0a:b4:e8:dd:d3:ba:ff:
+                    af:f1:43:31:4c:5b:5e:73:d4:a8:ce:93:b9:f1:9d:
+                    8b:17:1f:16:74:4f:9a:07:80:7c:1a:41:a6:49:21:
+                    2a:a8:83:75:18:3d:ed:17:8b:8b:b4:f8:46:d3:28:
+                    25:35:e1:17:df:e6:b4:f7:87:a7:71:0f:a0:b5:22:
+                    4d:48:35:2c:a3:dc:fc:58:33:76:fb:07:cf:fb:64:
+                    e9:fa:05:a8:be:63:eb:32:48:01:10:fd:44:a2:79:
+                    72:5d:33:62:1b:ad:f4:60:3f:7d:59:9c:07:cf:9c:
+                    b1:b5:e7:18:84:5e:ec:e0:78:6c:53:f0:cf:67:8d:
+                    91:95:73:72:de:70:c7:ca:ea:27:6f:d2:61:c8:7d:
+                    a5:28:28:61:c8:c9:e9:6b:7e:ae:07:9d:36:87:04:
+                    a4:97:1c:1d:f5:39:cb:b2:8a:32:8d:25:68:05:2d:
+                    86:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        03:b6:83:af:6c:ff:2b:21:12:b9:8a:cd:8e:2f:d9:1a:28:88:
+        0c:9f:f1:6b:73:fb:76:3f:70:d8:cd:ce:5a:f6:0f:08:6a:0a:
+        a3:f7:ad:b2:72:19:eb:0e:9c:36:bb:a4:fb:3f:90:78:ba:45:
+        ee:da:c9:8e:a0:ef:b3:ac:05:4c:f4:b4:37:18:0d:bb:20:5d:
+        f4:e7:b3:77:ea:56:0c:ad:81:42:80:04:92:ca:3b:73:ed:35:
+        d5:35:f6:9f:95:a2:2d:81:4d:e6:3a:3c:13:64:f1:0f:36:7e:
+        90:c2:a0:37:c6:19:9e:13:47:92:a3:e8:18:3d:f4:d8:a0:83:
+        80:0f:7b:a7:57:9c:60:6c:6a:3e:d4:1d:cc:5e:8c:13:7f:1c:
+        d7:f6:df:ad:ae:0a:95:12:f1:71:c2:70:98:d1:2f:6c:f0:24:
+        43:b4:7e:a4:e4:31:d4:bc:50:90:03:4b:34:ba:a3:d0:fd:f5:
+        01:17:eb:11:83:44:86:65:17:bf:89:00:c7:93:d6:70:7e:0b:
+        4b:93:dc:f9:92:50:4c:3e:11:23:c5:50:1c:49:bd:8c:0c:2c:
+        60:1c:d8:e6:5f:a4:fa:21:db:8c:62:bf:74:a3:83:1c:8d:cc:
+        8e:34:8c:16:1c:c6:71:63:89:c2:c4:45:0c:90:71:98:68:2f:
+        9d:a7:87:f7
+-----BEGIN CERTIFICATE-----
+MIIEiDCCA3CgAwIBAgIEIAkFJjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI5WhcN
+NDkwNTI1MjE0NDI5WjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDOG9tzSYWkPEIUhGp9R3jS4Vgn7eR4Xl0r7sMpxaLSb/MOCtbWf1r3MG/J
+j63+UyJGql4L9ugh89xfdZtVxQerdVT9my4x2hJFPHseJ/ahW12sCrTo3dO6/6/x
+QzFMW15z1KjOk7nxnYsXHxZ0T5oHgHwaQaZJISqog3UYPe0Xi4u0+EbTKCU14Rff
+5rT3h6dxD6C1Ik1INSyj3PxYM3b7B8/7ZOn6Bai+Y+sySAEQ/USieXJdM2IbrfRg
+P31ZnAfPnLG15xiEXuzgeGxT8M9njZGVc3LecMfK6idv0mHIfaUoKGHIyelrfq4H
+nTaHBKSXHB31OcuyijKNJWgFLYZlAgMBAAGjgeswgegwHQYDVR0OBBYEFC70zaG0
+rQOF2K9pl9UtlUDWvxK/MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGOb
+IH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoT
+D2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDEN
+MAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWls
+LmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQADtoOv
+bP8rIRK5is2OL9kaKIgMn/Frc/t2P3DYzc5a9g8Iagqj962ychnrDpw2u6T7P5B4
+ukXu2smOoO+zrAVM9LQ3GA27IF3057N36lYMrYFCgASSyjtz7TXVNfaflaItgU3m
+OjwTZPEPNn6QwqA3xhmeE0eSo+gYPfTYoIOAD3unV5xgbGo+1B3MXowTfxzX9t+t
+rgqVEvFxwnCY0S9s8CRDtH6k5DHUvFCQA0s0uqPQ/fUBF+sRg0SGZRe/iQDHk9Zw
+fgtLk9z5klBMPhEjxVAcSb2MDCxgHNjmX6T6IduMYr90o4McjcyONIwWHMZxY4nC
+xEUMkHGYaC+dp4f3
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
new file mode 100644
index 0000000..466f54a
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzhvbc0mFpDxCFIRqfUd40uFYJ+3keF5dK+7DKcWi0m/zDgrW
+1n9a9zBvyY+t/lMiRqpeC/boIfPcX3WbVcUHq3VU/ZsuMdoSRTx7Hif2oVtdrAq0
+6N3Tuv+v8UMxTFtec9SozpO58Z2LFx8WdE+aB4B8GkGmSSEqqIN1GD3tF4uLtPhG
+0yglNeEX3+a094encQ+gtSJNSDUso9z8WDN2+wfP+2Tp+gWovmPrMkgBEP1Eonly
+XTNiG630YD99WZwHz5yxtecYhF7s4HhsU/DPZ42RlXNy3nDHyuonb9JhyH2lKChh
+yMnpa36uB502hwSklxwd9TnLsooyjSVoBS2GZQIDAQABAoIBADajAdic69Vut+Gy
+fHw7Xxcf73ueP4t9EFveDlRbdN8uGBNn4i24UwfmCiw3b1tU9GghL48iY8TkXU3c
+4lGpSnA0SVR1N5i1g1RhRQ3ocCO0Ea/SosR8UW1n7F8bfc0NB4vTGvCwDoGzTrTR
+Y+VvWJiWgc+ACbGnHiTPvFGx0NEFjizCrBTWDCSMbHdujEkw/gZt1PhKgJg0DbUj
+M4zLG0YCIR/RSnNHYKgMEl2PXCKHLsMwyH52BMi/lmh47N2H0cC/5YSoCX6s1Y8I
+ZWojgMJVCN4SQInm630hiF8X0r3yQFvig1OYyebpJpqHSJUZ6GGQl5M6p8MFlgam
+BNFakH0CgYEA7F1+SJMOeWB+TnP7ilvYaXzE+aLvJ0/Wl5whyxJCCkMJsz+120Ui
+4ooKbohQF0h1IXJGeFS4hD/DK+3S/mjjBC8TQBtuvWzhk2+C7+Gigke4XjrdJXbB
+b87nDf1EPY9d1lGhVRmVh2APgPxgmw7mb3WgMN3lnh0xknhEoHPYbdMCgYEA3zrv
+pNAnGHg8ALJTHWiyEWrXRIhuOYOJa2oQB4cQeK6ou5UsfzQsd6w2UmwzghOTNtrM
+fvGeHECsTVh8AeNY9sT0GG5BY+DcOlYn3Dgs7UW0w8otZ/D/lmc9+Z/R4hBo/qcY
+h7WkcG5S0TeIiam9bq5EfTUAs5fFvbYRsdAGv+cCgYAuvrq33aVyKbwxBc0Mauec
+zRkjia6kZqy45R7ly2GWJ/XmJkZv6/dfOA+iFoFIaYMIr1HygEbRmM6fhHRC7jlf
+XXQALKy097CQ+O+7QzNhco+qyxdrTlYpJ5EYeishxZW4SgKPEvU4ha3rQ35TjBnU
+lz2sDGZZ48om/nQMC30VEwKBgQDKl5xiQZ8ZsBUUtMKF0Dy7XfGcew0+GUigOZPu
+oP+r5yevhoTptRoeSibKyvQ8OzPB9vTcyL+r+G3njESPGhvlaX32pimmUa7NKt/m
+Fv1/IWIaxuRKjwgHIg+2+vrqZeZEJrY2g/2HJDj5M6Mw/OG1D2eNEotecoG92P1a
+GOfnRQKBgQCe/zEs+IZxrnqMq+B5QIiSBTliZeGApOG7P+TS1MyvIijeIM5d1LNc
+oUtzPUSOz0CwQT669F8C4gOllnXImyHUkivBxgfwLJcOt6NqxfiTIcDqrf7jaNyp
+R8l/GuwFPz/DtBsFizfYmY9cXV5/Ihz9/gmnw0oFgVX2MLVv0CRKZA==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
new file mode 100644
index 0000000..f540dcc
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7Plp
+gpjUg4pNjYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc
+8BQcwHf0ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTj
+HE5t7iu1JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindx
+OSAnAxK6q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfD
+HArDqUYxqJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABAoIBAFd6vTKVVT0O/U04
+wTtiptA/p7fkDM5PHVBxh32Wxno5pj8PerIaiduKyuRVh7PvJRMJpw903BrAK95o
+847WWOVOaF7TcKGMBURJUS6maiJS7TboK1ZbUVnsg/I99ArhiVUKGDhlsl/Xd4np
+YPDYztzXLzLXpm7bS6CiuvP762x9dfVu8K+afP8cjH8pfXLq55ghZOUKidRQaYz1
+mNOTQyAQlCQdLRgKlYgqcRHlj0pb28XBJaln3W7Z7GFMWFPojkxx6LaCp8+Jyx2C
+tv54zIZQhMjF37tQyTnfK4Ocl3sCRb+jYV4FkrUnsQE9W2dey0Tms1XB31gfUJlx
+dRZu7zkCgYEA/nWcTwzot2OIAhXoJ2fnqTcpdmj05LHhGcayKjyix7BsVH2I0KpF
+9kXX066tr3+LxZTergl4UpWSl3yx/4kPBQM6np4VVRytn7+cQdEhOczZnBw6x7IZ
+fv81DSNruQDBRAlTtklW4KBY74JKLhaJSvF1F3x32+H+99i1MmCNJRMCgYEAyZpF
+h4c3pM9z+YlmgLdUh/G2abdoamugcQOFbzHbZowsRAxEzdEW9wj2McN6mt8Rn1tc
+tY/+PcYuIK+vcmk9k23GuzxRlJlkaDicHwlAebgVIulFcrStfTlSkXjpuOuusfD9
+2DuHMcUiPx3qElNB0dZJF/axpq7BjTIFENefhZ8CgYACn+vw1M1BtwEcJGW0olm9
+YRhIZGTCRyNvRKFp1h5HuQYlCPZ0UI1QMQA86rxX5xTmANcbLHXVRD2y2lJrtFo3
+TwU3xaGqsxUHZM6TzzhshDRqa9AfZzLkIHXHoOnnip5zuTTn2HHQ91ZzggCJ4Smh
+YEQ47cu+tOIQZGfaESzjiQKBgQCCfnZlDJRq/NFwA40y4fg4arANa+eNgw7+OC5F
+1HrUvQTmIx7iLmZ0Dvv1KDgTSTLJ+MRgzczexYoUJEQnhZGS/Wq2xYt06XlBsOr1
+d/KhFxOvXllSrzrhJJqaiS6YQQ36JijZr2aKQ7UwL7fUlsmy/safWVKStumX8Hmw
+9jFOtwKBgQDmtirdNQ8aKolokD/3bDHPcDsNcybEpiCu8BIltxZAs/LsN1IIxfcp
+mGP2AFt3mbblKbsRM8hDW/X9taeG9s2KGe5wlKOE5lV8YAo4hFoJYN2/0d8Y0K9X
+QAAYU3iPG1zL+a/7TFLJ0u/biqsBg9hnNbMnN/tOeSuKnH2Rx9F1rg==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
new file mode 100644
index 0000000..d96dc66
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462053 (0x20090525)
+        Signature Algorithm: dsaWithSHA1
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:31 2009 GMT
+            Not After : May 25 21:44:31 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+                    7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+                    8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+                    95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+                    41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+                    80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+                    f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+                    d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+                    9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+                    6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+                    56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+                    31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+                    71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+                    41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+                    cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+                    c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+                    4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+                    e5:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+            X509v3 Authority Key Identifier: 
+                keyid:94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+
+    Signature Algorithm: dsaWithSHA1
+        30:2d:02:15:00:86:ec:d5:ef:f1:75:60:a2:09:36:40:ff:ca:
+        83:67:6a:08:5d:d4:1e:02:14:51:6c:df:41:80:43:74:2a:1c:
+        48:c2:08:85:5b:9b:7d:07:46:6b:84
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
+MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
+bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
+MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
+QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
+b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
+ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
+4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
+/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
+KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
+d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
+TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
+d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
+pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
+gEN0KhxIwgiFW5t9B0ZrhA==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-chain.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-chain.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-chain.pem
new file mode 100644
index 0000000..7418215
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-chain.pem
@@ -0,0 +1,289 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462053 (0x20090525)
+        Signature Algorithm: dsaWithSHA1
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:31 2009 GMT
+            Not After : May 25 21:44:31 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+                    7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+                    8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+                    95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+                    41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+                    80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+                    f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+                    d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+                    9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+                    6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+                    56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+                    31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+                    71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+                    41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+                    cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+                    c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+                    4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+                    e5:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+            X509v3 Authority Key Identifier: 
+                keyid:94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+
+    Signature Algorithm: dsaWithSHA1
+        30:2d:02:15:00:86:ec:d5:ef:f1:75:60:a2:09:36:40:ff:ca:
+        83:67:6a:08:5d:d4:1e:02:14:51:6c:df:41:80:43:74:2a:1c:
+        48:c2:08:85:5b:9b:7d:07:46:6b:84
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
+MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
+bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
+MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
+QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
+b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
+ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
+4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
+/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
+KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
+d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
+TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
+d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
+pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
+gEN0KhxIwgiFW5t9B0ZrhA==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462055 (0x20090527)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:31 2009 GMT
+            Not After : May 25 21:44:31 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    7a:a9:65:fb:76:ba:be:f3:fa:94:59:52:ed:4e:fc:
+                    e4:70:5e:8f:7c:14:e7:73:d6:d2:36:6b:62:d2:56:
+                    c9:6e:7a:91:63:72:4e:a9:ce:2e:eb:38:5e:c4:72:
+                    f6:2c:52:aa:51:f4:ce:3b:28:55:39:c3:ad:5d:52:
+                    fa:ac:0c:32:48:fc:00:9f:c3:d9:75:09:8d:82:e0:
+                    cb:07:65:29:25:7a:34:2e:bb:a0:2d:30:91:59:0e:
+                    ce:82:fb:2d:ad:a5:b2:b9:2b:ec:6b:b1:04:07:0c:
+                    52:16:7d:6c:0c:b2:64:c7:c6:cb:ab:18:ab:a6:fa:
+                    3e:31:f3:8f:49:75:33:69:d3:2a:2a:e7:2c:38:b5:
+                    d6:7d:33:94:ba:a6:3e:2f:e5:3b:cc:4a:27:d1:59:
+                    f3:9c:71:b1:46:64:3f:28:f1:33:d1:bc:c2:8b:47:
+                    92:2d:c6:1f:fb:23:34:56:f1:6e:18:8e:7c:0b:75:
+                    42:8a:bb:92:44:04:58:41:d1:9b:6e:d6:14:98:94:
+                    3d:77:8d:93:d3:1f:e9:7b:a7:71:94:10:ee:e9:d3:
+                    5a:4a:b8:91:61:35:4c:00:76:f2:b2:3a:bd:9f:42:
+                    f9:f0:8e:da:bd:8c:60:fd:7d:65:85:98:c5:7d:42:
+                    b9:27:de:09:0a:1c:85:a7:63:e5:71:3c:ab:78:de:
+                    cf
+                P:   
+                    00:8f:5a:80:34:53:e1:52:68:8c:cf:9b:d5:7a:01:
+                    60:57:63:f9:f8:01:55:9e:55:17:7f:f4:cc:cd:d7:
+                    fb:f7:1e:36:00:1c:ae:5c:70:e8:1b:33:ef:b8:8d:
+                    aa:69:2a:66:f0:48:fd:bb:25:82:eb:56:be:ac:ca:
+                    49:6e:7f:17:fd:3b:61:57:a7:14:c1:eb:99:5d:6b:
+                    82:03:db:1c:18:2a:25:05:19:ec:34:b8:c3:1b:2c:
+                    69:89:37:7b:85:9b:c0:a9:39:84:43:f1:60:0b:91:
+                    50:e0:b5:93:3c:ad:1c:b8:33:4e:9b:00:ed:cd:60:
+                    59:9b:57:04:7b:c0:fb:2d:49:45:e3:ce:c0:8a:aa:
+                    4d:07:3a:43:a3:3d:06:70:66:fc:9f:b2:8f:d6:c5:
+                    1f:a5:7b:00:36:a9:42:5e:50:db:38:34:8c:4a:c6:
+                    f6:3a:58:9a:a6:57:93:f7:4e:55:8b:46:f0:b0:1b:
+                    9c:a0:cb:fc:57:91:be:6d:47:56:a9:d1:46:cd:43:
+                    7b:ff:24:96:0a:dd:d7:d8:b7:58:8e:6a:a1:eb:2a:
+                    ba:40:0a:f6:d1:53:7c:84:06:fc:14:1c:d5:33:79:
+                    88:bb:4f:fa:b5:87:35:61:0d:b0:7b:07:bb:74:7c:
+                    30:a7:a3:60:7d:76:a6:d1:46:2b:84:a2:9a:28:61:
+                    f2:89
+                Q:   
+                    00:bf:87:b6:dd:a6:62:0f:88:a2:44:a5:99:ac:b9:
+                    12:82:05:7b:2e:af
+                G:   
+                    00:86:37:bd:1d:60:12:25:f5:01:7f:7e:e0:e7:de:
+                    26:f4:3d:d4:75:fe:91:41:41:b3:c6:70:7f:71:c6:
+                    5e:4e:c1:0f:3e:cc:be:9c:0b:df:b4:8f:6e:2a:0f:
+                    90:5b:20:14:75:c7:31:13:e2:d8:73:73:76:b6:c4:
+                    f5:5f:ac:b4:2a:26:4e:8c:af:87:2e:f5:1d:78:69:
+                    15:b5:b4:b7:d3:52:ec:f4:c8:6e:c5:65:bd:88:e5:
+                    c4:da:0c:48:ac:d3:2d:a2:da:b0:72:75:09:1d:aa:
+                    d9:64:80:b7:18:31:54:07:d6:7a:8b:f3:be:b7:22:
+                    87:1c:3a:c7:2f:a9:4b:8d:79:06:a1:ff:1c:db:f3:
+                    17:9b:32:a0:61:20:6e:37:92:eb:27:a1:6f:b8:22:
+                    0e:26:4d:71:9a:b3:a0:9a:fb:fb:91:68:5b:52:3b:
+                    20:75:d5:36:a6:aa:c3:dc:52:01:87:06:58:68:62:
+                    20:b8:aa:bd:2b:c9:58:60:b7:02:2e:c4:4f:bf:ec:
+                    b7:43:13:3f:90:51:65:65:a9:ba:48:74:9e:3c:ad:
+                    93:b6:00:3f:93:11:e7:cd:ea:5f:11:44:b2:4f:d1:
+                    e3:fd:19:a8:bc:4a:c6:ae:4c:ec:83:85:fa:98:ed:
+                    0b:a3:8f:a0:35:38:d4:9f:96:fd:f3:b2:b5:80:d5:
+                    1e:a4
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        30:75:fb:1e:e2:d0:ff:18:3a:de:7d:49:8a:20:33:bc:0e:0c:
+        ad:7a:68:f8:57:91:3a:bd:2b:07:a7:25:a6:c6:d0:f7:30:57:
+        73:a3:34:af:ee:d3:5d:06:9f:80:f5:41:b7:7f:e8:0e:e2:28:
+        6c:a5:d7:82:9b:81:89:85:9f:47:5d:af:17:ab:f6:e1:02:4c:
+        01:2b:07:7c:2b:e1:77:1c:a4:e9:a6:89:97:50:49:87:73:04:
+        6e:32:50:f5:b7:be:f2:60:b3:9c:5f:b4:2a:d2:2f:c0:0b:82:
+        47:71:70:62:cc:98:ad:47:20:58:61:d6:c0:c5:30:65:3f:97:
+        43:47:50:cb:90:4c:c3:7c:50:c4:28:27:b7:2d:c8:2a:61:40:
+        18:7e:fa:ce:03:39:20:f9:96:a2:da:1c:fe:5e:c7:9f:f1:bc:
+        98:18:c1:63:e6:f6:35:35:d8:5d:18:2e:ef:87:7d:af:00:a3:
+        bc:12:18:c3:11:1e:8a:6d:bf:5d:10:87:6f:79:f3:8f:11:9d:
+        cb:0d:fe:f6:fe:4f:d0:2b:de:8e:3a:da:f3:46:11:ca:12:bb:
+        ca:22:67:05:45:e6:fd:9f:71:09:98:0b:1e:cf:51:73:b2:ad:
+        48:f9:06:2a:b5:5c:9f:f3:97:e0:8e:a3:df:57:1c:a7:94:ca:
+        f2:97:8e:56
+-----BEGIN CERTIFICATE-----
+MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
+NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
+gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
+/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
+hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
+j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
+e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
+YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
+JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
+c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
+HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
+Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
+kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
+n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
+VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
+ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
+dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
+8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
+Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
+BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
+wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
+GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
+b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
+Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
+MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
+LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
+bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
++QYqtVyf85fgjqPfVxynlMryl45W
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462053 (0x20090525)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:28 2009 GMT
+            Not After : May 25 21:44:28 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+                    59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+                    e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+                    dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+                    29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+                    28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+                    f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+                    49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+                    89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+                    f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+                    4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+                    3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+                    1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+                    8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+                    a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+                    3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+                    7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+                    d2:15
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+        af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+        18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+        7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+        ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+        35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+        65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+        6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+        2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+        67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+        fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+        b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+        29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+        f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+        52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2c604ee/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-rsa-cert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-rsa-cert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-rsa-cert.pem
new file mode 100644
index 0000000..e4fa2f0
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-rsa-cert.pem
@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462053 (0x20090525)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:31 2009 GMT
+            Not After : May 25 21:44:31 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+                    7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+                    8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+                    95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+                    41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+                    80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+                    f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+                    d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+                    9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+                    6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+                    56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+                    31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+                    71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+                    41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+                    cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+                    c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+                    4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+                    e5:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+            X509v3 Authority Key Identifier: 
+                keyid:2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+
+    Signature Algorithm: sha1WithRSAEncryption
+        02:ea:45:04:9c:7b:79:4b:bc:24:7d:b4:5a:43:fa:cc:06:48:
+        d3:60:3f:a0:04:bc:42:ef:01:cc:0d:75:64:85:0a:86:37:e7:
+        14:09:29:92:f0:e0:c1:d4:e5:c1:6b:82:82:74:74:74:ae:68:
+        ac:0d:08:d3:95:e4:aa:3b:6a:a7:fd:f6:ea:f1:de:7b:4d:7b:
+        70:f8:a4:b1:21:a3:b2:e6:b1:5a:85:ca:c5:47:4b:c3:35:23:
+        3d:cd:f3:f8:fa:07:35:7d:df:a9:7e:a5:11:86:83:8f:06:13:
+        b5:93:73:78:ab:35:90:0d:a1:7d:8a:11:e7:55:d8:15:bd:bd:
+        54:e0:ae:6a:77:1a:13:ea:4c:23:11:64:d2:2f:2c:e1:04:2c:
+        05:b4:c7:25:73:6d:3b:69:be:94:16:6d:28:00:bc:67:48:f8:
+        1e:dd:1d:63:4c:6b:9f:85:e4:bb:10:ff:bf:b6:f2:2c:c8:53:
+        3c:23:b6:55:85:fd:68:95:27:93:ff:34:d7:29:7b:18:19:4b:
+        77:88:e8:75:a5:ba:2c:d6:64:f7:25:2e:fa:af:14:63:95:1b:
+        d1:77:3c:bc:0c:13:5f:37:5a:06:b7:92:22:ed:a0:d1:6c:b1:
+        e7:3f:af:95:c1:8a:7f:47:46:a0:74:ad:35:d0:52:59:31:b5:
+        2b:3c:fe:3d
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlh
+dGUxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkw
+NTI1MjE0NDMxWhcNNDkwNTI1MjE0NDMxWjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNV
+BAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15
+ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHRlc3QxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDIY6+Wgj6MqdEdYq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2N
+gZWIaODvOF9uOEK2U0ZfJEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rk
+cs3qwP2ba5VKn/pSqNLlnKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7Ul
+WNO4TSlwG9qHZ1aoM3GIg5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr
+/AapxnfO8UFNxVWSOLW7ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGo
+lSU8aUyqspvd8IWJPd5d6HBHueXNAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSfFHe/Pzq2yjiCQkgWLNrQy16H2DAfBgNVHSMEGDAWgBQu9M2htK0DhdivaZfV
+LZVA1r8SvzANBgkqhkiG9w0BAQUFAAOCAQEAAupFBJx7eUu8JH20WkP6zAZI02A/
+oAS8Qu8BzA11ZIUKhjfnFAkpkvDgwdTlwWuCgnR0dK5orA0I05Xkqjtqp/326vHe
+e017cPiksSGjsuaxWoXKxUdLwzUjPc3z+PoHNX3fqX6lEYaDjwYTtZNzeKs1kA2h
+fYoR51XYFb29VOCuancaE+pMIxFk0i8s4QQsBbTHJXNtO2m+lBZtKAC8Z0j4Ht0d
+Y0xrn4XkuxD/v7byLMhTPCO2VYX9aJUnk/801yl7GBlLd4jodaW6LNZk9yUu+q8U
+Y5Ub0Xc8vAwTXzdaBreSIu2g0Wyx5z+vlcGKf0dGoHStNdBSWTG1Kzz+PQ==
+-----END CERTIFICATE-----


Mime
View raw message