Package org.ejbca.util

Source Code of org.ejbca.util.CertToolsTest

/*************************************************************************
*                                                                       *
*  EJBCA: The OpenSource Certificate Authority                          *
*                                                                       *
*  This software is free software; you can redistribute it and/or       *
*  modify it under the terms of the GNU Lesser General Public           *
*  License as published by the Free Software Foundation; either         *
*  version 2.1 of the License, or any later version.                    *
*                                                                       *
*  See terms of license at gnu.org.                                     *
*                                                                       *
*************************************************************************/

package org.ejbca.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;

import junit.framework.TestCase;

import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509DefaultEntryConverter;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.asn1.x509.qualified.ETSIQCObjectIdentifiers;
import org.bouncycastle.asn1.x509.qualified.RFC3739QCObjectIdentifiers;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.util.encoders.Hex;
import org.ejbca.core.model.AlgorithmConstants;
import org.ejbca.cvc.CVCAuthenticatedRequest;
import org.ejbca.cvc.CVCObject;
import org.ejbca.cvc.CVCertificate;
import org.ejbca.cvc.CardVerifiableCertificate;
import org.ejbca.cvc.CertificateParser;
import org.ejbca.util.cert.QCStatementExtension;
import org.ejbca.util.cert.SubjectDirAttrExtension;
import org.ejbca.util.keystore.KeyTools;

import com.novell.ldap.LDAPDN;

/**
* Tests the CertTools class .
*
* @version $Id: CertToolsTest.java 11319 2011-02-07 10:57:09Z jeklund $
*/
public class CertToolsTest extends TestCase {
  private static Logger log = Logger.getLogger(CertToolsTest.class);
  private static byte[] testcert = Base64
      .decode(("MIIDATCCAmqgAwIBAgIIczEoghAwc3EwDQYJKoZIhvcNAQEFBQAwLzEPMA0GA1UE"
          + "AxMGVGVzdENBMQ8wDQYDVQQKEwZBbmFUb20xCzAJBgNVBAYTAlNFMB4XDTAzMDky"
          + "NDA2NDgwNFoXDTA1MDkyMzA2NTgwNFowMzEQMA4GA1UEAxMHcDEydGVzdDESMBAG"
          + "A1UEChMJUHJpbWVUZXN0MQswCQYDVQQGEwJTRTCBnTANBgkqhkiG9w0BAQEFAAOB"
          + "iwAwgYcCgYEAnPAtfpU63/0h6InBmesN8FYS47hMvq/sliSBOMU0VqzlNNXuhD8a"
          + "3FypGfnPXvjJP5YX9ORu1xAfTNao2sSHLtrkNJQBv6jCRIMYbjjo84UFab2qhhaJ"
          + "wqJgkQNKu2LHy5gFUztxD8JIuFPoayp1n9JL/gqFDv6k81UnDGmHeFcCARGjggEi"
          + "MIIBHjAPBgNVHRMBAf8EBTADAQEAMA8GA1UdDwEB/wQFAwMHoAAwOwYDVR0lBDQw"
          + "MgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUF"
          + "BwMHMB0GA1UdDgQWBBTnT1aQ9I0Ud4OEfNJkSOgJSrsIoDAfBgNVHSMEGDAWgBRj"
          + "e/R2qFQkjqV0pXdEpvReD1eSUTAiBgNVHREEGzAZoBcGCisGAQQBgjcUAgOgCQwH"
          + "Zm9vQGZvbzASBgNVHSAECzAJMAcGBSkBAQEBMEUGA1UdHwQ+MDwwOqA4oDaGNGh0"
          + "dHA6Ly8xMjcuMC4wLjE6ODA4MC9lamJjYS93ZWJkaXN0L2NlcnRkaXN0P2NtZD1j"
          + "cmwwDQYJKoZIhvcNAQEFBQADgYEAU4CCcLoSUDGXJAOO9hGhvxQiwjGD2rVKCLR4"
          + "emox1mlQ5rgO9sSel6jHkwceaq4A55+qXAjQVsuy76UJnc8ncYX8f98uSYKcjxo/"
          + "ifn1eHMbL8dGLd5bc2GNBZkmhFIEoDvbfn9jo7phlS8iyvF2YhC4eso8Xb+T7+BZ"
          + "QUOBOvc=").getBytes());

  private static byte[] guidcert = Base64
      .decode(("MIIC+zCCAmSgAwIBAgIIBW0F4eGmH0YwDQYJKoZIhvcNAQEFBQAwMTERMA8GA1UE"
          + "AxMIQWRtaW5DQTExDzANBgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UwHhcNMDQw"
          + "OTE2MTc1NzQ1WhcNMDYwOTE2MTgwNzQ1WjAyMRQwEgYKCZImiZPyLGQBARMEZ3Vp"
          + "ZDENMAsGA1UEAxMER3VpZDELMAkGA1UEBhMCU0UwgZ8wDQYJKoZIhvcNAQEBBQAD"
          + "gY0AMIGJAoGBANdjsBcLJKUN4hzJU1p3cqaXhPgEjGul62/3xv+Gow+7oOYePcK8"
          + "bM5VO4zdQVWEhuGOZFaZ70YbXhei4F9kvqlN7xuG47g7DNZ0/fnRzvGY0BHmIR4Y"
          + "/U87oMEDa2Giy0WTjsmT14uzy4luFgqb2ZA3USGcyJ9hoT6j1WDyOxitAgMBAAGj"
          + "ggEZMIIBFTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDA7BgNVHSUENDAy"
          + "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUH"
          + "AwcwHQYDVR0OBBYEFJlDddj88zI7tz3SPfdig0gw5IWvMB8GA1UdIwQYMBaAFI1k"
          + "9WhE1WXpeezZx/kM0qsoZyqVMHgGA1UdEQRxMG+BDGd1aWRAZm9vLmNvbYIMZ3Vp"
          + "ZC5mb28uY29thhRodHRwOi8vZ3VpZC5mb28uY29tL4cECgwNDqAcBgorBgEEAYI3"
          + "FAIDoA4MDGd1aWRAZm9vLmNvbaAXBgkrBgEEAYI3GQGgCgQIEjRWeJCrze8wDQYJ"
          + "KoZIhvcNAQEFBQADgYEAq39n6CZJgJnW0CH+QkcuU5F4RQveNPGiJzIJxUeOQ1yQ"
          + "gSkt3hvNwG4kLBmmwe9YLdS83dgNImMWL/DgID/47aENlBNai14CvtMceokik4IN"
          + "sacc7x/Vp3xezHLuBMcf3E3VSo4FwqcUYFmu7Obke3ebmB08nC6gnQHkzjNsmQw=")
          .getBytes());

  private static byte[] altNameCert = Base64
      .decode(("MIIDDzCCAfegAwIBAgIIPiL0klmu1uIwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE"
          + "AxMIQWRtaW5DQTExFTATBgNVBAoTDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw"
          + "HhcNMDUwODAyMTAxOTQ5WhcNMDcwODAyMTAyOTQ5WjAsMQwwCgYDVQQDEwNmb28x"
          + "DzANBgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UwXDANBgkqhkiG9w0BAQEFAANL"
          + "ADBIAkEAmMVWkkEMLbDNoB/NG3kJ22eC18syXqaHWRWc4DldFeCMGeLzfB2NklNv"
          + "hmr2kgIJcK+wyFpMkYm46dSMOrvovQIDAQABo4HxMIHuMAwGA1UdEwEB/wQCMAAw"
          + "DgYDVR0PAQH/BAQDAgWgMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYI"
          + "KwYBBQUHAwQGCCsGAQUFBwMFBggrBgEFBQcDBzAdBgNVHQ4EFgQUIV/Fck/+UVnw"
          + "tJigtZIF5OuuhlIwHwYDVR0jBBgwFoAUB/2KRYNOZxRDkJ5oChjNeXgwtCcwUQYD"
          + "VR0RBEowSIEKdG9tYXNAYS5zZYIId3d3LmEuc2WGEGh0dHA6Ly93d3cuYS5zZS+H"
          + "BAoBAQGgGAYKKwYBBAGCNxQCA6AKDAhmb29AYS5zZTANBgkqhkiG9w0BAQUFAAOC"
          + "AQEAfAGJM0/s+Yi1Ewmvt9Z/9w8X/T/02bF8P8MJG2H2eiIMCs/tkNhnlFGYYGhD"
          + "Km8ynveQZbdYvKFioOr/D19gMis/HNy9UDfOMrJdeGWiwxUHvKKbtcSlOPH3Hm0t"
          + "LSKomWdKfjTksfj69Tf01S0oNonprvwGxIdsa1uA9BC/MjkkPt1qEWkt/FWCfq9u"
          + "8Xyj2tZEJKjLgAW6qJ3ye81pEVKHgMmapWTQU2uI1qyEPYxoT9WkQtSObGI1wCqO"
          + "YmKglnd5BIUBPO9LOryyHlSRTID5z0UgDlrTAaNYuN8QOYF+DZEQxm4bSXTDooGX"
          + "rHjSjn/7Urb31CXWAxq0Zhk3fg==").getBytes());

  private static byte[] altNameCertWithDirectoryName = Base64
      .decode(("MIIFkjCCBPugAwIBAgIIBzGqGNsLMqwwDQYJKoZIhvcNAQEFBQAwWTEYMBYGA1UEAwwPU1VCX0NBX1dJTkRPV1MzMQ8wDQYDVQQLEwZQS0lHVkExHzAdBgNVBAoTFkdlbmVyYWxpdGF0IFZhbGVuY2lhbmExCzAJBgNVBAYTAkVTMB4XDTA2MDQyMTA5NDQ0OVoXDTA4MDQyMDA5NTQ0OVowcTEbMBkGCgmSJomT8ixkAQETC3Rlc3REaXJOYW1lMRQwEgYDVQQDEwt0ZXN0RGlyTmFtZTEOMAwGA1UECxMFbG9nb24xHzAdBgNVBAoTFkdlbmVyYWxpdGF0IFZhbGVuY2lhbmExCzAJBgNVBAYTAkVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDLxMhz40RxCm21HoCBNa9x1UyPmhVkPdtt2V7dixgjOYz+ffKeebjn/jSd4nfXgd7fxpzezB8t673F2OtC3ENl1zek5Msj2KoinVu8vvZ78KMRq/H1rDFguhjSL0o19Cpob0qQFB/ukPZMNoKBNnMVnR1C4juB1eJVXWmHyJxIwIDAQABo4IDSTCCA0UwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYKKwYBBAGCNxQCAjAdBgNVHQ4EFgQUZz4hrh3dr6VWvEbAPe8pg7szNi4wHwYDVR0jBBgwFoAUTuOaap9UBpQ8dqwOufYoOQucfUowXAYDVR0RBFUwU6QhMB8xHTAbBgNVBAMMFHRlc3REaXJOYW1lfGRpcnxuYW1loC4GCisGAQQBgjcUAgOgIAwedGVzdERpck5hbWVAamFtYWRvci5wa2kuZ3ZhLmVzMIIBtgYDVR0gBIIBrTCCAakwggGlBgsrBgEEAb9VAwoBADCCAZQwggFeBggrBgEFBQcCAjCCAVAeggFMAEMAZQByAHQAaQBmAGkAYwBhAGQAbwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABkAGUAIABFAG4AdABpAGQAYQBkACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUAdABvAHIAaQBkAGEAZAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABkAGUAIABsAGEAIABDAG8AbQB1AG4AaQB0AGEAdAAgAFYAYQBsAGUAbgBjAGkAYQBuAGEAIAAoAFAAbAAuACAATQBhAG4AaQBzAGUAcwAgADEALgAgAEMASQBGACAAUwA0ADYAMQAxADAAMAAxAEEAKQAuACAAQwBQAFMAIAB5ACAAQwBQACAAZQBuACAAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGEAYwBjAHYALgBlAHMwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cuYWNjdi5lcy9sZWdpc2xhY2lvbl9jLmh0bTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vemFyYXRob3MuamFtYWRvci5ndmEuZXMvU1VCX0NBX1dJTkRPV1MzLmNybDBTBggrBgEFBQcBAQRHMEUwQwYIKwYBBQUHMAGGN2h0dHA6Ly91bGlrLnBraS5ndmEuZXM6ODA4MC9lamJjYS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwDQYJKoZIhvcNAQEFBQADgYEASofgaj06BOE847RTEgVba52lmPWADgeWxKHZAk1t9LdNzuFJ8B/SC3gi0rsAA/lQGSd4WzPbkmJKkVZ6Q9ybpqg4AJRaIZBkoQw1KNXPYAcgt5XLeIhUACdKIPhfPQr+vQtaC1wi5xV8EBCLpLmpzN9bpZdze/724UB4Y94KhII=")
          .getBytes());

  /** The reference certificate from RFC3739 */
  private static byte[] qcRefCert = Base64
      .decode(("MIIDEDCCAnmgAwIBAgIESZYC0jANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJE"
          + "RTE5MDcGA1UECgwwR01EIC0gRm9yc2NodW5nc3plbnRydW0gSW5mb3JtYXRpb25z"
          + "dGVjaG5payBHbWJIMB4XDTA0MDIwMTEwMDAwMFoXDTA4MDIwMTEwMDAwMFowZTEL"
          + "MAkGA1UEBhMCREUxNzA1BgNVBAoMLkdNRCBGb3JzY2h1bmdzemVudHJ1bSBJbmZv"
          + "cm1hdGlvbnN0ZWNobmlrIEdtYkgxHTAMBgNVBCoMBVBldHJhMA0GA1UEBAwGQmFy"
          + "emluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc50zVodVa6wHPXswg88P8"
          + "p4fPy1caIaqKIK1d/wFRMN5yTl7T+VOS57sWxKcdDzGzqZJqjwjqAP3DqPK7AW3s"
          + "o7lBG6JZmiqMtlXG3+olv+3cc7WU+qDv5ZXGEqauW4x/DKGc7E/nq2BUZ2hLsjh9"
          + "Xy9+vbw+8KYE9rQEARdpJQIDAQABo4HpMIHmMGQGA1UdCQRdMFswEAYIKwYBBQUH"
          + "CQQxBBMCREUwDwYIKwYBBQUHCQMxAxMBRjAdBggrBgEFBQcJATERGA8xOTcxMTAx"
          + "NDEyMDAwMFowFwYIKwYBBQUHCQIxCwwJRGFybXN0YWR0MA4GA1UdDwEB/wQEAwIG"
          + "QDASBgNVHSAECzAJMAcGBSskCAEBMB8GA1UdIwQYMBaAFAABAgMEBQYHCAkKCwwN"
          + "Dg/+3LqYMDkGCCsGAQUFBwEDBC0wKzApBggrBgEFBQcLAjAdMBuBGW11bmljaXBh"
          + "bGl0eUBkYXJtc3RhZHQuZGUwDQYJKoZIhvcNAQEFBQADgYEAj4yAu7LYa3X04h+C"
          + "7+DyD2xViJCm5zEYg1m5x4znHJIMZsYAU/vJJIJQkPKVsIgm6vP/H1kXyAu0g2Ep"
          + "z+VWPnhZK1uw+ay1KRXw8rw2mR8hQ2Ug6QZHYdky2HH3H/69rWSPp888G8CW8RLU"
          + "uIKzn+GhapCuGoC4qWdlGLWqfpc=").getBytes());

  private static byte[] qcPrimeCert = Base64
      .decode(("MIIDMDCCAhigAwIBAgIIUDIxBvlO2qcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE"
          + "AxMIQWRtaW5DQTExFTATBgNVBAoTDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw"
          + "HhcNMDYwMTIyMDgxNTU0WhcNMDgwMTIyMDgyNTU0WjAOMQwwCgYDVQQDEwNxYzIw"
          + "gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKkuPOqOEWCJH9xb11sS++vfKb/z"
          + "gHf2clwyf2vSFWTSDzQHOa2j5rwZ/F23X/mZl96fFAIfTBmr5dCwt0xAXZvTcKfO"
          + "RAcKl7ZBXvsAYvwl1KIUpA8NqEbgjwA+OaTdND2vpAhII7PoU4CkoNajy44EuL3Y"
          + "xP6KNWTMiks9KP5vAgMBAAGjgewwgekwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E"
          + "BAMCBPAwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBzAd"
          + "BgNVHQ4EFgQUZsj/dUVp1FmOJpYZ2j5fYKIdXYowHwYDVR0jBBgwFoAUs8UBsa9O"
          + "S1c8/I07DHYFJp0po0AwYAYIKwYBBQUHAQMEVDBSMCMGCCsGAQUFBwsBMBcGAykB"
          + "AjAQgQ5xY0BwcmltZWtleS5zZTAIBgYEAI5GAQEwFwYGBACORgECMA0TA1NFSwID"
          + "AMNQAgEAMAgGBgQAjkYBBDANBgkqhkiG9w0BAQUFAAOCAQEAjmL27XY5Wt0/axsI"
          + "PbtcfrJ6xEm5PlYabM+T3I6lksov6Rz1+/n/L1S5poGPG8iOdJCExcnR0HbNkeB+"
          + "2oPltqSaxyoSfGugVn/Oufz2BfFd7OCWe14dPsA181oC7/nq+mzhBpQ7App9JirA"
          + "aeJQrcRDNK7vVOmg2LZ2oSYno/TuRTFq0GxsEVjEdzAxpAxY7N8ff6gY7IHd7+hc"
          + "4GiFY+NnNp9Dvf6mOYTXLxsOc+093S7uK2ohhq99aYCkzJmrngtrImtKi0y/LMjq"
          + "oviMCQmzMLY2Ifcw+CsOyQZx7nxwafZ7BAzm6vIvSeiIe3VlskRGzYDM66NJJNNo"
          + "C2HsPA==").getBytes());

  private static byte[] aiaCert = Base64
      .decode(("MIIDYDCCAkigAwIBAgIIFlJveCmyW4owDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE"
          + "AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw"
          + "HhcNMDgxMDIwMDkxOTM0WhcNMDkxMDIwMDkxOTM0WjA9MQwwCgYDVQQDDANhaWEx"
          + "DDAKBgNVBAoMA0ZvbzESMBAGA1UEBwwJU3RvY2tob2xtMQswCQYDVQQGEwJTRTCB"
          + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlYyB3bj/Tmf1FGoPWXCJneWYd9Th"
          + "gPi4ET5pL0JNGwOsuH6cPngIIN33fn2JiiBnBkNm7AKHx8Qt9BH4VPJRs/GdsVGO"
          + "ECmpGmtY6WMYmxMC99KNiXSrRQjPGZeemMj6T1KyxhKljZr8Q92tmc9YA1VFMeqA"
          + "zNzjEGBDj/h2gBcCAwEAAaOB7TCB6jB5BggrBgEFBQcBAQRtMGswKgYIKwYBBQUH"
          + "MAKGHmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9jYUlzc3VlcjA9BggrBgEFBQcwAYYx"
          + "aHR0cDovL2xvY2FsaG9zdDo4MDgwL2VqYmNhL3B1YmxpY3dlYi9zdGF0dXMvb2Nz"
          + "cDAdBgNVHQ4EFgQUF4YFO3HJordNZlJ/7T1L1KfqgTMwDAYDVR0TAQH/BAIwADAf"
          + "BgNVHSMEGDAWgBSSeB41+0/rZ+2/qiX7X4bvrVKjWDAPBgkrBgEFBQcwAQUEAgUA"
          + "MA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQUFAAOCAQEAU1BHlD6TpSnmblU4"
          + "jhECKZfU7P5JBvZMkUQH54U+lubhM4yeymaF1NJylOusLKxZzEd6+iLXkvVCBKPT"
          + "3aVWUI5DO4D0RW9Lia6QFiRuI8d7a39f1663ODuwpjiccuehrmF3e+P7uCyjqhhT"
          + "g3uXQh2dXcv3DbvU2lfSVXRnuOz+K0ZUMAW96nsCeT41viM6w4x18zZeb+Px8RL9"
          + "swtcYdObNK0qmjZ4X+DcbdGRRrh8kr9GPLHYqtVLRM6z6hH3n54WJzojeIebKCsY"
          + "MoHGmOJkaIcFRXfneXrId1/k7b1QdOagGjvLkgw3pi/7k6vOJn+DrudNMFmsNpVY"
          + "fkrayw==").getBytes());

  private static byte[] subjDirAttrCert = Base64
      .decode(("MIIGmTCCBYGgAwIBAgIQGMYCpWmOBXXOL2ODrM8FHzANBgkqhkiG9w0BAQUFADBx"
          + "MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp"
          + "Z2kgQS5TLjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBI"
          + "aXptZXQgU2FnbGF5aWNpc2kwHhcNMDYwMzI4MDAwMDAwWhcNMDcwMzI4MjM1OTU5"
          + "WjCCAR0xCzAJBgNVBAYTAlRSMSgwJgYDVQQKDB9FbGVrdHJvbmlrIEJpbGdpIEd1"
          + "dmVubGlnaSBBLlMuMQ8wDQYDVQQLDAZHS05FU0kxFDASBgNVBAUTCzIyOTI0NTQ1"
          + "MDkyMRswGQYDVQQLDBJEb2d1bSBZZXJpIC0gQlVSU0ExIjAgBgNVBAsMGURvZ3Vt"
          + "IFRhcmloaSAtIDAxLjA4LjE5NzcxPjA8BgNVBAsMNU1hZGRpIFPEsW7EsXIgLSA1"
          + "MC4wMDAgWVRMLTIuMTYuNzkyLjEuNjEuMC4xLjUwNzAuMS4yMRcwFQYDVQQDDA5Z"
          + "QVPEsE4gQkVDRU7EsDEjMCEGCSqGSIb3DQEJARYUeWFzaW5AdHVya2VrdWwuYXYu"
          + "dHIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKaJXVLvXC7qyjiqTAlM582X"
          + "GPdQJxUfRxgTm6jlBZKtEhbWN5hbH4ASJTzmXWryGricejdKM+JBJECFdelyWPHs"
          + "UkEL/U0uft3KLIdYo72oTibaL3j4vkEhjyubikSdl9CywkY6WS8nV9JNc66QOYxE"
          + "5ZdE5CR19ScIYcOh7YpxAgMBAAGjggMBMIIC/TAJBgNVHRMEAjAAMAsGA1UdDwQE"
          + "AwIGwDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLmUtZ3V2ZW4uY29tL0Vs"
          + "ZWt0cm9uaWtCaWxnaUd1dmVubGlnaUFTR0tORVNJL0xhdGVzdENSTC5jcmwwHwYD"
          + "VR0jBBgwFoAUyT6jfNNisqvczhIzwmTXZTTyfrowggEcBgNVHSAEggETMIIBDzCB"
          + "/wYJYIYYAwABAQECMIHxMDYGCCsGAQUFBwIBFipodHRwczovL3d3dy5lLWd1dmVu"
          + "LmNvbS9lLWltemEvYmlsZ2lkZXBvc3UwgbYGCCsGAQUFBwICMIGpGoGmQnUgc2Vy"
          + "dGlmaWthLCA1MDcwIHNhef1s/SBFbGVrdHJvbmlrIN1temEgS2FudW51bmEgZ/Zy"
          + "ZSBuaXRlbGlrbGkgZWxla3Ryb25payBzZXJ0aWZpa2Fk/XIuIE9JRDogMi4xNi43"
          + "OTIuMS42MS4wLjEuNTA3MC4xLjEgLSBPSUQ6IDAuNC4wLjE0NTYuMS4yIC0gT0lE"
          + "OiAwLjQuMC4xODYyLjEuMTALBglghhgDAAEBBQQwgaEGCCsGAQUFBwEDBIGUMIGR"
          + "MHYGCCsGAQUFBwsBMGoGC2CGGAE9AAGnTgEBMFuGWUJ1IFNlcnRpZmlrYSA1MDcw"
          + "IHNhef1s/SBFbGVrdHJvbmlrIN1temEgS2FudW51bmEgZ/ZyZSBuaXRlbGlrbGkg"
          + "ZWxla3Ryb25payBzZXJ0aWZpa2Fk/XIuMBcGBgQAjkYBAjANEwNZVEwCAwDDUAIB"
          + "ADB2BggrBgEFBQcBAQRqMGgwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmUtZ3V2"
          + "ZW4uY29tMCIGCCsGAQUFBzAChhZodHRwOi8vd3d3LmUtZ3V2ZW4uY29tMB0GAytv"
          + "DoYWaHR0cDovL3d3dy5lLWd1dmVuLmNvbTAbBgNVHQkEFDASMBAGCCsGAQUFBwkE"
          + "MQQTAlRSMBEGCWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEA3yVY"
          + "rURakBcrfv1hJjhDg7+ylCjXf9q6yP2E03kG4t606TLIyqWoqGkrndMtanp+a440"
          + "rLPIe456XfRJBilj99H0NjzKACAVfLMTL8h/JBGLDYJJYA1S8PzBnMLHA8dhfBJ7"
          + "StYEPM9BKW/WuBfOOdBNrRZtYKCHwGK2JANfM/JlfzOyG4A+XDQcgjiNoosjes1P"
          + "qUHsaccIy0MM7FLMVV0HJNNQ84N9CuKIrBSSWopOudkajVqNtI3+FCcy+yXiH6LX"
          + "fmpHZ346zprcafcjQmAiKfzPSljruvGDIVI3WN7S7WOMrx6MDq54626cZzQl9GFT"
          + "D1gNo3fjOFhK33DY1Q==").getBytes());

  private static byte[] subjDirAttrCert2 = Base64
      .decode(("MIIEsjCCA5qgAwIBAgIIFsYK/Jx7XEEwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE"
          + "AxMIQWRtaW5DQTExFTATBgNVBAoTDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw"
          + "HhcNMDYwNTMwMDcxNjU2WhcNMDgwNTI5MDcyNjU2WjA5MRkwFwYDVQQDExBUb21h"
          + "cyBHdXN0YXZzc29uMQ8wDQYDVQQKEwZGb29PcmcxCzAJBgNVBAYTAlNFMIGfMA0G"
          + "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvhUYzNVW6iG5TpYi2Dr9VX37g05jcGEyP"
          + "Lix05oxs3FnzPUf6ykxGy4nUYO12PfC6u9Gh+zelFfg6nKNQqYI48D4ufJc928Nx"
          + "dZQZi41UmnFT5UXn3JcG4DQe0wZp+BKCch/UbtRjuE6iNxH24R//8W4wXc1R++FG"
          + "5V6CQzHxXwIDAQABo4ICQjCCAj4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC"
          + "BPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ54I1p"
          + "TGNwAeQEdnmcjNT+XMMjsjAfBgNVHSMEGDAWgBRzBo+b/XQZqq0DU6J10x17GoKS"
          + "sDBMBgNVHSAERTBDMEEGAykBATA6MB4GCCsGAQUFBwICMBIeEABGAPYA9gBCAGEA"
          + "cgDkAOQwGAYIKwYBBQUHAgEWDGh0dHA6LzExMS5zZTBuBgNVHR8EZzBlMGOgYaBf"
          + "hl1odHRwOi8vbG9jYWxob3N0OjgwODAvZWpiY2EvcHVibGljd2ViL3dlYmRpc3Qv"
          + "Y2VydGRpc3Q/Y21kPWNybCZpc3N1ZXI9Q049VGVzdENBLE89QW5hVG9tLEM9U0Uw"
          + "TQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFodHRwOi8vbG9jYWxob3N0Ojgw"
          + "ODAvZWpiY2EvcHVibGljd2ViL3N0YXR1cy9vY3NwMDoGCCsGAQUFBwEDBC4wLDAg"
          + "BggrBgEFBQcLAjAUMBKBEHJhQGNvbW1maWRlcy5jb20wCAYGBACORgEBMHYGA1Ud"
          + "CQRvMG0wEAYIKwYBBQUHCQUxBBMCU0UwEAYIKwYBBQUHCQQxBBMCU0UwDwYIKwYB"
          + "BQUHCQMxAxMBTTAXBggrBgEFBQcJAjELEwlTdG9ja2hvbG0wHQYIKwYBBQUHCQEx"
          + "ERgPMTk3MTA0MjUxMjAwMDBaMA0GCSqGSIb3DQEBBQUAA4IBAQA+vgNnGjw29xEs"
          + "cnJi7wInUBvtTzQ4+SVSBPTzNA/ZEk+CJVsr/2xbPl+SShZ0SHObj9un1kwKst4n"
          + "zcNqsnBorrluM92Z5gYwDN3mRGF0szbYEshr/KezMhY2MdXkE+i3nEx6awdemuCG"
          + "g+LAfL4ODLAzAJJI4MfF+fz0IK7Zeobo1aVGS6Ii9sEnDdQOsLbdfHBNccrT353d"
          + "NAwxPGnfunGBQ+Los6vjDApy/szMT32NFJDe4WTmkDxqYJQqQjhdrHTxpFEr0VQB"
          + "s7KRRCYjga/Z52XytwwDBLFM9CPZJfyKxZTV9I9i6e0xSn2xEW8NRplY1HOKa/2B"
          + "VzvWW9G5").getBytes());

  private static byte[] krb5principalcert = Base64.decode(("MIIDIzCCAgugAwIBAgIIdSCEXyq32cIwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE"
      +"AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw"
      +"HhcNMDgxMDIzMTEyMzAzWhcNMTgwODE2MTQ1MzA2WjAqMQ0wCwYDVQQDDARrcmIx"
      +"MQwwCgYDVQQKDANGb28xCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GN"
      +"ADCBiQKBgQCYkX8BcUXezxG8eKsQT0+lxjUZLeg7EQk0hdiKGsKxhS6BmLpeBOGs"
      +"HwZgn70zhJj9XLtCQ/o8RJatL/lFtHpVX+RnRdckKDOooLUguxSiO5TK7HlQpsFG"
      +"8AB7m/jCkIGarh5x6LSL5t1VAMyPh9DFBMXPuC5xAb5SGa6LRXoZ/QIDAQABo4HD"
      +"MIHAMB0GA1UdDgQWBBTUIo6ZQUrVKoI5GPifVn3KbUGAljAMBgNVHRMBAf8EAjAA"
      +"MB8GA1UdIwQYMBaAFJJ4HjX7T+tn7b+qJftfhu+tUqNYMA4GA1UdDwEB/wQEAwIF"
      +"oDAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMDcGA1Ud"
      +"EQQwMC6gLAYGKwYBBQICoCIwIKAHGwVQLkNPTaEVMBOgAwIBAKEMMAobA2ZvbxsD"
      +"YmFyMA0GCSqGSIb3DQEBBQUAA4IBAQBgQpzPpCUDY6P0XePJSFJ2MGBhgMOVB4SL"
      +"iHP9biEmqcqELWQcUL5Ylf+/JYxg1kBnk2ZtALgt0adi0ZiZPbM2F5Oq9ZxxB2nY"
      +"Alat0RwZIY8wAR0DRNXiEs4TMu5LqzvD1U6+vaHYraePBLExo2oxG9TI7gQjj2X+"
      +"KSxEzOf3+npWo/G7ooDvKpN+w3J//kF4vdM3SQtHQaBkIuCU05Jy16AhvIkLQzq5"
      +"+a1UI5lIKun3C6NWCSZrE5fFuoax7D+Ofw1Bdxkhvk7DUlHVPdmxb/0hpx8aO64D"
      +"J626d8c1b25g9hSYslbo2geP2ohV40WW/R1ZjwX6Pd/ip5KuSSzv").getBytes());
 
  private static byte[] p10ReqWithAltNames = Base64
      .decode(("MIICtDCCAZwCAQAwNDELMAkGA1UEBhMCU0UxDDAKBgNVBAoTA1JQUzEXMBUGA1UE"
          + "AxMOMTAuMjUyLjI1NS4yMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB"
          + "AQC45+Dh1dO/qaZR2TLnWB44wmYXvBuZ5sGXotlLvuRR09DGlSyPrTG/OVg4xVZa"
          + "AzNMpWCyk1OAl4qJkmzrnQa/Tq6Hv6Y8QrZNSAJooL+kHmFSD9h8tyM9nBkpb90l"
          + "o+qbXeFmB3II0KJjGXiXZVSKwUsjYRSzf9hfVz4U7ZwwmH9vMFNwuOIsAR9O5CTr"
          + "8ofsshze9bxJpKY6/iyaEhQDoNl9jyxsZ1NuyNme3w1yoeGP5OXYcSVVY9cW4ze8"
          + "o5ZE4jTy1Q8U41OHiG3TevMvJ7l+/Ps+xyu3Qi68Lajeimemf118M0eqAY26Xiw2"
          + "wS8CCbj6UmUjcem3XOZhSfkZAgMBAAGgOzA5BgkqhkiG9w0BCQ4xLDAqMCgGA1Ud"
          + "EQQhMB+CF29ydDMta3J1Lm5ldC5wb2xpc2VuLnNlhwQK/P/tMA0GCSqGSIb3DQEB"
          + "BQUAA4IBAQCzAPsZdMqhPwCGpnq/Eywm5KQ4zYLuP8dQVdgvo4Wca2w4QxxjPlVI"
          + "X/yyXLhA1CpiKq4PtkpTBpJiByowj8g/7Q/pLY/EQcfYOrut7CMx1FzmwghZ2lUn"
          + "DDhFw2hD7TcmoAZpr4neXYR4HbaFpBc39nlqDa4XGi8J7d9AU4iaQE53LC3WzIq1"
          + "/3ZCXboQAoeLMoPCDvzAiXKDBApMMzrBwhgdsiOe5k1e6jlpURsbuhiKs+0FxtMp"
          + "snKPO0WbwXFyFTSWoKRH5rHrpD6lybn7c0uPkaQzrLoIRMld4osqeaImfZuJztZy"
          + "C0elzlLYWFbX6zHEqvsUAZy/8Khgyw5Q").getBytes());

  private static byte[] p10ReqWithAltNames2 = Base64
      .decode(("MIIBMzCB3gIBADAzMREwDwYDVQQDDAhzY2VwdGVzdDERMA8GA1UECgwIUHJpbWVL"
          + "ZXkxCzAJBgNVBAYTAlNFMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAIMasNAoxA9N"
          + "6UknbjigXz5tJWWydLoVSQFUxcJM8cR4Kfb2bRLh3RDqCVyJQ0XITFUnmIJFU9Z8"
          + "1W+nw1Gx8b0CAwEAAaBGMBUGCSqGSIb3DQEJBzEIDAZmb28xMjMwLQYJKoZIhvcN"
          + "AQkOMSAwHjAcBgNVHREEFTATggtmb28uYmFyLmNvbYcECgAAATANBgkqhkiG9w0B"
          + "AQUFAANBADUO2tpAkxaeB/2zY9wsfcwE5hGvcuA0oJwXlcMq1wm32MJFV1G9JJQI"
          + "Exz4OC1eT1LH/6i5SU8Op3VOKVLpTTo=").getBytes());

  private static byte[] cvccert = Base64
      .decode(("fyGCAWF/ToHZXykBAEIKU0VSUFMxMDExMH9JgZUGCgQAfwAHAgICAQGBgYEAk4Aq"
          + "LqYXchIouF9yBv/2hFnf5N65hdpvQPUdfH1k2qnHAlOL5DYYlKCBh8YFCC2RZD+K"
          + "nJ99cHxh8oxh28U23Z/MqTOKv5tR8JIUUm3G3Hjj2erVVTEJ49MqLzsyVGfw4yCu"
          + "YRdwBYFWJu2t6PcS5KPnpNtbNdBzrDJAqxPAsO2CAwEAAV8gClNFUlBTMTAxMTB/"
          + "TA4GCQQAfwAHAwECAVMBw18lBgAIAAUABV8kBgEAAAUABV83gYB88jfXZ3njYpuD"
          + "4fpS6BV53y9+iz3KAQM/74LPMI49elGtcAVyMn1EMn/bU4MeMARfv3Njd2Go4ZhM"
          + "j5xuY2Pvktz3Dq4ogjkgqAJqqIvG+M9KXh9XAv2m2wjmsueKbXUJ8TpJR87k4o97"
          + "buZXbuStDOb5FibhxyVgWIxuCn8quQ==").getBytes());

  private static byte[] cvcreqrenew = Base64.decode(("Z4IBtn8hggFmf06CASZfKQEAQg5TRUlTQlBPT0wwMDAwNn9Jgf0GCgQAfwAHAgIC"+
      "AgKBHNfBNKomQ2aGKhgwJXXR14ewnwdXl9qJ9X7IwP+CHGil5iypzmwcKZgDpsFT"+
      "C1FOGCrYsAQqWcrSn0ODHCWA9jzP5EE4hwcTsakjaeM+ITXSZtuzcjhsQAuEOQQN"+
      "kCmtLH5c9DQII7KofcaMnkzjF0webv3uEsB9WKpW93LAcm8kxrieTs2sJDVLnpnK"+
      "o/bTdhQCzYUc18E0qiZDZoYqGDAlddD7mNEWvEtt3ryjpaeTn4Y5BBQte2aU3YOQ"+
      "Ykf73/UluNQOpMlnHt9PXplomqhuAZ0QxwXb6TCG3rZJhVwe0wx0R1mqz3U+fJnU"+
      "hwEBXyAOU0VJU0JQT09MMDAwMDZfNzgErOAjPCoQ+WN8K6pzztZp+Mt6YGNkJzkk"+
      "WdLnvfPGZkEF0oUjcw+NjexaNCLOA0mCfu4oQwsjrUIOU0VJU0JQT09MMDAwMDVf"+
      "NzhSmH1c7YJhbLTRzwuSozUd9hlBHKEIfFqSUE9/FrbWXEtR+rHRYKAGu/nw8PAH"+
      "oM+HPMzMVVLDVg==").getBytes());

  private static byte[] cvcreq = Base64.decode(("fyGCAWZ/ToIBJl8pAQBCDlNFSVNCUE9PTDAwMDA1f0mB/QYKBAB/AAcCAgICAoEc"+
      "18E0qiZDZoYqGDAlddHXh7CfB1eX2on1fsjA/4IcaKXmLKnObBwpmAOmwVMLUU4Y"+
      "KtiwBCpZytKfQ4McJYD2PM/kQTiHBxOxqSNp4z4hNdJm27NyOGxAC4Q5BA2QKa0s"+
      "flz0NAgjsqh9xoyeTOMXTB5u/e4SwH1Yqlb3csBybyTGuJ5OzawkNUuemcqj9tN2"+
      "FALNhRzXwTSqJkNmhioYMCV10PuY0Ra8S23evKOlp5OfhjkEOwPDLflRVBj2iayW"+
      "VzpO2BICGO+PqFeuce1EZM4o1EIfLzoackPowabEMANfNltZvt5bWyzkZleHAQFf"+
      "IA5TRUlTQlBPT0wwMDAwNV83OEnwL+XYDhXqK/0fBuZ6lZV0HncoZyn3oo8MmaUL"+
      "2mNzpezLAoZMux0l5aYperrSDsuHw0zrf0yo").getBytes());
 
  private static byte[] cvccertchainroot = Base64
    .decode(("fyGCAmx/ToIBYl8pAQBCDlNFSFNNQ1ZDQTAwMDAxf0mCARUGCgQAfwAHAgICAQKB"+
      "ggEAyGju6NHTACB+pl2x27/VJVKuGBTgf98j3gQOyW5vDzXI7PkiwR1/ObPjFiuW"+
      "iBRH0WsPzHX7A3jysZr7IohLjy4oQMdP5z282/ZT4mBwlVu5pAEcHt2eHbpILwIJ"+
      "Hbv6130T+RoG/3bI/eHk9HWi3/ipVnwRX1CsylczFfdyPTMyGOJmmElT0GQgV8Rt"+
      "b5Us/Hz66qiUX67eRBrahJfwiVwawYzmZ5Rn9u/vXHQYeUh+lLja+H+kXof9ARuw"+
      "p5S09DO2VZWbbR2BZHk0IaNgo54Xoih+5c/nIA/2+j9Afdf+wuqmxqib5aPOMHO3"+
      "WOVmVMF84Xo2V+duIZ4b7KkRXYIDAQABXyAOU0VIU01DVkNBMDAwMDF/TA4GCQQA"+
      "fwAHAwECAVMBw18lBgAIAAUCBl8kBgEAAAUCBl83ggEAMiiqI+HF8DyhPfH8dTeU"+
      "4/0/DNnjZ2/Qy1a5GATWU04da+L2iWI8QclN64cw0l/zroBGyeq+flDKzVWnqril"+
      "HX/PD3/xoCEhZSfZ/1AQZBP39/t1lYZLJ36VeFwrsmvN8rq6RnNtR2CrDYDFkFRq"+
      "A6v9dNYMbnEDN7m8wD/DWM2fZr+loqznT1/egx+SBqUY+KnU6ntxQyw7gzL1DV9Z"+
      "OlyxjDaWY8i2Q/tcdDxdZYBBMgFhxivXV5ou2YiBZKKIlP2ots6P8TlSVwdyaHTI"+
      "8z8Hpvx1QcB2maOVn6IFAyq/X71p9Zb626YLhjaFO6v80SYnlefVu5Uir5n/HzpW"+
      "kg==").getBytes());

  private static byte[] cvccertchainsub = Base64
    .decode(("fyGCAeV/ToHcXykBAEIOU0VIU01DVkNBMDAwMDF/SYGUBgoEAH8ABwICAgECgYGA"+
      "rdRouw7ksS6M5kw28YkWAD350vbDlnPCmqsKPfKiNvDxowviWDUTn9Ai3xpTIzGO"+
      "cl40DqxYPA2X4XO52+r5ZUazsVyyx6F6XwznHdjUpDff4QFyG74Vjq7DDrCCKOzH"+
      "b0H6rNJFC5YEKI4wpEPou+3bq2jhLWkzU35EfydJHXWCAwEAAV8gClNFUlBTRFZF"+
      "WDJ/TA4GCQQAfwAHAwECAVMBgl8lBgAIAAYABV8kBgEAAAUCBl83ggEAbawFepay"+
      "gX+VrBOsGzbQCpG2mR1NrJbaNdBJcouWYTNzlDP/hRssU9/lTzHulRPupkarepAI"+
      "GMIDMOo3lNImlYlU8ZlaV6mbKRgWZVjtZmVgq+wLARS4dXNlHRJvS2AustfseGVr"+
      "kqJ0+UYo8x8UL13fB7VCSVqADnOnbemtvE1cIdFcIAqP1JLh91ACJ4lpoaAn10+g"+
      "5coIGGa01BYEDtiA++SFnRl7kYFykAZrs3eXq+zuPmOo9hr4JxLZuiN5DnIrZdLA"+
      "DWq7GeCFr6wCMg2jPuK9Kqvl06tqylVy4ravVHv58WvAxWFgyuezdRbyV7YAfVF3"+
      "tlcVDXa3R+mfYg==").getBytes());

  private static byte[] x509certchainsubsub = Base64
  .decode(("MIICAzCCAWygAwIBAgIINrHHHchdmfMwDQYJKoZIhvcNAQEFBQAwEDEOMAwGA1UE"+
      "AwwFU3ViQ0EwHhcNMTAwNjA1MTIwNzMxWhcNMzAwNjA1MTIwNjUyWjATMREwDwYD"+
      "VQQDDAhTdWJTdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiySbgP2A"+
      "QuZXWZk9C1pOrpVhzWNDAFc4ttVGgh5TS1/wA6Y6nf2ci8gfxkQx1rhR784QUap4"+
      "id6mwGV/af3WFj34YsTXdozsO/SFi7vvOGA/jU6ZUuQPYpmsSDQ3ZNLcx/MkgkrP"+
      "WDlFhD7b079oVva5zZsF8w91KlX+KG9usXECAwEAAaNjMGEwHQYDVR0OBBYEFJ9y"+
      "tRy1CFwUavq8OP25jRybKyElMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU"+
      "2GDNoIpTVxc9y953THJoWkS5wjAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB"+
      "BQUAA4GBAE0vHf3iyJ0EqOyN+LUfBkCBTPHl6sEV1bwdgkdVwj9cBbmSEDCOlmYA"+
      "K0bvAY/1qbgEjkn+Sc32PP/3dmHX5EUKliAodguAu8vK/Rp7kefdUQHnJHwRUMF5"+
  "9YJDdGtDZx+WLBihYhnTzGVzuP6Qaff3aNyY69O+rwSDm06Au8Zc").getBytes());

  private static byte[] x509certchainsub = Base64
  .decode(("MIICATCCAWqgAwIBAgIIRzc+cItydm0wDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE"+
      "AwwGUm9vdENBMB4XDTEwMDYwNTEyMDcxMVoXDTMwMDYwNTEyMDY1MlowEDEOMAwG"+
      "A1UEAwwFU3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMl3EN+V1M39"+
      "OVrmHp7PncZ16AkffAtgLk+gIgk+cHZYIGPPN1V/AtCmzteYRrPwGM9Vs2nJ4OZ7"+
      "F8cJ1MDpyjRdjKC6sVlhkdNq+s1Q/yNtG0AxvlH2KyIZkHU02UNnJGARMaRpZipe"+
      "VonnAD8D+FkhTt8BM2T7/Grck5QYgJUhAgMBAAGjYzBhMB0GA1UdDgQWBBTYYM2g"+
      "ilNXFz3L3ndMcmhaRLnCMDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFCua"+
      "Xc8f/BC8CeBLOVaC5N0Zb4BqMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUF"+
      "AAOBgQBM2lvlZmEJdFXsfoHSt2h4XN6q8Z+sIHDXyuyanNCoQx+9lM2liY+tXAUq"+
      "Sj1fZAzqjdptIgvG5APnFrnWHeEYjYpYsROs//xF6CUKo8iJEIyRpmx9pSmwA8Rb"+
  "U0RmY/62tBLr758ZzRGKKoX7znxsXZ5/bouT6g+IxmNuM2EiyA==").getBytes());

  private static byte[] x509certchainroot = Base64
  .decode(("MIICAjCCAWugAwIBAgIIPXgH6TfNMlYwDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE"+
      "AwwGUm9vdENBMB4XDTEwMDYwNTEyMDY1MloXDTMwMDYwNTEyMDY1MlowETEPMA0G"+
      "A1UEAwwGUm9vdENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK+F3eOoGI"+
      "Kwa1g68vD6aZlkTCMbbEyoa9Wr4baapdCHvO8YHwVC9UDh8snDtEQT9yZKLlU4nM"+
      "n05O7yL8FfvgB2j3xN6In1fLq8JizrYVpL49C3ewTwaKMTFjde3BtWDZ4ufJdFuZ"+
      "+LSw98dM2zhQWme7LnrJQou85LbNt2v6XQIDAQABo2MwYTAdBgNVHQ4EFgQUK5pd"+
      "zx/8ELwJ4Es5VoLk3RlvgGowDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQr"+
      "ml3PH/wQvAngSzlWguTdGW+AajAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF"+
      "BQADgYEAYB5munksWVndUxStBZmsg5uwryu8bf/esxYLlxkO8rG/UnJ9DNw4tJsh"+
      "YxwGeslPeG9+y8O8MsXKSjdNw3I3avMpj+QqzmqD/MVlHX6+CSyUbhFGPR2TRQCp"+
      "m+VsfwOl8/INVAySpBf3Uk2rUYhvdUqhCOcE67d0tYdJAqiIDvc=").getBytes());

  private static byte[] pemcert = ("-----BEGIN CERTIFICATE-----\n"+
        "MIIDUzCCAjugAwIBAgIIMK64QB5XErowDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE\n"+
        "AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw\n"+
        "HhcNMTAwMTI5MTI0NDIwWhcNMjAwMTI3MTI0NDIwWjA3MREwDwYDVQQDDAhBZG1p\n"+
        "bkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTCCASIwDQYJ\n"+
        "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJQNal//KwRHhBg7BLsuclOpH7xyb1AP\n"+
        "Mc5RsEQANOtCBoRlgEDh7tQUfRnPxvmHM+HH9osEV2c+9L23K2l8EVjZRlo2vltJ\n"+
        "duzbBGIo7swdCWGvFxE6W0lkv/YsGVmmt/dL2lO4V4YTuu5CX3PU2LrBR6mxtEsM\n"+
        "mM/YgHo/QWN4/YDWfnXkNpDDjRxLzdsSqvcoLrZavqrMS1Avv2utY6ECyl6PTBG+\n"+
        "qPpozenPRi2QKbiKOpeCgT+2Y4JbMqm+d7go0KKu6wxKE16R/tX9OwT4ObJaKJ/W\n"+
        "j0mm5deJHNDEvgWi2beTVcc16LVZUiyKmZXlYLEdV+CH0NrRc4ck6WsCAwEAAaNj\n"+
        "MGEwHQYDVR0OBBYEFLGsC1OtcOyAklW2b3eN678a6wsZMA8GA1UdEwEB/wQFMAMB\n"+
        "Af8wHwYDVR0jBBgwFoAUsawLU61w7ICSVbZvd43rvxrrCxkwDgYDVR0PAQH/BAQD\n"+
        "AgGGMA0GCSqGSIb3DQEBBQUAA4IBAQBHCJ3ZQEtpfYBHnrwKuNzMykH+yKIkO2mj\n"+
        "c/65e8r7tMjV/9YEb2pAYaix7WAdJ46KcE2ldKl+MHJx8Ev1ZbLPbLYcwPkP+8Ll\n"+
        "pCrhc6riSTaUBZrIA2uuXPPREKj+e8CnnMdCfLy4x6uIMDVAa4mb0akEmLvqFR2X\n"+
        "J4Z8eEhwf6EPRniie6GKcBOWSP0podlWkn8SCLzd+eJZ9H0YMTN7nfLfUdENznuO\n"+
        "5DKfkfT4rOyAGFs+KVwigq1kbSNZJC4Kjo7diMBtWRiXSXTQKE+JgrQbFCdVYQos\n"+
        "VvSwSiSMW5Rs5ZCtRXMmXz2HdxpbTayCAYPBh6XKfvq4x06gxfll\n"+
            "-----END CERTIFICATE-----").getBytes();
   
  /** Cert with CDP with URI */
  /*
     * Cert with CDP with URI.
     * <pre>
     * Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                52:32:6f:be:9d:3c:4d:d7
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: CN=DemoSubCA11, O=Demo Organization 10, C=SE
            Validity
                Not Before: Apr  3 22:17:41 2010 GMT
                Not After : Apr  2 22:17:41 2012 GMT
            Subject: CN=pdfsigner12-2testcrl-with-subca
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                RSA Public Key: (1024 bit)
                    Modulus (1024 bit):
                        00:de:99:da:80:ad:03:21:3c:18:cc:41:1f:ad:4a:
                        fc:2d:69:21:3d:34:52:7c:a4:9c:33:df:a8:36:5a:
                        ee:bd:74:f6:0b:b1:93:79:3c:e7:66:a1:72:d4:1f:
                        08:b6:43:a3:0a:1a:94:8c:64:e4:10:71:32:be:4b:
                        00:08:a3:25:11:85:2a:d3:af:fa:dc:d4:ac:7a:48:
                        e8:d3:63:d0:06:4a:cf:ce:84:0e:a5:88:6e:1f:44:
                        c1:9f:ad:89:1e:8b:d0:17:53:20:40:b5:e9:b3:7d:
                        16:74:e0:22:a7:43:44:99:6a:ba:5c:26:ed:f8:c7:
                        8c:a5:14:a2:40:83:d6:52:75
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Subject Key Identifier:
                    8F:23:26:05:9D:03:57:4F:66:08:F5:E3:34:D3:AA:70:76:9C:99:B2
                X509v3 Basic Constraints: critical
                    CA:FALSE
                X509v3 Authority Key Identifier:
                    keyid:90:FD:A7:F6:EC:98:47:56:4C:10:96:C2:AD:85:2F:50:EB:26:E9:34

                X509v3 CRL Distribution Points:
                    URI:http://vmserver1:8080/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=DemoSubCA11,O=Demo%20Organization%2010,C=SE

                X509v3 Key Usage: critical
                    Digital Signature
        Signature Algorithm: sha1WithRSAEncryption
            6e:f0:b9:26:b8:7d:eb:b2:ab:ec:e7:1b:a5:97:5c:5b:88:fe:
            8a:ec:bb:3d:7a:f5:00:4c:72:38:36:19:53:d4:47:21:30:4c:
            62:7c:02:69:00:8c:ac:57:3c:f2:bf:38:57:13:0b:4b:7e:92:
            74:56:4c:1b:9c:04:9d:08:e8:8e:20:4d:bc:ec:bc:13:c7:55:
            80:da:1a:01:9f:9f:be:96:11:d4:7c:64:f2:37:91:01:9f:c0:
            91:af:b6:8a:62:80:71:75:e6:34:f5:57:85:79:d8:7d:e3:71:
            71:fa:7c:ca:c8:03:13:d5:0c:12:f5:f6:27:29:36:99:e4:ec:
            8b:b1
     * </pre>
     */
    private static final String CERT_WITH_URI =
    "-----BEGIN CERTIFICATE-----\n"
    +"MIIC0zCCAjygAwIBAgIIUjJvvp08TdcwDQYJKoZIhvcNAQEFBQAwQjEUMBIGA1UE"
    +"AwwLRGVtb1N1YkNBMTExHTAbBgNVBAoMFERlbW8gT3JnYW5pemF0aW9uIDEwMQsw"
    +"CQYDVQQGEwJTRTAeFw0xMDA0MDMyMjE3NDFaFw0xMjA0MDIyMjE3NDFaMCoxKDAm"
    +"BgNVBAMMH3BkZnNpZ25lcjEyLTJ0ZXN0Y3JsLXdpdGgtc3ViY2EwgZ8wDQYJKoZI"
    +"hvcNAQEBBQADgY0AMIGJAoGBAN6Z2oCtAyE8GMxBH61K/C1pIT00UnyknDPfqDZa"
    +"7r109guxk3k852ahctQfCLZDowoalIxk5BBxMr5LAAijJRGFKtOv+tzUrHpI6NNj"
    +"0AZKz86EDqWIbh9EwZ+tiR6L0BdTIEC16bN9FnTgIqdDRJlqulwm7fjHjKUUokCD"
    +"1lJ1AgMBAAGjgekwgeYwHQYDVR0OBBYEFI8jJgWdA1dPZgj14zTTqnB2nJmyMAwG"
    +"A1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUkP2n9uyYR1ZMEJbCrYUvUOsm6TQwgYUG"
    +"A1UdHwR+MHwweqB4oHaGdGh0dHA6Ly92bXNlcnZlcjE6ODA4MC9lamJjYS9wdWJs"
    +"aWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9Y3JsJmlzc3Vlcj1DTj1EZW1vU3Vi"
    +"Q0ExMSxPPURlbW8lMjBPcmdhbml6YXRpb24lMjAxMCxDPVNFMA4GA1UdDwEB/wQE"
    +"AwIHgDANBgkqhkiG9w0BAQUFAAOBgQBu8LkmuH3rsqvs5xull1xbiP6K7Ls9evUA"
    +"THI4NhlT1EchMExifAJpAIysVzzyvzhXEwtLfpJ0VkwbnASdCOiOIE287LwTx1WA"
    +"2hoBn5++lhHUfGTyN5EBn8CRr7aKYoBxdeY09VeFedh943Fx+nzKyAMT1QwS9fYn"
    +"KTaZ5OyLsQ=="
    +"\n-----END CERTIFICATE-----";

   
    /** Cert with CDP without URI. */
    /*
     * Cert with CDP without URI.
     * <pre>
     * Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 1042070824 (0x3e1cbd28)
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: C=US, O=Adobe Systems Incorporated, OU=Adobe Trust Services, CN=Adobe Root CA
            Validity
                Not Before: Jan  8 23:37:23 2003 GMT
                Not After : Jan  9 00:07:23 2023 GMT
            Subject: C=US, O=Adobe Systems Incorporated, OU=Adobe Trust Services, CN=Adobe Root CA
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                RSA Public Key: (2048 bit)
                    Modulus (2048 bit):
                        00:cc:4f:54:84:f7:a7:a2:e7:33:53:7f:3f:9c:12:
                        88:6b:2c:99:47:67:7e:0f:1e:b9:ad:14:88:f9:c3:
                        10:d8:1d:f0:f0:d5:9f:69:0a:2f:59:35:b0:cc:6c:
                        a9:4c:9c:15:a0:9f:ce:20:bf:a0:cf:54:e2:e0:20:
                        66:45:3f:39:86:38:7e:9c:c4:8e:07:22:c6:24:f6:
                        01:12:b0:35:df:55:ea:69:90:b0:db:85:37:1e:e2:
                        4e:07:b2:42:a1:6a:13:69:a0:66:ea:80:91:11:59:
                        2a:9b:08:79:5a:20:44:2d:c9:bd:73:38:8b:3c:2f:
                        e0:43:1b:5d:b3:0b:f0:af:35:1a:29:fe:ef:a6:92:
                        dd:81:4c:9d:3d:59:8e:ad:31:3c:40:7e:9b:91:36:
                        06:fc:e2:5c:8d:d1:8d:26:d5:5c:45:cf:af:65:3f:
                        b1:aa:d2:62:96:f4:a8:38:ea:ba:60:42:f4:f4:1c:
                        4a:35:15:ce:f8:4e:22:56:0f:95:18:c5:f8:96:9f:
                        9f:fb:b0:b7:78:25:e9:80:6b:bd:d6:0a:f0:c6:74:
                        94:9d:f3:0f:50:db:9a:77:ce:4b:70:83:23:8d:a0:
                        ca:78:20:44:5c:3c:54:64:f1:ea:a2:30:19:9f:ea:
                        4c:06:4d:06:78:4b:5e:92:df:22:d2:c9:67:b3:7a:
                        d2:01
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                Netscape Cert Type:
                    SSL CA, S/MIME CA, Object Signing CA
                X509v3 CRL Distribution Points:
                    DirName:/C=US/O=Adobe Systems Incorporated/OU=Adobe Trust Services/CN=Adobe Root CA/CN=CRL1

                X509v3 Private Key Usage Period:
                    Not Before: Jan  8 23:37:23 2003 GMT, Not After: Jan  9 00:07:23 2023 GMT
                X509v3 Key Usage:
                    Certificate Sign, CRL Sign
                X509v3 Authority Key Identifier:
                    keyid:82:B7:38:4A:93:AA:9B:10:EF:80:BB:D9:54:E2:F1:0F:FB:80:9C:DE

                X509v3 Subject Key Identifier:
                    82:B7:38:4A:93:AA:9B:10:EF:80:BB:D9:54:E2:F1:0F:FB:80:9C:DE
                X509v3 Basic Constraints:
                    CA:TRUE
                1.2.840.113533.7.65.0:
                    0...V6.0:4.0....
        Signature Algorithm: sha1WithRSAEncryption
            32:da:9f:43:75:c1:fa:6f:c9:6f:db:ab:1d:36:37:3e:bc:61:
            19:36:b7:02:3c:1d:23:59:98:6c:9e:ee:4d:85:e7:54:c8:20:
            1f:a7:d4:bb:e2:bf:00:77:7d:24:6b:70:2f:5c:c1:3a:76:49:
            b5:d3:e0:23:84:2a:71:6a:22:f3:c1:27:29:98:15:f6:35:90:
            e4:04:4c:c3:8d:bc:9f:61:1c:e7:fd:24:8c:d1:44:43:8c:16:
            ba:9b:4d:a5:d4:35:2f:bc:11:ce:bd:f7:51:37:8d:9f:90:e4:
            14:f1:18:3f:be:e9:59:12:35:f9:33:92:f3:9e:e0:d5:6b:9a:
            71:9b:99:4b:c8:71:c3:e1:b1:61:09:c4:e5:fa:91:f0:42:3a:
            37:7d:34:f9:72:e8:cd:aa:62:1c:21:e9:d5:f4:82:10:e3:7b:
            05:b6:2d:68:56:0b:7e:7e:92:2c:6f:4d:72:82:0c:ed:56:74:
            b2:9d:b9:ab:2d:2b:1d:10:5f:db:27:75:70:8f:fd:1d:d7:e2:
            02:a0:79:e5:1c:e5:ff:af:64:40:51:2d:9e:9b:47:db:42:a5:
            7c:1f:c2:a6:48:b0:d7:be:92:69:4d:a4:f6:29:57:c5:78:11:
            18:dc:87:51:ca:13:b2:62:9d:4f:2b:32:bd:31:a5:c1:fa:52:
            ab:05:88:c8
        </pre>
     */
    private static final String CERT_WITHOUT_URI =
        "-----BEGIN CERTIFICATE-----\n"
        +"MIIEoTCCA4mgAwIBAgIEPhy9KDANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJV"
        +"UzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsT"
        +"FEFkb2JlIFRydXN0IFNlcnZpY2VzMRYwFAYDVQQDEw1BZG9iZSBSb290IENBMB4X"
        +"DTAzMDEwODIzMzcyM1oXDTIzMDEwOTAwMDcyM1owaTELMAkGA1UEBhMCVVMxIzAh"
        +"BgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9i"
        +"ZSBUcnVzdCBTZXJ2aWNlczEWMBQGA1UEAxMNQWRvYmUgUm9vdCBDQTCCASIwDQYJ"
        +"KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxPVIT3p6LnM1N/P5wSiGssmUdnfg8e"
        +"ua0UiPnDENgd8PDVn2kKL1k1sMxsqUycFaCfziC/oM9U4uAgZkU/OYY4fpzEjgci"
        +"xiT2ARKwNd9V6mmQsNuFNx7iTgeyQqFqE2mgZuqAkRFZKpsIeVogRC3JvXM4izwv"
        +"4EMbXbML8K81Gin+76aS3YFMnT1Zjq0xPEB+m5E2BvziXI3RjSbVXEXPr2U/sarS"
        +"Ypb0qDjqumBC9PQcSjUVzvhOIlYPlRjF+Jafn/uwt3gl6YBrvdYK8MZ0lJ3zD1Db"
        +"mnfOS3CDI42gynggRFw8VGTx6qIwGZ/qTAZNBnhLXpLfItLJZ7N60gECAwEAAaOC"
        +"AU8wggFLMBEGCWCGSAGG+EIBAQQEAwIABzCBjgYDVR0fBIGGMIGDMIGAoH6gfKR6"
        +"MHgxCzAJBgNVBAYTAlVTMSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9y"
        +"YXRlZDEdMBsGA1UECxMUQWRvYmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFk"
        +"b2JlIFJvb3QgQ0ExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMzAxMDgy"
        +"MzM3MjNagQ8yMDIzMDEwOTAwMDcyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaA"
        +"FIK3OEqTqpsQ74C72VTi8Q/7gJzeMB0GA1UdDgQWBBSCtzhKk6qbEO+Au9lU4vEP"
        +"+4Cc3jAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIE"
        +"kDANBgkqhkiG9w0BAQUFAAOCAQEAMtqfQ3XB+m/Jb9urHTY3PrxhGTa3AjwdI1mY"
        +"bJ7uTYXnVMggH6fUu+K/AHd9JGtwL1zBOnZJtdPgI4QqcWoi88EnKZgV9jWQ5ARM"
        +"w428n2Ec5/0kjNFEQ4wWuptNpdQ1L7wRzr33UTeNn5DkFPEYP77pWRI1+TOS857g"
        +"1WuacZuZS8hxw+GxYQnE5fqR8EI6N300+XLozapiHCHp1fSCEON7BbYtaFYLfn6S"
        +"LG9NcoIM7VZ0sp25qy0rHRBf2yd1cI/9HdfiAqB55Rzl/69kQFEtnptH20KlfB/C"
        +"pkiw176SaU2k9ilXxXgRGNyHUcoTsmKdTysyvTGlwfpSqwWIyA=="
        +"\n-----END CERTIFICATE-----";

   
   
   
  /**
   * Creates a new TestCertTools object.
   *
   * @param name
   *            DOCUMENT ME!
   */
  public CertToolsTest(String name) {
    super(name);
  }

  public void setUp() throws Exception {
    log.trace(">setUp()");
    CryptoProviderTools.installBCProvider();
    log.trace("<setUp()");
  }

  public void tearDown() throws Exception {
  }

  /**
   * DOCUMENT ME!
   *
   * @throws Exception
   *             DOCUMENT ME!
   */
  public void test01GetPartFromDN() throws Exception {
    log.trace(">test01GetPartFromDN()");

    // We try to examine the general case and some special cases, which we
    // want to be able to handle
    String dn0 = "C=SE, O=AnaTom, CN=foo";
    assertEquals(CertTools.getPartFromDN(dn0, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn0, "O"), "AnaTom");
    assertEquals(CertTools.getPartFromDN(dn0, "C"), "SE");
    assertEquals(CertTools.getPartFromDN(dn0, "cn"), "foo");
    assertEquals(CertTools.getPartFromDN(dn0, "o"), "AnaTom");
    assertEquals(CertTools.getPartFromDN(dn0, "c"), "SE");

    String dn1 = "c=SE, o=AnaTom, cn=foo";
    assertEquals(CertTools.getPartFromDN(dn1, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn1, "O"), "AnaTom");
    assertEquals(CertTools.getPartFromDN(dn1, "C"), "SE");
    assertEquals(CertTools.getPartFromDN(dn1, "cn"), "foo");
    assertEquals(CertTools.getPartFromDN(dn1, "o"), "AnaTom");
    assertEquals(CertTools.getPartFromDN(dn1, "c"), "SE");

    String dn2 = "C=SE, O=AnaTom, CN=cn";
    assertEquals(CertTools.getPartFromDN(dn2, "CN"), "cn");

    String dn3 = "C=SE, O=AnaTom, CN=CN";
    assertEquals(CertTools.getPartFromDN(dn3, "CN"), "CN");

    String dn4 = "C=CN, O=AnaTom, CN=foo";
    assertEquals(CertTools.getPartFromDN(dn4, "CN"), "foo");

    String dn5 = "C=cn, O=AnaTom, CN=foo";
    assertEquals(CertTools.getPartFromDN(dn5, "CN"), "foo");

    String dn6 = "CN=foo, O=PrimeKey, C=SE";
    assertEquals(CertTools.getPartFromDN(dn6, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn6, "O"), "PrimeKey");
    assertEquals(CertTools.getPartFromDN(dn6, "C"), "SE");

    String dn7 = "CN=foo, O=PrimeKey, C=cn";
    assertEquals(CertTools.getPartFromDN(dn7, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn7, "C"), "cn");

    String dn8 = "CN=foo, O=PrimeKey, C=CN";
    assertEquals(CertTools.getPartFromDN(dn8, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn8, "C"), "CN");

    String dn9 = "CN=foo, O=CN, C=CN";
    assertEquals(CertTools.getPartFromDN(dn9, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn9, "O"), "CN");

    String dn10 = "CN=foo, CN=bar,O=CN, C=CN";
    assertEquals(CertTools.getPartFromDN(dn10, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn10, "O"), "CN");

    String dn11 = "CN=foo,CN=bar, O=CN, C=CN";
    assertEquals(CertTools.getPartFromDN(dn11, "CN"), "foo");
    assertEquals(CertTools.getPartFromDN(dn11, "O"), "CN");

    String dn12 = "CN=\"foo, OU=bar\", O=baz\\\\\\, quux,C=C";
    assertEquals(CertTools.getPartFromDN(dn12, "CN"), "foo, OU=bar");
    assertEquals(CertTools.getPartFromDN(dn12, "O"), "baz\\, quux");
    assertNull(CertTools.getPartFromDN(dn12, "OU"));

    String dn13 = "C=SE, O=PrimeKey, EmailAddress=foo@primekey.se";
    ArrayList<String> emails = CertTools.getEmailFromDN(dn13);
    assertEquals((String) emails.get(0), "foo@primekey.se");

    String dn14 = "C=SE, E=foo@primekey.se, O=PrimeKey";
    emails = CertTools.getEmailFromDN(dn14);
    assertEquals((String) emails.get(0), "foo@primekey.se");

    String dn15 = "C=SE, E=foo@primekey.se, O=PrimeKey, EmailAddress=bar@primekey.se";
    emails = CertTools.getEmailFromDN(dn15);
    assertEquals((String) emails.get(0), "bar@primekey.se");

    log.trace("<test01GetPartFromDN()");
  }

  /**
   * DOCUMENT ME!
   *
   * @throws Exception
   *             DOCUMENT ME!
   */
  public void test02StringToBCDNString() throws Exception {
    log.trace(">test02StringToBCDNString()");

    // We try to examine the general case and som special cases, which we
    // want to be able to handle
    String dn1 = "C=SE, O=AnaTom, CN=foo";
    assertEquals(CertTools.stringToBCDNString(dn1), "CN=foo,O=AnaTom,C=SE");

    String dn2 = "C=SE, O=AnaTom, CN=cn";
    assertEquals(CertTools.stringToBCDNString(dn2), "CN=cn,O=AnaTom,C=SE");

    String dn3 = "CN=foo, O=PrimeKey, C=SE";
    assertEquals(CertTools.stringToBCDNString(dn3),
        "CN=foo,O=PrimeKey,C=SE");

    String dn4 = "cn=foo, o=PrimeKey, c=SE";
    assertEquals(CertTools.stringToBCDNString(dn4),
        "CN=foo,O=PrimeKey,C=SE");

    String dn5 = "cn=foo,o=PrimeKey,c=SE";
    assertEquals(CertTools.stringToBCDNString(dn5),
        "CN=foo,O=PrimeKey,C=SE");

    String dn6 = "C=SE, O=AnaTom, CN=CN";
    assertEquals(CertTools.stringToBCDNString(dn6), "CN=CN,O=AnaTom,C=SE");

    String dn7 = "C=CN, O=AnaTom, CN=foo";
    assertEquals(CertTools.stringToBCDNString(dn7), "CN=foo,O=AnaTom,C=CN");

    String dn8 = "C=cn, O=AnaTom, CN=foo";
    assertEquals(CertTools.stringToBCDNString(dn8), "CN=foo,O=AnaTom,C=cn");

    String dn9 = "CN=foo, O=PrimeKey, C=CN";
    assertEquals(CertTools.stringToBCDNString(dn9),
        "CN=foo,O=PrimeKey,C=CN");

    String dn10 = "CN=foo, O=PrimeKey, C=cn";
    assertEquals(CertTools.stringToBCDNString(dn10),
        "CN=foo,O=PrimeKey,C=cn");

    String dn11 = "CN=foo, O=CN, C=CN";
    assertEquals(CertTools.stringToBCDNString(dn11), "CN=foo,O=CN,C=CN");

    String dn12 = "O=PrimeKey,C=SE,CN=CN";
    assertEquals(CertTools.stringToBCDNString(dn12),
        "CN=CN,O=PrimeKey,C=SE");

    String dn13 = "O=PrimeKey,C=SE,CN=CN, OU=FooOU";
    assertEquals(CertTools.stringToBCDNString(dn13),
        "CN=CN,OU=FooOU,O=PrimeKey,C=SE");

    String dn14 = "O=PrimeKey,C=CN,CN=CN, OU=FooOU";
    assertEquals(CertTools.stringToBCDNString(dn14),
        "CN=CN,OU=FooOU,O=PrimeKey,C=CN");

    String dn15 = "O=PrimeKey,C=CN,CN=cn, OU=FooOU";
    assertEquals(CertTools.stringToBCDNString(dn15),
        "CN=cn,OU=FooOU,O=PrimeKey,C=CN");

    String dn16 = "CN=foo, CN=bar,O=CN, C=CN";
    assertEquals(CertTools.stringToBCDNString(dn16),
        "CN=foo,CN=bar,O=CN,C=CN");

    String dn17 = "CN=foo,CN=bar, O=CN, O=C, C=CN";
    assertEquals(CertTools.stringToBCDNString(dn17),
        "CN=foo,CN=bar,O=CN,O=C,C=CN");

    String dn18 = "cn=jean,cn=EJBCA,dc=home,dc=jean";
    assertEquals(CertTools.stringToBCDNString(dn18),
        "CN=jean,CN=EJBCA,DC=home,DC=jean");

    String dn19 = "cn=bar, cn=foo,o=oo, O=EJBCA,DC=DC2, dc=dc1, C=SE";
    assertEquals(CertTools.stringToBCDNString(dn19),
        "CN=bar,CN=foo,O=oo,O=EJBCA,DC=DC2,DC=dc1,C=SE");

    String dn20 = " CN=\"foo, OU=bar\",  O=baz\\\\\\, quux,C=SE ";
    // BC always escapes with backslash, it doesn't use quotes.
    assertEquals(CertTools.stringToBCDNString(dn20),
        "CN=foo\\, OU\\=bar,O=baz\\\\\\, quux,C=SE");

    String dn21 = "C=SE,O=Foo\\, Inc, OU=Foo\\, Dep, CN=Foo\\'";
    String bcdn21 = CertTools.stringToBCDNString(dn21);
    assertEquals(bcdn21, "CN=Foo\',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE");
    // it is allowed to escape ,
    assertEquals(StringTools.strip(bcdn21),
        "CN=Foo',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE");

    String dn22 = "C=SE,O=Foo\\, Inc, OU=Foo, Dep, CN=Foo'";
    String bcdn22 = CertTools.stringToBCDNString(dn22);
    assertEquals(bcdn22, "CN=Foo',OU=Foo,O=Foo\\, Inc,C=SE");
    assertEquals(StringTools.strip(bcdn22),
        "CN=Foo',OU=Foo,O=Foo\\, Inc,C=SE");

    String dn23 = "C=SE,O=Foo, OU=FooOU, CN=Foo, DN=qualf";
    String bcdn23 = CertTools.stringToBCDNString(dn23);
    assertEquals(bcdn23, "DN=qualf,CN=Foo,OU=FooOU,O=Foo,C=SE");
    assertEquals(StringTools.strip(bcdn23),
        "DN=qualf,CN=Foo,OU=FooOU,O=Foo,C=SE");

    String dn24 = "telephonenumber=08555-666,businesscategory=Surf boards,postaladdress=Stockholm,postalcode=11122,CN=foo,CN=bar, O=CN, O=C, C=CN";
    assertEquals(CertTools.stringToBCDNString(dn24),
        "TelephoneNumber=08555-666,PostalAddress=Stockholm,BusinessCategory=Surf boards,PostalCode=11122,CN=foo,CN=bar,O=CN,O=C,C=CN");

    // This isn't a legal SubjectDN. Since BC does not seem to support multivalues, we assume that the user meant \+.
    String dn25 = "CN=user+name, C=CN";
    assertEquals(CertTools.stringToBCDNString(dn25),"CN=user\\+name,C=CN");

    String dn26 = "CN=user\\+name, C=CN";
    assertEquals(CertTools.stringToBCDNString(dn26),"CN=user\\+name,C=CN");

    log.trace("<test02StringToBCDNString()");
  }

  /**
   * DOCUMENT ME!
   *
   * @throws Exception
   *             DOCUMENT ME!
   */
  public void test03AltNames() throws Exception {
    log.trace(">test03AltNames()");

    // We try to examine the general case and som special cases, which we
    // want to be able to handle
    String alt1 = "rfc822Name=ejbca@primekey.se, dNSName=www.primekey.se, uri=http://www.primekey.se/ejbca";
    assertEquals(CertTools.getPartFromDN(alt1, CertTools.EMAIL),
        "ejbca@primekey.se");
    assertNull(CertTools.getPartFromDN(alt1, CertTools.EMAIL1));
    assertNull(CertTools.getPartFromDN(alt1, CertTools.EMAIL2));
    assertEquals(CertTools.getPartFromDN(alt1, CertTools.DNS),
        "www.primekey.se");
    assertNull(CertTools.getPartFromDN(alt1, CertTools.URI));
    assertEquals(CertTools.getPartFromDN(alt1, CertTools.URI1),
        "http://www.primekey.se/ejbca");

    String alt2 = "email=ejbca@primekey.se, dNSName=www.primekey.se, uniformResourceIdentifier=http://www.primekey.se/ejbca";
    assertEquals(CertTools.getPartFromDN(alt2, CertTools.EMAIL1),
        "ejbca@primekey.se");
    assertEquals(CertTools.getPartFromDN(alt2, CertTools.URI),
        "http://www.primekey.se/ejbca");

    String alt3 = "EmailAddress=ejbca@primekey.se, dNSName=www.primekey.se, uniformResourceIdentifier=http://www.primekey.se/ejbca";
    assertEquals(CertTools.getPartFromDN(alt3, CertTools.EMAIL2),
        "ejbca@primekey.se");

    Certificate cert = CertTools.getCertfromByteArray(guidcert);
    String upn = CertTools.getUPNAltName(cert);
    assertEquals(upn, "guid@foo.com");
    String guid = CertTools.getGuidAltName(cert);
    assertEquals(guid, "1234567890abcdef");

    String customAlt = "rfc822Name=foo@bar.com";
    ArrayList<String> oids = CertTools.getCustomOids(customAlt);
    assertEquals(0, oids.size());
    customAlt = "rfc822Name=foo@bar.com, 1.1.1.1.2=foobar, 1.2.2.2.2=barfoo";
    oids = CertTools.getCustomOids(customAlt);
    assertEquals(2, oids.size());
    String oid1 = (String) oids.get(0);
    assertEquals("1.1.1.1.2", oid1);
    String oid2 = (String) oids.get(1);
    assertEquals("1.2.2.2.2", oid2);
    String val1 = CertTools.getPartFromDN(customAlt, oid1);
    assertEquals("foobar", val1);
    String val2 = CertTools.getPartFromDN(customAlt, oid2);
    assertEquals("barfoo", val2);

    customAlt = "rfc822Name=foo@bar.com, 1.1.1.1.2=foobar, 1.1.1.1.2=barfoo";
    oids = CertTools.getCustomOids(customAlt);
    assertEquals(1, oids.size());
    oid1 = (String) oids.get(0);
    assertEquals("1.1.1.1.2", oid1);
    List<String> list = CertTools.getPartsFromDN(customAlt, oid1);
    assertEquals(2, list.size());
    val1 = (String)list.get(0);
    assertEquals("foobar", val1);
    val2 = (String)list.get(1);
    assertEquals("barfoo", val2);

    log.trace("<test03AltNames()");
  }

  /**
   * DOCUMENT ME!
   *
   * @throws Exception
   *             DOCUMENT ME!
   */
  public void test04DNComponents() throws Exception {
    log.trace(">test04DNComponents()");

    // We try to examine the general case and som special cases, which we
    // want to be able to handle
    String dn1 = "CN=CommonName, O=Org, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE";
    String bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals(
        bcdn1,
        "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE");

    dn1 = "CN=CommonName, O=Org, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE, 1.1.1.1=1111Oid, 2.2.2.2=2222Oid";
    bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals(
        bcdn1,
        "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE,2.2.2.2=2222Oid,1.1.1.1=1111Oid");

    dn1 = "CN=CommonName, 3.3.3.3=3333Oid,O=Org, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE, 1.1.1.1=1111Oid, 2.2.2.2=2222Oid";
    bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    // 3.3.3.3 is not a valid OID so it should be silently dropped
    assertEquals(
        bcdn1,
        "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE,2.2.2.2=2222Oid,1.1.1.1=1111Oid");

    dn1 = "CN=CommonName, 2.3.3.3=3333Oid,O=Org, K=KKK, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE, 1.1.1.1=1111Oid, 2.2.2.2=2222Oid";
    bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals(
        bcdn1,
        "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE,2.2.2.2=2222Oid,1.1.1.1=1111Oid,2.3.3.3=3333Oid");

    log.trace("<test04DNComponents()");
  }

  /**
   * Tests string coding/decoding international (swedish characters)
   *
   * @throws Exception
   *             if error...
   */
  public void test05IntlChars() throws Exception {
    log.trace(">test05IntlChars()");
    // We try to examine the general case and som special cases, which we
    // want to be able to handle
    String dn1 = "CN=Tomas?????????, O=?????????-Org, OU=??????-Unit, C=SE";
    String bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals("CN=Tomas?????????,OU=??????-Unit,O=?????????-Org,C=SE",
        bcdn1);
    log.trace("<test05IntlChars()");
  }

  /**
   * Tests some of the other methods of CertTools
   *
   * @throws Exception
   *             if error...
   */
  public void test06CertOps() throws Exception {
    log.trace(">test06CertOps()");
    Certificate cert = CertTools.getCertfromByteArray(testcert);
    Certificate gcert = CertTools.getCertfromByteArray(guidcert);
    assertEquals("Wrong issuerDN", CertTools.getIssuerDN(cert), CertTools
        .stringToBCDNString("CN=TestCA,O=AnaTom,C=SE"));
    assertEquals("Wrong subjectDN", CertTools.getSubjectDN(cert), CertTools
        .stringToBCDNString("CN=p12test,O=PrimeTest,C=SE"));
    assertEquals("Wrong subject key id", new String(Hex.encode(CertTools
        .getSubjectKeyId(cert))),
        "E74F5690F48D147783847CD26448E8094ABB08A0".toLowerCase());
    assertEquals("Wrong authority key id", new String(Hex.encode(CertTools
        .getAuthorityKeyId(cert))),
        "637BF476A854248EA574A57744A6F45E0F579251".toLowerCase());
    assertEquals("Wrong upn alt name", "foo@foo", CertTools
        .getUPNAltName(cert));
    assertEquals("Wrong guid alt name", "1234567890abcdef", CertTools
        .getGuidAltName(gcert));
    assertEquals("Wrong certificate policy", "1.1.1.1.1.1", CertTools
        .getCertificatePolicyId(cert, 0));
    assertNull("Not null policy", CertTools.getCertificatePolicyId(cert, 1));
    // log.debug(cert);
    // FileOutputStream fos = new FileOutputStream("foo.cert");
    // fos.write(cert.getEncoded());
    // fos.close();
    log.trace("<test06CertOps()");
  }

  /**
   * Tests the handling of DC components
   *
   * @throws Exception
   *             if error...
   */
  public void test07TestDC() throws Exception {
    log.trace(">test07TestDC()");
    // We try to examine the that we handle modern dc components for ldap
    // correctly
    String dn1 = "dc=bigcorp,dc=com,dc=se,ou=users,cn=Mike Jackson";
    String bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    // assertEquals("CN=Mike Jackson,OU=users,DC=se,DC=bigcorp,DC=com",
    // bcdn1);
    String dn2 = "cn=Mike Jackson,ou=users,dc=se,dc=bigcorp,dc=com";
    String bcdn2 = CertTools.stringToBCDNString(dn2);
    log.debug("dn2: " + dn2);
    log.debug("bcdn2: " + bcdn2);
    assertEquals("CN=Mike Jackson,OU=users,DC=se,DC=bigcorp,DC=com", bcdn2);
    log.trace("<test07TestDC()");
  }

  /**
   * Tests the handling of unstructuredName/Address
   *
   * @throws Exception
   *             if error...
   */
  public void test08TestUnstructured() throws Exception {
    log.trace(">test08TestUnstructured()");
    // We try to examine the that we handle modern dc components for ldap
    // correctly
    String dn1 = "C=SE,O=PrimeKey,unstructuredName=10.1.1.2,unstructuredAddress=foo.bar.se,cn=test";
    String bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals(
        "unstructuredAddress=foo.bar.se,unstructuredName=10.1.1.2,CN=test,O=PrimeKey,C=SE",
        bcdn1);
    log.trace("<test08TestUnstructured()");
  }

  /**
   * Tests the reversing of a DN
   *
   * @throws Exception
   *             if error...
   */
  public void test09TestReverseDN() throws Exception {
    log.trace(">test09TestReverse()");
    // We try to examine the that we handle modern dc components for ldap
    // correctly
    String dn1 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G";
    String dn2 = "cn=Tomas G,ou=users,ou=orgunit,dc=se,dc=bigcorp,dc=com";
    assertTrue(CertTools.isDNReversed(dn1));
    assertTrue(!CertTools.isDNReversed(dn2));
    assertTrue(CertTools.isDNReversed("C=SE,CN=Foo"));
    assertTrue(!CertTools.isDNReversed("CN=Foo,O=FooO"));
    String revdn1 = CertTools.reverseDN(dn1);
    log.debug("dn1: " + dn1);
    log.debug("revdn1: " + revdn1);
    assertEquals(dn2, revdn1);

    String dn3 = "cn=toto,cn=titi,dc=domain,dc=tld";
    String revdn3 = CertTools.reverseDN(dn3);
    assertEquals("dc=tld,dc=domain,cn=titi,cn=toto", revdn3);
   
        X509Name dn4 = CertTools.stringToBcX509Name(dn3, new X509DefaultEntryConverter(), true);
    assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", dn4.toString());
        X509Name dn5 = CertTools.stringToBcX509Name(dn3, new X509DefaultEntryConverter(), false);
    assertEquals("DC=tld,DC=domain,CN=titi,CN=toto", dn5.toString());
    assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", CertTools.stringToBCDNString(dn3));

    String dn6 = "dc=tld,dc=domain,cn=titi,cn=toto";
    String revdn6 = CertTools.reverseDN(dn6);
    assertEquals("cn=toto,cn=titi,dc=domain,dc=tld", revdn6);
    assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", CertTools.stringToBCDNString(dn3));

        X509Name dn7 = CertTools.stringToBcX509Name(dn6, new X509DefaultEntryConverter(), true);
    assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", dn7.toString());
        X509Name revdn7 = CertTools.stringToBcX509Name(dn6, new X509DefaultEntryConverter(), false);
    assertEquals("DC=tld,DC=domain,CN=titi,CN=toto", revdn7.toString());

    // Test the test strings from ECA-1699, to prove that we fixed this issue
        String dn8 = "dc=org,dc=foo,o=FOO,cn=FOO Root CA";
        String dn9 = "cn=FOO Root CA,o=FOO,dc=foo,dc=org";
    String revdn8 = CertTools.reverseDN(dn8);
    assertEquals("cn=FOO Root CA,o=FOO,dc=foo,dc=org", revdn8);
    String revdn9 = CertTools.reverseDN(dn9);
    assertEquals("dc=org,dc=foo,o=FOO,cn=FOO Root CA", revdn9);
        X509Name xdn8ldap = CertTools.stringToBcX509Name(dn8, new X509DefaultEntryConverter(), true);
        X509Name xdn8x500 = CertTools.stringToBcX509Name(dn8, new X509DefaultEntryConverter(), false);
    assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", xdn8ldap.toString());
    assertEquals("DC=org,DC=foo,O=FOO,CN=FOO Root CA", xdn8x500.toString());
        X509Name xdn9ldap = CertTools.stringToBcX509Name(dn9, new X509DefaultEntryConverter(), true);
        X509Name xdn9x500 = CertTools.stringToBcX509Name(dn9, new X509DefaultEntryConverter(), false);
    assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", xdn9ldap.toString());
    assertEquals("DC=org,DC=foo,O=FOO,CN=FOO Root CA", xdn9x500.toString());
    assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", CertTools.stringToBCDNString(dn8));
    assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", CertTools.stringToBCDNString(dn9));

    // Test reversing DNs with multiple OU
    String dn10 = "CN=something,OU=A,OU=B,O=someO,C=SE";
        X509Name x509dn10 = CertTools.stringToBcX509Name(dn10, new X509DefaultEntryConverter(), true);
        assertEquals("CN=something,OU=A,OU=B,O=someO,C=SE", x509dn10.toString());
    assertEquals("CN=something,OU=A,OU=B,O=someO,C=SE", CertTools.stringToBCDNString(dn10));

        // When we order forwards (LdapOrder) from the beginning, and request !LdapOrder, everything should be reversed
        X509Name ldapdn11 = CertTools.stringToBcX509Name(dn10, new X509DefaultEntryConverter(), false);
        assertEquals("C=SE,O=someO,OU=B,OU=A,CN=something", ldapdn11.toString());

        // When we order backwards (X.509, !LdapOrder) from the beginning, we should not reorder anything
    String dn11 = "C=SE,O=someO,OU=B,OU=A,CN=something";
    X509Name x509dn11 = CertTools.stringToBcX509Name(dn11, new X509DefaultEntryConverter(), false);
        assertEquals("C=SE,O=someO,OU=B,OU=A,CN=something", x509dn11.toString());
    assertEquals("CN=something,OU=A,OU=B,O=someO,C=SE", CertTools.stringToBCDNString(dn11));

    log.trace("<test09TestReverse()");
  }

  /**
   * Tests the handling of DC components
   *
   * @throws Exception if error...
   */
  public void test10TestMultipleReversed() throws Exception {
    log.trace(">test10TestMultipleReversed()");
    // We try to examine the that we handle modern dc components for ldap
    // correctly
    String dn1 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G";
    String bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals("CN=Tomas G,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com",
        bcdn1);

    String dn19 = "C=SE, dc=dc1,DC=DC2,O=EJBCA, O=oo, cn=foo, cn=bar";
    assertEquals("CN=bar,CN=foo,O=oo,O=EJBCA,DC=DC2,DC=dc1,C=SE", CertTools
        .stringToBCDNString(dn19));
    String dn20 = " C=SE,CN=\"foo, OU=bar\",  O=baz\\\\\\, quux  ";
    // BC always escapes with backslash, it doesn't use quotes.
    assertEquals("CN=foo\\, OU\\=bar,O=baz\\\\\\, quux,C=SE", CertTools
        .stringToBCDNString(dn20));

    String dn21 = "C=SE,O=Foo\\, Inc, OU=Foo\\, Dep, CN=Foo\\'";
    String bcdn21 = CertTools.stringToBCDNString(dn21);
    assertEquals("CN=Foo\',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE", bcdn21);
    assertEquals("CN=Foo',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE", StringTools
        .strip(bcdn21));
    log.trace("<test10TestMultipleReversed()");
  }

  /**
   * Tests the insertCNPostfix function
   *
   * @throws Exception
   *             if error...
   */
  public void test11TestInsertCNPostfix() throws Exception {
    log.trace(">test11TestInsertCNPostfix()");

    // Test the regular case with one CN beging replaced with " (VPN)"
    // postfix
    String dn1 = "CN=Tomas G,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
    String cnpostfix1 = " (VPN)";
    String newdn1 = CertTools.insertCNPostfix(dn1, cnpostfix1);
    assertEquals(
        "CN=Tomas G (VPN),OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com",
        newdn1);

    // Test case when CN doesn't exist
    String dn2 = "OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
    String newdn2 = CertTools.insertCNPostfix(dn2, cnpostfix1);
    assertEquals("OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn2);

    // Test case with two CNs in DN only first one should be replaced.
    String dn3 = "CN=Tomas G,CN=Bagare,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
    String newdn3 = CertTools.insertCNPostfix(dn3, cnpostfix1);
    assertEquals(
        "CN=Tomas G (VPN),CN=Bagare,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com",
        newdn3);

    // Test case with two CNs in reversed DN
    String dn4 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G,CN=Bagare";
    String newdn4 = CertTools.insertCNPostfix(dn4, cnpostfix1);
    assertEquals(
        "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G (VPN),CN=Bagare",
        newdn4);

    // Test case with two CNs in reversed DN
    String dn5 = "UID=tomas,CN=tomas,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
    String cnpostfix5 = " (VPN)";
    String newdn5 = CertTools.insertCNPostfix(dn5, cnpostfix5);
    assertEquals(
        "UID=tomas,CN=tomas (VPN),OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com",
        newdn5);

    log.trace("<test11TestInsertCNPostfix()");
  }

  /**
   */
  public void test12GetPartsFromDN() throws Exception {
    log.trace(">test01GetPartFromDN()");

    // We try to examine the general case and som special cases, which we
    // want to be able to handle
    String dn0 = "C=SE, O=AnaTom, CN=foo";
    assertEquals(CertTools.getPartsFromDN(dn0, "CN").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn0, "CN").contains("foo"));
    assertEquals(CertTools.getPartsFromDN(dn0, "O").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn0, "O").contains("AnaTom"));
    assertEquals(CertTools.getPartsFromDN(dn0, "C").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn0, "C").contains("SE"));
    assertEquals(CertTools.getPartsFromDN(dn0, "cn").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn0, "cn").contains("foo"));
    assertEquals(CertTools.getPartsFromDN(dn0, "o").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn0, "o").contains("AnaTom"));
    assertEquals(CertTools.getPartsFromDN(dn0, "c").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn0, "c").contains("SE"));

    String dn1 = "uri=http://www.a.se, C=SE, O=AnaTom, CN=foo";
    assertEquals(CertTools.getPartsFromDN(dn1, "CN").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn1, "CN").contains("foo"));
    assertEquals(CertTools.getPartsFromDN(dn1, CertTools.URI).size(), 0);
    assertEquals(CertTools.getPartsFromDN(dn1, CertTools.URI1).size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn1, CertTools.URI1).contains(
        "http://www.a.se"));

    String dn2 = "uri=http://www.a.se, uri=http://www.b.se, C=SE, O=AnaTom, CN=foo";
    assertEquals(CertTools.getPartsFromDN(dn2, "CN").size(), 1);
    assertTrue(CertTools.getPartsFromDN(dn2, "CN").contains("foo"));
    assertEquals(CertTools.getPartsFromDN(dn2, CertTools.URI1).size(), 2);
    assertTrue(CertTools.getPartsFromDN(dn2, CertTools.URI1).contains(
        "http://www.a.se"));
    assertTrue(CertTools.getPartsFromDN(dn2, CertTools.URI1).contains(
        "http://www.b.se"));

    log.trace("<test12GetPartsFromDN()");
  }

  public void test13GetSubjectAltNameString() throws Exception {
    log.trace(">test13GetSubjectAltNameString()");

    String altNames = CertTools.getSubjectAlternativeName(CertTools
        .getCertfromByteArray(altNameCert));
    log.debug(altNames);
    String name = CertTools.getPartFromDN(altNames, CertTools.UPN);
    assertEquals("foo@a.se", name);
    assertEquals("foo@a.se", CertTools.getUPNAltName(CertTools
        .getCertfromByteArray(altNameCert)));
    name = CertTools.getPartFromDN(altNames, CertTools.URI);
    assertEquals("http://www.a.se/", name);
    name = CertTools.getPartFromDN(altNames, CertTools.EMAIL);
    assertEquals("tomas@a.se", name);
    name = CertTools.getEMailAddress(CertTools
        .getCertfromByteArray(altNameCert));
    assertEquals("tomas@a.se", name);
    name = CertTools.getEMailAddress(CertTools
        .getCertfromByteArray(testcert));
    assertNull(name);
    name = CertTools.getEMailAddress(null);
    assertNull(name);
    name = CertTools.getPartFromDN(altNames, CertTools.DNS);
    assertEquals("www.a.se", name);
    name = CertTools.getPartFromDN(altNames, CertTools.IPADDR);
    assertEquals("10.1.1.1", name);
    log.trace("<test13GetSubjectAltNameString()");
  }

  public void test14QCStatement() throws Exception {
    Certificate cert = CertTools.getCertfromByteArray(qcRefCert);
    // log.debug(cert);
    assertEquals("rfc822name=municipality@darmstadt.de",
        QCStatementExtension.getQcStatementAuthorities(cert));
    Collection<String> ids = QCStatementExtension.getQcStatementIds(cert);
    assertTrue(ids
        .contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2
            .getId()));
    Certificate cert2 = CertTools.getCertfromByteArray(qcPrimeCert);
    assertEquals("rfc822name=qc@primekey.se", QCStatementExtension
        .getQcStatementAuthorities(cert2));
    ids = QCStatementExtension.getQcStatementIds(cert2);
    assertTrue(ids
        .contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1
            .getId()));
    assertTrue(ids
        .contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance
            .getId()));
    assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD
        .getId()));
    assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue
        .getId()));
    String limit = QCStatementExtension.getQcStatementValueLimit(cert2);
    assertEquals("50000 SEK", limit);
  }

  public void test15AiaOcspUri() throws Exception {
    Certificate cert = CertTools.getCertfromByteArray(aiaCert);
    //log.debug(cert);
    assertEquals("http://localhost:8080/ejbca/publicweb/status/ocsp",
        CertTools.getAuthorityInformationAccessOcspUrl(cert));
  }

  public void test16GetSubjectAltNameStringWithDirectoryName()
      throws Exception {
    log.trace(">test16GetSubjectAltNameStringWithDirectoryName()");

    Certificate cer = CertTools
        .getCertfromByteArray(altNameCertWithDirectoryName);
    String altNames = CertTools.getSubjectAlternativeName(cer);
    log.debug(altNames);

    String name = CertTools.getPartFromDN(altNames, CertTools.UPN);
    assertEquals("testDirName@jamador.pki.gva.es", name);
    assertEquals("testDirName@jamador.pki.gva.es", CertTools
        .getUPNAltName(cer));

    name = CertTools.getPartFromDN(altNames, CertTools.DIRECTORYNAME);
    assertEquals("CN=testDirName|dir|name", name);
    assertEquals(name.substring("CN=".length()), new X509Name(
        "CN=testDirName|dir|name").getValues().get(0));

    String altName = "rfc822name=foo@bar.se, uri=http://foo.bar.se, directoryName="
        + LDAPDN.escapeRDN("CN=testDirName, O=Foo, OU=Bar, C=SE")
        + ", dnsName=foo.bar.se";
    GeneralNames san = CertTools.getGeneralNamesFromAltName(altName);
    GeneralName[] gns = san.getNames();
    boolean found = false;
    for (int i = 0; i < gns.length; i++) {
      int tag = gns[i].getTagNo();
      if (tag == 4) {
        found = true;
        DEREncodable enc = gns[i].getName();
        X509Name dir = (X509Name) enc;
        String str = dir.toString();
        log.debug("DirectoryName: " + str);
        assertEquals("CN=testDirName,O=Foo,OU=Bar,C=SE", str);
      }

    }
    assertTrue(found);

    altName = "rfc822name=foo@bar.se, rfc822name=foo@bar.com, uri=http://foo.bar.se, directoryName="
        + LDAPDN.escapeRDN("CN=testDirName, O=Foo, OU=Bar, C=SE")
        + ", dnsName=foo.bar.se, dnsName=foo.bar.com";
    san = CertTools.getGeneralNamesFromAltName(altName);
    gns = san.getNames();
    int dnscount = 0;
    int rfc822count = 0;
    for (int i = 0; i < gns.length; i++) {
      int tag = gns[i].getTagNo();
      if (tag == 2) {
        dnscount++;
        DEREncodable enc = gns[i].getName();
        DERIA5String dir = (DERIA5String) enc;
        String str = dir.getString();
        log.info("DnsName: " + str);
      }
      if (tag == 1) {
        rfc822count++;
        DEREncodable enc = gns[i].getName();
        DERIA5String dir = (DERIA5String) enc;
        String str = dir.getString();
        log.info("Rfc822Name: " + str);
      }

    }
    assertEquals(2, dnscount);
    assertEquals(2, rfc822count);
    log.trace("<test16GetSubjectAltNameStringWithDirectoryName()");
  }

  public void test17SubjectDirectoryAttributes() throws Exception {
    log.trace(">test17SubjectDirectoryAttributes()");
    Certificate cer = CertTools.getCertfromByteArray(subjDirAttrCert);
    String ret = SubjectDirAttrExtension.getSubjectDirectoryAttributes(cer);
    assertEquals("countryOfCitizenship=TR", ret);
    cer = CertTools.getCertfromByteArray(subjDirAttrCert2);
    ret = SubjectDirAttrExtension.getSubjectDirectoryAttributes(cer);
    assertEquals(
        "countryOfResidence=SE, countryOfCitizenship=SE, gender=M, placeOfBirth=Stockholm, dateOfBirth=19710425",
        ret);
    log.trace("<test17SubjectDirectoryAttributes()");
  }

  public void test18DNSpaceTrimming() throws Exception {
    log.trace(">test18DNSpaceTrimming()");
    String dn1 = "CN=CommonName, O= Org,C=SE";
    String bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals("CN=CommonName,O=Org,C=SE", bcdn1);

    dn1 = "CN=CommonName, O =Org,C=SE";
    bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals("CN=CommonName,O=Org,C=SE", bcdn1);

    dn1 = "CN=CommonName, O = Org,C=SE";
    bcdn1 = CertTools.stringToBCDNString(dn1);
    log.debug("dn1: " + dn1);
    log.debug("bcdn1: " + bcdn1);
    assertEquals("CN=CommonName,O=Org,C=SE", bcdn1);
    log.trace("<test18DNSpaceTrimming()");
  }

  @SuppressWarnings("unchecked")
    public void test19getAltNameStringFromExtension() throws Exception {
    PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(
        p10ReqWithAltNames);
    CertificationRequestInfo info = p10.getCertificationRequestInfo();
    ASN1Set set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest
    Enumeration<Object> en = set.getObjects();
    boolean found = false;
    while (en.hasMoreElements()) {
      ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement());
      DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0);
      if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
        // The object at position 1 is a SET of x509extensions
        DERSet s = (DERSet) seq.getObjectAt(1);
        X509Extensions exts = X509Extensions.getInstance(s
            .getObjectAt(0));
        X509Extension ext = exts
            .getExtension(X509Extensions.SubjectAlternativeName);
        if (ext != null) {
          found = true;
          String altNames = CertTools
              .getAltNameStringFromExtension(ext);
          assertEquals(
              "dNSName=ort3-kru.net.polisen.se, iPAddress=10.252.255.237",
              altNames);
        }
      }
    }
    assertTrue(found);

    p10 = new PKCS10CertificationRequest(p10ReqWithAltNames2);
    info = p10.getCertificationRequestInfo();
    set = info.getAttributes();
    // The set of attributes contains a sequence of with type oid
    // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest
   
    en = set.getObjects();
    found = false;
    while (en.hasMoreElements()) {
      ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement());
      DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0);
      if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
        // The object at position 1 is a SET of x509extensions
        DERSet s = (DERSet) seq.getObjectAt(1);
        X509Extensions exts = X509Extensions.getInstance(s
            .getObjectAt(0));
        X509Extension ext = exts
            .getExtension(X509Extensions.SubjectAlternativeName);
        if (ext != null) {
          found = true;
          String altNames = CertTools
              .getAltNameStringFromExtension(ext);
          assertEquals("dNSName=foo.bar.com, iPAddress=10.0.0.1",
              altNames);
        }
      }
    }
    assertTrue(found);

  }

  public void test20cvcCert() throws Exception {
    Certificate cert = CertTools.getCertfromByteArray(cvccert);
    assertNotNull(cert);
    PublicKey pk = cert.getPublicKey();
    assertNotNull(pk);
    assertEquals("RSA", pk.getAlgorithm());
    if( pk instanceof RSAPublicKey){
      BigInteger modulus = ((RSAPublicKey)pk).getModulus();
      int len = modulus.bitLength();
      assertEquals(1024, len);
    } else {
      assertTrue(false);
    }
    String subjectdn = CertTools.getSubjectDN(cert);
    assertEquals("CN=RPS,C=SE", subjectdn);
    String issuerdn = CertTools.getIssuerDN(cert);
    assertEquals("CN=RPS,C=SE", issuerdn);
    assertEquals("10110", CertTools.getSerialNumberAsString(cert));
    CardVerifiableCertificate cvcert = (CardVerifiableCertificate)cert;
    assertEquals("CVCA", cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate().getAuthorizationField().getRole().name());

    // Serialization, CVC provider is installed by CertTools.installBCProvider
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(baos);
    oos.writeObject(cert);
    oos.close();
    baos.close();
    ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
    ObjectInputStream ois = new ObjectInputStream(bais);
    Object o = ois.readObject();
    Certificate ocert = (Certificate)o;
    assertEquals("CVC", ocert.getType());

    // Test CVC certificate request encoding
    CVCObject parsedObject = CertificateParser.parseCVCObject(cvcreq);
    CVCertificate req = (CVCertificate)parsedObject;
    PublicKey pubKey = req.getCertificateBody().getPublicKey();
    assertNotNull(pubKey);
    assertEquals("CVC", pubKey.getFormat());
    BigInteger modulus = ((RSAPublicKey)pk).getModulus();
    int len = modulus.bitLength();
    assertEquals(1024, len);

    // Test verification of an authenticated request
    parsedObject = CertificateParser.parseCVCObject(cvcreqrenew);
    CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
    try {
      authreq.verify(pubKey);
    } catch (Exception e) {
      assertTrue(false);
    }   
    // Test verification of an authenticated request that fails
    parsedObject = CertificateParser.parseCVCObject(cvcreqrenew);
    authreq = (CVCAuthenticatedRequest)parsedObject;
    req = authreq.getRequest();
    try {
      authreq.verify(req.getCertificateBody().getPublicKey());
      assertTrue(false);
    } catch (Exception e) {
    }   
  }

  public void test21GenSelfCert() throws Exception {
    KeyPair kp = KeyTools.genKeys("1024", "RSA");
    Certificate cert = CertTools.genSelfCertForPurpose("CN=foo1", 10, null,
        kp.getPrivate(), kp.getPublic(),
        AlgorithmConstants.SIGALG_SHA256_WITH_RSA_AND_MGF1, true,
        X509KeyUsage.keyCertSign);
    assertNotNull(cert);
    PublicKey pk = cert.getPublicKey();
    assertNotNull(pk);
    assertEquals("RSA", pk.getAlgorithm());
    if (pk instanceof RSAPublicKey) {
      BigInteger modulus = ((RSAPublicKey) pk).getModulus();
      int len = modulus.bitLength();
      assertEquals(1024, len);
    } else {
      assertTrue(false);
    }
    String subjectdn = CertTools.getSubjectDN(cert);
    assertEquals("CN=foo1", subjectdn);
    String issuerdn = CertTools.getIssuerDN(cert);
    assertEquals("CN=foo1", issuerdn);
  }
 
  public void test22CreateCertChain() throws Exception {
    // Test creating a certificate chain for CVC CAs
    Certificate cvccertroot = CertTools.getCertfromByteArray(cvccertchainroot);
    Certificate cvccertsub = CertTools.getCertfromByteArray(cvccertchainsub);
   
    ArrayList<Certificate> certlist = new ArrayList<Certificate>();
    certlist.add(cvccertsub);
    certlist.add(cvccertroot);
    Collection<Certificate> col = CertTools.createCertChain(certlist);
    assertEquals(2, col.size());
    Iterator<Certificate> iter = col.iterator();
    Certificate certsub = (Certificate)iter.next();
    assertEquals("CN=RPS,C=SE", CertTools.getSubjectDN(certsub));
    Certificate certroot = (Certificate)iter.next();
    assertEquals("CN=HSMCVCA,C=SE", CertTools.getSubjectDN(certroot));
   
    // Test creating a certificate chain for X509CAs
    Certificate x509certsubsub = CertTools.getCertfromByteArray(x509certchainsubsub);
    System.out.println(x509certsubsub.toString());
    Certificate x509certsub = CertTools.getCertfromByteArray(x509certchainsub);
    System.out.println(x509certsub.toString());
    Certificate x509certroot = CertTools.getCertfromByteArray(x509certchainroot);
    System.out.println(x509certroot.toString());
    certlist = new ArrayList<Certificate>();
    certlist.add(x509certsub);
    certlist.add(x509certroot);
    certlist.add(x509certsubsub);
    col = CertTools.createCertChain(certlist);
    assertEquals(3, col.size());
    iter = col.iterator();
    Certificate certsubsub = (Certificate)iter.next();
    assertEquals("CN=SubSubCA", CertTools.getSubjectDN(certsubsub));
    certsub = (Certificate)iter.next();
    assertEquals("CN=SubCA", CertTools.getSubjectDN(certsub));
    certroot = (Certificate)iter.next();
    assertEquals("CN=RootCA", CertTools.getSubjectDN(certroot));
   
  }
 
  public void test23GenSelfCertDSA() throws Exception {
    KeyPair kp = KeyTools.genKeys("1024", "DSA");
    Certificate cert = CertTools.genSelfCertForPurpose("CN=foo1", 10, null,
        kp.getPrivate(), kp.getPublic(),
        AlgorithmConstants.SIGALG_SHA1_WITH_DSA, true,
        X509KeyUsage.keyCertSign);
    assertNotNull(cert);
    PublicKey pk = cert.getPublicKey();
    assertNotNull(pk);
    assertEquals("DSA", pk.getAlgorithm());
    assertTrue(pk instanceof DSAPublicKey);
    String subjectdn = CertTools.getSubjectDN(cert);
    assertEquals("CN=foo1", subjectdn);
    String issuerdn = CertTools.getIssuerDN(cert);
    assertEquals("CN=foo1", issuerdn);
  }
 
    public void test24GetCrlDistributionPoint() throws Exception {
      log.trace(">test24GetCrlDistributionPoint()");

        Collection<Certificate> certs;
        URL url;

        // Test with normal cert
        try {
            certs = CertTools.getCertsFromPEM(
                    new ByteArrayInputStream(CERT_WITH_URI.getBytes()));
            url = CertTools.getCrlDistributionPoint(certs.iterator().next());
            assertNotNull(url);
        } catch (CertificateParsingException ex) {
            fail("Exception: " + ex.getMessage());
        }

        // Test with cert that contains CDP without URI
        try {
            certs = CertTools.getCertsFromPEM(
                    new ByteArrayInputStream(CERT_WITHOUT_URI.getBytes()));
            url = CertTools.getCrlDistributionPoint(certs.iterator().next());
            assertNull(url);
        } catch (CertificateParsingException ex) {
            fail("Exception: " + ex.getMessage());
        }
       
      log.trace("<test24GetCrlDistributionPoint()");
    }
 
  public void testKrb5PrincipalName() throws Exception {
    String altName =  "krb5principal=foo/bar@P.SE, upn=upn@u.com";
    GeneralNames gn = CertTools.getGeneralNamesFromAltName(altName);

    GeneralName[] names = gn.getNames();
    String ret = CertTools.getGeneralNameString(0, names[1].getName());
    assertEquals("krb5principal=foo/bar@P.SE", ret);

    altName =  "krb5principal=foo@P.SE";
    gn = CertTools.getGeneralNamesFromAltName(altName);
    names = gn.getNames();
    ret = CertTools.getGeneralNameString(0, names[0].getName());
    assertEquals("krb5principal=foo@P.SE", ret);

    altName =  "krb5principal=foo/A.SE@P.SE";
    gn = CertTools.getGeneralNamesFromAltName(altName);
    names = gn.getNames();
    ret = CertTools.getGeneralNameString(0, names[0].getName());
    assertEquals("krb5principal=foo/A.SE@P.SE", ret);
   
    Certificate krbcert = CertTools.getCertfromByteArray(krb5principalcert);
    String s = CertTools.getSubjectAlternativeName(krbcert);
    assertEquals("krb5principal=foo/bar@P.COM", s);
  }
 
  public void testPseudonymAndName() throws Exception {
    String dn1 = "c=SE,O=Prime,OU=Tech,TelephoneNumber=555-666,Name=Kalle,PostalAddress=footown,PostalCode=11122,Pseudonym=Shredder,cn=Tomas Gustavsson";
    String bcdn1 = CertTools.stringToBCDNString(dn1);
    assertEquals("Pseudonym=Shredder,TelephoneNumber=555-666,PostalAddress=footown,PostalCode=11122,CN=Tomas Gustavsson,Name=Kalle,OU=Tech,O=Prime,C=SE", bcdn1);   
  }

  public void testEscapedCharacters() throws Exception {
        String dn = CertTools.stringToBCDNString("O=\\<fff\\>\\\",CN=oid,SN=12345,NAME=name,C=se");
        assertEquals("CN=oid,Name=name,SN=12345,O=\\<fff\\>\\\",C=se", dn);
  }

  public void testSerialNumberFromString() throws Exception {
    // Test numerical format
    BigInteger serno = CertTools.getSerialNumberFromString("00001");
    assertEquals(1, serno.intValue());
    // Test SE001 format
    serno = CertTools.getSerialNumberFromString("SE021");
    assertEquals(21, serno.intValue());
   
    // Test numeric and hexadecimal string, will get the numerical part in the middle
    serno = CertTools.getSerialNumberFromString("F53AA");
    assertEquals(53, serno.intValue());

    // Test pure letters
    serno = CertTools.getSerialNumberFromString("FXBAA");
    assertEquals(26748514, serno.intValue());

    // Test a strange format...
    serno = CertTools.getSerialNumberFromString("SE02K");
    assertEquals(2, serno.intValue());

    // Test a real biginteger
    serno = CertTools.getSerialNumberFromString("7331288210307371");
    assertEquals(271610737, serno.intValue());

    // Test a real certificate
    Certificate cert = CertTools.getCertfromByteArray(testcert);
    serno = CertTools.getSerialNumber(cert);
    assertEquals(271610737, serno.intValue());

  }
 
  public void testReadPEMCertificate() throws Exception {
    X509Certificate cert = (X509Certificate)CertTools.getCertfromByteArray(pemcert);
    assertNotNull(cert);
    assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", cert.getSubjectDN().toString());
  }

}
TOP

Related Classes of org.ejbca.util.CertToolsTest

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.