directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [12/21] directory-kerby git commit: Merge from pkinit-support branch.
Date Wed, 16 Dec 2015 06:16:59 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
new file mode 100644
index 0000000..2b9329e
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
@@ -0,0 +1,72 @@
+package org.apache.commons.ssl;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.Test;
+
+import java.io.File;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.Locale;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class TestKeyMaterial {
+    public static final char[] PASSWORD1 = "changeit".toCharArray();
+    public static final char[] PASSWORD2 = "itchange".toCharArray();
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    @Test
+    public void testKeystores() throws Exception {
+        String samplesDir = TEST_HOME + "keystores";
+        File dir = new File(samplesDir);
+        String[] files = dir.list();
+        Arrays.sort(files, String.CASE_INSENSITIVE_ORDER);
+        for (String f : files) {
+            String file = f.toUpperCase(Locale.ENGLISH);
+            if (file.endsWith(".KS") || file.contains("PKCS12")) {
+                examineKeyStore(samplesDir, f, null);
+            } else if (file.endsWith(".PEM")) {
+                examineKeyStore(samplesDir, f, "rsa.key");
+            }
+        }
+    }
+
+    private static void examineKeyStore(String dir, String fileName, String file2) throws Exception {
+        String filename = fileName.toUpperCase(Locale.ENGLISH);
+        boolean hasMultiPassword = filename.contains(".2PASS.");
+
+        System.out.print("Testing KeyMaterial: " + dir + "/" + fileName);        
+        char[] pass1 = PASSWORD1;
+        char[] pass2 = PASSWORD1;
+        if (hasMultiPassword) {
+            pass2 = PASSWORD2;
+        }
+
+        file2 = file2 != null ? dir + "/" + file2 : null;
+
+        Date today = new Date();
+        KeyMaterial km;
+        try {
+            km = new KeyMaterial(dir + "/" + fileName, file2, pass1, pass2);
+        } catch (ProbablyBadPasswordException pbpe) {
+            System.out.println("  WARN:  " + pbpe);
+            return;
+        }
+        assertEquals("keymaterial-contains-1-alias", 1, km.getAliases().size());
+        for (X509Certificate[] cert : (List<X509Certificate[]>) km.getAssociatedCertificateChains()) {
+            for (X509Certificate c : cert) {
+                assertTrue("certchain-valid-dates", c.getNotAfter().after(today));
+            }
+        }
+
+        System.out.println("\t SUCCESS! ");
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
new file mode 100644
index 0000000..fd902d1
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
@@ -0,0 +1,163 @@
+package org.apache.commons.ssl;
+
+import org.apache.kerby.util.Util;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.Random;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class TestOpenSSL {
+
+    public void encTest(String cipher) throws Exception {
+        Random random = new Random();
+        char[] pwd = {'!', 'E', 'i', 'k', 'o', '?'};
+
+        for (int i = 0; i < 4567; i++) {
+            byte[] buf = new byte[i];
+            random.nextBytes(buf);
+            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
+            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
+            boolean result = Arrays.equals(buf, dec);
+            if (!result) {
+                System.out.println();
+                System.out.println("Failed on : " + i);
+            }
+            assertTrue(result);
+        }
+
+        for (int i = 5; i < 50; i++) {
+            int testSize = (i * 1000) + 123;
+            byte[] buf = new byte[testSize];
+            random.nextBytes(buf);
+            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
+            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
+            boolean result = Arrays.equals(buf, dec);
+            if (!result) {
+                System.out.println();
+                System.out.println("Failed on : " + testSize);
+            }
+            assertTrue(result);
+        }
+
+    }
+
+    @Test
+    public void testDES3Bytes() throws Exception {
+        encTest("des3");
+    }
+
+    @Test
+    public void testAES128Bytes() throws Exception {
+        encTest("aes128");
+    }
+
+    @Test
+    public void testRC2Bytes() throws Exception {
+        encTest("rc2");
+    }
+
+    @Test
+    public void testDESBytes() throws Exception {
+        encTest("des");
+    }
+
+    @Test
+    public void testDecryptPBE() throws Exception {
+        File d = new File(TEST_HOME + "pbe");
+        File[] files = d.listFiles();
+        if (files == null) {
+            fail("No testDecryptPBE() files to test!");
+        }
+        int testCount = 0;
+        Arrays.sort(files);
+        for (File f : files) {
+            testCount += process(f, 0);
+        }
+        System.out.println(testCount + " pbe test files successfully decrypted.");
+    }
+
+    private static int process(File f, int depth) throws Exception {
+        int sum = 0;
+        String name = f.getName();
+        if ("CVS".equalsIgnoreCase(name)) {
+            return 0;
+        }
+        if (".svn".equalsIgnoreCase(name)) {
+            return 0;
+        }
+        if (name.toUpperCase().startsWith("README")) {
+            return 0;
+        }
+
+        if (f.isDirectory()) {
+            if (depth <= 7) {
+                File[] files = f.listFiles();
+                if (files == null) {
+                    return 0;
+                }
+                Arrays.sort(files);
+                for (File ff : files) {
+                    sum += process(ff, depth + 1);
+                }
+            } else {
+                System.out.println("IGNORING [" + f + "].  Directory too deep (" + depth + ").");
+            }
+        } else {
+            if (f.isFile() && f.canRead()) {
+                String fileName = f.getName();
+                int x = fileName.indexOf('.');
+                if (x < 0) {
+                    return 0;
+                }
+                if (fileName.endsWith(".failed")) {
+                    System.out.println("Skipping file marked with failed: " + fileName);
+                    return 0;
+                }
+
+                String cipher = fileName.substring(0, x);
+                String cipherPadded = Util.pad(cipher, 20, false);
+                String filePadded = Util.pad(fileName, 25, false);
+                FileInputStream in = null;
+                try {
+                    in = new FileInputStream(f);
+                    byte[] encrypted = Util.streamToBytes(in);
+                    char[] pwd = "changeit".toCharArray();
+                    try {
+                        byte[] result = OpenSSL.decrypt(cipher, pwd, encrypted);
+                        String s = new String(result, "ISO-8859-1");
+                        if (!"Hello World!".equals(s)) {
+                            fail(cipherPadded + "." + filePadded
+                                + " decrypts to 'Hello World!', but actually is" + s);
+                        }
+                        return 1;
+                    } catch (NoSuchAlgorithmException nsae) {
+                        System.out.println("Warn: " + cipherPadded + filePadded
+                            + " NoSuchAlgorithmException");
+                        return 0;
+                    } catch (ArithmeticException ae) {
+                        if (cipherPadded.contains("cfb1")) {
+                            System.out.println("Warn: " + cipherPadded + filePadded
+                                + " BouncyCastle can't handle cfb1 " + ae);
+                            return 0;
+                        } else {
+                            throw ae;
+                        }
+                    }
+                } finally {
+                    if (in != null) {
+                        in.close();
+                    }
+                }
+            }
+        }
+        return sum;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
new file mode 100644
index 0000000..c166f42
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
@@ -0,0 +1,58 @@
+package org.apache.commons.ssl;
+
+import org.apache.kerby.util.Util;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.Arrays;
+import java.util.Locale;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class TestPKCS8Key {
+
+    @Test
+    public void testDSA() throws Exception {
+        checkFiles("dsa");
+    }
+
+    @Test
+    public void testRSA() throws Exception {
+        checkFiles("rsa");
+    }
+
+    private static void checkFiles(String type) throws Exception {
+        String password = "changeit";
+        File dir = new File(TEST_HOME + type);
+        File[] files = dir.listFiles();
+        if (files == null) {
+            fail("No files to test!");
+            return;
+        }
+        byte[] original = null;
+        for (File f : files) {
+            String filename = f.getName();
+            String fileName = filename.toUpperCase(Locale.ENGLISH);
+            if (!fileName.endsWith(".PEM") && !fileName.endsWith(".DER")) {
+                // not a sample file
+                continue;
+            }
+
+            System.out.println("Checking PKCS file:" + filename);
+            FileInputStream in = new FileInputStream(f);
+            byte[] bytes = Util.streamToBytes(in);
+            PKCS8Key key = new PKCS8Key(bytes, password.toCharArray());
+            byte[] decrypted = key.getDecryptedBytes();
+            if (original == null) {
+                original = decrypted;
+            } else {
+                boolean identical = Arrays.equals(original, decrypted);
+                assertTrue(f.getCanonicalPath() + " - all " + type + " resources decrypt to same key", identical);
+            }
+        }
+
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
new file mode 100644
index 0000000..b681b0f
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
@@ -0,0 +1,67 @@
+package org.apache.commons.ssl;
+
+import org.apache.kerby.util.Util;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+
+public class TestTrustMaterial {
+
+    File pemFile = new File(TEST_HOME + "x509/certificate.pem");
+    File derFile = new File(TEST_HOME + "x509/certificate.der");
+
+    @Test
+    public void theTest() throws GeneralSecurityException, IOException {
+        // TrustMaterial in 0.3.13 couldn't load cacerts if it contained any private keys.
+        TrustMaterial tm = new TrustMaterial(TEST_HOME + "cacerts-with-78-entries-and-one-private-key.jks");
+        Assert.assertEquals(78, tm.getCertificates().size());
+    }
+
+    @Test
+    public void testLoadByFile() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile);
+        TrustMaterial tm2 = new TrustMaterial(derFile);
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    @Test
+    public void testLoadByBytes() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(Util.fileToBytes(pemFile));
+        TrustMaterial tm2 = new TrustMaterial(Util.fileToBytes(derFile));
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+
+    }
+
+    @Test
+    public void testLoadByURL() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile.toURI().toURL());
+        TrustMaterial tm2 = new TrustMaterial(derFile.toURI().toURL());
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    @Test
+    public void testLoadByStream() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(new FileInputStream(pemFile));
+        TrustMaterial tm2 = new TrustMaterial(new FileInputStream(derFile));
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+
+    }
+
+    @Test
+    public void testLoadByPath() throws GeneralSecurityException, IOException {
+        TrustMaterial tm1 = new TrustMaterial(pemFile.getPath());
+        TrustMaterial tm2 = new TrustMaterial(derFile.getPath());
+        Assert.assertTrue(equalKeystores(tm1, tm2));
+    }
+
+    private static boolean equalKeystores(TrustMaterial tm1, TrustMaterial tm2) throws KeyStoreException {
+        return Util.equals(tm1.getKeyStore(), tm2.getKeyStore());
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java
index ae98fa0..fab8700 100644
--- a/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/TestCertificate.java
@@ -20,8 +20,8 @@
 package org.apache.kerby.cms;
 
 import org.apache.kerby.asn1.Asn1;
-import org.apache.kerby.cms.type.Certificate;
 import org.apache.kerby.x500.type.Name;
+import org.apache.kerby.x509.type.Certificate;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -44,6 +44,21 @@ public class TestCertificate extends CmsTestBase {
     }
 
     @Test
+    public void testEncodingCertificate() throws IOException {
+        byte[] data = readDataFile("/certificate1.txt");
+        try {
+            Certificate certificate = new Certificate();
+            certificate.decode(data);
+            //TO BE FIXED
+            //certificate.encode();
+
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail();
+        }
+    }
+
+    @Test
     public void testDecodingName() throws IOException {
         byte[] data = readDataFile("/name.txt");
         try {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/kerby/cms/TestExtension.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/TestExtension.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/TestExtension.java
new file mode 100644
index 0000000..1857e28
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/TestExtension.java
@@ -0,0 +1,54 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.cms;
+
+import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerby.x509.type.Extension;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class TestExtension {
+
+    @Test
+    public void testUnsetCritical() throws IOException {
+        Extension extension = new Extension();
+        extension.setExtnId(new Asn1ObjectIdentifier("1.3.6.1.5.2.3.1"));
+        extension.setExtnValue("value".getBytes());
+        byte[] encodedBytes = extension.encode();
+        Extension decodedExtension = new Extension();
+        decodedExtension.decode(encodedBytes);
+        assertThat(decodedExtension.getCritical()).isFalse();
+    }
+
+    @Test
+    public void testSetCritical() throws IOException {
+        Extension extension = new Extension();
+        extension.setCritical(true);
+        extension.setExtnId(new Asn1ObjectIdentifier("1.3.6.1.5.2.3.1"));
+        extension.setExtnValue("value".getBytes());
+        byte[] encodedBytes = extension.encode();
+        Extension decodedExtension = new Extension();
+        decodedExtension.decode(encodedBytes);
+        assertThat(decodedExtension.getCritical()).isTrue();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/kerby/cms/TestSignedData.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/cms/TestSignedData.java b/kerby-pkix/src/test/java/org/apache/kerby/cms/TestSignedData.java
index a169421..4ea2afa 100644
--- a/kerby-pkix/src/test/java/org/apache/kerby/cms/TestSignedData.java
+++ b/kerby-pkix/src/test/java/org/apache/kerby/cms/TestSignedData.java
@@ -21,9 +21,12 @@ package org.apache.kerby.cms;
 
 import org.apache.kerby.asn1.Asn1;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerby.cms.type.CertificateChoices;
+import org.apache.kerby.cms.type.CertificateSet;
 import org.apache.kerby.cms.type.ContentInfo;
 import org.apache.kerby.cms.type.EncapsulatedContentInfo;
 import org.apache.kerby.cms.type.SignedData;
+import org.apache.kerby.x509.type.Certificate;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -63,6 +66,18 @@ public class TestSignedData extends CmsTestBase {
         eContentInfo.setContentType(new Asn1ObjectIdentifier("1.3.6.1.5.2.3.1"));
         eContentInfo.setContent("data".getBytes());
         signedData.setEncapContentInfo(eContentInfo);
+
+        CertificateSet certificateSet = new CertificateSet();
+
+        byte[] data = readDataFile("/certificate1.txt");
+        Certificate certificate = new Certificate();
+        certificate.decode(data);
+        CertificateChoices certificateChoices = new CertificateChoices();
+        certificateChoices.setCertificate(certificate);
+        certificateSet.addElement(certificateChoices);
+        // To be fixed
+        //signedData.setCertificates(certificateSet);
+
         contentInfo.setContent(signedData);
         Asn1.dump(contentInfo);
         byte[] encodedData = contentInfo.encode();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java b/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java
new file mode 100644
index 0000000..b78e466
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java
@@ -0,0 +1,67 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.x509;
+
+import org.apache.kerby.pki.PkiLoader;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ openssl genrsa -out cakey.pem 2048
+ openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
+ vi extensions.kdc
+ openssl genrsa -out kdckey.pem 2048
+ openssl req -new -out kdc.req -key kdckey.pem
+ env REALM=SH.INTEL.COM openssl x509 -req -in kdc.req -CAkey cakey.pem \
+ -CA cacert.pem -out kdc.pem -days 365 -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
+ */
+public class PkiLoaderTest {
+    private PkiLoader pkiLoader;
+
+    @Before
+    public void setup() {
+        pkiLoader = new PkiLoader();
+    }
+
+    @Test
+    public void loadCert() throws IOException {
+        InputStream res = getClass().getResourceAsStream("/usercert.pem");
+        List<Certificate> certs = pkiLoader.loadCerts(res);
+        Certificate userCert = certs.iterator().next();
+
+        assertThat(userCert).isNotNull();
+    }
+
+    @Test
+    public void loadKey() throws IOException {
+        InputStream res = getClass().getResourceAsStream("/userkey.pem");
+        PrivateKey key = pkiLoader.loadPrivateKey(res, null);
+
+        assertThat(key).isNotNull();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/anonymous.txt
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/anonymous.txt b/kerby-pkix/src/test/resources/anonymous.txt
index 017a748..bf1466a 100644
--- a/kerby-pkix/src/test/resources/anonymous.txt
+++ b/kerby-pkix/src/test/resources/anonymous.txt
@@ -1,20 +1 @@
-308203DD06092A864886F70D010702A08203CE308203CA0201033100308203BF06072B060105020301A08203B2048203AE30
-8203AAA03C303AA005020306C39CA111180F32303135313231303032353031355AA20602046B22377FA3160414E592C909D3
-20DD4CE1CCAA4708E8BC73D48D03BFA182032A308203263082021906072A8648CE3E02013082020C0282010100FFFFFFFFFF
-FFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A43
-1B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE
-9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F3
-56208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC
-07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFF
-FF020102028201007FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5
-043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B
-7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E92
-67AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA3604650C10BE19482F23171B671D
-F1CF3B960C074301CD93C1D17603D147DAE2AEF837A62964EF15E5FB4AAC0B8C1CCAA4BE754AB5728AE9130C4C7D02880AB9
-472D455655347FFFFFFFFFFFFFFF0382010500028201006C3C8337692B63F663AB2D953C5ADCE3DBC840339A426408761C1B
-CED206E84C9898B2D44F35A2F0D8604752B1530580DFEB3D7649D9736CA12DCAB7DAFA34A8C1C143A20FF7F9103B3FDEDC62
-08E39330BF0C3FA6BE6C3A6821270D194D9F27A80F0B8E4D6F59A75A0E384A588CFBECF75AC294D85AB8966BA26F49562C56
-F57C450CD1EACAD30F5994DAC89AB11D3229E9D1D6AAA4E80AEAD122115AA2A737DC82A70A99E6F50892135D5D50442B8824
-3C564B6C5B7975DEF3DBC7C541E4C83B55AEE3B44A989CB577B6C7D3B583463D026EB8AAD908BFC8D9E4186AC7A7BA17D4C9
-C591E035FD9AB1325BB21544BB63F18BB499C8AF244CC92EE4497533B1A20E300C300A06082A864886F70D0307A42C302A30
-0CA00A06082B06010502030602300CA00A06082B06010502030601300CA00A06082B060105020306033100
\ No newline at end of file
+308203DD06092A864886F70D010702A08203CE308203CA0201033100308203BF06072B060105020301A08203B2048203AE308203AAA03C303AA005020306C39CA111180F32303135313231303032353031355AA20602046B22377FA3160414E592C909D320DD4CE1CCAA4708E8BC73D48D03BFA182032A308203263082021906072A8648CE3E02013082020C0282010100FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF020102028201007FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFA
 E5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA3604650C10BE19482F23171B671DF1CF3B960C074301CD93C1D17603D147DAE2AEF837A62964EF15E5FB4AAC0B8C1CCAA4BE754AB5728AE9130C4C7D02880AB9472D455655347FFFFFFFFFFFFFFF0382010500028201006C3C8337692B63F663AB2D953C5ADCE3DBC840339A426408761C1BCED206E84C9898B2D44F35A2F0D8604752B1530580DFEB3D7649D9736CA12DCAB7DAFA34A8C1C143A20FF7F9103B3FDEDC6208E39330BF0C3FA6BE6C3A6821270D194D9F27A80F0B8E4D6F59A75A0E384A588CFBECF75AC294D85AB8966BA26F49562C56F57C450CD1EACAD30F5994DAC89AB11D3229E9D1D6AAA4E80AEAD122115AA2A737DC82A70A99E6F50892135D5D50442B88243C564B6C5B7975DEF3DBC7C541E4C83B55AEE3B44A989CB577B6C7D3B583463D026EB8AAD908BFC8D9E4186AC7A7BA17D4C9C591E035FD9AB1325BB21544BB63F18BB499C8AF244CC92EE4497533B1A20E300C300A06082A864886F70D0307A42C302A300CA00A06082B06010502030602300CA00A06082B06010502030601300CA00A06082B060105020306033100
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/cacert.pem b/kerby-pkix/src/test/resources/cacert.pem
new file mode 100644
index 0000000..6b91561
--- /dev/null
+++ b/kerby-pkix/src/test/resources/cacert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAtOgAwIBAgIJAMrZoeDxTzwWMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzEzMjdaFw0yNDA1MTAxMzEzMjdaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMCznJJ02ZUjCPvAwnBmfPs0akb5QRc/NKu8kCtAPWzgHS2JPTQfJhkDbTAD
+eIlg8IeJpOdrYnzdaBCzgxqjSkls+vxjYotOU0Zbrpy2bj0lRDqdYbNsiuConKgT
+MeuDEd/4ZI0X9NWLAi06Iv1F4mHXf36c6uqiUWTtXiofogrFUoTRwACKR2qeC95X
+Py+FDmpS9lz0mo0vDWjetLQC2IBngjjPFdR16n87QDIWfRBkk66rn7rEA6Li66b/
+cToajMSA/n+2Ud1mntSY4RdDdd0TBtAq9RrXtUOfzGaE7S6t+FtYyEprvT4FdOTU
+uyYgSNaI9ANVP1zhQ9LACKuudOECAwEAAaNQME4wHQYDVR0OBBYEFD91SVOejfwx
+u33+5N0TdYbHJbgAMB8GA1UdIwQYMBaAFD91SVOejfwxu33+5N0TdYbHJbgAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADsONtUqGNBPBXnRowcJwv+Y
+F1Vea+4dkBwYbhkiO6H5XMKr+waOnOD2eAvgP4aeYg/a0xOzzETRD9wi1Z1P1ZMy
+d/NzHQjj4egPENwDv1PH2voZgsXXzXIqUMOtz9t12TuJUrSA2SBW1tz/evckHhNY
+fHg4ThvTIgwEdV/yvrOEBLV9dXG5IhhF+NW1MegTGkt4SpOoH1pi3o9VekVRnix9
+xrIdaC4Ee6vQaR603HwDS9Y+a1c2KU7QoLX8Vaa904cQ+rxhGsTAkocnZXeo6Hl5
+V8BlDYXxeP86fzcWi04ll2BmEEw/RimHEOLpGqxTVHJ5p5BVSCHP8aCD0VJheaU=
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/cakey.pem b/kerby-pkix/src/test/resources/cakey.pem
new file mode 100644
index 0000000..66dc806
--- /dev/null
+++ b/kerby-pkix/src/test/resources/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwLOcknTZlSMI+8DCcGZ8+zRqRvlBFz80q7yQK0A9bOAdLYk9
+NB8mGQNtMAN4iWDwh4mk52tifN1oELODGqNKSWz6/GNii05TRluunLZuPSVEOp1h
+s2yK4KicqBMx64MR3/hkjRf01YsCLToi/UXiYdd/fpzq6qJRZO1eKh+iCsVShNHA
+AIpHap4L3lc/L4UOalL2XPSajS8NaN60tALYgGeCOM8V1HXqfztAMhZ9EGSTrquf
+usQDouLrpv9xOhqMxID+f7ZR3Wae1JjhF0N13RMG0Cr1Gte1Q5/MZoTtLq34W1jI
+Smu9PgV05NS7JiBI1oj0A1U/XOFD0sAIq6504QIDAQABAoIBAHqFeMax3unxBbQ0
+Aiy/LTX3RJ9tuZITUOTklnG5fZStBkA+oxhxuaJryE+f1VLbvPMgdCXj5BHqIFGG
+IZSdQA1hak9wzWYvXck9X88qOvtLp47xI/6Vw9NFwZ0n3zST+JiD8UK4eaYQpUim
+Tzrj5SU6hEi3crHOlJvsRFPaGwhnA9wycoOo4o22XBj3C8Hwzi4vWcKXH/RCSwZQ
+zFuYbe77Pn9Sv5q5zdglkmm7wngoVt/aKQke/Vk+Eincx1V12b05DNLjugo6FWQh
+0f2MmHpvqNSHs9USC5+y2lKQ1JNHh7mnpPCXkZEH4V7q+3mKVzl9tXzj9Gul20pw
+tneD6WUCgYEA9QUrQoWHKeVMjeukHjDJa2KjRLMmg9YRQyVABH9+nQTp1jYUjMRA
+GUoUx91gG6gjjJD/xvor/U0Fh3vKtZE93c+avrcaYDwf3q/L4gh+3b87lVDfzjrp
+L+MPTpEzWiyyLfr/kLA0TgUjnrj9bav5uDps8mJpNf8s9ZP1/QDhF5sCgYEAyVZA
+pHSIyBI2GT0+92JXvYDK/ZfV5m4RGHaG/PMDoU4IbGbjHVyzzsyzDUgvOASXwfF8
+YzwX7Tf95RZw12P/Jepxt0vqBJPKUCsMLUrmANQvN1Pz8+Vk6UADLM7kNc06MqB9
+/U3GKCFZZuedEhbgXnEV9gzelhILImJGZMxG0zMCgYApymnofLHjGXMHOcvSQmv4
+XuiODShikB59n1rd6YkE6xOfL7YtlEOCjLoipMWBshnuHcUigQUDvSFWTGz0rwMo
+VAKGyOA8zcR5zO4vbVeGJtnYy+SAXlfrjQTNV8K0fK8fXJI+cW9aZ1H9/ntrO0vq
+ejye0t4zEYTvlf782iuKRQKBgQCnTQ7mGRfX+JoPmv8JniR+idkjpNnPYsK96y/8
+XQs1LJx/R3eN3IxlWV+nt8XU7KwWMs5Dv5m6Ov61MFKQCL3qCch4oZJSP2Sr/Tlf
+IY/CPI8HkLF0h7e0wsZgo4Kq2mBz1T0cEVaJ3jxl8Cxq7at/jsTK8qK7XT73UWZh
+OAXaVQKBgDmg2QTX7c0/dbDMOuw18g3xfE/oqU+VWT784wtvpcdjHR+KAVLWHG8l
+oc/bm8Bs0o0f5dfH7uUvWdP6JMvbgYZBgIMqw+iH8P2lFCLzIRf0me/l+r0Oi64U
+5jp9K+7Ggc7S0SSnCLmBLMN5lXQZbhzks1La7DZmFeAz8rOEnlUB
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/extensions.kdc
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/extensions.kdc b/kerby-pkix/src/test/resources/extensions.kdc
new file mode 100644
index 0000000..8052f71
--- /dev/null
+++ b/kerby-pkix/src/test/resources/extensions.kdc
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+[kdc_cert]
+basicConstraints=CA:FALSE
+keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage=1.3.6.1.5.2.3.5
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+issuerAltName=issuer:copy
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
+
+[kdc_princ_name]
+realm=EXP:0,GeneralString:${ENV::REALM}
+principal_name=EXP:1,SEQUENCE:kdc_principal_seq
+
+[kdc_principal_seq]
+name_type=EXP:0,INTEGER:1
+name_string=EXP:1,SEQUENCE:kdc_principals
+
+[kdc_principals]
+princ1=GeneralString:krbtgt
+princ2=GeneralString:${ENV::REALM}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/kdccert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/kdccert.pem b/kerby-pkix/src/test/resources/kdccert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/kerby-pkix/src/test/resources/kdccert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/kdckey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/kdckey.pem b/kerby-pkix/src/test/resources/kdckey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/kerby-pkix/src/test/resources/kdckey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt b/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
new file mode 100644
index 0000000..ceda279
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
@@ -0,0 +1,3 @@
+Password for decrypting any of these files is
+always "changeit".
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt b/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
new file mode 100644
index 0000000..ceda279
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
@@ -0,0 +1,3 @@
+Password for decrypting any of these files is
+always "changeit".
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
new file mode 100644
index 0000000..22e9df6
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+echo
+echo "WARNING:  This script creates fake test SSL certificates that expire after 2038."
+echo "          Because of date/time issues on 32 bit unix with dates after 2038, this"
+echo "          script can only be run on 64 bit unix machines."
+echo
+
+export DAYS=14610 # 40 years
+export ROOT_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=root/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export  RSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=rsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export  DSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=dsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export TEST_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=test/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+
+export CA=root
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+export ROOT_PRIV=$PRIV
+mkdir -p       $PRIV
+mkdir -p       $CA/newcerts
+touch          $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+  date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $ROOT_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config $CA.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -selfsign -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=rsa-intermediate
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+mkdir -p       $PRIV
+mkdir -p       $CA/newcerts
+touch          $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+  date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $RSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=dsa-intermediate
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+mkdir -p       $PRIV
+mkdir -p       $CA/newcerts
+touch          $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+  date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl dsaparam -genkey 2048 -out $CA/dsa.params
+openssl req -newkey dsa:$CA/dsa.params -days $DAYS -nodes -subj $DSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=dsa-intermediate
+export PRIV=$CA/private
+echo
+echo "Attempting to make test-dsa-cert.pem"
+openssl req -new -key rsa.key -days $DAYS -subj $TEST_SUBJ -out testreq.pem
+openssl ca -config dsa-intermediate.cnf -create_serial -out test-dsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
+
+export CA=rsa-intermediate
+export PRIV=$CA/private
+echo
+echo "Attempting to make test-rsa-cert.pem"
+openssl ca -config rsa-intermediate.cnf -create_serial -out test-rsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
+
+cat test-rsa-cert.pem rsa-intermediate/cacert.pem root/cacert.pem > test-rsa-chain.pem
+cat test-dsa-cert.pem dsa-intermediate/cacert.pem root/cacert.pem > test-dsa-chain.pem

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
new file mode 100644
index 0000000..e190163
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+find -iname \*.pem  -exec rm {} \;
+find -iname \*.txt\*  -exec rm {} \;
+find -iname \*serial\*  -exec rm {} \;
+rm -f root.cnf rsa-intermediate.cnf dsa-intermediate.cnf dsa-intermediate/dsa.params

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
new file mode 100644
index 0000000..5431c90
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
@@ -0,0 +1,137 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462055 (0x20090527)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:31 2009 GMT
+            Not After : May 25 21:44:31 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    7a:a9:65:fb:76:ba:be:f3:fa:94:59:52:ed:4e:fc:
+                    e4:70:5e:8f:7c:14:e7:73:d6:d2:36:6b:62:d2:56:
+                    c9:6e:7a:91:63:72:4e:a9:ce:2e:eb:38:5e:c4:72:
+                    f6:2c:52:aa:51:f4:ce:3b:28:55:39:c3:ad:5d:52:
+                    fa:ac:0c:32:48:fc:00:9f:c3:d9:75:09:8d:82:e0:
+                    cb:07:65:29:25:7a:34:2e:bb:a0:2d:30:91:59:0e:
+                    ce:82:fb:2d:ad:a5:b2:b9:2b:ec:6b:b1:04:07:0c:
+                    52:16:7d:6c:0c:b2:64:c7:c6:cb:ab:18:ab:a6:fa:
+                    3e:31:f3:8f:49:75:33:69:d3:2a:2a:e7:2c:38:b5:
+                    d6:7d:33:94:ba:a6:3e:2f:e5:3b:cc:4a:27:d1:59:
+                    f3:9c:71:b1:46:64:3f:28:f1:33:d1:bc:c2:8b:47:
+                    92:2d:c6:1f:fb:23:34:56:f1:6e:18:8e:7c:0b:75:
+                    42:8a:bb:92:44:04:58:41:d1:9b:6e:d6:14:98:94:
+                    3d:77:8d:93:d3:1f:e9:7b:a7:71:94:10:ee:e9:d3:
+                    5a:4a:b8:91:61:35:4c:00:76:f2:b2:3a:bd:9f:42:
+                    f9:f0:8e:da:bd:8c:60:fd:7d:65:85:98:c5:7d:42:
+                    b9:27:de:09:0a:1c:85:a7:63:e5:71:3c:ab:78:de:
+                    cf
+                P:   
+                    00:8f:5a:80:34:53:e1:52:68:8c:cf:9b:d5:7a:01:
+                    60:57:63:f9:f8:01:55:9e:55:17:7f:f4:cc:cd:d7:
+                    fb:f7:1e:36:00:1c:ae:5c:70:e8:1b:33:ef:b8:8d:
+                    aa:69:2a:66:f0:48:fd:bb:25:82:eb:56:be:ac:ca:
+                    49:6e:7f:17:fd:3b:61:57:a7:14:c1:eb:99:5d:6b:
+                    82:03:db:1c:18:2a:25:05:19:ec:34:b8:c3:1b:2c:
+                    69:89:37:7b:85:9b:c0:a9:39:84:43:f1:60:0b:91:
+                    50:e0:b5:93:3c:ad:1c:b8:33:4e:9b:00:ed:cd:60:
+                    59:9b:57:04:7b:c0:fb:2d:49:45:e3:ce:c0:8a:aa:
+                    4d:07:3a:43:a3:3d:06:70:66:fc:9f:b2:8f:d6:c5:
+                    1f:a5:7b:00:36:a9:42:5e:50:db:38:34:8c:4a:c6:
+                    f6:3a:58:9a:a6:57:93:f7:4e:55:8b:46:f0:b0:1b:
+                    9c:a0:cb:fc:57:91:be:6d:47:56:a9:d1:46:cd:43:
+                    7b:ff:24:96:0a:dd:d7:d8:b7:58:8e:6a:a1:eb:2a:
+                    ba:40:0a:f6:d1:53:7c:84:06:fc:14:1c:d5:33:79:
+                    88:bb:4f:fa:b5:87:35:61:0d:b0:7b:07:bb:74:7c:
+                    30:a7:a3:60:7d:76:a6:d1:46:2b:84:a2:9a:28:61:
+                    f2:89
+                Q:   
+                    00:bf:87:b6:dd:a6:62:0f:88:a2:44:a5:99:ac:b9:
+                    12:82:05:7b:2e:af
+                G:   
+                    00:86:37:bd:1d:60:12:25:f5:01:7f:7e:e0:e7:de:
+                    26:f4:3d:d4:75:fe:91:41:41:b3:c6:70:7f:71:c6:
+                    5e:4e:c1:0f:3e:cc:be:9c:0b:df:b4:8f:6e:2a:0f:
+                    90:5b:20:14:75:c7:31:13:e2:d8:73:73:76:b6:c4:
+                    f5:5f:ac:b4:2a:26:4e:8c:af:87:2e:f5:1d:78:69:
+                    15:b5:b4:b7:d3:52:ec:f4:c8:6e:c5:65:bd:88:e5:
+                    c4:da:0c:48:ac:d3:2d:a2:da:b0:72:75:09:1d:aa:
+                    d9:64:80:b7:18:31:54:07:d6:7a:8b:f3:be:b7:22:
+                    87:1c:3a:c7:2f:a9:4b:8d:79:06:a1:ff:1c:db:f3:
+                    17:9b:32:a0:61:20:6e:37:92:eb:27:a1:6f:b8:22:
+                    0e:26:4d:71:9a:b3:a0:9a:fb:fb:91:68:5b:52:3b:
+                    20:75:d5:36:a6:aa:c3:dc:52:01:87:06:58:68:62:
+                    20:b8:aa:bd:2b:c9:58:60:b7:02:2e:c4:4f:bf:ec:
+                    b7:43:13:3f:90:51:65:65:a9:ba:48:74:9e:3c:ad:
+                    93:b6:00:3f:93:11:e7:cd:ea:5f:11:44:b2:4f:d1:
+                    e3:fd:19:a8:bc:4a:c6:ae:4c:ec:83:85:fa:98:ed:
+                    0b:a3:8f:a0:35:38:d4:9f:96:fd:f3:b2:b5:80:d5:
+                    1e:a4
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        30:75:fb:1e:e2:d0:ff:18:3a:de:7d:49:8a:20:33:bc:0e:0c:
+        ad:7a:68:f8:57:91:3a:bd:2b:07:a7:25:a6:c6:d0:f7:30:57:
+        73:a3:34:af:ee:d3:5d:06:9f:80:f5:41:b7:7f:e8:0e:e2:28:
+        6c:a5:d7:82:9b:81:89:85:9f:47:5d:af:17:ab:f6:e1:02:4c:
+        01:2b:07:7c:2b:e1:77:1c:a4:e9:a6:89:97:50:49:87:73:04:
+        6e:32:50:f5:b7:be:f2:60:b3:9c:5f:b4:2a:d2:2f:c0:0b:82:
+        47:71:70:62:cc:98:ad:47:20:58:61:d6:c0:c5:30:65:3f:97:
+        43:47:50:cb:90:4c:c3:7c:50:c4:28:27:b7:2d:c8:2a:61:40:
+        18:7e:fa:ce:03:39:20:f9:96:a2:da:1c:fe:5e:c7:9f:f1:bc:
+        98:18:c1:63:e6:f6:35:35:d8:5d:18:2e:ef:87:7d:af:00:a3:
+        bc:12:18:c3:11:1e:8a:6d:bf:5d:10:87:6f:79:f3:8f:11:9d:
+        cb:0d:fe:f6:fe:4f:d0:2b:de:8e:3a:da:f3:46:11:ca:12:bb:
+        ca:22:67:05:45:e6:fd:9f:71:09:98:0b:1e:cf:51:73:b2:ad:
+        48:f9:06:2a:b5:5c:9f:f3:97:e0:8e:a3:df:57:1c:a7:94:ca:
+        f2:97:8e:56
+-----BEGIN CERTIFICATE-----
+MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
+NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
+gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
+/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
+hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
+j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
+e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
+YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
+JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
+c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
+HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
+Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
+kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
+n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
+VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
+ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
+dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
+8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
+Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
+BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
+wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
+GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
+b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
+Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
+MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
+LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
+bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
++QYqtVyf85fgjqPfVxynlMryl45W
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
new file mode 100644
index 0000000..5b4d97f
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
@@ -0,0 +1,34 @@
+-----BEGIN DSA PARAMETERS-----
+MIICIQKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByuXHDo
+GzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRnsNLjD
+GyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487AiqpN
+BzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBucoMv8
+V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6tYc1
+YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIFey6v
+AoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0j24q
+D5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I5cTa
+DEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xebMqBh
+IG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0ryVhg
+twIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8SsauTOyD
+hfqY7Qujj6A1ONSflv3zsrWA1R6k
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPwIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
+XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
+NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
+iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
+oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
+tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
+ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
+j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
+5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
+MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
+yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
+TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAEv2b206JjZOeRVQ6R4gmCGhxCL6
+v8K/geGdHOzveYLGc+eaSfEP2X9F64rq4lf7kZSfjlwbCa7wPFiudQwTqIvtz6AO
+7tYfDk5BKsSqxfHChYHbTK5bUIvPapMH+aATdX0haXRRvNGY/V7lAPoBSwpWpPzG
+17rz29tysLZWvaDJK05Vwg+UmJB3AG4zyJGD/Zw2Ub/Eik1rL2N7p6ewa7EsTG4H
+pZAYwCJvAhidpaLfpoFxmF7VsMU+e/SwV++sbElb/a9szjbRc80jTyDHdxTO+hCS
+6MJjQkev4Bzy4+DO/PrCESoZymg4skRkVVc0knpSuGUviPZejvkdVo26mlsCFQCW
+c8bFDKclUXmeh6vxr7RGih+SKg==
+-----END DSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
new file mode 100644
index 0000000..adc6d0b
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPgIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
+XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
+NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
+iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
+oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
+tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
+ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
+j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
+5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
+MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
+yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
+TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98
+FOdz1tI2a2LSVsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACf
+w9l1CY2C4MsHZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsur
+GKum+j4x849JdTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKL
+R5Itxh/7IzRW8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pK
+uJFhNUwAdvKyOr2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s8CFDIz
+Am1wgwvcQt/K9JADNgPY9gyS
+-----END DSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
new file mode 100644
index 0000000..9e59020
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
@@ -0,0 +1,313 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
new file mode 100644
index 0000000..bb8bf4b
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
@@ -0,0 +1,85 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462053 (0x20090525)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:28 2009 GMT
+            Not After : May 25 21:44:28 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+                    59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+                    e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+                    dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+                    29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+                    28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+                    f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+                    49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+                    89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+                    f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+                    4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+                    3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+                    1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+                    8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+                    a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+                    3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+                    7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+                    d2:15
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+        af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+        18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+        7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+        ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+        35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+        65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+        6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+        2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+        67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+        fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+        b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+        29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+        f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+        52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
new file mode 100644
index 0000000..d4bb17a
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAudsEFoxB65HEuNEacyhZCbh6tQVA208rY3u/AXDhDUwJOjtj
+niIT+lXRvOjdMXHfDaYLKSnM2r1pXMspfmyMk4LHiwDqC4w1XP4oEs+6ESRIvAru
+N1Sj8pvydpR9VsBSNfD/yIwIfrBJxS/9QZIG6MJxDfZw5ZOJgKITQ6xTVroaRESY
+zbr5OpMgcTSTDz80NC5TstdKIj6JCsNuEkC68yJtOGM78O9CKy300vipds4TN84a
+pL1CoHtx3w4/kxCdIgqLYZLGTP7nv1b0XNOFmJKi3NE9+G4+rOGHL+H7MNU9JPzZ
+0ay5ypxB/2Cq5Fd+sZOsT2S1CtNXThJoWxjSFQIDAQABAoIBAH6oCRMspkfZYQzq
+Q3IzDuqW89ilKdvLCjCTxkk/Gb+sD6XFj0/WvXKeRX7N2t+1UGLGw1hcCiUPa9w2
+/6IOa4ajW0UZbGZOOJeVBM49DfpclczATjMa1VeiewvgicIy8lOcV1PeSnO7w6pD
+1/11fIvm5pCzX6C0eMJWsXYu2+R/abc1VJPsm+lJ4dTErAM0MQNjbpSB7rth5AAh
+V4e1W6SU0IqMZbTfFYwwgwUHSW8Q3wk30yY0tiMoblNaDfYomoGK1ekfCpdE9eve
+okGGs5Nv3q4h1gJsUPF9oSWcCuMW3zTKH6DUtuuE08Q9x1Z/g1YralWV4WnApSSS
+iZy3k4kCgYEA4G5lOblwaZ3rmV4h76lwwOderqwdLs0T4p7TUalgg+fiy2ifC37d
+VXyk/ZEw9nqWH1C9QIUpM6VH0l/cYxCAt94ioYkZZYQmGZVGzBOdIA4LEdP1juN4
+fCOuesxSaRu2DEVf3J7U1XsOsLPT9cUb/UtgmUqVrcprSiYDmYWU+cMCgYEA0/+J
+qytZi5PFZWa+rBxm6zb1WXrIzs3AavVWG2ryGjZuLjO0ADLDDPTvNI6WGo807PpX
+2ISq7VAFCWm1kukgUFNc7a+uIAMHV4USW5MRnTtc91C71iBabYs2uYJnP9KZKjnz
+1kji6+jz4wbHyIddkMwKVCmMmdHHlhXpj4vUb0cCgYAdUE4IbCAyq13KenEUTJ1d
+lNrZFcH6Cu89+mC/mc/xaqhEyTV82uUt9UnXlM9AYmKZVIJjmwD2re/jmoG+rrkh
+SvJbBv06NTiEvuqwXR94wFzRx02bjDqAfGidwXJCKExu7eDHgDdsatZQXiyhPU2a
+l+3WF9fVC0tYM/7kXn5G4QKBgF1AnrIok28ORVphY6YZqDv3JN2DYSl24BksagAN
+fwmAv96a56berWXZqA8aWXS9Ya6MQHABi55wAIcvdKt22Lv8r3fuO03hhy08X+Lg
+QnNDVZWEcduyx5RAFIZtkjVE0hL9AwFTdl4HTqCirubKhKHY3wI+dJaE7KJcaSy3
+eW6pAoGAayYZFNrDqHJJl8urrX2k6K+m+VE0xU94h9Vx4MpRa/f9bZ0U8YVNdTkZ
+BR6kUHOpOFO166jcBZJX3V305IbQB5TeysIyYqBaMATDc6tAEB+Celoz3+hw/Je2
+bIiQgdtctH4MarQkGlokUGjEz2aMg0l7vecgxQE88l/svAF3vmA=
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
new file mode 100644
index 0000000..ac2c117
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
@@ -0,0 +1,86 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462054 (0x20090526)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:29 2009 GMT
+            Not After : May 25 21:44:29 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ce:1b:db:73:49:85:a4:3c:42:14:84:6a:7d:47:
+                    78:d2:e1:58:27:ed:e4:78:5e:5d:2b:ee:c3:29:c5:
+                    a2:d2:6f:f3:0e:0a:d6:d6:7f:5a:f7:30:6f:c9:8f:
+                    ad:fe:53:22:46:aa:5e:0b:f6:e8:21:f3:dc:5f:75:
+                    9b:55:c5:07:ab:75:54:fd:9b:2e:31:da:12:45:3c:
+                    7b:1e:27:f6:a1:5b:5d:ac:0a:b4:e8:dd:d3:ba:ff:
+                    af:f1:43:31:4c:5b:5e:73:d4:a8:ce:93:b9:f1:9d:
+                    8b:17:1f:16:74:4f:9a:07:80:7c:1a:41:a6:49:21:
+                    2a:a8:83:75:18:3d:ed:17:8b:8b:b4:f8:46:d3:28:
+                    25:35:e1:17:df:e6:b4:f7:87:a7:71:0f:a0:b5:22:
+                    4d:48:35:2c:a3:dc:fc:58:33:76:fb:07:cf:fb:64:
+                    e9:fa:05:a8:be:63:eb:32:48:01:10:fd:44:a2:79:
+                    72:5d:33:62:1b:ad:f4:60:3f:7d:59:9c:07:cf:9c:
+                    b1:b5:e7:18:84:5e:ec:e0:78:6c:53:f0:cf:67:8d:
+                    91:95:73:72:de:70:c7:ca:ea:27:6f:d2:61:c8:7d:
+                    a5:28:28:61:c8:c9:e9:6b:7e:ae:07:9d:36:87:04:
+                    a4:97:1c:1d:f5:39:cb:b2:8a:32:8d:25:68:05:2d:
+                    86:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+            X509v3 Authority Key Identifier: 
+                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+                serial:20:09:05:25
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        03:b6:83:af:6c:ff:2b:21:12:b9:8a:cd:8e:2f:d9:1a:28:88:
+        0c:9f:f1:6b:73:fb:76:3f:70:d8:cd:ce:5a:f6:0f:08:6a:0a:
+        a3:f7:ad:b2:72:19:eb:0e:9c:36:bb:a4:fb:3f:90:78:ba:45:
+        ee:da:c9:8e:a0:ef:b3:ac:05:4c:f4:b4:37:18:0d:bb:20:5d:
+        f4:e7:b3:77:ea:56:0c:ad:81:42:80:04:92:ca:3b:73:ed:35:
+        d5:35:f6:9f:95:a2:2d:81:4d:e6:3a:3c:13:64:f1:0f:36:7e:
+        90:c2:a0:37:c6:19:9e:13:47:92:a3:e8:18:3d:f4:d8:a0:83:
+        80:0f:7b:a7:57:9c:60:6c:6a:3e:d4:1d:cc:5e:8c:13:7f:1c:
+        d7:f6:df:ad:ae:0a:95:12:f1:71:c2:70:98:d1:2f:6c:f0:24:
+        43:b4:7e:a4:e4:31:d4:bc:50:90:03:4b:34:ba:a3:d0:fd:f5:
+        01:17:eb:11:83:44:86:65:17:bf:89:00:c7:93:d6:70:7e:0b:
+        4b:93:dc:f9:92:50:4c:3e:11:23:c5:50:1c:49:bd:8c:0c:2c:
+        60:1c:d8:e6:5f:a4:fa:21:db:8c:62:bf:74:a3:83:1c:8d:cc:
+        8e:34:8c:16:1c:c6:71:63:89:c2:c4:45:0c:90:71:98:68:2f:
+        9d:a7:87:f7
+-----BEGIN CERTIFICATE-----
+MIIEiDCCA3CgAwIBAgIEIAkFJjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI5WhcN
+NDkwNTI1MjE0NDI5WjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDOG9tzSYWkPEIUhGp9R3jS4Vgn7eR4Xl0r7sMpxaLSb/MOCtbWf1r3MG/J
+j63+UyJGql4L9ugh89xfdZtVxQerdVT9my4x2hJFPHseJ/ahW12sCrTo3dO6/6/x
+QzFMW15z1KjOk7nxnYsXHxZ0T5oHgHwaQaZJISqog3UYPe0Xi4u0+EbTKCU14Rff
+5rT3h6dxD6C1Ik1INSyj3PxYM3b7B8/7ZOn6Bai+Y+sySAEQ/USieXJdM2IbrfRg
+P31ZnAfPnLG15xiEXuzgeGxT8M9njZGVc3LecMfK6idv0mHIfaUoKGHIyelrfq4H
+nTaHBKSXHB31OcuyijKNJWgFLYZlAgMBAAGjgeswgegwHQYDVR0OBBYEFC70zaG0
+rQOF2K9pl9UtlUDWvxK/MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGOb
+IH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoT
+D2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDEN
+MAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWls
+LmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQADtoOv
+bP8rIRK5is2OL9kaKIgMn/Frc/t2P3DYzc5a9g8Iagqj962ychnrDpw2u6T7P5B4
+ukXu2smOoO+zrAVM9LQ3GA27IF3057N36lYMrYFCgASSyjtz7TXVNfaflaItgU3m
+OjwTZPEPNn6QwqA3xhmeE0eSo+gYPfTYoIOAD3unV5xgbGo+1B3MXowTfxzX9t+t
+rgqVEvFxwnCY0S9s8CRDtH6k5DHUvFCQA0s0uqPQ/fUBF+sRg0SGZRe/iQDHk9Zw
+fgtLk9z5klBMPhEjxVAcSb2MDCxgHNjmX6T6IduMYr90o4McjcyONIwWHMZxY4nC
+xEUMkHGYaC+dp4f3
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
new file mode 100644
index 0000000..466f54a
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzhvbc0mFpDxCFIRqfUd40uFYJ+3keF5dK+7DKcWi0m/zDgrW
+1n9a9zBvyY+t/lMiRqpeC/boIfPcX3WbVcUHq3VU/ZsuMdoSRTx7Hif2oVtdrAq0
+6N3Tuv+v8UMxTFtec9SozpO58Z2LFx8WdE+aB4B8GkGmSSEqqIN1GD3tF4uLtPhG
+0yglNeEX3+a094encQ+gtSJNSDUso9z8WDN2+wfP+2Tp+gWovmPrMkgBEP1Eonly
+XTNiG630YD99WZwHz5yxtecYhF7s4HhsU/DPZ42RlXNy3nDHyuonb9JhyH2lKChh
+yMnpa36uB502hwSklxwd9TnLsooyjSVoBS2GZQIDAQABAoIBADajAdic69Vut+Gy
+fHw7Xxcf73ueP4t9EFveDlRbdN8uGBNn4i24UwfmCiw3b1tU9GghL48iY8TkXU3c
+4lGpSnA0SVR1N5i1g1RhRQ3ocCO0Ea/SosR8UW1n7F8bfc0NB4vTGvCwDoGzTrTR
+Y+VvWJiWgc+ACbGnHiTPvFGx0NEFjizCrBTWDCSMbHdujEkw/gZt1PhKgJg0DbUj
+M4zLG0YCIR/RSnNHYKgMEl2PXCKHLsMwyH52BMi/lmh47N2H0cC/5YSoCX6s1Y8I
+ZWojgMJVCN4SQInm630hiF8X0r3yQFvig1OYyebpJpqHSJUZ6GGQl5M6p8MFlgam
+BNFakH0CgYEA7F1+SJMOeWB+TnP7ilvYaXzE+aLvJ0/Wl5whyxJCCkMJsz+120Ui
+4ooKbohQF0h1IXJGeFS4hD/DK+3S/mjjBC8TQBtuvWzhk2+C7+Gigke4XjrdJXbB
+b87nDf1EPY9d1lGhVRmVh2APgPxgmw7mb3WgMN3lnh0xknhEoHPYbdMCgYEA3zrv
+pNAnGHg8ALJTHWiyEWrXRIhuOYOJa2oQB4cQeK6ou5UsfzQsd6w2UmwzghOTNtrM
+fvGeHECsTVh8AeNY9sT0GG5BY+DcOlYn3Dgs7UW0w8otZ/D/lmc9+Z/R4hBo/qcY
+h7WkcG5S0TeIiam9bq5EfTUAs5fFvbYRsdAGv+cCgYAuvrq33aVyKbwxBc0Mauec
+zRkjia6kZqy45R7ly2GWJ/XmJkZv6/dfOA+iFoFIaYMIr1HygEbRmM6fhHRC7jlf
+XXQALKy097CQ+O+7QzNhco+qyxdrTlYpJ5EYeishxZW4SgKPEvU4ha3rQ35TjBnU
+lz2sDGZZ48om/nQMC30VEwKBgQDKl5xiQZ8ZsBUUtMKF0Dy7XfGcew0+GUigOZPu
+oP+r5yevhoTptRoeSibKyvQ8OzPB9vTcyL+r+G3njESPGhvlaX32pimmUa7NKt/m
+Fv1/IWIaxuRKjwgHIg+2+vrqZeZEJrY2g/2HJDj5M6Mw/OG1D2eNEotecoG92P1a
+GOfnRQKBgQCe/zEs+IZxrnqMq+B5QIiSBTliZeGApOG7P+TS1MyvIijeIM5d1LNc
+oUtzPUSOz0CwQT669F8C4gOllnXImyHUkivBxgfwLJcOt6NqxfiTIcDqrf7jaNyp
+R8l/GuwFPz/DtBsFizfYmY9cXV5/Ihz9/gmnw0oFgVX2MLVv0CRKZA==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
new file mode 100644
index 0000000..f540dcc
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7Plp
+gpjUg4pNjYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc
+8BQcwHf0ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTj
+HE5t7iu1JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindx
+OSAnAxK6q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfD
+HArDqUYxqJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABAoIBAFd6vTKVVT0O/U04
+wTtiptA/p7fkDM5PHVBxh32Wxno5pj8PerIaiduKyuRVh7PvJRMJpw903BrAK95o
+847WWOVOaF7TcKGMBURJUS6maiJS7TboK1ZbUVnsg/I99ArhiVUKGDhlsl/Xd4np
+YPDYztzXLzLXpm7bS6CiuvP762x9dfVu8K+afP8cjH8pfXLq55ghZOUKidRQaYz1
+mNOTQyAQlCQdLRgKlYgqcRHlj0pb28XBJaln3W7Z7GFMWFPojkxx6LaCp8+Jyx2C
+tv54zIZQhMjF37tQyTnfK4Ocl3sCRb+jYV4FkrUnsQE9W2dey0Tms1XB31gfUJlx
+dRZu7zkCgYEA/nWcTwzot2OIAhXoJ2fnqTcpdmj05LHhGcayKjyix7BsVH2I0KpF
+9kXX066tr3+LxZTergl4UpWSl3yx/4kPBQM6np4VVRytn7+cQdEhOczZnBw6x7IZ
+fv81DSNruQDBRAlTtklW4KBY74JKLhaJSvF1F3x32+H+99i1MmCNJRMCgYEAyZpF
+h4c3pM9z+YlmgLdUh/G2abdoamugcQOFbzHbZowsRAxEzdEW9wj2McN6mt8Rn1tc
+tY/+PcYuIK+vcmk9k23GuzxRlJlkaDicHwlAebgVIulFcrStfTlSkXjpuOuusfD9
+2DuHMcUiPx3qElNB0dZJF/axpq7BjTIFENefhZ8CgYACn+vw1M1BtwEcJGW0olm9
+YRhIZGTCRyNvRKFp1h5HuQYlCPZ0UI1QMQA86rxX5xTmANcbLHXVRD2y2lJrtFo3
+TwU3xaGqsxUHZM6TzzhshDRqa9AfZzLkIHXHoOnnip5zuTTn2HHQ91ZzggCJ4Smh
+YEQ47cu+tOIQZGfaESzjiQKBgQCCfnZlDJRq/NFwA40y4fg4arANa+eNgw7+OC5F
+1HrUvQTmIx7iLmZ0Dvv1KDgTSTLJ+MRgzczexYoUJEQnhZGS/Wq2xYt06XlBsOr1
+d/KhFxOvXllSrzrhJJqaiS6YQQ36JijZr2aKQ7UwL7fUlsmy/safWVKStumX8Hmw
+9jFOtwKBgQDmtirdNQ8aKolokD/3bDHPcDsNcybEpiCu8BIltxZAs/LsN1IIxfcp
+mGP2AFt3mbblKbsRM8hDW/X9taeG9s2KGe5wlKOE5lV8YAo4hFoJYN2/0d8Y0K9X
+QAAYU3iPG1zL+a/7TFLJ0u/biqsBg9hnNbMnN/tOeSuKnH2Rx9F1rg==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
new file mode 100644
index 0000000..d96dc66
--- /dev/null
+++ b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 537462053 (0x20090525)
+        Signature Algorithm: dsaWithSHA1
+        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+        Validity
+            Not Before: May 25 21:44:31 2009 GMT
+            Not After : May 25 21:44:31 2049 GMT
+        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+                    7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+                    8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+                    95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+                    41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+                    80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+                    f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+                    d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+                    9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+                    6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+                    56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+                    31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+                    71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+                    41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+                    cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+                    c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+                    4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+                    e5:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+            X509v3 Authority Key Identifier: 
+                keyid:94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+
+    Signature Algorithm: dsaWithSHA1
+        30:2d:02:15:00:86:ec:d5:ef:f1:75:60:a2:09:36:40:ff:ca:
+        83:67:6a:08:5d:d4:1e:02:14:51:6c:df:41:80:43:74:2a:1c:
+        48:c2:08:85:5b:9b:7d:07:46:6b:84
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
+MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
+bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
+MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
+QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
+b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
+ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
+4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
+/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
+KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
+d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
+TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
+d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
+pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
+gEN0KhxIwgiFW5t9B0ZrhA==
+-----END CERTIFICATE-----


Mime
View raw message