directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [2/4] directory-kerby git commit: DIRKRB-519 Check all the tests to use the NameTest format.
Date Thu, 31 Dec 2015 03:12:41 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitRsaAsReqCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitRsaAsReqCodec.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitRsaAsReqCodec.java
deleted file mode 100644
index a5d6efc..0000000
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitRsaAsReqCodec.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.codec;
-
-import org.apache.kerby.asn1.Asn1;
-import org.apache.kerby.cms.type.ContentInfo;
-import org.apache.kerby.cms.type.SignedData;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
-import org.apache.kerby.kerberos.kerb.type.base.NameType;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.type.kdc.AsReq;
-import org.apache.kerby.kerberos.kerb.type.kdc.KdcReqBody;
-import org.apache.kerby.kerberos.kerb.type.pa.PaData;
-import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
-import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
-import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsReq;
-import org.junit.Test;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.text.ParseException;
-import java.util.Arrays;
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.*;
-
-public class TestPkinitRsaAsReqCodec {
-    @Test
-    public void test() throws IOException, ParseException {
-        byte[] bytes = CodecTestUtil.readDataFile("/pkinit_rsa_asreq.token");
-        Asn1.parseAndDump(bytes);
-        ByteBuffer asReqToken = ByteBuffer.wrap(bytes);
-
-        AsReq asReq = new AsReq();
-        asReq.decode(asReqToken);
-        //Asn1.decodeAndDump(asReq);
-
-        assertThat(asReq.getPvno()).isEqualTo(5);
-        assertThat(asReq.getMsgType()).isEqualTo(KrbMessageType.AS_REQ);
-
-        PaData paData = asReq.getPaData();
-
-        PaDataEntry paFxCookieEntry = paData.findEntry(PaDataType.FX_COOKIE);
-        assertThat(paFxCookieEntry.getPaDataType()).isEqualTo(PaDataType.FX_COOKIE);
-        assertThat(paFxCookieEntry.getPaDataValue()).isEqualTo(Arrays.copyOfRange(bytes, 38, 41));
-
-        PaDataEntry pkAsReqEntry = paData.findEntry(PaDataType.PK_AS_REQ);
-        assertThat(pkAsReqEntry.getPaDataType()).isEqualTo(PaDataType.PK_AS_REQ);
-        assertThat(pkAsReqEntry.getPaDataValue()).isEqualTo(Arrays.copyOfRange(bytes, 58, 2138));
-
-        PaPkAsReq paPkAsReq = new PaPkAsReq();
-        paPkAsReq.decode(pkAsReqEntry.getPaDataValue());
-        ContentInfo contentInfo = new ContentInfo();
-        //Asn1.parseAndDump(paPkAsReq.getSignedAuthPack());
-        contentInfo.decode(paPkAsReq.getSignedAuthPack());
-        assertThat(contentInfo.getContentType()).isEqualTo("1.2.840.113549.1.7.2");
-        //Asn1.dump(contentInfo);
-
-        SignedData signedData = contentInfo.getContentAs(SignedData.class);
-        assertThat(signedData.getCertificates().getElements().size()).isEqualTo(1);
-        assertThat(signedData.getEncapContentInfo().getContentType()).isEqualTo("1.3.6.1.5.2.3.1");
-
-        PaDataEntry encpaEntry = paData.findEntry(PaDataType.ENCPADATA_REQ_ENC_PA_REP);
-        assertThat(encpaEntry.getPaDataType()).isEqualTo(PaDataType.ENCPADATA_REQ_ENC_PA_REP);
-        assertThat(encpaEntry.getPaDataValue()).isEqualTo(Arrays.copyOfRange(bytes, 2148, 2148));
-
-        KdcReqBody body = asReq.getReqBody();
-        assertThat(body.getKdcOptions().getPadding()).isEqualTo(0);
-        assertThat(body.getKdcOptions().getValue()).isEqualTo(Arrays.copyOfRange(bytes, 2161, 2165));
-        PrincipalName cName = body.getCname();
-        assertThat(cName.getNameType()).isEqualTo(NameType.NT_PRINCIPAL);
-        assertThat(body.getRealm()).isEqualTo("EXAMPLE.COM");
-        PrincipalName sName = body.getSname();
-        assertThat(sName.getNameType()).isEqualTo(NameType.NT_SRV_INST);
-        assertThat(sName.getNameStrings()).hasSize(2)
-                .contains("krbtgt", "EXAMPLE.COM");
-
-        assertThat(body.getNonce()).isEqualTo(658979657);
-
-        List<EncryptionType> types = body.getEtypes();
-        assertThat(types).hasSize(6);
-        assertThat(types.get(0).getValue()).isEqualTo(0x0012);
-        assertThat(types.get(1).getValue()).isEqualTo(0x0011);
-        assertThat(types.get(2).getValue()).isEqualTo(0x0010);
-        assertThat(types.get(3).getValue()).isEqualTo(0x0017);
-        assertThat(types.get(4).getValue()).isEqualTo(0x0019);
-        assertThat(types.get(5).getValue()).isEqualTo(0x001A);
-
-        // Test encode PaPkAsReq
-        byte[] encodedPaPkAsReq = paPkAsReq.encode();
-        PaPkAsReq decodedPaPkAsReq = new PaPkAsReq();
-        decodedPaPkAsReq.decode(encodedPaPkAsReq);
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsRepCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsRepCodec.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsRepCodec.java
deleted file mode 100644
index 48aa83f..0000000
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsRepCodec.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.codec;
-
-import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
-import org.apache.kerby.kerberos.kerb.type.base.NameType;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.type.kdc.TgsRep;
-import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
-import org.junit.Test;
-
-import java.io.IOException;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * Test TgsRep message using a real 'correct' network packet captured from MS-AD to detective programming errors
- * and compatibility issues particularly regarding Kerberos crypto.
- */
-public class TestTgsRepCodec {
-
-    @Test
-    public void test() throws IOException {
-        byte[] bytes = CodecTestUtil.readBinaryFile("/tgsrep.token");
-        TgsRep tgsRep = new TgsRep();
-        tgsRep.decode(bytes);
-
-        assertThat(tgsRep.getPvno()).isEqualTo(5);
-        assertThat(tgsRep.getMsgType()).isEqualTo(KrbMessageType.TGS_REP);
-        assertThat(tgsRep.getCrealm()).isEqualTo("DENYDC.COM");
-
-        PrincipalName cName = tgsRep.getCname();
-        assertThat(cName.getNameType()).isEqualTo(NameType.NT_PRINCIPAL);
-        assertThat(cName.getNameStrings()).hasSize(1).contains("des");
-
-        Ticket ticket = tgsRep.getTicket();
-        assertThat(ticket.getTktvno()).isEqualTo(5);
-        assertThat(ticket.getRealm()).isEqualTo("DENYDC.COM");
-        PrincipalName sName = ticket.getSname();
-        assertThat(sName.getNameType()).isEqualTo(NameType.NT_SRV_HST);
-        assertThat(sName.getNameStrings()).hasSize(2)
-                .contains("host", "xp1.denydc.com");
-        //FIXME
-        //EncTicketPart encTicketPart = ticket.getEncPart();
-        //assertThat(encTicketPart.getKey().getKeyType().getValue()).isEqualTo(23);
-        //assertThat(encTicketPart.getKey().getKvno()).isEqualTo(2);
-
-        //EncKdcRepPart encKdcRepPart = tgsRep.getEncPart();
-        //assertThat(encKdcRepPart.getKey().getKeyType().getValue()).isEqualTo(3);
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsReqCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsReqCodec.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsReqCodec.java
deleted file mode 100644
index 10dca95..0000000
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsReqCodec.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.codec;
-
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
-import org.apache.kerby.kerberos.kerb.type.base.NameType;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.type.kdc.KdcReqBody;
-import org.apache.kerby.kerberos.kerb.type.kdc.TgsReq;
-import org.apache.kerby.kerberos.kerb.type.pa.PaData;
-import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
-import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
-import org.junit.Test;
-
-import java.io.IOException;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.List;
-import java.util.SimpleTimeZone;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * Test TgsReq message using a real 'correct' network packet captured from MS-AD to detective programming errors
- * and compatibility issues particularly regarding Kerberos crypto.
- */
-public class TestTgsReqCodec {
-
-    @Test
-    public void test() throws IOException, ParseException {
-        byte[] bytes = CodecTestUtil.readBinaryFile("/tgsreq.token");
-        TgsReq tgsReq = new TgsReq();
-        tgsReq.decode(bytes);
-
-        assertThat(tgsReq.getPvno()).isEqualTo(5);
-        assertThat(tgsReq.getMsgType()).isEqualTo(KrbMessageType.TGS_REQ);
-
-        PaData paData = tgsReq.getPaData();
-        assertThat(paData.getElements()).hasSize(1);
-        PaDataEntry entry = paData.getElements().iterator().next();
-        assertThat(entry.getPaDataType()).isEqualTo(PaDataType.TGS_REQ);
-
-        //request body
-        KdcReqBody body = tgsReq.getReqBody();
-        assertThat(body.getKdcOptions().getPadding()).isEqualTo(0);
-        byte[] kdcOptionsValue = {64, (byte) 128, 0, 0};
-        assertThat(body.getKdcOptions().getValue()).isEqualTo(kdcOptionsValue);
-
-        assertThat(body.getRealm()).isEqualTo("DENYDC.COM");
-
-        PrincipalName sName = body.getSname();
-        assertThat(sName.getNameType()).isEqualTo(NameType.NT_SRV_HST);
-        assertThat(sName.getNameStrings()).hasSize(2)
-                .contains("host", "xp1.denydc.com");
-
-        SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
-        sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
-        Date date = sdf.parse("20370913024805");
-        assertThat(body.getTill().getTime()).isEqualTo(date.getTime());
-
-        assertThat(body.getNonce()).isEqualTo(197296424);
-
-        List<EncryptionType> eTypes = body.getEtypes();
-        assertThat(eTypes).hasSize(7);
-        assertThat(eTypes.get(0).getValue()).isEqualTo(0x0017);
-        //assertThat(eTypes.get(1).getValue()).isEqualTo(-133);//FIXME
-        //assertThat(eTypes.get(2).getValue()).isEqualTo(-128);//FIXME
-        assertThat(eTypes.get(3).getValue()).isEqualTo(0x0003);
-        assertThat(eTypes.get(4).getValue()).isEqualTo(0x0001);
-        assertThat(eTypes.get(5).getValue()).isEqualTo(0x0018);
-        //assertThat(eTypes.get(6).getValue()).isEqualTo(-135);//FIXME
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsRepCodecTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsRepCodecTest.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsRepCodecTest.java
new file mode 100644
index 0000000..4e618d5
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsRepCodecTest.java
@@ -0,0 +1,68 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec;
+
+import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.type.base.NameType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.type.kdc.TgsRep;
+import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Test TgsRep message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TgsRepCodecTest {
+
+    @Test
+    public void test() throws IOException {
+        byte[] bytes = CodecTestUtil.readBinaryFile("/tgsrep.token");
+        TgsRep tgsRep = new TgsRep();
+        tgsRep.decode(bytes);
+
+        assertThat(tgsRep.getPvno()).isEqualTo(5);
+        assertThat(tgsRep.getMsgType()).isEqualTo(KrbMessageType.TGS_REP);
+        assertThat(tgsRep.getCrealm()).isEqualTo("DENYDC.COM");
+
+        PrincipalName cName = tgsRep.getCname();
+        assertThat(cName.getNameType()).isEqualTo(NameType.NT_PRINCIPAL);
+        assertThat(cName.getNameStrings()).hasSize(1).contains("des");
+
+        Ticket ticket = tgsRep.getTicket();
+        assertThat(ticket.getTktvno()).isEqualTo(5);
+        assertThat(ticket.getRealm()).isEqualTo("DENYDC.COM");
+        PrincipalName sName = ticket.getSname();
+        assertThat(sName.getNameType()).isEqualTo(NameType.NT_SRV_HST);
+        assertThat(sName.getNameStrings()).hasSize(2)
+                .contains("host", "xp1.denydc.com");
+        //FIXME
+        //EncTicketPart encTicketPart = ticket.getEncPart();
+        //assertThat(encTicketPart.getKey().getKeyType().getValue()).isEqualTo(23);
+        //assertThat(encTicketPart.getKey().getKvno()).isEqualTo(2);
+
+        //EncKdcRepPart encKdcRepPart = tgsRep.getEncPart();
+        //assertThat(encKdcRepPart.getKey().getKeyType().getValue()).isEqualTo(3);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsReqCodecTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsReqCodecTest.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsReqCodecTest.java
new file mode 100644
index 0000000..902e6dd
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TgsReqCodecTest.java
@@ -0,0 +1,92 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec;
+
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.type.base.NameType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.type.kdc.KdcReqBody;
+import org.apache.kerby.kerberos.kerb.type.kdc.TgsReq;
+import org.apache.kerby.kerberos.kerb.type.pa.PaData;
+import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
+import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.List;
+import java.util.SimpleTimeZone;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Test TgsReq message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TgsReqCodecTest {
+
+    @Test
+    public void test() throws IOException, ParseException {
+        byte[] bytes = CodecTestUtil.readBinaryFile("/tgsreq.token");
+        TgsReq tgsReq = new TgsReq();
+        tgsReq.decode(bytes);
+
+        assertThat(tgsReq.getPvno()).isEqualTo(5);
+        assertThat(tgsReq.getMsgType()).isEqualTo(KrbMessageType.TGS_REQ);
+
+        PaData paData = tgsReq.getPaData();
+        assertThat(paData.getElements()).hasSize(1);
+        PaDataEntry entry = paData.getElements().iterator().next();
+        assertThat(entry.getPaDataType()).isEqualTo(PaDataType.TGS_REQ);
+
+        //request body
+        KdcReqBody body = tgsReq.getReqBody();
+        assertThat(body.getKdcOptions().getPadding()).isEqualTo(0);
+        byte[] kdcOptionsValue = {64, (byte) 128, 0, 0};
+        assertThat(body.getKdcOptions().getValue()).isEqualTo(kdcOptionsValue);
+
+        assertThat(body.getRealm()).isEqualTo("DENYDC.COM");
+
+        PrincipalName sName = body.getSname();
+        assertThat(sName.getNameType()).isEqualTo(NameType.NT_SRV_HST);
+        assertThat(sName.getNameStrings()).hasSize(2)
+                .contains("host", "xp1.denydc.com");
+
+        SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
+        sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+        Date date = sdf.parse("20370913024805");
+        assertThat(body.getTill().getTime()).isEqualTo(date.getTime());
+
+        assertThat(body.getNonce()).isEqualTo(197296424);
+
+        List<EncryptionType> eTypes = body.getEtypes();
+        assertThat(eTypes).hasSize(7);
+        assertThat(eTypes.get(0).getValue()).isEqualTo(0x0017);
+        //assertThat(eTypes.get(1).getValue()).isEqualTo(-133);//FIXME
+        //assertThat(eTypes.get(2).getValue()).isEqualTo(-128);//FIXME
+        assertThat(eTypes.get(3).getValue()).isEqualTo(0x0003);
+        assertThat(eTypes.get(4).getValue()).isEqualTo(0x0001);
+        assertThat(eTypes.get(5).getValue()).isEqualTo(0x0018);
+        //assertThat(eTypes.get(6).getValue()).isEqualTo(-135);//FIXME
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcConfigLoadTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcConfigLoadTest.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcConfigLoadTest.java
new file mode 100644
index 0000000..bf761d5
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcConfigLoadTest.java
@@ -0,0 +1,73 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class KdcConfigLoadTest {
+
+    @Test
+    public void test() throws URISyntaxException, IOException {
+        URL confFileUrl = KdcConfigLoadTest.class.getResource("/kdc.conf");
+        File confFile = new File(confFileUrl.toURI());
+
+        KdcConfig kdcConfig = new KdcConfig();
+        kdcConfig.addIniConfig(confFile);
+
+        assertThat(kdcConfig.getKdcHost()).isEqualTo("localhost");
+        assertThat(kdcConfig.getKdcUdpPort()).isEqualTo(88);
+        assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(8014);
+        assertThat(kdcConfig.getKdcRealm()).isEqualTo("TEST.COM");
+        assertThat(kdcConfig.isRestrictAnonymousToTgt()).isTrue();
+        assertThat(kdcConfig.getKdcMaxDgramReplySize()).isEqualTo(4096);
+    }
+
+    @Test
+    public void testManualConfiguration() {
+        KdcConfig kdcConfig = new KdcConfig();
+
+        kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
+        kdcConfig.setInt(KdcConfigKey.KDC_TCP_PORT, 12345);
+        kdcConfig.setString(KdcConfigKey.KDC_REALM, "TEST2.COM");
+
+        assertThat(kdcConfig.getKdcHost()).isEqualTo("localhost");
+        assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(12345);
+        assertThat(kdcConfig.getKdcRealm()).isEqualTo("TEST2.COM");
+    }
+
+    @Test
+    public void testConfigurationDefaults() {
+        KdcConfig kdcConfig = new KdcConfig();
+
+        assertThat(kdcConfig.getKdcHost()).isEqualTo(
+                KdcConfigKey.KDC_HOST.getDefaultValue());
+        assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(-1);
+        assertThat(kdcConfig.getKdcRealm()).isEqualTo(
+                KdcConfigKey.KDC_REALM.getDefaultValue()
+        );
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
deleted file mode 100644
index 402e256..0000000
--- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server;
-
-import org.junit.Test;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.net.URL;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-public class TestKdcConfigLoad {
-
-    @Test
-    public void test() throws URISyntaxException, IOException {
-        URL confFileUrl = TestKdcConfigLoad.class.getResource("/kdc.conf");
-        File confFile = new File(confFileUrl.toURI());
-
-        KdcConfig kdcConfig = new KdcConfig();
-        kdcConfig.addIniConfig(confFile);
-
-        assertThat(kdcConfig.getKdcHost()).isEqualTo("localhost");
-        assertThat(kdcConfig.getKdcUdpPort()).isEqualTo(88);
-        assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(8014);
-        assertThat(kdcConfig.getKdcRealm()).isEqualTo("TEST.COM");
-        assertThat(kdcConfig.isRestrictAnonymousToTgt()).isTrue();
-        assertThat(kdcConfig.getKdcMaxDgramReplySize()).isEqualTo(4096);
-    }
-
-    @Test
-    public void testManualConfiguration() {
-        KdcConfig kdcConfig = new KdcConfig();
-
-        kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
-        kdcConfig.setInt(KdcConfigKey.KDC_TCP_PORT, 12345);
-        kdcConfig.setString(KdcConfigKey.KDC_REALM, "TEST2.COM");
-
-        assertThat(kdcConfig.getKdcHost()).isEqualTo("localhost");
-        assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(12345);
-        assertThat(kdcConfig.getKdcRealm()).isEqualTo("TEST2.COM");
-    }
-
-    @Test
-    public void testConfigurationDefaults() {
-        KdcConfig kdcConfig = new KdcConfig();
-
-        assertThat(kdcConfig.getKdcHost()).isEqualTo(
-                KdcConfigKey.KDC_HOST.getDefaultValue());
-        assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(-1);
-        assertThat(kdcConfig.getKdcRealm()).isEqualTo(
-                KdcConfigKey.KDC_REALM.getDefaultValue()
-        );
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java
new file mode 100644
index 0000000..4d775b1
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java
@@ -0,0 +1,84 @@
+package org.apache.commons.ssl;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import javax.security.auth.x500.X500Principal;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.X509Certificate;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.mockito.Mockito.when;
+
+/**
+ * Created by julius on 06/09/14.
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class CertificatesTest {
+
+    @Mock
+    private X509Certificate x509;
+
+    @Test
+    public void testGetCNsMocked() {
+        X500Principal normal = new X500Principal("CN=abc,OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
+        X500Principal bad1 = new X500Principal("CN=\"abc,CN=foo.com,\",OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
+        X500Principal bad2 = new X500Principal("ou=\",CN=evil.ca,\",  CN=good.net");
+
+        when(x509.getSubjectX500Principal()).thenReturn(normal);
+        String[] cns = Certificates.getCNs(x509);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("abc", cns[0]);
+
+        when(x509.getSubjectX500Principal()).thenReturn(bad2);
+        cns = Certificates.getCNs(x509);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("good.net", cns[0]);
+
+        when(x509.getSubjectX500Principal()).thenReturn(bad1);
+        cns = Certificates.getCNs(x509);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("abc,CN=foo.com,", cns[0]);
+    }
+
+    @Test
+    public void testGetCNsReal() throws IOException, GeneralSecurityException {
+        String samplesDir = TEST_HOME + "x509";
+
+        TrustMaterial tm = new TrustMaterial(samplesDir + "/x509_three_cns_foo_bar_hanako.pem");
+        X509Certificate c = (X509Certificate) tm.getCertificates().first();
+        String[] cns = Certificates.getCNs(c);
+        Assert.assertEquals(3, cns.length);
+        Assert.assertEquals("foo.com", cns[0]);
+        Assert.assertEquals("bar.com", cns[1]);
+        //Assert.assertEquals("花子.co.jp", cns[2]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_foo_bar_hanako.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("foo.com", cns[0]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_wild_co_jp.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("*.co.jp", cns[0]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_wild_foo_bar_hanako.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("*.foo.com", cns[0]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_wild_foo.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("*.foo.com", cns[0]);
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java
new file mode 100644
index 0000000..ab58813
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java
@@ -0,0 +1,77 @@
+package org.apache.commons.ssl;
+
+import org.apache.kerby.util.EncryptoUtil;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.Test;
+
+import java.io.File;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.Locale;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
+
+public class KeyMaterialTest {
+    public static final char[] PASSWORD1 = "changeit".toCharArray();
+    public static final char[] PASSWORD2 = "itchange".toCharArray();
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    @Test
+    public void testKeystores() throws Exception {
+        String samplesDir = TEST_HOME + "keystores";
+        File dir = new File(samplesDir);
+        String[] files = dir.list();
+        Arrays.sort(files, String.CASE_INSENSITIVE_ORDER);
+        for (String f : files) {
+            String file = f.toUpperCase(Locale.ENGLISH);
+            if (file.endsWith(".KS") || file.contains("PKCS12")) {
+                examineKeyStore(samplesDir, f, null);
+            } else if (file.endsWith(".PEM")) {
+                examineKeyStore(samplesDir, f, "rsa.key");
+            }
+        }
+    }
+
+    private static void examineKeyStore(String dir, String fileName, String file2) throws Exception {
+        String filename = fileName.toUpperCase(Locale.ENGLISH);
+        boolean hasMultiPassword = filename.contains(".2PASS.");
+
+        System.out.print("Testing KeyMaterial: " + dir + "/" + fileName);        
+        char[] pass1 = PASSWORD1;
+        char[] pass2 = PASSWORD1;
+        if (hasMultiPassword) {
+            pass2 = PASSWORD2;
+        }
+
+        file2 = file2 != null ? dir + "/" + file2 : null;
+
+        Date today = new Date();
+        KeyMaterial km;
+
+
+        try {
+            assumeTrue(EncryptoUtil.isAES256Enabled());
+            km = new KeyMaterial(dir + "/" + fileName, file2, pass1, pass2);
+        } catch (ProbablyBadPasswordException pbpe) {
+            System.out.println("  WARN:  " + pbpe);
+            return;
+        }
+        assertEquals("keymaterial-contains-1-alias", 1, km.getAliases().size());
+        for (X509Certificate[] cert : (List<X509Certificate[]>) km.getAssociatedCertificateChains()) {
+            for (X509Certificate c : cert) {
+                assertTrue("certchain-valid-dates", c.getNotAfter().after(today));
+            }
+        }
+
+        System.out.println("\t SUCCESS! ");
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java
new file mode 100644
index 0000000..7855c11
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java
@@ -0,0 +1,166 @@
+package org.apache.commons.ssl;
+
+import org.apache.kerby.util.EncryptoUtil;
+import org.apache.kerby.util.Util;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.Random;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+public class OpenSSLTest {
+
+    public void encTest(String cipher) throws Exception {
+        Random random = new Random();
+        char[] pwd = {'!', 'E', 'i', 'k', 'o', '?'};
+
+        for (int i = 0; i < 4567; i++) {
+            byte[] buf = new byte[i];
+            random.nextBytes(buf);
+            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
+            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
+            boolean result = Arrays.equals(buf, dec);
+            if (!result) {
+                System.out.println();
+                System.out.println("Failed on : " + i);
+            }
+            assertTrue(result);
+        }
+
+        for (int i = 5; i < 50; i++) {
+            int testSize = i * 1000 + 123;
+            byte[] buf = new byte[testSize];
+            random.nextBytes(buf);
+            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
+            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
+            boolean result = Arrays.equals(buf, dec);
+            if (!result) {
+                System.out.println();
+                System.out.println("Failed on : " + testSize);
+            }
+            assertTrue(result);
+        }
+
+    }
+
+    @Test
+    public void testDES3Bytes() throws Exception {
+        encTest("des3");
+    }
+
+    @Test
+    public void testAES128Bytes() throws Exception {
+        encTest("aes128");
+    }
+
+    @Test
+    public void testRC2Bytes() throws Exception {
+        encTest("rc2");
+    }
+
+    @Test
+    public void testDESBytes() throws Exception {
+        encTest("des");
+    }
+
+    @Test
+    public void testDecryptPBE() throws Exception {
+        File d = new File(TEST_HOME + "pbe");
+        File[] files = d.listFiles();
+        if (files == null) {
+            fail("No testDecryptPBE() files to test!");
+        }
+        int testCount = 0;
+        Arrays.sort(files);
+        for (File f : files) {
+            testCount += process(f, 0);
+        }
+        System.out.println(testCount + " pbe test files successfully decrypted.");
+    }
+
+    private static int process(File f, int depth) throws Exception {
+        int sum = 0;
+        String name = f.getName();
+        if ("CVS".equalsIgnoreCase(name)) {
+            return 0;
+        }
+        if (".svn".equalsIgnoreCase(name)) {
+            return 0;
+        }
+        if (name.toUpperCase().startsWith("README")) {
+            return 0;
+        }
+
+        if (f.isDirectory()) {
+            if (depth <= 7) {
+                File[] files = f.listFiles();
+                if (files == null) {
+                    return 0;
+                }
+                Arrays.sort(files);
+                for (File ff : files) {
+                    sum += process(ff, depth + 1);
+                }
+            } else {
+                System.out.println("IGNORING [" + f + "].  Directory too deep (" + depth + ").");
+            }
+        } else {
+            if (f.isFile() && f.canRead()) {
+                String fileName = f.getName();
+                int x = fileName.indexOf('.');
+                if (x < 0) {
+                    return 0;
+                }
+                if (fileName.endsWith(".failed")) {
+                    System.out.println("Skipping file marked with failed: " + fileName);
+                    return 0;
+                }
+
+                String cipher = fileName.substring(0, x);
+                String cipherPadded = Util.pad(cipher, 20, false);
+                String filePadded = Util.pad(fileName, 25, false);
+                FileInputStream in = null;
+                try {
+                    in = new FileInputStream(f);
+                    byte[] encrypted = Util.streamToBytes(in);
+                    char[] pwd = "changeit".toCharArray();
+                    try {
+                        assumeTrue(EncryptoUtil.isAES256Enabled());
+                        byte[] result = OpenSSL.decrypt(cipher, pwd, encrypted);
+                        String s = new String(result, "ISO-8859-1");
+                        if (!"Hello World!".equals(s)) {
+                            fail(cipherPadded + "." + filePadded
+                                + " decrypts to 'Hello World!', but actually is" + s);
+                        }
+                        return 1;
+                    } catch (NoSuchAlgorithmException nsae) {
+                        System.out.println("Warn: " + cipherPadded + filePadded
+                            + " NoSuchAlgorithmException");
+                        return 0;
+                    } catch (ArithmeticException ae) {
+                        if (cipherPadded.contains("cfb1")) {
+                            System.out.println("Warn: " + cipherPadded + filePadded
+                                + " BouncyCastle can't handle cfb1 " + ae);
+                            return 0;
+                        } else {
+                            throw ae;
+                        }
+                    }
+                } finally {
+                    if (in != null) {
+                        in.close();
+                    }
+                }
+            }
+        }
+        return sum;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java
new file mode 100644
index 0000000..ef6e38d
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java
@@ -0,0 +1,61 @@
+package org.apache.commons.ssl;
+
+import org.apache.kerby.util.EncryptoUtil;
+import org.apache.kerby.util.Util;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.Arrays;
+import java.util.Locale;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+public class PKCS8KeyTest {
+
+    @Test
+    public void testDSA() throws Exception {
+        checkFiles("dsa");
+    }
+
+    @Test
+    public void testRSA() throws Exception {
+        checkFiles("rsa");
+    }
+
+    private static void checkFiles(String type) throws Exception {
+        String password = "changeit";
+        File dir = new File(TEST_HOME + type);
+        File[] files = dir.listFiles();
+        if (files == null) {
+            fail("No files to test!");
+            return;
+        }
+        byte[] original = null;
+        for (File f : files) {
+            String filename = f.getName();
+            String fileName = filename.toUpperCase(Locale.ENGLISH);
+            if (!fileName.endsWith(".PEM") && !fileName.endsWith(".DER")) {
+                // not a sample file
+                continue;
+            }
+
+            System.out.println("Checking PKCS file:" + filename);
+            FileInputStream in = new FileInputStream(f);
+            byte[] bytes = Util.streamToBytes(in);
+            assumeTrue(EncryptoUtil.isAES256Enabled());
+            PKCS8Key key = new PKCS8Key(bytes, password.toCharArray());
+            byte[] decrypted = key.getDecryptedBytes();
+            if (original == null) {
+                original = decrypted;
+            } else {
+                boolean identical = Arrays.equals(original, decrypted);
+                assertTrue(f.getCanonicalPath() + " - all " + type + " resources decrypt to same key", identical);
+            }
+        }
+
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java
deleted file mode 100644
index 2113510..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.junit.Assert;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
-
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.cert.X509Certificate;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.mockito.Mockito.when;
-
-/**
- * Created by julius on 06/09/14.
- */
-@RunWith(MockitoJUnitRunner.class)
-public class TestCertificates {
-
-    @Mock
-    private X509Certificate x509;
-
-    @Test
-    public void testGetCNsMocked() {
-        X500Principal normal = new X500Principal("CN=abc,OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
-        X500Principal bad1 = new X500Principal("CN=\"abc,CN=foo.com,\",OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
-        X500Principal bad2 = new X500Principal("ou=\",CN=evil.ca,\",  CN=good.net");
-
-        when(x509.getSubjectX500Principal()).thenReturn(normal);
-        String[] cns = Certificates.getCNs(x509);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("abc", cns[0]);
-
-        when(x509.getSubjectX500Principal()).thenReturn(bad2);
-        cns = Certificates.getCNs(x509);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("good.net", cns[0]);
-
-        when(x509.getSubjectX500Principal()).thenReturn(bad1);
-        cns = Certificates.getCNs(x509);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("abc,CN=foo.com,", cns[0]);
-    }
-
-    @Test
-    public void testGetCNsReal() throws IOException, GeneralSecurityException {
-        String samplesDir = TEST_HOME + "x509";
-
-        TrustMaterial tm = new TrustMaterial(samplesDir + "/x509_three_cns_foo_bar_hanako.pem");
-        X509Certificate c = (X509Certificate) tm.getCertificates().first();
-        String[] cns = Certificates.getCNs(c);
-        Assert.assertEquals(3, cns.length);
-        Assert.assertEquals("foo.com", cns[0]);
-        Assert.assertEquals("bar.com", cns[1]);
-        //Assert.assertEquals("花子.co.jp", cns[2]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_foo_bar_hanako.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("foo.com", cns[0]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_wild_co_jp.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("*.co.jp", cns[0]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_wild_foo_bar_hanako.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("*.foo.com", cns[0]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_wild_foo.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("*.foo.com", cns[0]);
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
deleted file mode 100644
index 99a98e1..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
+++ /dev/null
@@ -1,77 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.EncryptoUtil;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.junit.Test;
-
-import java.io.File;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.List;
-import java.util.Locale;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assume.assumeTrue;
-
-public class TestKeyMaterial {
-    public static final char[] PASSWORD1 = "changeit".toCharArray();
-    public static final char[] PASSWORD2 = "itchange".toCharArray();
-
-    static {
-        Security.addProvider(new BouncyCastleProvider());
-    }
-
-    @Test
-    public void testKeystores() throws Exception {
-        String samplesDir = TEST_HOME + "keystores";
-        File dir = new File(samplesDir);
-        String[] files = dir.list();
-        Arrays.sort(files, String.CASE_INSENSITIVE_ORDER);
-        for (String f : files) {
-            String file = f.toUpperCase(Locale.ENGLISH);
-            if (file.endsWith(".KS") || file.contains("PKCS12")) {
-                examineKeyStore(samplesDir, f, null);
-            } else if (file.endsWith(".PEM")) {
-                examineKeyStore(samplesDir, f, "rsa.key");
-            }
-        }
-    }
-
-    private static void examineKeyStore(String dir, String fileName, String file2) throws Exception {
-        String filename = fileName.toUpperCase(Locale.ENGLISH);
-        boolean hasMultiPassword = filename.contains(".2PASS.");
-
-        System.out.print("Testing KeyMaterial: " + dir + "/" + fileName);        
-        char[] pass1 = PASSWORD1;
-        char[] pass2 = PASSWORD1;
-        if (hasMultiPassword) {
-            pass2 = PASSWORD2;
-        }
-
-        file2 = file2 != null ? dir + "/" + file2 : null;
-
-        Date today = new Date();
-        KeyMaterial km;
-
-
-        try {
-            assumeTrue(EncryptoUtil.isAES256Enabled());
-            km = new KeyMaterial(dir + "/" + fileName, file2, pass1, pass2);
-        } catch (ProbablyBadPasswordException pbpe) {
-            System.out.println("  WARN:  " + pbpe);
-            return;
-        }
-        assertEquals("keymaterial-contains-1-alias", 1, km.getAliases().size());
-        for (X509Certificate[] cert : (List<X509Certificate[]>) km.getAssociatedCertificateChains()) {
-            for (X509Certificate c : cert) {
-                assertTrue("certchain-valid-dates", c.getNotAfter().after(today));
-            }
-        }
-
-        System.out.println("\t SUCCESS! ");
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
deleted file mode 100644
index df6837f..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
+++ /dev/null
@@ -1,166 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.EncryptoUtil;
-import org.apache.kerby.util.Util;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
-import java.util.Random;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.junit.Assume.assumeTrue;
-
-public class TestOpenSSL {
-
-    public void encTest(String cipher) throws Exception {
-        Random random = new Random();
-        char[] pwd = {'!', 'E', 'i', 'k', 'o', '?'};
-
-        for (int i = 0; i < 4567; i++) {
-            byte[] buf = new byte[i];
-            random.nextBytes(buf);
-            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
-            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
-            boolean result = Arrays.equals(buf, dec);
-            if (!result) {
-                System.out.println();
-                System.out.println("Failed on : " + i);
-            }
-            assertTrue(result);
-        }
-
-        for (int i = 5; i < 50; i++) {
-            int testSize = i * 1000 + 123;
-            byte[] buf = new byte[testSize];
-            random.nextBytes(buf);
-            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
-            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
-            boolean result = Arrays.equals(buf, dec);
-            if (!result) {
-                System.out.println();
-                System.out.println("Failed on : " + testSize);
-            }
-            assertTrue(result);
-        }
-
-    }
-
-    @Test
-    public void testDES3Bytes() throws Exception {
-        encTest("des3");
-    }
-
-    @Test
-    public void testAES128Bytes() throws Exception {
-        encTest("aes128");
-    }
-
-    @Test
-    public void testRC2Bytes() throws Exception {
-        encTest("rc2");
-    }
-
-    @Test
-    public void testDESBytes() throws Exception {
-        encTest("des");
-    }
-
-    @Test
-    public void testDecryptPBE() throws Exception {
-        File d = new File(TEST_HOME + "pbe");
-        File[] files = d.listFiles();
-        if (files == null) {
-            fail("No testDecryptPBE() files to test!");
-        }
-        int testCount = 0;
-        Arrays.sort(files);
-        for (File f : files) {
-            testCount += process(f, 0);
-        }
-        System.out.println(testCount + " pbe test files successfully decrypted.");
-    }
-
-    private static int process(File f, int depth) throws Exception {
-        int sum = 0;
-        String name = f.getName();
-        if ("CVS".equalsIgnoreCase(name)) {
-            return 0;
-        }
-        if (".svn".equalsIgnoreCase(name)) {
-            return 0;
-        }
-        if (name.toUpperCase().startsWith("README")) {
-            return 0;
-        }
-
-        if (f.isDirectory()) {
-            if (depth <= 7) {
-                File[] files = f.listFiles();
-                if (files == null) {
-                    return 0;
-                }
-                Arrays.sort(files);
-                for (File ff : files) {
-                    sum += process(ff, depth + 1);
-                }
-            } else {
-                System.out.println("IGNORING [" + f + "].  Directory too deep (" + depth + ").");
-            }
-        } else {
-            if (f.isFile() && f.canRead()) {
-                String fileName = f.getName();
-                int x = fileName.indexOf('.');
-                if (x < 0) {
-                    return 0;
-                }
-                if (fileName.endsWith(".failed")) {
-                    System.out.println("Skipping file marked with failed: " + fileName);
-                    return 0;
-                }
-
-                String cipher = fileName.substring(0, x);
-                String cipherPadded = Util.pad(cipher, 20, false);
-                String filePadded = Util.pad(fileName, 25, false);
-                FileInputStream in = null;
-                try {
-                    in = new FileInputStream(f);
-                    byte[] encrypted = Util.streamToBytes(in);
-                    char[] pwd = "changeit".toCharArray();
-                    try {
-                        assumeTrue(EncryptoUtil.isAES256Enabled());
-                        byte[] result = OpenSSL.decrypt(cipher, pwd, encrypted);
-                        String s = new String(result, "ISO-8859-1");
-                        if (!"Hello World!".equals(s)) {
-                            fail(cipherPadded + "." + filePadded
-                                + " decrypts to 'Hello World!', but actually is" + s);
-                        }
-                        return 1;
-                    } catch (NoSuchAlgorithmException nsae) {
-                        System.out.println("Warn: " + cipherPadded + filePadded
-                            + " NoSuchAlgorithmException");
-                        return 0;
-                    } catch (ArithmeticException ae) {
-                        if (cipherPadded.contains("cfb1")) {
-                            System.out.println("Warn: " + cipherPadded + filePadded
-                                + " BouncyCastle can't handle cfb1 " + ae);
-                            return 0;
-                        } else {
-                            throw ae;
-                        }
-                    }
-                } finally {
-                    if (in != null) {
-                        in.close();
-                    }
-                }
-            }
-        }
-        return sum;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
deleted file mode 100644
index 59127da..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.EncryptoUtil;
-import org.apache.kerby.util.Util;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.util.Arrays;
-import java.util.Locale;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.junit.Assume.assumeTrue;
-
-public class TestPKCS8Key {
-
-    @Test
-    public void testDSA() throws Exception {
-        checkFiles("dsa");
-    }
-
-    @Test
-    public void testRSA() throws Exception {
-        checkFiles("rsa");
-    }
-
-    private static void checkFiles(String type) throws Exception {
-        String password = "changeit";
-        File dir = new File(TEST_HOME + type);
-        File[] files = dir.listFiles();
-        if (files == null) {
-            fail("No files to test!");
-            return;
-        }
-        byte[] original = null;
-        for (File f : files) {
-            String filename = f.getName();
-            String fileName = filename.toUpperCase(Locale.ENGLISH);
-            if (!fileName.endsWith(".PEM") && !fileName.endsWith(".DER")) {
-                // not a sample file
-                continue;
-            }
-
-            System.out.println("Checking PKCS file:" + filename);
-            FileInputStream in = new FileInputStream(f);
-            byte[] bytes = Util.streamToBytes(in);
-            assumeTrue(EncryptoUtil.isAES256Enabled());
-            PKCS8Key key = new PKCS8Key(bytes, password.toCharArray());
-            byte[] decrypted = key.getDecryptedBytes();
-            if (original == null) {
-                original = decrypted;
-            } else {
-                boolean identical = Arrays.equals(original, decrypted);
-                assertTrue(f.getCanonicalPath() + " - all " + type + " resources decrypt to same key", identical);
-            }
-        }
-
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
deleted file mode 100644
index b681b0f..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.Util;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyStoreException;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-
-public class TestTrustMaterial {
-
-    File pemFile = new File(TEST_HOME + "x509/certificate.pem");
-    File derFile = new File(TEST_HOME + "x509/certificate.der");
-
-    @Test
-    public void theTest() throws GeneralSecurityException, IOException {
-        // TrustMaterial in 0.3.13 couldn't load cacerts if it contained any private keys.
-        TrustMaterial tm = new TrustMaterial(TEST_HOME + "cacerts-with-78-entries-and-one-private-key.jks");
-        Assert.assertEquals(78, tm.getCertificates().size());
-    }
-
-    @Test
-    public void testLoadByFile() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(pemFile);
-        TrustMaterial tm2 = new TrustMaterial(derFile);
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-    }
-
-    @Test
-    public void testLoadByBytes() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(Util.fileToBytes(pemFile));
-        TrustMaterial tm2 = new TrustMaterial(Util.fileToBytes(derFile));
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-
-    }
-
-    @Test
-    public void testLoadByURL() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(pemFile.toURI().toURL());
-        TrustMaterial tm2 = new TrustMaterial(derFile.toURI().toURL());
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-    }
-
-    @Test
-    public void testLoadByStream() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(new FileInputStream(pemFile));
-        TrustMaterial tm2 = new TrustMaterial(new FileInputStream(derFile));
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-
-    }
-
-    @Test
-    public void testLoadByPath() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(pemFile.getPath());
-        TrustMaterial tm2 = new TrustMaterial(derFile.getPath());
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-    }
-
-    private static boolean equalKeystores(TrustMaterial tm1, TrustMaterial tm2) throws KeyStoreException {
-        return Util.equals(tm1.getKeyStore(), tm2.getKeyStore());
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java
new file mode 100644
index 0000000..2496440
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java
@@ -0,0 +1,67 @@
+package org.apache.commons.ssl;
+
+import org.apache.kerby.util.Util;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+
+public class TrustMaterialTest {
+
+    File pemFile = new File(TEST_HOME + "x509/certificate.pem");
+    File derFile = new File(TEST_HOME + "x509/certificate.der");
+
+    @Test
+    public void theTest() throws GeneralSecurityException, IOException {
+        // TrustMaterial in 0.3.13 couldn't load cacerts if it contained any private keys.
+        TrustMaterial tm = new TrustMaterial(TEST_HOME + "cacerts-with-78-entries-and-one-private-key.jks");
+        Assert.assertEquals(78, tm.getCertificates().size());
+    }
+
+    @Test
+    public void testLoadByFile() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile);
+        TrustMaterial tm2 = new TrustMaterial(derFile);
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    @Test
+    public void testLoadByBytes() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(Util.fileToBytes(pemFile));
+        TrustMaterial tm2 = new TrustMaterial(Util.fileToBytes(derFile));
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+
+    }
+
+    @Test
+    public void testLoadByURL() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile.toURI().toURL());
+        TrustMaterial tm2 = new TrustMaterial(derFile.toURI().toURL());
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    @Test
+    public void testLoadByStream() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(new FileInputStream(pemFile));
+        TrustMaterial tm2 = new TrustMaterial(new FileInputStream(derFile));
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+
+    }
+
+    @Test
+    public void testLoadByPath() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile.getPath());
+        TrustMaterial tm2 = new TrustMaterial(derFile.getPath());
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    private static boolean equalKeystores(TrustMaterial tm1, TrustMaterial tm2) throws KeyStoreException {
+        return Util.equals(tm1.getKeyStore(), tm2.getKeyStore());
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/kerby/cms/CertificateTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/CertificateTest.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/CertificateTest.java
new file mode 100644
index 0000000..6b6901c
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/CertificateTest.java
@@ -0,0 +1,76 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.cms;
+
+import org.apache.kerby.asn1.Asn1;
+import org.apache.kerby.x500.type.Name;
+import org.apache.kerby.x509.type.Certificate;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class CertificateTest extends CmsTestBase {
+    @Test
+    public void testDecodingCertificate() throws IOException {
+        byte[] data = readDataFile("/certificate1.txt");
+        try {
+            Asn1.parseAndDump(data);
+            Certificate certificate = new Certificate();
+            certificate.decode(data);
+            Asn1.dump(certificate);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+
+    @Test
+    public void testEncodingCertificate() throws IOException {
+        byte[] data = readDataFile("/certificate1.txt");
+        Asn1.parseAndDump(data);
+        try {
+            Certificate certificate = new Certificate();
+            certificate.decode(data);
+            Asn1.dump(certificate);
+            byte[] encodedData = certificate.encode();
+            Asn1.parseAndDump(encodedData);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+
+    @Test
+    public void testDecodingName() throws IOException {
+        byte[] data = readDataFile("/name.txt");
+        try {
+            Asn1.parseAndDump(data);
+            Name name = new Name();
+            name.decode(data);
+            Asn1.dump(name.getName());
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/kerby/cms/CompressedDataTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/CompressedDataTest.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/CompressedDataTest.java
new file mode 100644
index 0000000..9a9aeea
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/CompressedDataTest.java
@@ -0,0 +1,49 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.cms;
+
+import org.apache.kerby.asn1.Asn1;
+import org.apache.kerby.cms.type.CompressedContentInfo;
+import org.apache.kerby.cms.type.CompressedData;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class CompressedDataTest extends CmsTestBase {
+
+    @Test
+    public void testDump1WithCompressedData() throws IOException {
+        byte[] data = readDataFile("/compressed-data.txt");
+        try {
+            Asn1.parseAndDump(data);
+
+            CompressedContentInfo contentInfo = new CompressedContentInfo();
+            contentInfo.decode(data);
+            Asn1.dump(contentInfo);
+
+            CompressedData compressedData = contentInfo.getCompressedData();
+            Asn1.dump(compressedData);
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/kerby/cms/EnvelopedDataTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/EnvelopedDataTest.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/EnvelopedDataTest.java
new file mode 100644
index 0000000..532ddaa
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/EnvelopedDataTest.java
@@ -0,0 +1,86 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.cms;
+
+import org.apache.kerby.asn1.Asn1;
+import org.apache.kerby.cms.type.EnvelopedContentInfo;
+import org.apache.kerby.cms.type.EnvelopedData;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class EnvelopedDataTest extends CmsTestBase {
+
+    @Test
+    public void testDecodingKeyTrns() throws IOException {
+        byte[] data = readDataFile("/enveloped-keytrns.txt");
+        try {
+            Asn1.parseAndDump(data);
+
+            EnvelopedContentInfo contentInfo = new EnvelopedContentInfo();
+            contentInfo.decode(data);
+            Asn1.dump(contentInfo);
+
+            EnvelopedData envelopedData = contentInfo.getEnvelopedData();
+            Asn1.dump(envelopedData);
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+
+    @Test
+    public void testDecodingKek() throws IOException {
+        byte[] data = readDataFile("/enveloped-kek.txt");
+        try {
+            Asn1.parseAndDump(data);
+
+            EnvelopedContentInfo contentInfo = new EnvelopedContentInfo();
+            contentInfo.decode(data);
+            Asn1.dump(contentInfo);
+
+            EnvelopedData envelopedData = contentInfo.getEnvelopedData();
+            Asn1.dump(envelopedData);
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+
+    @Test
+    public void testDecodingNestedNDEF() throws IOException {
+        byte[] data = readDataFile("/enveloped-nested-ndef.txt");
+        try {
+            Asn1.parseAndDump(data);
+
+            EnvelopedContentInfo contentInfo = new EnvelopedContentInfo();
+            contentInfo.decode(data);
+            Asn1.dump(contentInfo);
+
+            EnvelopedData envelopedData = contentInfo.getEnvelopedData();
+            Asn1.dump(envelopedData);
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/kerby/cms/ExtensionTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/ExtensionTest.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/ExtensionTest.java
new file mode 100644
index 0000000..7799d1d
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/ExtensionTest.java
@@ -0,0 +1,54 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.cms;
+
+import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerby.x509.type.Extension;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.*;
+
+public class ExtensionTest {
+
+    @Test
+    public void testUnsetCritical() throws IOException {
+        Extension extension = new Extension();
+        extension.setExtnId(new Asn1ObjectIdentifier("1.3.6.1.5.2.3.1"));
+        extension.setExtnValue("value".getBytes());
+        byte[] encodedBytes = extension.encode();
+        Extension decodedExtension = new Extension();
+        decodedExtension.decode(encodedBytes);
+        assertThat(decodedExtension.getCritical()).isFalse();
+    }
+
+    @Test
+    public void testSetCritical() throws IOException {
+        Extension extension = new Extension();
+        extension.setCritical(true);
+        extension.setExtnId(new Asn1ObjectIdentifier("1.3.6.1.5.2.3.1"));
+        extension.setExtnValue("value".getBytes());
+        byte[] encodedBytes = extension.encode();
+        Extension decodedExtension = new Extension();
+        decodedExtension.decode(encodedBytes);
+        assertThat(decodedExtension.getCritical()).isTrue();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/kerby/cms/GeneralNameTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/GeneralNameTest.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/GeneralNameTest.java
new file mode 100644
index 0000000..5f6ab7f
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/GeneralNameTest.java
@@ -0,0 +1,50 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.cms;
+
+import org.apache.kerby.asn1.Asn1;
+import org.apache.kerby.asn1.util.HexUtil;
+import org.apache.kerby.x509.type.GeneralName;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.*;
+
+public class GeneralNameTest {
+    private static final byte[] IPV4 = HexUtil.hex2bytes("87040a090800");
+
+    @Test
+    public void testIpAddress() throws IOException {
+        try {
+            Asn1.parseAndDump(IPV4);
+            GeneralName generalName = new GeneralName();
+            generalName.decode(IPV4);
+            assertThat(generalName.getIPAddress()).isNotNull();
+            byte[] addressBytes = generalName.getIPAddress();
+            // "10.9.8.0"
+            assertThat(addressBytes).isEqualTo(new byte[] {0x0a, 0x09, 0x08, 0x00});
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/kerby/cms/SignedDataTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/SignedDataTest.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/SignedDataTest.java
new file mode 100644
index 0000000..734d4cc
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/SignedDataTest.java
@@ -0,0 +1,111 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.cms;
+
+import org.apache.kerby.asn1.Asn1;
+import org.apache.kerby.cms.type.CertificateChoices;
+import org.apache.kerby.cms.type.CertificateSet;
+import org.apache.kerby.cms.type.ContentInfo;
+import org.apache.kerby.cms.type.EncapsulatedContentInfo;
+import org.apache.kerby.cms.type.SignedContentInfo;
+import org.apache.kerby.cms.type.SignedData;
+import org.apache.kerby.x509.type.Certificate;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class SignedDataTest extends CmsTestBase {
+
+    @Test
+    public void testDecoding() throws IOException {
+        byte[] data = readDataFile("/signed-data.txt");
+        try {
+            Asn1.parseAndDump(data);
+            //Asn1.decodeAndDump(data);
+
+            SignedContentInfo contentInfo = new SignedContentInfo();
+            contentInfo.decode(data);
+            //Asn1.dump(contentInfo);
+
+            SignedData signedData = contentInfo.getSignedData();
+            Asn1.dump(signedData);
+
+            Asn1.dump(contentInfo);
+            byte[] encodedData = contentInfo.encode();
+            Asn1.parseAndDump(encodedData);
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+
+    @Test
+    public void testEncoding() throws IOException {
+        SignedContentInfo contentInfo = new SignedContentInfo();
+        contentInfo.setContentType("1.2.840.113549.1.7.2");
+        SignedData signedData = new SignedData();
+        EncapsulatedContentInfo eContentInfo = new EncapsulatedContentInfo();
+        eContentInfo.setContentType("1.3.6.1.5.2.3.1");
+        eContentInfo.setContent("data".getBytes());
+        signedData.setEncapContentInfo(eContentInfo);
+
+        byte[] data = readDataFile("/certificate1.txt");
+        Certificate certificate = new Certificate();
+        certificate.decode(data);
+        CertificateChoices certificateChoices = new CertificateChoices();
+        certificateChoices.setCertificate(certificate);
+        CertificateSet certificateSet = new CertificateSet();
+        certificateSet.addElement(certificateChoices);
+        signedData.setCertificates(certificateSet);
+
+        contentInfo.setSignedData(signedData);
+        Asn1.dump(contentInfo);
+
+        byte[] encodedData = contentInfo.encode();
+        Asn1.parseAndDump(encodedData);
+
+        SignedContentInfo decodedContentInfo = new SignedContentInfo();
+        decodedContentInfo.decode(encodedData);
+        Asn1.dump(decodedContentInfo);
+
+        SignedData decodedSignedData =
+                decodedContentInfo.getSignedData();
+        Asn1.dump(decodedSignedData);
+    }
+
+    @Test
+    public void testContentInfo() throws IOException {
+        byte[] data = readDataFile("/anonymous.txt");
+        try {
+            Asn1.parseAndDump(data);
+
+            ContentInfo contentInfo = new ContentInfo();
+            contentInfo.decode(data);
+            Asn1.dump(contentInfo);
+            SignedData signedData =
+                    contentInfo.getContentAs(SignedData.class);
+            Asn1.dump(signedData);
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d06becfd/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java
deleted file mode 100644
index c62d69a..0000000
--- a/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.cms;
-
-import org.apache.kerby.asn1.Asn1;
-import org.apache.kerby.x500.type.Name;
-import org.apache.kerby.x509.type.Certificate;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.io.IOException;
-
-public class TestCertificate extends CmsTestBase {
-    @Test
-    public void testDecodingCertificate() throws IOException {
-        byte[] data = readDataFile("/certificate1.txt");
-        try {
-            Asn1.parseAndDump(data);
-            Certificate certificate = new Certificate();
-            certificate.decode(data);
-            Asn1.dump(certificate);
-
-        } catch (Exception e) {
-            e.printStackTrace();
-            Assert.fail();
-        }
-    }
-
-    @Test
-    public void testEncodingCertificate() throws IOException {
-        byte[] data = readDataFile("/certificate1.txt");
-        Asn1.parseAndDump(data);
-        try {
-            Certificate certificate = new Certificate();
-            certificate.decode(data);
-            Asn1.dump(certificate);
-            byte[] encodedData = certificate.encode();
-            Asn1.parseAndDump(encodedData);
-
-        } catch (Exception e) {
-            e.printStackTrace();
-            Assert.fail();
-        }
-    }
-
-    @Test
-    public void testDecodingName() throws IOException {
-        byte[] data = readDataFile("/name.txt");
-        try {
-            Asn1.parseAndDump(data);
-            Name name = new Name();
-            name.decode(data);
-            Asn1.dump(name.getName());
-        } catch (Exception e) {
-            e.printStackTrace();
-            Assert.fail();
-        }
-    }
-}


Mime
View raw message