directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [12/16] directory-kerby git commit: Clean up for RC2, removing commons-ssl codes
Date Sun, 03 Jan 2016 12:39:14 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java b/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
deleted file mode 100644
index fb2642f..0000000
--- a/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/X509CertificateChainBuilder.java $
- * $Revision: 134 $
- * $Date: 2008-02-26 21:30:48 -0800 (Tue, 26 Feb 2008) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import java.io.FileInputStream;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.LinkedList;
-
-/**
- * Utility for building X509 certificate chains.
- *
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 16-Nov-2005
- */
-public class X509CertificateChainBuilder {
-    /**
-     * Builds the ordered certificate chain upwards from the startingPoint.
-     * Uses the supplied X509Certificate[] array to search for the parent,
-     * grandparent, and higher ancestor certificates.  Stops at self-signed
-     * certificates, or when no ancestor can be found.
-     * <p/>
-     * Thanks to Joe Whitney for helping me put together a Big-O( m * n )
-     * implementation where m = the length of the final certificate chain.
-     * For a while I was using a Big-O( n ^ 2 ) implementation!
-     *
-     * @param startingPoint the X509Certificate for which we want to find
-     *                      ancestors
-     * @param certificates  A pool of certificates in which we expect to find
-     *                      the startingPoint's ancestors.
-     * @return Array of X509Certificates, starting with the "startingPoint" and
-     *         ending with highest level ancestor we could find in the supplied
-     *         collection.
-     * @throws java.security.NoSuchAlgorithmException
-     *          on unsupported signature
-     *          algorithms.
-     * @throws java.security.InvalidKeyException
-     *          on incorrect key.
-     * @throws java.security.NoSuchProviderException
-     *          if there's no default provider.
-     * @throws java.security.cert.CertificateException
-     *          on encoding errors.
-     */
-    public static X509Certificate[] buildPath(X509Certificate startingPoint,
-                                              Certificate[] certificates)
-        throws NoSuchAlgorithmException, InvalidKeyException,
-        NoSuchProviderException, CertificateException {
-        // Use a LinkedList, because we do lots of random it.remove() operations.
-        return buildPath(startingPoint,
-            new LinkedList(Arrays.asList(certificates)));
-    }
-
-    /**
-     * Builds the ordered certificate chain upwards from the startingPoint.
-     * Uses the supplied collection to search for the parent, grandparent,
-     * and higher ancestor certificates.  Stops at self-signed certificates,
-     * or when no ancestor can be found.
-     * <p/>
-     * Thanks to Joe Whitney for helping me put together a Big-O( m * n )
-     * implementation where m = the length of the final certificate chain.
-     * For a while I was using a Big-O( n ^ 2 ) implementation!
-     *
-     * @param startingPoint the X509Certificate for which we want to find
-     *                      ancestors
-     * @param certificates  A pool of certificates in which we expect to find
-     *                      the startingPoint's ancestors.
-     * @return Array of X509Certificates, starting with the "startingPoint" and
-     *         ending with highest level ancestor we could find in the supplied
-     *         collection.
-     * @throws java.security.NoSuchAlgorithmException
-     *          on unsupported signature
-     *          algorithms.
-     * @throws java.security.InvalidKeyException
-     *          on incorrect key.
-     * @throws java.security.NoSuchProviderException
-     *          if there's no default provider.
-     * @throws java.security.cert.CertificateException
-     *          on encoding errors.
-     */
-    public static X509Certificate[] buildPath(X509Certificate startingPoint,
-                                              Collection certificates)
-        throws NoSuchAlgorithmException, InvalidKeyException,
-        NoSuchProviderException, CertificateException {
-        LinkedList path = new LinkedList();
-        path.add(startingPoint);
-        boolean nodeAdded = true;
-        // Keep looping until an iteration happens where we don't add any nodes
-        // to our path.
-        while (nodeAdded) {
-            // We'll start out by assuming nothing gets added.  If something
-            // gets added, then nodeAdded will be changed to "true".
-            nodeAdded = false;
-            X509Certificate top = (X509Certificate) path.getLast();
-            if (isSelfSigned(top)) {
-                // We're self-signed, so we're done!
-                break;
-            }
-
-            // Not self-signed.  Let's see if we're signed by anyone in the
-            // collection.
-            Iterator it = certificates.iterator();
-            while (it.hasNext()) {
-                X509Certificate x509 = (X509Certificate) it.next();
-                if (verify(top, x509.getPublicKey())) {
-                    // We're signed by this guy!  Add him to the chain we're
-                    // building up.
-                    path.add(x509);
-                    nodeAdded = true;
-                    it.remove(); // Not interested in this guy anymore!
-                    break;
-                }
-                // Not signed by this guy, let's try the next guy.
-            }
-        }
-        X509Certificate[] results = new X509Certificate[path.size()];
-        path.toArray(results);
-        return results;
-    }
-
-    public static boolean isSelfSigned(X509Certificate cert)
-        throws CertificateException, InvalidKeyException,
-        NoSuchAlgorithmException, NoSuchProviderException {
-
-        return verify(cert, cert.getPublicKey());
-    }
-
-    public static boolean verify(X509Certificate cert, PublicKey key)
-        throws CertificateException, InvalidKeyException,
-        NoSuchAlgorithmException, NoSuchProviderException {
-
-        String sigAlg = cert.getSigAlgName();
-        String keyAlg = key.getAlgorithm();
-        sigAlg = sigAlg != null ? sigAlg.trim().toUpperCase() : "";
-        keyAlg = keyAlg != null ? keyAlg.trim().toUpperCase() : "";
-        if (keyAlg.length() >= 2 && sigAlg.endsWith(keyAlg)) {
-            try {
-                cert.verify(key);
-                return true;
-            } catch (SignatureException se) {
-                return false;
-            }
-        } else {
-            return false;
-        }
-    }
-
-    public static void main(String[] args) throws Exception {
-        if (args.length < 2) {
-            System.out.println("Usage: [special-one] [file-with-certs]");
-            System.exit(1);
-        }
-        FileInputStream f1 = new FileInputStream(args[0]);
-        FileInputStream f2 = new FileInputStream(args[1]);
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        X509Certificate theOne = (X509Certificate) cf.generateCertificate(f1);
-        Collection c = cf.generateCertificates(f2);
-
-        X509Certificate[] path = buildPath(theOne, c);
-        for (int i = 0; i < path.length; i++) {
-            System.out.println(Certificates.getCN(path[i]));
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/main/java/org/apache/kerby/pkix/PkiLoader.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/pkix/PkiLoader.java b/kerby-pkix/src/main/java/org/apache/kerby/pkix/PkiLoader.java
deleted file mode 100644
index 402e5d4..0000000
--- a/kerby-pkix/src/main/java/org/apache/kerby/pkix/PkiLoader.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *  
- *    http://www.apache.org/licenses/LICENSE-2.0
- *  
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *  
- */
-package org.apache.kerby.pkix;
-
-import org.apache.commons.ssl.PKCS8Key;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-public class PkiLoader {
-
-    public List<Certificate> loadCerts(String certFile) throws IOException {
-        InputStream is;
-        try {
-            is = new FileInputStream(new File(certFile));
-        } catch (FileNotFoundException e) {
-            throw new IOException("No cert file found", e);
-        }
-        return loadCerts(is);
-    }
-
-    public List<Certificate> loadCerts(InputStream inputStream) throws IOException {
-        CertificateFactory certFactory = null;
-        try {
-            certFactory = CertificateFactory.getInstance("X.509");
-            Collection<? extends Certificate> certs =
-                certFactory.generateCertificates(inputStream);
-            return new ArrayList<>(certs);
-        } catch (CertificateException e) {
-            throw new IOException("Failed to load certificates", e);
-        }
-    }
-
-    public PrivateKey loadPrivateKey(String keyFile, String password) throws IOException {
-        InputStream in = null;
-        try {
-            in = new FileInputStream("/path/to/pkcs8_private_key.der");
-        } catch (FileNotFoundException e) {
-            throw new IOException("No cert file found", e);
-        }
-        return loadPrivateKey(in, password);
-    }
-
-    public PrivateKey loadPrivateKey(InputStream inputStream, String password) throws IOException {
-        try {
-            return doLoadPrivateKey(inputStream, password);
-        } catch (GeneralSecurityException e) {
-            throw new IOException("Failed to load private key", e);
-        } catch (IOException e) {
-            throw new IOException("Failed to load private key", e);
-        }
-    }
-
-    private PrivateKey doLoadPrivateKey(
-            InputStream inputStream, String password) throws GeneralSecurityException, IOException {
-        if (password == null) {
-            password = "";
-        }
-        // If the provided InputStream is encrypted, we need a password to decrypt
-        // it. If the InputStream is not encrypted, then the password is ignored
-        // (can be null).  The InputStream can be DER (raw ASN.1) or PEM (base64).
-        PKCS8Key pkcs8 = new PKCS8Key(inputStream, password.toCharArray());
-
-        // If an unencrypted PKCS8 key was provided, then this actually returns
-        // exactly what was originally passed inputStream (with no changes).  If an OpenSSL
-        // key was provided, it gets reformatted as PKCS #8 first, and so these
-        // bytes will still be PKCS #8, not OpenSSL.
-        byte[] decrypted = pkcs8.getDecryptedBytes();
-        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decrypted);
-
-        // A Java PrivateKey object is born.
-        PrivateKey pk = null;
-        if (pkcs8.isDSA()) {
-            pk = KeyFactory.getInstance("DSA").generatePrivate(spec);
-        } else if (pkcs8.isRSA()) {
-            pk = KeyFactory.getInstance("RSA").generatePrivate(spec);
-        }
-
-        // For lazier types:
-        pk = pkcs8.getPrivateKey();
-
-        return pk;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java
deleted file mode 100644
index 4d775b1..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.junit.Assert;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
-
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.cert.X509Certificate;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.mockito.Mockito.when;
-
-/**
- * Created by julius on 06/09/14.
- */
-@RunWith(MockitoJUnitRunner.class)
-public class CertificatesTest {
-
-    @Mock
-    private X509Certificate x509;
-
-    @Test
-    public void testGetCNsMocked() {
-        X500Principal normal = new X500Principal("CN=abc,OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
-        X500Principal bad1 = new X500Principal("CN=\"abc,CN=foo.com,\",OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
-        X500Principal bad2 = new X500Principal("ou=\",CN=evil.ca,\",  CN=good.net");
-
-        when(x509.getSubjectX500Principal()).thenReturn(normal);
-        String[] cns = Certificates.getCNs(x509);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("abc", cns[0]);
-
-        when(x509.getSubjectX500Principal()).thenReturn(bad2);
-        cns = Certificates.getCNs(x509);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("good.net", cns[0]);
-
-        when(x509.getSubjectX500Principal()).thenReturn(bad1);
-        cns = Certificates.getCNs(x509);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("abc,CN=foo.com,", cns[0]);
-    }
-
-    @Test
-    public void testGetCNsReal() throws IOException, GeneralSecurityException {
-        String samplesDir = TEST_HOME + "x509";
-
-        TrustMaterial tm = new TrustMaterial(samplesDir + "/x509_three_cns_foo_bar_hanako.pem");
-        X509Certificate c = (X509Certificate) tm.getCertificates().first();
-        String[] cns = Certificates.getCNs(c);
-        Assert.assertEquals(3, cns.length);
-        Assert.assertEquals("foo.com", cns[0]);
-        Assert.assertEquals("bar.com", cns[1]);
-        //Assert.assertEquals("花子.co.jp", cns[2]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_foo_bar_hanako.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("foo.com", cns[0]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_wild_co_jp.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("*.co.jp", cns[0]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_wild_foo_bar_hanako.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("*.foo.com", cns[0]);
-
-        tm = new TrustMaterial(samplesDir + "/x509_wild_foo.pem");
-        c = (X509Certificate) tm.getCertificates().first();
-        cns = Certificates.getCNs(c);
-        Assert.assertEquals(1, cns.length);
-        Assert.assertEquals("*.foo.com", cns[0]);
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java
deleted file mode 100644
index a9a33f7..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.apache.commons.ssl;
-
-import java.io.File;
-import java.net.URL;
-
-public class JUnitConfig {
-
-    public static final String TEST_HOME;
-
-    static {
-        URL url = JUnitConfig.class.getResource("/not-so-commons-ssl");
-        String tmpPath = url.getFile();
-        File homeDir = new File(tmpPath);
-        TEST_HOME = homeDir.getAbsolutePath() + File.separator;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java
deleted file mode 100644
index ab58813..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/KeyMaterialTest.java
+++ /dev/null
@@ -1,77 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.EncryptoUtil;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.junit.Test;
-
-import java.io.File;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.List;
-import java.util.Locale;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assume.assumeTrue;
-
-public class KeyMaterialTest {
-    public static final char[] PASSWORD1 = "changeit".toCharArray();
-    public static final char[] PASSWORD2 = "itchange".toCharArray();
-
-    static {
-        Security.addProvider(new BouncyCastleProvider());
-    }
-
-    @Test
-    public void testKeystores() throws Exception {
-        String samplesDir = TEST_HOME + "keystores";
-        File dir = new File(samplesDir);
-        String[] files = dir.list();
-        Arrays.sort(files, String.CASE_INSENSITIVE_ORDER);
-        for (String f : files) {
-            String file = f.toUpperCase(Locale.ENGLISH);
-            if (file.endsWith(".KS") || file.contains("PKCS12")) {
-                examineKeyStore(samplesDir, f, null);
-            } else if (file.endsWith(".PEM")) {
-                examineKeyStore(samplesDir, f, "rsa.key");
-            }
-        }
-    }
-
-    private static void examineKeyStore(String dir, String fileName, String file2) throws Exception {
-        String filename = fileName.toUpperCase(Locale.ENGLISH);
-        boolean hasMultiPassword = filename.contains(".2PASS.");
-
-        System.out.print("Testing KeyMaterial: " + dir + "/" + fileName);        
-        char[] pass1 = PASSWORD1;
-        char[] pass2 = PASSWORD1;
-        if (hasMultiPassword) {
-            pass2 = PASSWORD2;
-        }
-
-        file2 = file2 != null ? dir + "/" + file2 : null;
-
-        Date today = new Date();
-        KeyMaterial km;
-
-
-        try {
-            assumeTrue(EncryptoUtil.isAES256Enabled());
-            km = new KeyMaterial(dir + "/" + fileName, file2, pass1, pass2);
-        } catch (ProbablyBadPasswordException pbpe) {
-            System.out.println("  WARN:  " + pbpe);
-            return;
-        }
-        assertEquals("keymaterial-contains-1-alias", 1, km.getAliases().size());
-        for (X509Certificate[] cert : (List<X509Certificate[]>) km.getAssociatedCertificateChains()) {
-            for (X509Certificate c : cert) {
-                assertTrue("certchain-valid-dates", c.getNotAfter().after(today));
-            }
-        }
-
-        System.out.println("\t SUCCESS! ");
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java
deleted file mode 100644
index 7855c11..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/OpenSSLTest.java
+++ /dev/null
@@ -1,166 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.EncryptoUtil;
-import org.apache.kerby.util.Util;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
-import java.util.Random;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.junit.Assume.assumeTrue;
-
-public class OpenSSLTest {
-
-    public void encTest(String cipher) throws Exception {
-        Random random = new Random();
-        char[] pwd = {'!', 'E', 'i', 'k', 'o', '?'};
-
-        for (int i = 0; i < 4567; i++) {
-            byte[] buf = new byte[i];
-            random.nextBytes(buf);
-            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
-            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
-            boolean result = Arrays.equals(buf, dec);
-            if (!result) {
-                System.out.println();
-                System.out.println("Failed on : " + i);
-            }
-            assertTrue(result);
-        }
-
-        for (int i = 5; i < 50; i++) {
-            int testSize = i * 1000 + 123;
-            byte[] buf = new byte[testSize];
-            random.nextBytes(buf);
-            byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
-            byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
-            boolean result = Arrays.equals(buf, dec);
-            if (!result) {
-                System.out.println();
-                System.out.println("Failed on : " + testSize);
-            }
-            assertTrue(result);
-        }
-
-    }
-
-    @Test
-    public void testDES3Bytes() throws Exception {
-        encTest("des3");
-    }
-
-    @Test
-    public void testAES128Bytes() throws Exception {
-        encTest("aes128");
-    }
-
-    @Test
-    public void testRC2Bytes() throws Exception {
-        encTest("rc2");
-    }
-
-    @Test
-    public void testDESBytes() throws Exception {
-        encTest("des");
-    }
-
-    @Test
-    public void testDecryptPBE() throws Exception {
-        File d = new File(TEST_HOME + "pbe");
-        File[] files = d.listFiles();
-        if (files == null) {
-            fail("No testDecryptPBE() files to test!");
-        }
-        int testCount = 0;
-        Arrays.sort(files);
-        for (File f : files) {
-            testCount += process(f, 0);
-        }
-        System.out.println(testCount + " pbe test files successfully decrypted.");
-    }
-
-    private static int process(File f, int depth) throws Exception {
-        int sum = 0;
-        String name = f.getName();
-        if ("CVS".equalsIgnoreCase(name)) {
-            return 0;
-        }
-        if (".svn".equalsIgnoreCase(name)) {
-            return 0;
-        }
-        if (name.toUpperCase().startsWith("README")) {
-            return 0;
-        }
-
-        if (f.isDirectory()) {
-            if (depth <= 7) {
-                File[] files = f.listFiles();
-                if (files == null) {
-                    return 0;
-                }
-                Arrays.sort(files);
-                for (File ff : files) {
-                    sum += process(ff, depth + 1);
-                }
-            } else {
-                System.out.println("IGNORING [" + f + "].  Directory too deep (" + depth + ").");
-            }
-        } else {
-            if (f.isFile() && f.canRead()) {
-                String fileName = f.getName();
-                int x = fileName.indexOf('.');
-                if (x < 0) {
-                    return 0;
-                }
-                if (fileName.endsWith(".failed")) {
-                    System.out.println("Skipping file marked with failed: " + fileName);
-                    return 0;
-                }
-
-                String cipher = fileName.substring(0, x);
-                String cipherPadded = Util.pad(cipher, 20, false);
-                String filePadded = Util.pad(fileName, 25, false);
-                FileInputStream in = null;
-                try {
-                    in = new FileInputStream(f);
-                    byte[] encrypted = Util.streamToBytes(in);
-                    char[] pwd = "changeit".toCharArray();
-                    try {
-                        assumeTrue(EncryptoUtil.isAES256Enabled());
-                        byte[] result = OpenSSL.decrypt(cipher, pwd, encrypted);
-                        String s = new String(result, "ISO-8859-1");
-                        if (!"Hello World!".equals(s)) {
-                            fail(cipherPadded + "." + filePadded
-                                + " decrypts to 'Hello World!', but actually is" + s);
-                        }
-                        return 1;
-                    } catch (NoSuchAlgorithmException nsae) {
-                        System.out.println("Warn: " + cipherPadded + filePadded
-                            + " NoSuchAlgorithmException");
-                        return 0;
-                    } catch (ArithmeticException ae) {
-                        if (cipherPadded.contains("cfb1")) {
-                            System.out.println("Warn: " + cipherPadded + filePadded
-                                + " BouncyCastle can't handle cfb1 " + ae);
-                            return 0;
-                        } else {
-                            throw ae;
-                        }
-                    }
-                } finally {
-                    if (in != null) {
-                        in.close();
-                    }
-                }
-            }
-        }
-        return sum;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java
deleted file mode 100644
index ef6e38d..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/PKCS8KeyTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.EncryptoUtil;
-import org.apache.kerby.util.Util;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.util.Arrays;
-import java.util.Locale;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.junit.Assume.assumeTrue;
-
-public class PKCS8KeyTest {
-
-    @Test
-    public void testDSA() throws Exception {
-        checkFiles("dsa");
-    }
-
-    @Test
-    public void testRSA() throws Exception {
-        checkFiles("rsa");
-    }
-
-    private static void checkFiles(String type) throws Exception {
-        String password = "changeit";
-        File dir = new File(TEST_HOME + type);
-        File[] files = dir.listFiles();
-        if (files == null) {
-            fail("No files to test!");
-            return;
-        }
-        byte[] original = null;
-        for (File f : files) {
-            String filename = f.getName();
-            String fileName = filename.toUpperCase(Locale.ENGLISH);
-            if (!fileName.endsWith(".PEM") && !fileName.endsWith(".DER")) {
-                // not a sample file
-                continue;
-            }
-
-            System.out.println("Checking PKCS file:" + filename);
-            FileInputStream in = new FileInputStream(f);
-            byte[] bytes = Util.streamToBytes(in);
-            assumeTrue(EncryptoUtil.isAES256Enabled());
-            PKCS8Key key = new PKCS8Key(bytes, password.toCharArray());
-            byte[] decrypted = key.getDecryptedBytes();
-            if (original == null) {
-                original = decrypted;
-            } else {
-                boolean identical = Arrays.equals(original, decrypted);
-                assertTrue(f.getCanonicalPath() + " - all " + type + " resources decrypt to same key", identical);
-            }
-        }
-
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java
deleted file mode 100644
index 2496440..0000000
--- a/kerby-pkix/src/test/java/org/apache/commons/ssl/TrustMaterialTest.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package org.apache.commons.ssl;
-
-import org.apache.kerby.util.Util;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyStoreException;
-
-import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
-
-public class TrustMaterialTest {
-
-    File pemFile = new File(TEST_HOME + "x509/certificate.pem");
-    File derFile = new File(TEST_HOME + "x509/certificate.der");
-
-    @Test
-    public void theTest() throws GeneralSecurityException, IOException {
-        // TrustMaterial in 0.3.13 couldn't load cacerts if it contained any private keys.
-        TrustMaterial tm = new TrustMaterial(TEST_HOME + "cacerts-with-78-entries-and-one-private-key.jks");
-        Assert.assertEquals(78, tm.getCertificates().size());
-    }
-
-    @Test
-    public void testLoadByFile() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(pemFile);
-        TrustMaterial tm2 = new TrustMaterial(derFile);
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-    }
-
-    @Test
-    public void testLoadByBytes() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(Util.fileToBytes(pemFile));
-        TrustMaterial tm2 = new TrustMaterial(Util.fileToBytes(derFile));
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-
-    }
-
-    @Test
-    public void testLoadByURL() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(pemFile.toURI().toURL());
-        TrustMaterial tm2 = new TrustMaterial(derFile.toURI().toURL());
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-    }
-
-    @Test
-    public void testLoadByStream() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(new FileInputStream(pemFile));
-        TrustMaterial tm2 = new TrustMaterial(new FileInputStream(derFile));
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-
-    }
-
-    @Test
-    public void testLoadByPath() throws GeneralSecurityException, IOException {
-        TrustMaterial tm1 = new TrustMaterial(pemFile.getPath());
-        TrustMaterial tm2 = new TrustMaterial(derFile.getPath());
-        Assert.assertTrue(equalKeystores(tm1, tm2));
-    }
-
-    private static boolean equalKeystores(TrustMaterial tm1, TrustMaterial tm2) throws KeyStoreException {
-        return Util.equals(tm1.getKeyStore(), tm2.getKeyStore());
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java b/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java
deleted file mode 100644
index c150fc4..0000000
--- a/kerby-pkix/src/test/java/org/apache/kerby/x509/PkiLoaderTest.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *  
- *    http://www.apache.org/licenses/LICENSE-2.0
- *  
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *  
- */
-package org.apache.kerby.x509;
-
-import org.apache.kerby.pkix.PkiLoader;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- openssl genrsa -out cakey.pem 2048
- openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
- vi extensions.kdc
- openssl genrsa -out kdckey.pem 2048
- openssl req -new -out kdc.req -key kdckey.pem
- env REALM=SH.INTEL.COM openssl x509 -req -in kdc.req -CAkey cakey.pem \
- -CA cacert.pem -out kdc.pem -days 365 -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
- */
-public class PkiLoaderTest {
-    private PkiLoader pkiLoader;
-
-    @Before
-    public void setup() {
-        pkiLoader = new PkiLoader();
-    }
-
-    @Test
-    public void loadCert() throws IOException {
-        InputStream res = getClass().getResourceAsStream("/usercert.pem");
-        List<Certificate> certs = pkiLoader.loadCerts(res);
-        Certificate userCert = certs.iterator().next();
-
-        assertThat(userCert).isNotNull();
-    }
-
-    @Test
-    public void loadKey() throws IOException {
-        InputStream res = getClass().getResourceAsStream("/userkey.pem");
-        PrivateKey key = pkiLoader.loadPrivateKey(res, null);
-
-        assertThat(key).isNotNull();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt b/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
deleted file mode 100644
index ceda279..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/PASSWORD.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Password for decrypting any of these files is
-always "changeit".
-

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt b/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
deleted file mode 100644
index ceda279..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/README.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Password for decrypting any of these files is
-always "changeit".
-

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
deleted file mode 100644
index 22e9df6..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/CA.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-
-echo
-echo "WARNING:  This script creates fake test SSL certificates that expire after 2038."
-echo "          Because of date/time issues on 32 bit unix with dates after 2038, this"
-echo "          script can only be run on 64 bit unix machines."
-echo
-
-export DAYS=14610 # 40 years
-export ROOT_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=root/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
-export  RSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=rsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
-export  DSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=dsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
-export TEST_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=test/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
-
-export CA=root
-sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
-export PRIV=$CA/private
-export ROOT_PRIV=$PRIV
-mkdir -p       $PRIV
-mkdir -p       $CA/newcerts
-touch          $CA/index.txt
-if [ ! -f "$CA/serial" ]; then
-  date +%Y%m%d > $CA/serial
-fi
-echo
-echo "Attempting to make $CA/cacert.pem"
-openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $ROOT_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
-openssl ca -config $CA.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -selfsign -extensions v3_ca -infiles $CA/careq.pem
-
-
-export CA=rsa-intermediate
-sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
-export PRIV=$CA/private
-mkdir -p       $PRIV
-mkdir -p       $CA/newcerts
-touch          $CA/index.txt
-if [ ! -f "$CA/serial" ]; then
-  date +%Y%m%d > $CA/serial
-fi
-echo
-echo "Attempting to make $CA/cacert.pem"
-openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $RSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
-openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
-
-
-export CA=dsa-intermediate
-sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
-export PRIV=$CA/private
-mkdir -p       $PRIV
-mkdir -p       $CA/newcerts
-touch          $CA/index.txt
-if [ ! -f "$CA/serial" ]; then
-  date +%Y%m%d > $CA/serial
-fi
-echo
-echo "Attempting to make $CA/cacert.pem"
-openssl dsaparam -genkey 2048 -out $CA/dsa.params
-openssl req -newkey dsa:$CA/dsa.params -days $DAYS -nodes -subj $DSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
-openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
-
-
-export CA=dsa-intermediate
-export PRIV=$CA/private
-echo
-echo "Attempting to make test-dsa-cert.pem"
-openssl req -new -key rsa.key -days $DAYS -subj $TEST_SUBJ -out testreq.pem
-openssl ca -config dsa-intermediate.cnf -create_serial -out test-dsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
-
-export CA=rsa-intermediate
-export PRIV=$CA/private
-echo
-echo "Attempting to make test-rsa-cert.pem"
-openssl ca -config rsa-intermediate.cnf -create_serial -out test-rsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
-
-cat test-rsa-cert.pem rsa-intermediate/cacert.pem root/cacert.pem > test-rsa-chain.pem
-cat test-dsa-cert.pem dsa-intermediate/cacert.pem root/cacert.pem > test-dsa-chain.pem

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
deleted file mode 100644
index e190163..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/clean.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-find -iname \*.pem  -exec rm {} \;
-find -iname \*.txt\*  -exec rm {} \;
-find -iname \*serial\*  -exec rm {} \;
-rm -f root.cnf rsa-intermediate.cnf dsa-intermediate.cnf dsa-intermediate/dsa.params

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
deleted file mode 100644
index 5431c90..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/cacert.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 537462055 (0x20090527)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
-        Validity
-            Not Before: May 25 21:44:31 2009 GMT
-            Not After : May 25 21:44:31 2049 GMT
-        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: dsaEncryption
-            DSA Public Key:
-                pub: 
-                    7a:a9:65:fb:76:ba:be:f3:fa:94:59:52:ed:4e:fc:
-                    e4:70:5e:8f:7c:14:e7:73:d6:d2:36:6b:62:d2:56:
-                    c9:6e:7a:91:63:72:4e:a9:ce:2e:eb:38:5e:c4:72:
-                    f6:2c:52:aa:51:f4:ce:3b:28:55:39:c3:ad:5d:52:
-                    fa:ac:0c:32:48:fc:00:9f:c3:d9:75:09:8d:82:e0:
-                    cb:07:65:29:25:7a:34:2e:bb:a0:2d:30:91:59:0e:
-                    ce:82:fb:2d:ad:a5:b2:b9:2b:ec:6b:b1:04:07:0c:
-                    52:16:7d:6c:0c:b2:64:c7:c6:cb:ab:18:ab:a6:fa:
-                    3e:31:f3:8f:49:75:33:69:d3:2a:2a:e7:2c:38:b5:
-                    d6:7d:33:94:ba:a6:3e:2f:e5:3b:cc:4a:27:d1:59:
-                    f3:9c:71:b1:46:64:3f:28:f1:33:d1:bc:c2:8b:47:
-                    92:2d:c6:1f:fb:23:34:56:f1:6e:18:8e:7c:0b:75:
-                    42:8a:bb:92:44:04:58:41:d1:9b:6e:d6:14:98:94:
-                    3d:77:8d:93:d3:1f:e9:7b:a7:71:94:10:ee:e9:d3:
-                    5a:4a:b8:91:61:35:4c:00:76:f2:b2:3a:bd:9f:42:
-                    f9:f0:8e:da:bd:8c:60:fd:7d:65:85:98:c5:7d:42:
-                    b9:27:de:09:0a:1c:85:a7:63:e5:71:3c:ab:78:de:
-                    cf
-                P:   
-                    00:8f:5a:80:34:53:e1:52:68:8c:cf:9b:d5:7a:01:
-                    60:57:63:f9:f8:01:55:9e:55:17:7f:f4:cc:cd:d7:
-                    fb:f7:1e:36:00:1c:ae:5c:70:e8:1b:33:ef:b8:8d:
-                    aa:69:2a:66:f0:48:fd:bb:25:82:eb:56:be:ac:ca:
-                    49:6e:7f:17:fd:3b:61:57:a7:14:c1:eb:99:5d:6b:
-                    82:03:db:1c:18:2a:25:05:19:ec:34:b8:c3:1b:2c:
-                    69:89:37:7b:85:9b:c0:a9:39:84:43:f1:60:0b:91:
-                    50:e0:b5:93:3c:ad:1c:b8:33:4e:9b:00:ed:cd:60:
-                    59:9b:57:04:7b:c0:fb:2d:49:45:e3:ce:c0:8a:aa:
-                    4d:07:3a:43:a3:3d:06:70:66:fc:9f:b2:8f:d6:c5:
-                    1f:a5:7b:00:36:a9:42:5e:50:db:38:34:8c:4a:c6:
-                    f6:3a:58:9a:a6:57:93:f7:4e:55:8b:46:f0:b0:1b:
-                    9c:a0:cb:fc:57:91:be:6d:47:56:a9:d1:46:cd:43:
-                    7b:ff:24:96:0a:dd:d7:d8:b7:58:8e:6a:a1:eb:2a:
-                    ba:40:0a:f6:d1:53:7c:84:06:fc:14:1c:d5:33:79:
-                    88:bb:4f:fa:b5:87:35:61:0d:b0:7b:07:bb:74:7c:
-                    30:a7:a3:60:7d:76:a6:d1:46:2b:84:a2:9a:28:61:
-                    f2:89
-                Q:   
-                    00:bf:87:b6:dd:a6:62:0f:88:a2:44:a5:99:ac:b9:
-                    12:82:05:7b:2e:af
-                G:   
-                    00:86:37:bd:1d:60:12:25:f5:01:7f:7e:e0:e7:de:
-                    26:f4:3d:d4:75:fe:91:41:41:b3:c6:70:7f:71:c6:
-                    5e:4e:c1:0f:3e:cc:be:9c:0b:df:b4:8f:6e:2a:0f:
-                    90:5b:20:14:75:c7:31:13:e2:d8:73:73:76:b6:c4:
-                    f5:5f:ac:b4:2a:26:4e:8c:af:87:2e:f5:1d:78:69:
-                    15:b5:b4:b7:d3:52:ec:f4:c8:6e:c5:65:bd:88:e5:
-                    c4:da:0c:48:ac:d3:2d:a2:da:b0:72:75:09:1d:aa:
-                    d9:64:80:b7:18:31:54:07:d6:7a:8b:f3:be:b7:22:
-                    87:1c:3a:c7:2f:a9:4b:8d:79:06:a1:ff:1c:db:f3:
-                    17:9b:32:a0:61:20:6e:37:92:eb:27:a1:6f:b8:22:
-                    0e:26:4d:71:9a:b3:a0:9a:fb:fb:91:68:5b:52:3b:
-                    20:75:d5:36:a6:aa:c3:dc:52:01:87:06:58:68:62:
-                    20:b8:aa:bd:2b:c9:58:60:b7:02:2e:c4:4f:bf:ec:
-                    b7:43:13:3f:90:51:65:65:a9:ba:48:74:9e:3c:ad:
-                    93:b6:00:3f:93:11:e7:cd:ea:5f:11:44:b2:4f:d1:
-                    e3:fd:19:a8:bc:4a:c6:ae:4c:ec:83:85:fa:98:ed:
-                    0b:a3:8f:a0:35:38:d4:9f:96:fd:f3:b2:b5:80:d5:
-                    1e:a4
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
-            X509v3 Authority Key Identifier: 
-                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
-                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
-                serial:20:09:05:25
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        30:75:fb:1e:e2:d0:ff:18:3a:de:7d:49:8a:20:33:bc:0e:0c:
-        ad:7a:68:f8:57:91:3a:bd:2b:07:a7:25:a6:c6:d0:f7:30:57:
-        73:a3:34:af:ee:d3:5d:06:9f:80:f5:41:b7:7f:e8:0e:e2:28:
-        6c:a5:d7:82:9b:81:89:85:9f:47:5d:af:17:ab:f6:e1:02:4c:
-        01:2b:07:7c:2b:e1:77:1c:a4:e9:a6:89:97:50:49:87:73:04:
-        6e:32:50:f5:b7:be:f2:60:b3:9c:5f:b4:2a:d2:2f:c0:0b:82:
-        47:71:70:62:cc:98:ad:47:20:58:61:d6:c0:c5:30:65:3f:97:
-        43:47:50:cb:90:4c:c3:7c:50:c4:28:27:b7:2d:c8:2a:61:40:
-        18:7e:fa:ce:03:39:20:f9:96:a2:da:1c:fe:5e:c7:9f:f1:bc:
-        98:18:c1:63:e6:f6:35:35:d8:5d:18:2e:ef:87:7d:af:00:a3:
-        bc:12:18:c3:11:1e:8a:6d:bf:5d:10:87:6f:79:f3:8f:11:9d:
-        cb:0d:fe:f6:fe:4f:d0:2b:de:8e:3a:da:f3:46:11:ca:12:bb:
-        ca:22:67:05:45:e6:fd:9f:71:09:98:0b:1e:cf:51:73:b2:ad:
-        48:f9:06:2a:b5:5c:9f:f3:97:e0:8e:a3:df:57:1c:a7:94:ca:
-        f2:97:8e:56
------BEGIN CERTIFICATE-----
-MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
-Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
-BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
-9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
-NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
-VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
-c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
-bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
-gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
-/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
-hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
-j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
-e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
-YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
-JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
-c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
-HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
-Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
-kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
-n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
-VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
-ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
-dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
-8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
-Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
-BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
-wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
-GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
-b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
-aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
-Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
-MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
-LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
-bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
-+QYqtVyf85fgjqPfVxynlMryl45W
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
deleted file mode 100644
index 5b4d97f..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/dsa.params
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIICIQKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByuXHDo
-GzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRnsNLjD
-GyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487AiqpN
-BzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBucoMv8
-V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6tYc1
-YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIFey6v
-AoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0j24q
-D5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I5cTa
-DEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xebMqBh
-IG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0ryVhg
-twIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8SsauTOyD
-hfqY7Qujj6A1ONSflv3zsrWA1R6k
------END DSA PARAMETERS-----
------BEGIN DSA PRIVATE KEY-----
-MIIDPwIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
-XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
-NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
-iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
-oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
-tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
-ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
-j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
-5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
-MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
-yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
-TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAEv2b206JjZOeRVQ6R4gmCGhxCL6
-v8K/geGdHOzveYLGc+eaSfEP2X9F64rq4lf7kZSfjlwbCa7wPFiudQwTqIvtz6AO
-7tYfDk5BKsSqxfHChYHbTK5bUIvPapMH+aATdX0haXRRvNGY/V7lAPoBSwpWpPzG
-17rz29tysLZWvaDJK05Vwg+UmJB3AG4zyJGD/Zw2Ub/Eik1rL2N7p6ewa7EsTG4H
-pZAYwCJvAhidpaLfpoFxmF7VsMU+e/SwV++sbElb/a9szjbRc80jTyDHdxTO+hCS
-6MJjQkev4Bzy4+DO/PrCESoZymg4skRkVVc0knpSuGUviPZejvkdVo26mlsCFQCW
-c8bFDKclUXmeh6vxr7RGih+SKg==
------END DSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
deleted file mode 100644
index adc6d0b..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/dsa-intermediate/private/cakey.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIDPgIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
-XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
-NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
-iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
-oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
-tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
-ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
-j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
-5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
-MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
-yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
-TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98
-FOdz1tI2a2LSVsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACf
-w9l1CY2C4MsHZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsur
-GKum+j4x849JdTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKL
-R5Itxh/7IzRW8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pK
-uJFhNUwAdvKyOr2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s8CFDIz
-Am1wgwvcQt/K9JADNgPY9gyS
------END DSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
deleted file mode 100644
index 9e59020..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/openssl.cnf
+++ /dev/null
@@ -1,313 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME			= .
-RANDFILE		= $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file		= $ENV::HOME/.oid
-oid_section		= new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions		= 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= usr_cert		# The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions	= crl_ext
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= sha1			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
-# default: PrintableString, T61String, BMPString.
-# pkix	 : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= World Wide Web Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
-
-# SET-ex3			= SET extension number 3
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
deleted file mode 100644
index bb8bf4b..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/cacert.pem
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 537462053 (0x20090525)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
-        Validity
-            Not Before: May 25 21:44:28 2009 GMT
-            Not After : May 25 21:44:28 2049 GMT
-        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
-                    59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
-                    e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
-                    dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
-                    29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
-                    28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
-                    f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
-                    49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
-                    89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
-                    f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
-                    4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
-                    3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
-                    1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
-                    8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
-                    a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
-                    3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
-                    7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
-                    d2:15
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
-            X509v3 Authority Key Identifier: 
-                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
-                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
-                serial:20:09:05:25
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
-        af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
-        18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
-        7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
-        ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
-        35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
-        65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
-        6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
-        2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
-        67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
-        fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
-        b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
-        29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
-        f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
-        52:03:0f:ad
------BEGIN CERTIFICATE-----
-MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
-Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
-BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
-9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
-NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
-VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
-c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
-bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
-kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
-vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
-sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
-PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
-/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
-01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
-IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
-MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
-cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
-dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
-BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
-0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
-ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
-YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
-2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
-YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
deleted file mode 100644
index d4bb17a..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/root/private/cakey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAudsEFoxB65HEuNEacyhZCbh6tQVA208rY3u/AXDhDUwJOjtj
-niIT+lXRvOjdMXHfDaYLKSnM2r1pXMspfmyMk4LHiwDqC4w1XP4oEs+6ESRIvAru
-N1Sj8pvydpR9VsBSNfD/yIwIfrBJxS/9QZIG6MJxDfZw5ZOJgKITQ6xTVroaRESY
-zbr5OpMgcTSTDz80NC5TstdKIj6JCsNuEkC68yJtOGM78O9CKy300vipds4TN84a
-pL1CoHtx3w4/kxCdIgqLYZLGTP7nv1b0XNOFmJKi3NE9+G4+rOGHL+H7MNU9JPzZ
-0ay5ypxB/2Cq5Fd+sZOsT2S1CtNXThJoWxjSFQIDAQABAoIBAH6oCRMspkfZYQzq
-Q3IzDuqW89ilKdvLCjCTxkk/Gb+sD6XFj0/WvXKeRX7N2t+1UGLGw1hcCiUPa9w2
-/6IOa4ajW0UZbGZOOJeVBM49DfpclczATjMa1VeiewvgicIy8lOcV1PeSnO7w6pD
-1/11fIvm5pCzX6C0eMJWsXYu2+R/abc1VJPsm+lJ4dTErAM0MQNjbpSB7rth5AAh
-V4e1W6SU0IqMZbTfFYwwgwUHSW8Q3wk30yY0tiMoblNaDfYomoGK1ekfCpdE9eve
-okGGs5Nv3q4h1gJsUPF9oSWcCuMW3zTKH6DUtuuE08Q9x1Z/g1YralWV4WnApSSS
-iZy3k4kCgYEA4G5lOblwaZ3rmV4h76lwwOderqwdLs0T4p7TUalgg+fiy2ifC37d
-VXyk/ZEw9nqWH1C9QIUpM6VH0l/cYxCAt94ioYkZZYQmGZVGzBOdIA4LEdP1juN4
-fCOuesxSaRu2DEVf3J7U1XsOsLPT9cUb/UtgmUqVrcprSiYDmYWU+cMCgYEA0/+J
-qytZi5PFZWa+rBxm6zb1WXrIzs3AavVWG2ryGjZuLjO0ADLDDPTvNI6WGo807PpX
-2ISq7VAFCWm1kukgUFNc7a+uIAMHV4USW5MRnTtc91C71iBabYs2uYJnP9KZKjnz
-1kji6+jz4wbHyIddkMwKVCmMmdHHlhXpj4vUb0cCgYAdUE4IbCAyq13KenEUTJ1d
-lNrZFcH6Cu89+mC/mc/xaqhEyTV82uUt9UnXlM9AYmKZVIJjmwD2re/jmoG+rrkh
-SvJbBv06NTiEvuqwXR94wFzRx02bjDqAfGidwXJCKExu7eDHgDdsatZQXiyhPU2a
-l+3WF9fVC0tYM/7kXn5G4QKBgF1AnrIok28ORVphY6YZqDv3JN2DYSl24BksagAN
-fwmAv96a56berWXZqA8aWXS9Ya6MQHABi55wAIcvdKt22Lv8r3fuO03hhy08X+Lg
-QnNDVZWEcduyx5RAFIZtkjVE0hL9AwFTdl4HTqCirubKhKHY3wI+dJaE7KJcaSy3
-eW6pAoGAayYZFNrDqHJJl8urrX2k6K+m+VE0xU94h9Vx4MpRa/f9bZ0U8YVNdTkZ
-BR6kUHOpOFO166jcBZJX3V305IbQB5TeysIyYqBaMATDc6tAEB+Celoz3+hw/Je2
-bIiQgdtctH4MarQkGlokUGjEz2aMg0l7vecgxQE88l/svAF3vmA=
------END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
deleted file mode 100644
index ac2c117..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/cacert.pem
+++ /dev/null
@@ -1,86 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 537462054 (0x20090526)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
-        Validity
-            Not Before: May 25 21:44:29 2009 GMT
-            Not After : May 25 21:44:29 2049 GMT
-        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ce:1b:db:73:49:85:a4:3c:42:14:84:6a:7d:47:
-                    78:d2:e1:58:27:ed:e4:78:5e:5d:2b:ee:c3:29:c5:
-                    a2:d2:6f:f3:0e:0a:d6:d6:7f:5a:f7:30:6f:c9:8f:
-                    ad:fe:53:22:46:aa:5e:0b:f6:e8:21:f3:dc:5f:75:
-                    9b:55:c5:07:ab:75:54:fd:9b:2e:31:da:12:45:3c:
-                    7b:1e:27:f6:a1:5b:5d:ac:0a:b4:e8:dd:d3:ba:ff:
-                    af:f1:43:31:4c:5b:5e:73:d4:a8:ce:93:b9:f1:9d:
-                    8b:17:1f:16:74:4f:9a:07:80:7c:1a:41:a6:49:21:
-                    2a:a8:83:75:18:3d:ed:17:8b:8b:b4:f8:46:d3:28:
-                    25:35:e1:17:df:e6:b4:f7:87:a7:71:0f:a0:b5:22:
-                    4d:48:35:2c:a3:dc:fc:58:33:76:fb:07:cf:fb:64:
-                    e9:fa:05:a8:be:63:eb:32:48:01:10:fd:44:a2:79:
-                    72:5d:33:62:1b:ad:f4:60:3f:7d:59:9c:07:cf:9c:
-                    b1:b5:e7:18:84:5e:ec:e0:78:6c:53:f0:cf:67:8d:
-                    91:95:73:72:de:70:c7:ca:ea:27:6f:d2:61:c8:7d:
-                    a5:28:28:61:c8:c9:e9:6b:7e:ae:07:9d:36:87:04:
-                    a4:97:1c:1d:f5:39:cb:b2:8a:32:8d:25:68:05:2d:
-                    86:65
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
-            X509v3 Authority Key Identifier: 
-                keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
-                DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
-                serial:20:09:05:25
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        03:b6:83:af:6c:ff:2b:21:12:b9:8a:cd:8e:2f:d9:1a:28:88:
-        0c:9f:f1:6b:73:fb:76:3f:70:d8:cd:ce:5a:f6:0f:08:6a:0a:
-        a3:f7:ad:b2:72:19:eb:0e:9c:36:bb:a4:fb:3f:90:78:ba:45:
-        ee:da:c9:8e:a0:ef:b3:ac:05:4c:f4:b4:37:18:0d:bb:20:5d:
-        f4:e7:b3:77:ea:56:0c:ad:81:42:80:04:92:ca:3b:73:ed:35:
-        d5:35:f6:9f:95:a2:2d:81:4d:e6:3a:3c:13:64:f1:0f:36:7e:
-        90:c2:a0:37:c6:19:9e:13:47:92:a3:e8:18:3d:f4:d8:a0:83:
-        80:0f:7b:a7:57:9c:60:6c:6a:3e:d4:1d:cc:5e:8c:13:7f:1c:
-        d7:f6:df:ad:ae:0a:95:12:f1:71:c2:70:98:d1:2f:6c:f0:24:
-        43:b4:7e:a4:e4:31:d4:bc:50:90:03:4b:34:ba:a3:d0:fd:f5:
-        01:17:eb:11:83:44:86:65:17:bf:89:00:c7:93:d6:70:7e:0b:
-        4b:93:dc:f9:92:50:4c:3e:11:23:c5:50:1c:49:bd:8c:0c:2c:
-        60:1c:d8:e6:5f:a4:fa:21:db:8c:62:bf:74:a3:83:1c:8d:cc:
-        8e:34:8c:16:1c:c6:71:63:89:c2:c4:45:0c:90:71:98:68:2f:
-        9d:a7:87:f7
------BEGIN CERTIFICATE-----
-MIIEiDCCA3CgAwIBAgIEIAkFJjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
-Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
-BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
-9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI5WhcN
-NDkwNTI1MjE0NDI5WjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
-VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
-c2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
-bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDOG9tzSYWkPEIUhGp9R3jS4Vgn7eR4Xl0r7sMpxaLSb/MOCtbWf1r3MG/J
-j63+UyJGql4L9ugh89xfdZtVxQerdVT9my4x2hJFPHseJ/ahW12sCrTo3dO6/6/x
-QzFMW15z1KjOk7nxnYsXHxZ0T5oHgHwaQaZJISqog3UYPe0Xi4u0+EbTKCU14Rff
-5rT3h6dxD6C1Ik1INSyj3PxYM3b7B8/7ZOn6Bai+Y+sySAEQ/USieXJdM2IbrfRg
-P31ZnAfPnLG15xiEXuzgeGxT8M9njZGVc3LecMfK6idv0mHIfaUoKGHIyelrfq4H
-nTaHBKSXHB31OcuyijKNJWgFLYZlAgMBAAGjgeswgegwHQYDVR0OBBYEFC70zaG0
-rQOF2K9pl9UtlUDWvxK/MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGOb
-IH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoT
-D2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDEN
-MAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWls
-LmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQADtoOv
-bP8rIRK5is2OL9kaKIgMn/Frc/t2P3DYzc5a9g8Iagqj962ychnrDpw2u6T7P5B4
-ukXu2smOoO+zrAVM9LQ3GA27IF3057N36lYMrYFCgASSyjtz7TXVNfaflaItgU3m
-OjwTZPEPNn6QwqA3xhmeE0eSo+gYPfTYoIOAD3unV5xgbGo+1B3MXowTfxzX9t+t
-rgqVEvFxwnCY0S9s8CRDtH6k5DHUvFCQA0s0uqPQ/fUBF+sRg0SGZRe/iQDHk9Zw
-fgtLk9z5klBMPhEjxVAcSb2MDCxgHNjmX6T6IduMYr90o4McjcyONIwWHMZxY4nC
-xEUMkHGYaC+dp4f3
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
deleted file mode 100644
index 466f54a..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa-intermediate/private/cakey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzhvbc0mFpDxCFIRqfUd40uFYJ+3keF5dK+7DKcWi0m/zDgrW
-1n9a9zBvyY+t/lMiRqpeC/boIfPcX3WbVcUHq3VU/ZsuMdoSRTx7Hif2oVtdrAq0
-6N3Tuv+v8UMxTFtec9SozpO58Z2LFx8WdE+aB4B8GkGmSSEqqIN1GD3tF4uLtPhG
-0yglNeEX3+a094encQ+gtSJNSDUso9z8WDN2+wfP+2Tp+gWovmPrMkgBEP1Eonly
-XTNiG630YD99WZwHz5yxtecYhF7s4HhsU/DPZ42RlXNy3nDHyuonb9JhyH2lKChh
-yMnpa36uB502hwSklxwd9TnLsooyjSVoBS2GZQIDAQABAoIBADajAdic69Vut+Gy
-fHw7Xxcf73ueP4t9EFveDlRbdN8uGBNn4i24UwfmCiw3b1tU9GghL48iY8TkXU3c
-4lGpSnA0SVR1N5i1g1RhRQ3ocCO0Ea/SosR8UW1n7F8bfc0NB4vTGvCwDoGzTrTR
-Y+VvWJiWgc+ACbGnHiTPvFGx0NEFjizCrBTWDCSMbHdujEkw/gZt1PhKgJg0DbUj
-M4zLG0YCIR/RSnNHYKgMEl2PXCKHLsMwyH52BMi/lmh47N2H0cC/5YSoCX6s1Y8I
-ZWojgMJVCN4SQInm630hiF8X0r3yQFvig1OYyebpJpqHSJUZ6GGQl5M6p8MFlgam
-BNFakH0CgYEA7F1+SJMOeWB+TnP7ilvYaXzE+aLvJ0/Wl5whyxJCCkMJsz+120Ui
-4ooKbohQF0h1IXJGeFS4hD/DK+3S/mjjBC8TQBtuvWzhk2+C7+Gigke4XjrdJXbB
-b87nDf1EPY9d1lGhVRmVh2APgPxgmw7mb3WgMN3lnh0xknhEoHPYbdMCgYEA3zrv
-pNAnGHg8ALJTHWiyEWrXRIhuOYOJa2oQB4cQeK6ou5UsfzQsd6w2UmwzghOTNtrM
-fvGeHECsTVh8AeNY9sT0GG5BY+DcOlYn3Dgs7UW0w8otZ/D/lmc9+Z/R4hBo/qcY
-h7WkcG5S0TeIiam9bq5EfTUAs5fFvbYRsdAGv+cCgYAuvrq33aVyKbwxBc0Mauec
-zRkjia6kZqy45R7ly2GWJ/XmJkZv6/dfOA+iFoFIaYMIr1HygEbRmM6fhHRC7jlf
-XXQALKy097CQ+O+7QzNhco+qyxdrTlYpJ5EYeishxZW4SgKPEvU4ha3rQ35TjBnU
-lz2sDGZZ48om/nQMC30VEwKBgQDKl5xiQZ8ZsBUUtMKF0Dy7XfGcew0+GUigOZPu
-oP+r5yevhoTptRoeSibKyvQ8OzPB9vTcyL+r+G3njESPGhvlaX32pimmUa7NKt/m
-Fv1/IWIaxuRKjwgHIg+2+vrqZeZEJrY2g/2HJDj5M6Mw/OG1D2eNEotecoG92P1a
-GOfnRQKBgQCe/zEs+IZxrnqMq+B5QIiSBTliZeGApOG7P+TS1MyvIijeIM5d1LNc
-oUtzPUSOz0CwQT669F8C4gOllnXImyHUkivBxgfwLJcOt6NqxfiTIcDqrf7jaNyp
-R8l/GuwFPz/DtBsFizfYmY9cXV5/Ihz9/gmnw0oFgVX2MLVv0CRKZA==
------END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
deleted file mode 100644
index f540dcc..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/rsa.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7Plp
-gpjUg4pNjYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc
-8BQcwHf0ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTj
-HE5t7iu1JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindx
-OSAnAxK6q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfD
-HArDqUYxqJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABAoIBAFd6vTKVVT0O/U04
-wTtiptA/p7fkDM5PHVBxh32Wxno5pj8PerIaiduKyuRVh7PvJRMJpw903BrAK95o
-847WWOVOaF7TcKGMBURJUS6maiJS7TboK1ZbUVnsg/I99ArhiVUKGDhlsl/Xd4np
-YPDYztzXLzLXpm7bS6CiuvP762x9dfVu8K+afP8cjH8pfXLq55ghZOUKidRQaYz1
-mNOTQyAQlCQdLRgKlYgqcRHlj0pb28XBJaln3W7Z7GFMWFPojkxx6LaCp8+Jyx2C
-tv54zIZQhMjF37tQyTnfK4Ocl3sCRb+jYV4FkrUnsQE9W2dey0Tms1XB31gfUJlx
-dRZu7zkCgYEA/nWcTwzot2OIAhXoJ2fnqTcpdmj05LHhGcayKjyix7BsVH2I0KpF
-9kXX066tr3+LxZTergl4UpWSl3yx/4kPBQM6np4VVRytn7+cQdEhOczZnBw6x7IZ
-fv81DSNruQDBRAlTtklW4KBY74JKLhaJSvF1F3x32+H+99i1MmCNJRMCgYEAyZpF
-h4c3pM9z+YlmgLdUh/G2abdoamugcQOFbzHbZowsRAxEzdEW9wj2McN6mt8Rn1tc
-tY/+PcYuIK+vcmk9k23GuzxRlJlkaDicHwlAebgVIulFcrStfTlSkXjpuOuusfD9
-2DuHMcUiPx3qElNB0dZJF/axpq7BjTIFENefhZ8CgYACn+vw1M1BtwEcJGW0olm9
-YRhIZGTCRyNvRKFp1h5HuQYlCPZ0UI1QMQA86rxX5xTmANcbLHXVRD2y2lJrtFo3
-TwU3xaGqsxUHZM6TzzhshDRqa9AfZzLkIHXHoOnnip5zuTTn2HHQ91ZzggCJ4Smh
-YEQ47cu+tOIQZGfaESzjiQKBgQCCfnZlDJRq/NFwA40y4fg4arANa+eNgw7+OC5F
-1HrUvQTmIx7iLmZ0Dvv1KDgTSTLJ+MRgzczexYoUJEQnhZGS/Wq2xYt06XlBsOr1
-d/KhFxOvXllSrzrhJJqaiS6YQQ36JijZr2aKQ7UwL7fUlsmy/safWVKStumX8Hmw
-9jFOtwKBgQDmtirdNQ8aKolokD/3bDHPcDsNcybEpiCu8BIltxZAs/LsN1IIxfcp
-mGP2AFt3mbblKbsRM8hDW/X9taeG9s2KGe5wlKOE5lV8YAo4hFoJYN2/0d8Y0K9X
-QAAYU3iPG1zL+a/7TFLJ0u/biqsBg9hnNbMnN/tOeSuKnH2Rx9F1rg==
------END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/63dcb1a5/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem b/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
deleted file mode 100644
index d96dc66..0000000
--- a/kerby-pkix/src/test/resources/not-so-commons-ssl/ca/test-dsa-cert.pem
+++ /dev/null
@@ -1,67 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 537462053 (0x20090525)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
-        Validity
-            Not Before: May 25 21:44:31 2009 GMT
-            Not After : May 25 21:44:31 2049 GMT
-        Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
-                    7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
-                    8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
-                    95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
-                    41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
-                    80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
-                    f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
-                    d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
-                    9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
-                    6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
-                    56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
-                    31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
-                    71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
-                    41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
-                    cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
-                    c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
-                    4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
-                    e5:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
-            X509v3 Authority Key Identifier: 
-                keyid:94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
-
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:15:00:86:ec:d5:ef:f1:75:60:a2:09:36:40:ff:ca:
-        83:67:6a:08:5d:d4:1e:02:14:51:6c:df:41:80:43:74:2a:1c:
-        48:c2:08:85:5b:9b:7d:07:46:6b:84
------BEGIN CERTIFICATE-----
-MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
-MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
-bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
-MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
-MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
-QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
-b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
-ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
-4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
-/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
-KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
-d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
-TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
-AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
-d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
-pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
-gEN0KhxIwgiFW5t9B0ZrhA==
------END CERTIFICATE-----


Mime
View raw message