From: Roland Shoemaker Date: Mon, 7 Oct 2024 22:53:59 +0000 (-0700) Subject: crypto/x509: run a subset of the NIST PKI test suite X-Git-Tag: go1.24rc1~88 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=5050e37dbf723e3689721519eddb704dfdd7148e;p=gostls13.git crypto/x509: run a subset of the NIST PKI test suite This vendors the vectors (generated using [0], derived from the BoringSSL script which generates their test headers) and all of the certs, but only runs the subset of the suite that is focused on policy validation. In the future we may want to run more of the suite, since it is focused on path validation, not path building, the way it interacts with our hybrid path builder/validator is kind of complicated. Updates #68484 Updates #45857 [0] https://gist.github.com/rolandshoemaker/a4efa9d65c2cef74a46ea40f47f0729e Change-Id: Ic04323dcd76aa5cbd6372c8cb1c44ccb91ccbca4 Reviewed-on: https://go-review.googlesource.com/c/go/+/618415 Reviewed-by: Russ Cox Reviewed-by: Filippo Valsorda LUCI-TryBot-Result: Go LUCI --- diff --git a/src/crypto/x509/pkits_test.go b/src/crypto/x509/pkits_test.go new file mode 100644 index 0000000000..b1139bbf9c --- /dev/null +++ b/src/crypto/x509/pkits_test.go @@ -0,0 +1,186 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +import ( + "encoding/json" + "os" + "path/filepath" + "slices" + "testing" +) + +var nistTestPolicies = map[string]OID{ + "anyPolicy": anyPolicyOID, + "NIST-test-policy-1": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 1}), + "NIST-test-policy-2": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 2}), + "NIST-test-policy-3": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 3}), + "NIST-test-policy-6": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 6}), +} + +func TestNISTPKITSPolicy(t *testing.T) { + // This test runs a subset of the NIST PKI path validation test suite that + // focuses of policy validation, rather than the entire suite. Since the + // suite assumes you are only validating the path, rather than building + // _and_ validating the path, we take the path as given and run + // policiesValid on it. + + certDir := "testdata/nist-pkits/certs" + + var testcases []struct { + Name string + CertPath []string + InitialPolicySet []string + InitialPolicyMappingInhibit bool + InitialExplicitPolicy bool + InitialAnyPolicyInhibit bool + ShouldValidate bool + Skipped bool + } + b, err := os.ReadFile("testdata/nist-pkits/vectors.json") + if err != nil { + t.Fatal(err) + } + if err := json.Unmarshal(b, &testcases); err != nil { + t.Fatal(err) + } + + policyTests := map[string]bool{ + "4.8.1 All Certificates Same Policy Test1 (Subpart 1)": true, + "4.8.1 All Certificates Same Policy Test1 (Subpart 2)": true, + "4.8.1 All Certificates Same Policy Test1 (Subpart 3)": true, + "4.8.1 All Certificates Same Policy Test1 (Subpart 4)": true, + "4.8.2 All Certificates No Policies Test2 (Subpart 1)": true, + "4.8.2 All Certificates No Policies Test2 (Subpart 2)": true, + "4.8.3 Different Policies Test3 (Subpart 1)": true, + "4.8.3 Different Policies Test3 (Subpart 2)": true, + "4.8.3 Different Policies Test3 (Subpart 3)": true, + "4.8.4 Different Policies Test4": true, + "4.8.5 Different Policies Test5": true, + "4.8.6 Overlapping Policies Test6 (Subpart 1)": true, + "4.8.6 Overlapping Policies Test6 (Subpart 2)": true, + "4.8.6 Overlapping Policies Test6 (Subpart 3)": true, + "4.8.7 Different Policies Test7": true, + "4.8.8 Different Policies Test8": true, + "4.8.9 Different Policies Test9": true, + "4.8.10 All Certificates Same Policies Test10 (Subpart 1)": true, + "4.8.10 All Certificates Same Policies Test10 (Subpart 2)": true, + "4.8.10 All Certificates Same Policies Test10 (Subpart 3)": true, + "4.8.11 All Certificates AnyPolicy Test11 (Subpart 1)": true, + "4.8.11 All Certificates AnyPolicy Test11 (Subpart 2)": true, + "4.8.12 Different Policies Test12": true, + "4.8.13 All Certificates Same Policies Test13 (Subpart 1)": true, + "4.8.13 All Certificates Same Policies Test13 (Subpart 2)": true, + "4.8.13 All Certificates Same Policies Test13 (Subpart 3)": true, + "4.8.14 AnyPolicy Test14 (Subpart 1)": true, + "4.8.14 AnyPolicy Test14 (Subpart 2)": true, + "4.8.15 User Notice Qualifier Test15": true, + "4.8.16 User Notice Qualifier Test16": true, + "4.8.17 User Notice Qualifier Test17": true, + "4.8.18 User Notice Qualifier Test18 (Subpart 1)": true, + "4.8.18 User Notice Qualifier Test18 (Subpart 2)": true, + "4.8.19 User Notice Qualifier Test19": true, + "4.8.20 CPS Pointer Qualifier Test20": true, + "4.9.1 Valid RequireExplicitPolicy Test1": true, + "4.9.2 Valid RequireExplicitPolicy Test2": true, + "4.9.3 Invalid RequireExplicitPolicy Test3": true, + "4.9.4 Valid RequireExplicitPolicy Test4": true, + "4.9.5 Invalid RequireExplicitPolicy Test5": true, + "4.9.6 Valid Self-Issued requireExplicitPolicy Test6": true, + "4.9.7 Invalid Self-Issued requireExplicitPolicy Test7": true, + "4.9.8 Invalid Self-Issued requireExplicitPolicy Test8": true, + "4.10.1.1 Valid Policy Mapping Test1 (Subpart 1)": true, + "4.10.1.2 Valid Policy Mapping Test1 (Subpart 2)": true, + "4.10.1.3 Valid Policy Mapping Test1 (Subpart 3)": true, + "4.10.2 Invalid Policy Mapping Test2 (Subpart 1)": true, + "4.10.2 Invalid Policy Mapping Test2 (Subpart 2)": true, + "4.10.3 Valid Policy Mapping Test3 (Subpart 1)": true, + "4.10.3 Valid Policy Mapping Test3 (Subpart 2)": true, + "4.10.4 Invalid Policy Mapping Test4": true, + "4.10.5 Valid Policy Mapping Test5 (Subpart 1)": true, + "4.10.5 Valid Policy Mapping Test5 (Subpart 2)": true, + "4.10.6 Valid Policy Mapping Test6 (Subpart 1)": true, + "4.10.6 Valid Policy Mapping Test6 (Subpart 2)": true, + "4.10.7 Invalid Mapping From anyPolicy Test7": true, + "4.10.8 Invalid Mapping To anyPolicy Test8": true, + "4.10.9 Valid Policy Mapping Test9": true, + "4.10.10 Invalid Policy Mapping Test10": true, + "4.10.11 Valid Policy Mapping Test11": true, + "4.10.12 Valid Policy Mapping Test12 (Subpart 1)": true, + "4.10.12 Valid Policy Mapping Test12 (Subpart 2)": true, + "4.10.13 Valid Policy Mapping Test13 (Subpart 1)": true, + "4.10.13 Valid Policy Mapping Test13 (Subpart 2)": true, + "4.10.13 Valid Policy Mapping Test13 (Subpart 3)": true, + "4.10.14 Valid Policy Mapping Test14": true, + "4.11.1 Invalid inhibitPolicyMapping Test1": true, + "4.11.2 Valid inhibitPolicyMapping Test2": true, + "4.11.3 Invalid inhibitPolicyMapping Test3": true, + "4.11.4 Valid inhibitPolicyMapping Test4": true, + "4.11.5 Invalid inhibitPolicyMapping Test5": true, + "4.11.6 Invalid inhibitPolicyMapping Test6": true, + "4.11.7 Valid Self-Issued inhibitPolicyMapping Test7": true, + "4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8": true, + "4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9": true, + "4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10": true, + "4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11": true, + "4.12.1 Invalid inhibitAnyPolicy Test1": true, + "4.12.2 Valid inhibitAnyPolicy Test2": true, + "4.12.3 inhibitAnyPolicy Test3 (Subpart 1)": true, + "4.12.3 inhibitAnyPolicy Test3 (Subpart 2)": true, + "4.12.4 Invalid inhibitAnyPolicy Test4": true, + "4.12.5 Invalid inhibitAnyPolicy Test5": true, + "4.12.6 Invalid inhibitAnyPolicy Test6": true, + "4.12.7 Valid Self-Issued inhibitAnyPolicy Test7": true, + "4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8": true, + "4.12.9 Valid Self-Issued inhibitAnyPolicy Test9": true, + "4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10": true, + } + + for _, tc := range testcases { + if !policyTests[tc.Name] { + continue + } + t.Run(tc.Name, func(t *testing.T) { + var chain []*Certificate + for _, c := range tc.CertPath { + certDER, err := os.ReadFile(filepath.Join(certDir, c)) + if err != nil { + t.Fatal(err) + } + cert, err := ParseCertificate(certDER) + if err != nil { + t.Fatal(err) + } + chain = append(chain, cert) + } + slices.Reverse(chain) + + var initialPolicies []OID + for _, pstr := range tc.InitialPolicySet { + policy, ok := nistTestPolicies[pstr] + if !ok { + t.Fatalf("unknown test policy: %s", pstr) + } + initialPolicies = append(initialPolicies, policy) + } + + valid := policiesValid(chain, VerifyOptions{ + CertificatePolicies: initialPolicies, + inhibitPolicyMapping: tc.InitialPolicyMappingInhibit, + requireExplicitPolicy: tc.InitialExplicitPolicy, + inhibitAnyPolicy: tc.InitialAnyPolicyInhibit, + }) + if !valid { + if !tc.ShouldValidate { + return + } + t.Fatalf("Failed to validate: %s", err) + } + if !tc.ShouldValidate { + t.Fatal("Expected path validation to fail") + } + }) + } +} diff --git a/src/crypto/x509/testdata/nist-pkits/README.md b/src/crypto/x509/testdata/nist-pkits/README.md new file mode 100644 index 0000000000..7b761260d6 --- /dev/null +++ b/src/crypto/x509/testdata/nist-pkits/README.md @@ -0,0 +1,6 @@ +Test vectors and certificates for the "Path Validation Testing Program" + portion of the NIST Public Key Infrastructure Testing suite: https://csrc.nist.gov/projects/pki-testing. + +Vectors are extracted from the provided PDF: https://csrc.nist.gov/CSRC/media/Projects/PKI-Testing/documents/PKITS.pdf. + +Vectors and test material are public domain (United States Government Work under 17 U.S.C. 105). \ No newline at end of file diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt new file mode 100644 index 0000000000..ae6be6c4c8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt new file mode 100644 index 0000000000..e36fdb8fc3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt new file mode 100644 index 0000000000..c296e5a430 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt new file mode 100644 index 0000000000..7439f85152 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AnyPolicyTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AnyPolicyTest14EE.crt new file mode 100644 index 0000000000..a6cf3528fa Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AnyPolicyTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadCRLIssuerNameCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLIssuerNameCACert.crt new file mode 100644 index 0000000000..05e4b3ddbe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLIssuerNameCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt new file mode 100644 index 0000000000..6dfa00d6b8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadSignedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadSignedCACert.crt new file mode 100644 index 0000000000..0a598fcb8e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadSignedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt new file mode 100644 index 0000000000..7a7dcec665 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadnotBeforeDateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadnotBeforeDateCACert.crt new file mode 100644 index 0000000000..33cfbd7ce8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadnotBeforeDateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt new file mode 100644 index 0000000000..4e1245299d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt new file mode 100644 index 0000000000..7f86064c26 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt new file mode 100644 index 0000000000..1f83cb863f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt new file mode 100644 index 0000000000..8773e48464 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt new file mode 100644 index 0000000000..b00748cc26 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt new file mode 100644 index 0000000000..963f57a485 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/CPSPointerQualifierTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/CPSPointerQualifierTest20EE.crt new file mode 100644 index 0000000000..706d98d63b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/CPSPointerQualifierTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DSACACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/DSACACert.crt new file mode 100644 index 0000000000..14787b0580 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DSACACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DSAParametersInheritedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/DSAParametersInheritedCACert.crt new file mode 100644 index 0000000000..5e2fa5bc92 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DSAParametersInheritedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest12EE.crt new file mode 100644 index 0000000000..7873bd8d36 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt new file mode 100644 index 0000000000..57f1df4334 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest4EE.crt new file mode 100644 index 0000000000..4967f41d30 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt new file mode 100644 index 0000000000..b6d31236e2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt new file mode 100644 index 0000000000..4c9c82bbcd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt new file mode 100644 index 0000000000..6c01f377f4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt new file mode 100644 index 0000000000..b2e30bd692 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt new file mode 100644 index 0000000000..f4acda66ec Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GoodCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GoodCACert.crt new file mode 100644 index 0000000000..edbfa648f2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GoodCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCACert.crt new file mode 100644 index 0000000000..7a770c31ae Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000..9f4d95f395 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt new file mode 100644 index 0000000000..e24d88d444 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt new file mode 100644 index 0000000000..4b35bd248e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt new file mode 100644 index 0000000000..348df8fe0d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt new file mode 100644 index 0000000000..3ca7995460 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt new file mode 100644 index 0000000000..6cc192b8ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt new file mode 100644 index 0000000000..18033bc34b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidCASignatureTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCASignatureTest2EE.crt new file mode 100644 index 0000000000..1f4ad3e1a1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCASignatureTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt new file mode 100644 index 0000000000..a9938aa80e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt new file mode 100644 index 0000000000..f15d6a9ed2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt new file mode 100644 index 0000000000..5f7ad1535a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt new file mode 100644 index 0000000000..fa59d6fbd0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt new file mode 100644 index 0000000000..334fed1f11 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt new file mode 100644 index 0000000000..f724473de8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt new file mode 100644 index 0000000000..468cb7bede Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt new file mode 100644 index 0000000000..806ebf3ce7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt new file mode 100644 index 0000000000..5f3a49f93e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt new file mode 100644 index 0000000000..d64ddf53c7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt new file mode 100644 index 0000000000..fd864ced34 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt new file mode 100644 index 0000000000..455658dbc9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt new file mode 100644 index 0000000000..63f262b99f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt new file mode 100644 index 0000000000..a7ef322043 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt new file mode 100644 index 0000000000..3fd895c924 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt new file mode 100644 index 0000000000..decbf34aac Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt new file mode 100644 index 0000000000..6ac76654e5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt new file mode 100644 index 0000000000..48adc0a6d5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt new file mode 100644 index 0000000000..ed753d42e6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDSASignatureTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDSASignatureTest6EE.crt new file mode 100644 index 0000000000..a1725b19da Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDSASignatureTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt new file mode 100644 index 0000000000..9238109b64 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt new file mode 100644 index 0000000000..af6fdf8c5a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt new file mode 100644 index 0000000000..3ddef09cab Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt new file mode 100644 index 0000000000..5cf92f7ce4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt new file mode 100644 index 0000000000..c4b45f8783 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt new file mode 100644 index 0000000000..56b1ab4583 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt new file mode 100644 index 0000000000..eec4c3c3a6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt new file mode 100644 index 0000000000..ee6914c15a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt new file mode 100644 index 0000000000..30b0275903 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt new file mode 100644 index 0000000000..80ba7a03dd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt new file mode 100644 index 0000000000..6b7d7de29c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt new file mode 100644 index 0000000000..ee18fa08fb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt new file mode 100644 index 0000000000..2c479ca231 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt new file mode 100644 index 0000000000..1ec410d755 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt new file mode 100644 index 0000000000..053a608d7e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt new file mode 100644 index 0000000000..1ed661582c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt new file mode 100644 index 0000000000..a194a040a7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt new file mode 100644 index 0000000000..c9ad311ac0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt new file mode 100644 index 0000000000..28ef8f7491 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt new file mode 100644 index 0000000000..0e7f71937a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt new file mode 100644 index 0000000000..8054597114 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt new file mode 100644 index 0000000000..455cb0240c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt new file mode 100644 index 0000000000..2e85ce5c21 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt new file mode 100644 index 0000000000..ee48b7fc85 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt new file mode 100644 index 0000000000..e729fe77cd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt new file mode 100644 index 0000000000..103e0940fe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt new file mode 100644 index 0000000000..3eaa74deb8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt new file mode 100644 index 0000000000..1a1da9fe7a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt new file mode 100644 index 0000000000..2ff84b8b7d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt new file mode 100644 index 0000000000..d4050e6f4f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt new file mode 100644 index 0000000000..77b6a3c147 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt new file mode 100644 index 0000000000..2cbab480b1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt new file mode 100644 index 0000000000..e703d67905 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt new file mode 100644 index 0000000000..65096685fe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt new file mode 100644 index 0000000000..e64db473af Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt new file mode 100644 index 0000000000..8630e99cb2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt new file mode 100644 index 0000000000..42fda8fc12 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt new file mode 100644 index 0000000000..c3f93b5bd7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt new file mode 100644 index 0000000000..9200cccb39 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt new file mode 100644 index 0000000000..148f9fb23a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest2EE.crt new file mode 100644 index 0000000000..3d5b82946b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt new file mode 100644 index 0000000000..f791140ced Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt new file mode 100644 index 0000000000..2433e3b95e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt new file mode 100644 index 0000000000..210bb41fef Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt new file mode 100644 index 0000000000..5509dda847 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt new file mode 100644 index 0000000000..8b9041f5ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt new file mode 100644 index 0000000000..32e72a225e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt new file mode 100644 index 0000000000..10da321247 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt new file mode 100644 index 0000000000..d60812c6a4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt new file mode 100644 index 0000000000..6b3c374331 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt new file mode 100644 index 0000000000..b959414934 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt new file mode 100644 index 0000000000..ea141b173a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt new file mode 100644 index 0000000000..de4da9d69b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest2EE.crt new file mode 100644 index 0000000000..a60b030e9e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest3EE.crt new file mode 100644 index 0000000000..bbb8271d6b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt new file mode 100644 index 0000000000..a47f7b2085 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest8EE.crt new file mode 100644 index 0000000000..af3a366dd7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt new file mode 100644 index 0000000000..3456831e0b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt new file mode 100644 index 0000000000..828203b11c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt new file mode 100644 index 0000000000..2ffd9dd8ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt new file mode 100644 index 0000000000..2fc212d33e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt new file mode 100644 index 0000000000..9aafebfc25 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt new file mode 100644 index 0000000000..65ca6340ea Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt new file mode 100644 index 0000000000..c8b06f07e4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt new file mode 100644 index 0000000000..f3526efb69 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt new file mode 100644 index 0000000000..733c152685 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt new file mode 100644 index 0000000000..cfddd3a435 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt new file mode 100644 index 0000000000..16c103f744 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt new file mode 100644 index 0000000000..5583f19690 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt new file mode 100644 index 0000000000..f3062e9e48 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt new file mode 100644 index 0000000000..279306ed18 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt new file mode 100644 index 0000000000..f206348963 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt new file mode 100644 index 0000000000..ecf51285fa Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt new file mode 100644 index 0000000000..f536fc6d2b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt new file mode 100644 index 0000000000..af5aa4b0d4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt new file mode 100644 index 0000000000..59722f9622 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt new file mode 100644 index 0000000000..4a0f191650 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt new file mode 100644 index 0000000000..59a02de9d7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt new file mode 100644 index 0000000000..447115e636 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt new file mode 100644 index 0000000000..c28c455abb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt new file mode 100644 index 0000000000..dc6d0dda96 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt new file mode 100644 index 0000000000..b8830a2405 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt new file mode 100644 index 0000000000..b96d3c626f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt new file mode 100644 index 0000000000..c339f6fae7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt new file mode 100644 index 0000000000..3e1ba073e1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt new file mode 100644 index 0000000000..4a7e31caf0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt new file mode 100644 index 0000000000..e9b7cf2510 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt new file mode 100644 index 0000000000..971d0a5de6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/LongSerialNumberCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/LongSerialNumberCACert.crt new file mode 100644 index 0000000000..12830d9069 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/LongSerialNumberCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Mapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/Mapping1to2CACert.crt new file mode 100644 index 0000000000..4b70c9a4fc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Mapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/MappingFromanyPolicyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/MappingFromanyPolicyCACert.crt new file mode 100644 index 0000000000..0a8f1e9811 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/MappingFromanyPolicyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/MappingToanyPolicyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/MappingToanyPolicyCACert.crt new file mode 100644 index 0000000000..d93d8c79c9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/MappingToanyPolicyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/MissingbasicConstraintsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/MissingbasicConstraintsCACert.crt new file mode 100644 index 0000000000..e6f41a446b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/MissingbasicConstraintsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NameOrderingCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NameOrderingCACert.crt new file mode 100644 index 0000000000..f1c4a55fbf Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NameOrderingCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NegativeSerialNumberCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NegativeSerialNumberCACert.crt new file mode 100644 index 0000000000..1a4d9ba374 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NegativeSerialNumberCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NoCRLCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NoCRLCACert.crt new file mode 100644 index 0000000000..71c607dac4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NoCRLCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NoPoliciesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NoPoliciesCACert.crt new file mode 100644 index 0000000000..3a94cb157d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NoPoliciesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt new file mode 100644 index 0000000000..c4f182ad7f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt new file mode 100644 index 0000000000..2666670afb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/OverlappingPoliciesTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/OverlappingPoliciesTest6EE.crt new file mode 100644 index 0000000000..82b5b5e0ee Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/OverlappingPoliciesTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3CACert.crt new file mode 100644 index 0000000000..9139bd730d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subCACert.crt new file mode 100644 index 0000000000..3b9c2a751c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt new file mode 100644 index 0000000000..91fc36a727 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt new file mode 100644 index 0000000000..3500737ab8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234subCACert.crt new file mode 100644 index 0000000000..eb900ebc1c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000..3818b6a7f5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000..db220487cc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234CACert.crt new file mode 100644 index 0000000000..36cf4ce24e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt new file mode 100644 index 0000000000..1ab7ab104f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt new file mode 100644 index 0000000000..df834464bb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123CACert.crt new file mode 100644 index 0000000000..26262a3d72 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subCAP12Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subCAP12Cert.crt new file mode 100644 index 0000000000..cef6abeb29 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subCAP12Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt new file mode 100644 index 0000000000..49e66b5be0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt new file mode 100644 index 0000000000..d7b5a42353 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt new file mode 100644 index 0000000000..3a79422477 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12CACert.crt new file mode 100644 index 0000000000..dc1b60de0e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt new file mode 100644 index 0000000000..081f951b80 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt new file mode 100644 index 0000000000..e8d0bb8ba8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt new file mode 100644 index 0000000000..c734009d05 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCACert.crt new file mode 100644 index 0000000000..0f3fbbb01a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP3CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP3CACert.crt new file mode 100644 index 0000000000..9740b309d4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP3CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt new file mode 100644 index 0000000000..9c648a30be Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt new file mode 100644 index 0000000000..306303a846 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RevokedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RevokedsubCACert.crt new file mode 100644 index 0000000000..25705b2f67 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RevokedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt new file mode 100644 index 0000000000..32ddfe3e31 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt new file mode 100644 index 0000000000..17b3cbba30 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt new file mode 100644 index 0000000000..d747ea1fe5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt new file mode 100644 index 0000000000..3c1730f41a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt new file mode 100644 index 0000000000..e75eb4cd70 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt b/src/crypto/x509/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt new file mode 100644 index 0000000000..04efaa0659 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/TwoCRLsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/TwoCRLsCACert.crt new file mode 100644 index 0000000000..28eb60a071 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/TwoCRLsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UIDCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UIDCACert.crt new file mode 100644 index 0000000000..ec04d74455 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UIDCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt new file mode 100644 index 0000000000..2d653ef65b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt new file mode 100644 index 0000000000..ae2ce8a7b4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt new file mode 100644 index 0000000000..69128811ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLExtensionCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLExtensionCACert.crt new file mode 100644 index 0000000000..2e2c3ef3d6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLExtensionCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest15EE.crt new file mode 100644 index 0000000000..afb3455e36 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest16EE.crt new file mode 100644 index 0000000000..7d3bcc5d0b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt new file mode 100644 index 0000000000..5fefe19944 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt new file mode 100644 index 0000000000..1168b580e8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt new file mode 100644 index 0000000000..3cb86cd1ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt new file mode 100644 index 0000000000..c91b9f3665 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt new file mode 100644 index 0000000000..34197f0360 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt new file mode 100644 index 0000000000..9a7919b00a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt new file mode 100644 index 0000000000..038e4d7a80 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt new file mode 100644 index 0000000000..69ba3019d4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt new file mode 100644 index 0000000000..e5235c7ff2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt new file mode 100644 index 0000000000..8bc3e87b9f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt new file mode 100644 index 0000000000..2332d4c189 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt new file mode 100644 index 0000000000..f8fe122324 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt new file mode 100644 index 0000000000..4364e1bcbf Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt new file mode 100644 index 0000000000..3b5ac8be53 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt new file mode 100644 index 0000000000..20fa140e19 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt new file mode 100644 index 0000000000..c59e921bac Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt new file mode 100644 index 0000000000..c6cfcbb778 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt new file mode 100644 index 0000000000..f2c4dfc553 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt new file mode 100644 index 0000000000..675711970c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt new file mode 100644 index 0000000000..d8b6ce36d0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDSASignaturesTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSASignaturesTest4EE.crt new file mode 100644 index 0000000000..2fc40a6c2f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSASignaturesTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt new file mode 100644 index 0000000000..7f77ee8196 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt new file mode 100644 index 0000000000..f97ed0a3e9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt new file mode 100644 index 0000000000..2ef73e1f69 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt new file mode 100644 index 0000000000..66296ac7e7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt new file mode 100644 index 0000000000..0a1b85dc68 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt new file mode 100644 index 0000000000..6f69c0c8bc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt new file mode 100644 index 0000000000..44e890546d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt new file mode 100644 index 0000000000..9618658722 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt new file mode 100644 index 0000000000..c0a6b3d03e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt new file mode 100644 index 0000000000..fc0f65d079 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt new file mode 100644 index 0000000000..a8ffc872ca Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt new file mode 100644 index 0000000000..7d0b706113 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt new file mode 100644 index 0000000000..ab39228409 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt new file mode 100644 index 0000000000..89eac753f3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt new file mode 100644 index 0000000000..865c97542e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest12EE.crt new file mode 100644 index 0000000000..eb4306ab5a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt new file mode 100644 index 0000000000..2d1b18c33f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt new file mode 100644 index 0000000000..2487d626f7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest1EE.crt new file mode 100644 index 0000000000..f2bd7d381d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest3EE.crt new file mode 100644 index 0000000000..e941bbbad0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt new file mode 100644 index 0000000000..d084fc7215 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt new file mode 100644 index 0000000000..97dd2e72c1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt new file mode 100644 index 0000000000..ef1ac897e0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt new file mode 100644 index 0000000000..15825d7eb3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt new file mode 100644 index 0000000000..60a2031681 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt new file mode 100644 index 0000000000..576a1b8171 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt new file mode 100644 index 0000000000..c0ff7596a0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt new file mode 100644 index 0000000000..75f67b73c8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt new file mode 100644 index 0000000000..0a4e150700 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt new file mode 100644 index 0000000000..16968ab59b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt new file mode 100644 index 0000000000..1516f1ee70 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt new file mode 100644 index 0000000000..a4385c1d95 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt new file mode 100644 index 0000000000..1cb0924ec3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt new file mode 100644 index 0000000000..ed34676087 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt new file mode 100644 index 0000000000..44e5c1e253 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt new file mode 100644 index 0000000000..0826091976 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidTwoCRLsTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidTwoCRLsTest7EE.crt new file mode 100644 index 0000000000..c42779d70c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidTwoCRLsTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt new file mode 100644 index 0000000000..be8ef42f19 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt new file mode 100644 index 0000000000..6a24838f5d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt new file mode 100644 index 0000000000..d1f80a74a4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt new file mode 100644 index 0000000000..b14d789b5d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt new file mode 100644 index 0000000000..d55dcb1a6f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt new file mode 100644 index 0000000000..4059c017a7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest28EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest28EE.crt new file mode 100644 index 0000000000..9145515308 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest28EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt new file mode 100644 index 0000000000..b10632b209 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt new file mode 100644 index 0000000000..593ef98e35 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt new file mode 100644 index 0000000000..2ae810abf9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt new file mode 100644 index 0000000000..a2eb9a7dc4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt new file mode 100644 index 0000000000..1a3f7f5142 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt new file mode 100644 index 0000000000..43b44bc5d8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt new file mode 100644 index 0000000000..8be24581eb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest1EE.crt new file mode 100644 index 0000000000..b2c832fa41 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest4EE.crt new file mode 100644 index 0000000000..47feb00fd0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt new file mode 100644 index 0000000000..a93d666384 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest7EE.crt new file mode 100644 index 0000000000..107f102c98 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt new file mode 100644 index 0000000000..df4ba44450 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt new file mode 100644 index 0000000000..f13524a0dc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt new file mode 100644 index 0000000000..75daa87028 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt new file mode 100644 index 0000000000..6da79065ea Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt new file mode 100644 index 0000000000..3eec5cc6fe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt new file mode 100644 index 0000000000..f255d3ad71 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt new file mode 100644 index 0000000000..912968e950 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt new file mode 100644 index 0000000000..1ad52efdb6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt new file mode 100644 index 0000000000..76800f5159 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt new file mode 100644 index 0000000000..f3368edd5d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt new file mode 100644 index 0000000000..8ff0a131e7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt new file mode 100644 index 0000000000..15b2928401 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt new file mode 100644 index 0000000000..7cf888e16a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt new file mode 100644 index 0000000000..23889360cc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt new file mode 100644 index 0000000000..e93a0e1fe9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/WrongCRLCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/WrongCRLCACert.crt new file mode 100644 index 0000000000..3a96d87cfc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/WrongCRLCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/anyPolicyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/anyPolicyCACert.crt new file mode 100644 index 0000000000..df54668adb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/anyPolicyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt new file mode 100644 index 0000000000..4b678fee0c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt new file mode 100644 index 0000000000..d6c7fb805f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt new file mode 100644 index 0000000000..27e670ec16 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt new file mode 100644 index 0000000000..6815e4f888 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt new file mode 100644 index 0000000000..2f64a74e13 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA3Cert.crt new file mode 100644 index 0000000000..31e6b33a46 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt new file mode 100644 index 0000000000..7cd82a4363 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint1CACert.crt new file mode 100644 index 0000000000..23250812d9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint2CACert.crt new file mode 100644 index 0000000000..205b62ad16 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt new file mode 100644 index 0000000000..046deefaec Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt new file mode 100644 index 0000000000..de9a0be510 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt new file mode 100644 index 0000000000..03bb3eb2da Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt new file mode 100644 index 0000000000..20e8267eee Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt new file mode 100644 index 0000000000..f1cb26b375 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt new file mode 100644 index 0000000000..ff1203df3a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt new file mode 100644 index 0000000000..c4f9f17874 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt new file mode 100644 index 0000000000..46443aab94 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt new file mode 100644 index 0000000000..cf3611025e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1CACert.crt new file mode 100644 index 0000000000..0494c8fe5b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt new file mode 100644 index 0000000000..6512e9d2e9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt new file mode 100644 index 0000000000..42e00344af Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt new file mode 100644 index 0000000000..633536c33a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt new file mode 100644 index 0000000000..319e809878 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt new file mode 100644 index 0000000000..a3c4f2134e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt new file mode 100644 index 0000000000..3c4512ac28 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt new file mode 100644 index 0000000000..fc9b423299 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt new file mode 100644 index 0000000000..11ceeb78cc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt new file mode 100644 index 0000000000..32bbffeb44 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt new file mode 100644 index 0000000000..2c8fd4f6d1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0CACert.crt new file mode 100644 index 0000000000..16808f7c50 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt new file mode 100644 index 0000000000..846abc924d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt new file mode 100644 index 0000000000..5baaf35e0f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt new file mode 100644 index 0000000000..b2f0979cce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt new file mode 100644 index 0000000000..4ad9f1e174 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt new file mode 100644 index 0000000000..f514e5d88b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt new file mode 100644 index 0000000000..b1e9ff8d06 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt new file mode 100644 index 0000000000..ec47ee6373 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt new file mode 100644 index 0000000000..65155c7b5a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt new file mode 100644 index 0000000000..ae1891624b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt new file mode 100644 index 0000000000..80135df869 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt new file mode 100644 index 0000000000..3a72ec12fb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5CACert.crt new file mode 100644 index 0000000000..fd092230fb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt new file mode 100644 index 0000000000..93857ab656 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt new file mode 100644 index 0000000000..134b7f8cb1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt new file mode 100644 index 0000000000..dfb268d1d3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt new file mode 100644 index 0000000000..2467c945ad Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt new file mode 100644 index 0000000000..aa19cec73d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt new file mode 100644 index 0000000000..bab8307e33 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt new file mode 100644 index 0000000000..a6d878c8df Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt new file mode 100644 index 0000000000..ef1056f1c3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1CACert.crt new file mode 100644 index 0000000000..206359f913 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt new file mode 100644 index 0000000000..452ea54752 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt new file mode 100644 index 0000000000..645f0ae7c4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt new file mode 100644 index 0000000000..6cfc5926a5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt new file mode 100644 index 0000000000..840d073f6b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN2CACert.crt new file mode 100644 index 0000000000..c68d496e65 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt new file mode 100644 index 0000000000..87ba14d13a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt new file mode 100644 index 0000000000..7eed575fb4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt new file mode 100644 index 0000000000..08f2245ef6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt new file mode 100644 index 0000000000..3b11463186 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN5CACert.crt new file mode 100644 index 0000000000..c190f7a7f2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt new file mode 100644 index 0000000000..a7ec3bd1eb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS2CACert.crt new file mode 100644 index 0000000000..c70846206c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt new file mode 100644 index 0000000000..1be8e99335 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt new file mode 100644 index 0000000000..58308f8939 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt new file mode 100644 index 0000000000..ff6ba166ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt new file mode 100644 index 0000000000..5f638c093c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI2CACert.crt new file mode 100644 index 0000000000..e06b6377a9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt new file mode 100644 index 0000000000..e8d2b7224a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsCACertsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsCACertsCACert.crt new file mode 100644 index 0000000000..d75988ad00 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsCACertsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt new file mode 100644 index 0000000000..0d0b95030b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt new file mode 100644 index 0000000000..ca247b06b4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt new file mode 100644 index 0000000000..c1cce6e0ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA3Cert.crt new file mode 100644 index 0000000000..cd65a820e4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt new file mode 100644 index 0000000000..f205db0a3b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0CACert.crt new file mode 100644 index 0000000000..ce9b90d284 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt new file mode 100644 index 0000000000..6e8f97c203 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt new file mode 100644 index 0000000000..2fc8fb590f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt new file mode 100644 index 0000000000..b156179e3a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt new file mode 100644 index 0000000000..a424261672 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt new file mode 100644 index 0000000000..87590c3d26 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt new file mode 100644 index 0000000000..f2c43ea893 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt new file mode 100644 index 0000000000..05a2bac1da Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt new file mode 100644 index 0000000000..c254a2376d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt new file mode 100644 index 0000000000..0a8c99dd3e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt new file mode 100644 index 0000000000..bd686290ef Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt new file mode 100644 index 0000000000..822a383d05 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt new file mode 100644 index 0000000000..e2fd7ae3cd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt new file mode 100644 index 0000000000..44c0162e94 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt new file mode 100644 index 0000000000..284f4a9e48 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt new file mode 100644 index 0000000000..9766cf0159 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt new file mode 100644 index 0000000000..e14753174b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt new file mode 100644 index 0000000000..30aff16129 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0CACert.crt new file mode 100644 index 0000000000..16594b9e97 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt new file mode 100644 index 0000000000..b7a1518eb8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt new file mode 100644 index 0000000000..db57e9b337 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt new file mode 100644 index 0000000000..4952094eef Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt new file mode 100644 index 0000000000..3a54e7f2b8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt new file mode 100644 index 0000000000..650a53f4c2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt new file mode 100644 index 0000000000..139be532a5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt new file mode 100644 index 0000000000..a7c216c164 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt new file mode 100644 index 0000000000..f7ca7ae7e2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt new file mode 100644 index 0000000000..9d16269090 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt new file mode 100644 index 0000000000..b53bec1560 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt new file mode 100644 index 0000000000..36fc0d8df4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4CACert.crt new file mode 100644 index 0000000000..723ae42a47 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subCACert.crt new file mode 100644 index 0000000000..1bd237f766 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt new file mode 100644 index 0000000000..1a37158581 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt new file mode 100644 index 0000000000..3047d74341 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5CACert.crt new file mode 100644 index 0000000000..c6b69ad95d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt new file mode 100644 index 0000000000..16958532f0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt new file mode 100644 index 0000000000..093963aeca Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt new file mode 100644 index 0000000000..58da176c46 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7CACert.crt new file mode 100644 index 0000000000..aba4a7fde4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt new file mode 100644 index 0000000000..c57e9e4a5b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt new file mode 100644 index 0000000000..343efa5ec2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt new file mode 100644 index 0000000000..9a8e72a1ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/vectors.json b/src/crypto/x509/testdata/nist-pkits/vectors.json new file mode 100644 index 0000000000..5842b4326d --- /dev/null +++ b/src/crypto/x509/testdata/nist-pkits/vectors.json @@ -0,0 +1,5010 @@ +[ + { + "Name": "4.1.1 Valid Signatures Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.2 Invalid CA Signature Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadSignedCACert.crt", + "InvalidCASignatureTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadSignedCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.3 Invalid EE Signature Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidEESignatureTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.4 Valid DSA Signatures Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "DSACACert.crt", + "ValidDSASignaturesTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "DSACACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.5 Valid DSA Parameter Inheritance Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "DSACACert.crt", + "DSAParametersInheritedCACert.crt", + "ValidDSAParameterInheritanceTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "DSACACRL.crl", + "DSAParametersInheritedCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.6 Invalid DSA Signature Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "DSACACert.crt", + "InvalidDSASignatureTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "DSACACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.1 Invalid CA notBefore Date Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadnotBeforeDateCACert.crt", + "InvalidCAnotBeforeDateTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadnotBeforeDateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.2 Invalid EE notBefore Date Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidEEnotBeforeDateTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.3 Valid pre2000 UTC notBefore Date Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "Validpre2000UTCnotBeforeDateTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.4 Valid GeneralizedTime notBefore Date Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidGeneralizedTimenotBeforeDateTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.5 Invalid CA notAfter Date Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadnotAfterDateCACert.crt", + "InvalidCAnotAfterDateTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadnotAfterDateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.6 Invalid EE notAfter Date Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidEEnotAfterDateTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.7 Invalid pre2000 UTC EE notAfter Date Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "Invalidpre2000UTCEEnotAfterDateTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.8 Valid GeneralizedTime notAfter Date Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidGeneralizedTimenotAfterDateTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.1 Invalid Name Chaining EE Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidNameChainingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.2 Invalid Name Chaining Order Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NameOrderingCACert.crt", + "InvalidNameChainingOrderTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NameOrderCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.3 Valid Name Chaining Whitespace Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidNameChainingWhitespaceTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.4 Valid Name Chaining Whitespace Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidNameChainingWhitespaceTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.5 Valid Name Chaining Capitalization Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidNameChainingCapitalizationTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.6 Valid Name Chaining UIDs Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UIDCACert.crt", + "ValidNameUIDsTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UIDCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.7 Valid RFC3280 Mandatory Attribute Types Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "RFC3280MandatoryAttributeTypesCACert.crt", + "ValidRFC3280MandatoryAttributeTypesTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "RFC3280MandatoryAttributeTypesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.8 Valid RFC3280 Optional Attribute Types Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "RFC3280OptionalAttributeTypesCACert.crt", + "ValidRFC3280OptionalAttributeTypesTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "RFC3280OptionalAttributeTypesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.9 Valid UTF8String Encoded Names Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UTF8StringEncodedNamesCACert.crt", + "ValidUTF8StringEncodedNamesTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UTF8StringEncodedNamesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.10 Valid Rollover from PrintableString to UTF8String Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "RolloverfromPrintableStringtoUTF8StringCACert.crt", + "ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "RolloverfromPrintableStringtoUTF8StringCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.11 Valid UTF8String Case Insensitive Match Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UTF8StringCaseInsensitiveMatchCACert.crt", + "ValidUTF8StringCaseInsensitiveMatchTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UTF8StringCaseInsensitiveMatchCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.1 Missing CRL Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoCRLCACert.crt", + "InvalidMissingCRLTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.2 Invalid Revoked CA Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "RevokedsubCACert.crt", + "InvalidRevokedCATest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "RevokedsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.3 Invalid Revoked EE Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidRevokedEETest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.4 Invalid Bad CRL Signature Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadCRLSignatureCACert.crt", + "InvalidBadCRLSignatureTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadCRLSignatureCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.5 Invalid Bad CRL Issuer Name Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadCRLIssuerNameCACert.crt", + "InvalidBadCRLIssuerNameTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadCRLIssuerNameCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.6 Invalid Wrong CRL Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "WrongCRLCACert.crt", + "InvalidWrongCRLTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "WrongCRLCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.7 Valid Two CRLs Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "TwoCRLsCACert.crt", + "ValidTwoCRLsTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "TwoCRLsCAGoodCRL.crl", + "TwoCRLsCABadCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.8 Invalid Unknown CRL Entry Extension Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UnknownCRLEntryExtensionCACert.crt", + "InvalidUnknownCRLEntryExtensionTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UnknownCRLEntryExtensionCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.9 Invalid Unknown CRL Extension Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UnknownCRLExtensionCACert.crt", + "InvalidUnknownCRLExtensionTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UnknownCRLExtensionCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.10 Invalid Unknown CRL Extension Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UnknownCRLExtensionCACert.crt", + "InvalidUnknownCRLExtensionTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UnknownCRLExtensionCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.11 Invalid Old CRL nextUpdate Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "OldCRLnextUpdateCACert.crt", + "InvalidOldCRLnextUpdateTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "OldCRLnextUpdateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.12 Invalid pre2000 CRL nextUpdate Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pre2000CRLnextUpdateCACert.crt", + "Invalidpre2000CRLnextUpdateTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pre2000CRLnextUpdateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.13 Valid GeneralizedTime CRL nextUpdate Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GeneralizedTimeCRLnextUpdateCACert.crt", + "ValidGeneralizedTimeCRLnextUpdateTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GeneralizedTimeCRLnextUpdateCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.14 Valid Negative Serial Number Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NegativeSerialNumberCACert.crt", + "ValidNegativeSerialNumberTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NegativeSerialNumberCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.15 Invalid Negative Serial Number Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NegativeSerialNumberCACert.crt", + "InvalidNegativeSerialNumberTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NegativeSerialNumberCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.16 Valid Long Serial Number Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "LongSerialNumberCACert.crt", + "ValidLongSerialNumberTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "LongSerialNumberCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.17 Valid Long Serial Number Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "LongSerialNumberCACert.crt", + "ValidLongSerialNumberTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "LongSerialNumberCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.18 Invalid Long Serial Number Test18", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "LongSerialNumberCACert.crt", + "InvalidLongSerialNumberTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "LongSerialNumberCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.19 Valid Separate Certificate and CRL Keys Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", + "SeparateCertificateandCRLKeysCRLSigningCert.crt", + "ValidSeparateCertificateandCRLKeysTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "SeparateCertificateandCRLKeysCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.20 Invalid Separate Certificate and CRL Keys Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", + "SeparateCertificateandCRLKeysCRLSigningCert.crt", + "InvalidSeparateCertificateandCRLKeysTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "SeparateCertificateandCRLKeysCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.21 Invalid Separate Certificate and CRL Keys Test21", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt", + "SeparateCertificateandCRLKeysCA2CRLSigningCert.crt", + "InvalidSeparateCertificateandCRLKeysTest21EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "SeparateCertificateandCRLKeysCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.1 Valid Basic Self-Issued Old With New Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedNewKeyCACert.crt", + "BasicSelfIssuedNewKeyOldWithNewCACert.crt", + "ValidBasicSelfIssuedOldWithNewTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedNewKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.2 Invalid Basic Self-Issued Old With New Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedNewKeyCACert.crt", + "BasicSelfIssuedNewKeyOldWithNewCACert.crt", + "InvalidBasicSelfIssuedOldWithNewTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedNewKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.3 Valid Basic Self-Issued New With Old Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedOldKeyCACert.crt", + "BasicSelfIssuedOldKeyNewWithOldCACert.crt", + "ValidBasicSelfIssuedNewWithOldTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", + "BasicSelfIssuedOldKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.4 Valid Basic Self-Issued New With Old Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedOldKeyCACert.crt", + "BasicSelfIssuedOldKeyNewWithOldCACert.crt", + "ValidBasicSelfIssuedNewWithOldTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", + "BasicSelfIssuedOldKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.5 Invalid Basic Self-Issued New With Old Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedOldKeyCACert.crt", + "BasicSelfIssuedOldKeyNewWithOldCACert.crt", + "InvalidBasicSelfIssuedNewWithOldTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", + "BasicSelfIssuedOldKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.6 Valid Basic Self-Issued CRL Signing Key Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedCRLSigningKeyCACert.crt", + "BasicSelfIssuedCRLSigningKeyCRLCert.crt", + "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", + "BasicSelfIssuedCRLSigningKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedCRLSigningKeyCACert.crt", + "BasicSelfIssuedCRLSigningKeyCRLCert.crt", + "InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", + "BasicSelfIssuedCRLSigningKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedCRLSigningKeyCACert.crt", + "BasicSelfIssuedCRLSigningKeyCRLCert.crt", + "InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", + "BasicSelfIssuedCRLSigningKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.1 Invalid Missing basicConstraints Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "MissingbasicConstraintsCACert.crt", + "InvalidMissingbasicConstraintsTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "MissingbasicConstraintsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.2 Invalid cA False Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "basicConstraintsCriticalcAFalseCACert.crt", + "InvalidcAFalseTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "basicConstraintsCriticalcAFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.3 Invalid cA False Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "basicConstraintsNotCriticalcAFalseCACert.crt", + "InvalidcAFalseTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "basicConstraintsNotCriticalcAFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.4 Valid basicConstraints Not Critical Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "basicConstraintsNotCriticalCACert.crt", + "ValidbasicConstraintsNotCriticalTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "basicConstraintsNotCriticalCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.5 Invalid pathLenConstraint Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0subCACert.crt", + "InvalidpathLenConstraintTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl", + "pathLenConstraint0subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.6 Invalid pathLenConstraint Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0subCACert.crt", + "InvalidpathLenConstraintTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl", + "pathLenConstraint0subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.7 Valid pathLenConstraint Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "ValidpathLenConstraintTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.8 Valid pathLenConstraint Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "ValidpathLenConstraintTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.9 Invalid pathLenConstraint Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA0Cert.crt", + "pathLenConstraint6subsubCA00Cert.crt", + "InvalidpathLenConstraintTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA0CRL.crl", + "pathLenConstraint6subsubCA00CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.10 Invalid pathLenConstraint Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA0Cert.crt", + "pathLenConstraint6subsubCA00Cert.crt", + "InvalidpathLenConstraintTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA0CRL.crl", + "pathLenConstraint6subsubCA00CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.11 Invalid pathLenConstraint Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA1Cert.crt", + "pathLenConstraint6subsubCA11Cert.crt", + "pathLenConstraint6subsubsubCA11XCert.crt", + "InvalidpathLenConstraintTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA1CRL.crl", + "pathLenConstraint6subsubCA11CRL.crl", + "pathLenConstraint6subsubsubCA11XCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.12 Invalid pathLenConstraint Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA1Cert.crt", + "pathLenConstraint6subsubCA11Cert.crt", + "pathLenConstraint6subsubsubCA11XCert.crt", + "InvalidpathLenConstraintTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA1CRL.crl", + "pathLenConstraint6subsubCA11CRL.crl", + "pathLenConstraint6subsubsubCA11XCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.13 Valid pathLenConstraint Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA4Cert.crt", + "pathLenConstraint6subsubCA41Cert.crt", + "pathLenConstraint6subsubsubCA41XCert.crt", + "ValidpathLenConstraintTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA4CRL.crl", + "pathLenConstraint6subsubCA41CRL.crl", + "pathLenConstraint6subsubsubCA41XCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.14 Valid pathLenConstraint Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA4Cert.crt", + "pathLenConstraint6subsubCA41Cert.crt", + "pathLenConstraint6subsubsubCA41XCert.crt", + "ValidpathLenConstraintTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA4CRL.crl", + "pathLenConstraint6subsubCA41CRL.crl", + "pathLenConstraint6subsubsubCA41XCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.15 Valid Self-Issued pathLenConstraint Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0SelfIssuedCACert.crt", + "ValidSelfIssuedpathLenConstraintTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.16 Invalid Self-Issued pathLenConstraint Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0SelfIssuedCACert.crt", + "pathLenConstraint0subCA2Cert.crt", + "InvalidSelfIssuedpathLenConstraintTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl", + "pathLenConstraint0subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.17 Valid Self-Issued pathLenConstraint Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint1CACert.crt", + "pathLenConstraint1SelfIssuedCACert.crt", + "pathLenConstraint1subCACert.crt", + "pathLenConstraint1SelfIssuedsubCACert.crt", + "ValidSelfIssuedpathLenConstraintTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint1CACRL.crl", + "pathLenConstraint1subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.1 Invalid keyUsage Critical keyCertSign False Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageCriticalkeyCertSignFalseCACert.crt", + "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageCriticalkeyCertSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageNotCriticalkeyCertSignFalseCACert.crt", + "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageNotCriticalkeyCertSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.3 Valid keyUsage Not Critical Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageNotCriticalCACert.crt", + "ValidkeyUsageNotCriticalTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageNotCriticalCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.4 Invalid keyUsage Critical cRLSign False Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageCriticalcRLSignFalseCACert.crt", + "InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageCriticalcRLSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.5 Invalid keyUsage Not Critical cRLSign False Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageNotCriticalcRLSignFalseCACert.crt", + "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageNotCriticalcRLSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 4)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1", + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.2 All Certificates No Policies Test2 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoPoliciesCACert.crt", + "AllCertificatesNoPoliciesTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NoPoliciesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.2 All Certificates No Policies Test2 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoPoliciesCACert.crt", + "AllCertificatesNoPoliciesTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NoPoliciesCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.3 Different Policies Test3 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCACert.crt", + "DifferentPoliciesTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.3 Different Policies Test3 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCACert.crt", + "DifferentPoliciesTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.3 Different Policies Test3 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCACert.crt", + "DifferentPoliciesTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-1", + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.4 Different Policies Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "GoodsubCACert.crt", + "DifferentPoliciesTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "GoodsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.5 Different Policies Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCA2Cert.crt", + "DifferentPoliciesTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.6 Overlapping Policies Test6 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP1234CACert.crt", + "PoliciesP1234subCAP123Cert.crt", + "PoliciesP1234subsubCAP123P12Cert.crt", + "OverlappingPoliciesTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP1234CACRL.crl", + "PoliciesP1234subCAP123CRL.crl", + "PoliciesP1234subsubCAP123P12CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.6 Overlapping Policies Test6 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP1234CACert.crt", + "PoliciesP1234subCAP123Cert.crt", + "PoliciesP1234subsubCAP123P12Cert.crt", + "OverlappingPoliciesTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP1234CACRL.crl", + "PoliciesP1234subCAP123CRL.crl", + "PoliciesP1234subsubCAP123P12CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.6 Overlapping Policies Test6 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP1234CACert.crt", + "PoliciesP1234subCAP123Cert.crt", + "PoliciesP1234subsubCAP123P12Cert.crt", + "OverlappingPoliciesTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP1234CACRL.crl", + "PoliciesP1234subCAP123CRL.crl", + "PoliciesP1234subsubCAP123P12CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.7 Different Policies Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "PoliciesP123subCAP12Cert.crt", + "PoliciesP123subsubCAP12P1Cert.crt", + "DifferentPoliciesTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl", + "PoliciesP123subCAP12CRL.crl", + "PoliciesP123subsubCAP12P1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.8 Different Policies Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "PoliciesP12subCAP1Cert.crt", + "PoliciesP12subsubCAP1P2Cert.crt", + "DifferentPoliciesTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl", + "PoliciesP12subCAP1CRL.crl", + "PoliciesP12subsubCAP1P2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.9 Different Policies Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "PoliciesP123subCAP12Cert.crt", + "PoliciesP123subsubCAP12P2Cert.crt", + "PoliciesP123subsubsubCAP12P2P1Cert.crt", + "DifferentPoliciesTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl", + "PoliciesP123subCAP12CRL.crl", + "PoliciesP123subsubCAP2P2CRL.crl", + "PoliciesP123subsubsubCAP12P2P1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.10 All Certificates Same Policies Test10 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "AllCertificatesSamePoliciesTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.10 All Certificates Same Policies Test10 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "AllCertificatesSamePoliciesTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.10 All Certificates Same Policies Test10 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "AllCertificatesSamePoliciesTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.11 All Certificates AnyPolicy Test11 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AllCertificatesanyPolicyTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.11 All Certificates AnyPolicy Test11 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AllCertificatesanyPolicyTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.12 Different Policies Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP3CACert.crt", + "DifferentPoliciesTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP3CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.13 All Certificates Same Policies Test13 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "AllCertificatesSamePoliciesTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.13 All Certificates Same Policies Test13 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "AllCertificatesSamePoliciesTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.13 All Certificates Same Policies Test13 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "AllCertificatesSamePoliciesTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-3" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.14 AnyPolicy Test14 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AnyPolicyTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.14 AnyPolicy Test14 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AnyPolicyTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.15 User Notice Qualifier Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UserNoticeQualifierTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.16 User Notice Qualifier Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "UserNoticeQualifierTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.17 User Notice Qualifier Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "UserNoticeQualifierTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.18 User Notice Qualifier Test18 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "UserNoticeQualifierTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.18 User Notice Qualifier Test18 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "UserNoticeQualifierTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.19 User Notice Qualifier Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UserNoticeQualifierTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.20 CPS Pointer Qualifier Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "CPSPointerQualifierTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.1 Valid RequireExplicitPolicy Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy10CACert.crt", + "requireExplicitPolicy10subCACert.crt", + "requireExplicitPolicy10subsubCACert.crt", + "requireExplicitPolicy10subsubsubCACert.crt", + "ValidrequireExplicitPolicyTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy10CACRL.crl", + "requireExplicitPolicy10subCACRL.crl", + "requireExplicitPolicy10subsubCACRL.crl", + "requireExplicitPolicy10subsubsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.2 Valid RequireExplicitPolicy Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy5CACert.crt", + "requireExplicitPolicy5subCACert.crt", + "requireExplicitPolicy5subsubCACert.crt", + "requireExplicitPolicy5subsubsubCACert.crt", + "ValidrequireExplicitPolicyTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy5CACRL.crl", + "requireExplicitPolicy5subCACRL.crl", + "requireExplicitPolicy5subsubCACRL.crl", + "requireExplicitPolicy5subsubsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.3 Invalid RequireExplicitPolicy Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy4CACert.crt", + "requireExplicitPolicy4subCACert.crt", + "requireExplicitPolicy4subsubCACert.crt", + "requireExplicitPolicy4subsubsubCACert.crt", + "InvalidrequireExplicitPolicyTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy4CACRL.crl", + "requireExplicitPolicy4subCACRL.crl", + "requireExplicitPolicy4subsubCACRL.crl", + "requireExplicitPolicy4subsubsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.4 Valid RequireExplicitPolicy Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy0CACert.crt", + "requireExplicitPolicy0subCACert.crt", + "requireExplicitPolicy0subsubCACert.crt", + "requireExplicitPolicy0subsubsubCACert.crt", + "ValidrequireExplicitPolicyTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy0CACRL.crl", + "requireExplicitPolicy0subCACRL.crl", + "requireExplicitPolicy0subsubCACRL.crl", + "requireExplicitPolicy0subsubsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.5 Invalid RequireExplicitPolicy Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy7CACert.crt", + "requireExplicitPolicy7subCARE2Cert.crt", + "requireExplicitPolicy7subsubCARE2RE4Cert.crt", + "requireExplicitPolicy7subsubsubCARE2RE4Cert.crt", + "InvalidrequireExplicitPolicyTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy7CACRL.crl", + "requireExplicitPolicy7subCARE2CRL.crl", + "requireExplicitPolicy7subsubCARE2RE4CRL.crl", + "requireExplicitPolicy7subsubsubCARE2RE4CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.6 Valid Self-Issued requireExplicitPolicy Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy2CACert.crt", + "requireExplicitPolicy2SelfIssuedCACert.crt", + "ValidSelfIssuedrequireExplicitPolicyTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.7 Invalid Self-Issued requireExplicitPolicy Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy2CACert.crt", + "requireExplicitPolicy2SelfIssuedCACert.crt", + "requireExplicitPolicy2subCACert.crt", + "InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy2CACRL.crl", + "requireExplicitPolicy2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.8 Invalid Self-Issued requireExplicitPolicy Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy2CACert.crt", + "requireExplicitPolicy2SelfIssuedCACert.crt", + "requireExplicitPolicy2subCACert.crt", + "requireExplicitPolicy2SelfIssuedsubCACert.crt", + "InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy2CACRL.crl", + "requireExplicitPolicy2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.1.1 Valid Policy Mapping Test1 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "ValidPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.1.2 Valid Policy Mapping Test1 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "ValidPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.1.3 Valid Policy Mapping Test1 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "ValidPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": true, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.2 Invalid Policy Mapping Test2 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "InvalidPolicyMappingTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.2 Invalid Policy Mapping Test2 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "InvalidPolicyMappingTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": true, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.3 Valid Policy Mapping Test3 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "P12Mapping1to3subCACert.crt", + "P12Mapping1to3subsubCACert.crt", + "ValidPolicyMappingTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl", + "P12Mapping1to3subCACRL.crl", + "P12Mapping1to3subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.3 Valid Policy Mapping Test3 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "P12Mapping1to3subCACert.crt", + "P12Mapping1to3subsubCACert.crt", + "ValidPolicyMappingTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl", + "P12Mapping1to3subCACRL.crl", + "P12Mapping1to3subsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.4 Invalid Policy Mapping Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "P12Mapping1to3subCACert.crt", + "P12Mapping1to3subsubCACert.crt", + "InvalidPolicyMappingTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl", + "P12Mapping1to3subCACRL.crl", + "P12Mapping1to3subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.5 Valid Policy Mapping Test5 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.5 Valid Policy Mapping Test5 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-6" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.6 Valid Policy Mapping Test6 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.6 Valid Policy Mapping Test6 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-6" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.7 Invalid Mapping From anyPolicy Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "MappingFromanyPolicyCACert.crt", + "InvalidMappingFromanyPolicyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "MappingFromanyPolicyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.8 Invalid Mapping To anyPolicy Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "MappingToanyPolicyCACert.crt", + "InvalidMappingToanyPolicyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "MappingToanyPolicyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.9 Valid Policy Mapping Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PanyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PanyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.10 Invalid Policy Mapping Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "GoodsubCAPanyPolicyMapping1to2CACert.crt", + "InvalidPolicyMappingTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "GoodsubCAPanyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.11 Valid Policy Mapping Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "GoodsubCAPanyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "GoodsubCAPanyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.12 Valid Policy Mapping Test12 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "ValidPolicyMappingTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.12 Valid Policy Mapping Test12 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "ValidPolicyMappingTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.13 Valid Policy Mapping Test13 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.13 Valid Policy Mapping Test13 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1", + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.13 Valid Policy Mapping Test13 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.14 Valid Policy Mapping Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.1 Invalid inhibitPolicyMapping Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping0CACert.crt", + "inhibitPolicyMapping0subCACert.crt", + "InvalidinhibitPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping0CACRL.crl", + "inhibitPolicyMapping0subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.2 Valid inhibitPolicyMapping Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCACert.crt", + "ValidinhibitPolicyMappingTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.3 Invalid inhibitPolicyMapping Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCACert.crt", + "inhibitPolicyMapping1P12subsubCACert.crt", + "InvalidinhibitPolicyMappingTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCACRL.crl", + "inhibitPolicyMapping1P12subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.4 Valid inhibitPolicyMapping Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCACert.crt", + "inhibitPolicyMapping1P12subsubCACert.crt", + "ValidinhibitPolicyMappingTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCACRL.crl", + "inhibitPolicyMapping1P12subsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.5 Invalid inhibitPolicyMapping Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping5CACert.crt", + "inhibitPolicyMapping5subCACert.crt", + "inhibitPolicyMapping5subsubCACert.crt", + "inhibitPolicyMapping5subsubsubCACert.crt", + "InvalidinhibitPolicyMappingTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping5CACRL.crl", + "inhibitPolicyMapping5subCACRL.crl", + "inhibitPolicyMapping5subsubCACRL.crl", + "inhibitPolicyMapping5subsubsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.6 Invalid inhibitPolicyMapping Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCAIPM5Cert.crt", + "inhibitPolicyMapping1P12subsubCAIPM5Cert.crt", + "InvalidinhibitPolicyMappingTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCAIPM5CRL.crl", + "inhibitPolicyMapping1P12subsubCAIPM5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.7 Valid Self-Issued inhibitPolicyMapping Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "ValidSelfIssuedinhibitPolicyMappingTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1subsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl", + "inhibitPolicyMapping1P1subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1subsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl", + "inhibitPolicyMapping1P1subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1SelfIssuedsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1SelfIssuedsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.1 Invalid inhibitAnyPolicy Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy0CACert.crt", + "InvalidinhibitAnyPolicyTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy0CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.2 Valid inhibitAnyPolicy Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy0CACert.crt", + "ValidinhibitAnyPolicyTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.3 inhibitAnyPolicy Test3 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCA1Cert.crt", + "inhibitAnyPolicyTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.3 inhibitAnyPolicy Test3 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCA1Cert.crt", + "inhibitAnyPolicyTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": true + }, + { + "Name": "4.12.4 Invalid inhibitAnyPolicy Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCA1Cert.crt", + "InvalidinhibitAnyPolicyTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.5 Invalid inhibitAnyPolicy Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy5CACert.crt", + "inhibitAnyPolicy5subCACert.crt", + "inhibitAnyPolicy5subsubCACert.crt", + "InvalidinhibitAnyPolicyTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy5CACRL.crl", + "inhibitAnyPolicy5subCACRL.crl", + "inhibitAnyPolicy5subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.6 Invalid inhibitAnyPolicy Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCAIAP5Cert.crt", + "InvalidinhibitAnyPolicyTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCAIAP5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.7 Valid Self-Issued inhibitAnyPolicy Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "ValidSelfIssuedinhibitAnyPolicyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "inhibitAnyPolicy1subsubCA2Cert.crt", + "InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl", + "inhibitAnyPolicy1subsubCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.9 Valid Self-Issued inhibitAnyPolicy Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt", + "ValidSelfIssuedinhibitAnyPolicyTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.1 Valid DN nameConstraints Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "ValidDNnameConstraintsTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.2 Invalid DN nameConstraints Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "InvalidDNnameConstraintsTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.3 Invalid DN nameConstraints Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "InvalidDNnameConstraintsTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.4 Valid DN nameConstraints Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "ValidDNnameConstraintsTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.5 Valid DN nameConstraints Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN2CACert.crt", + "ValidDNnameConstraintsTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.6 Valid DN nameConstraints Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "ValidDNnameConstraintsTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.7 Invalid DN nameConstraints Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "InvalidDNnameConstraintsTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.8 Invalid DN nameConstraints Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN4CACert.crt", + "InvalidDNnameConstraintsTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN4CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.9 Invalid DN nameConstraints Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN4CACert.crt", + "InvalidDNnameConstraintsTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN4CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.10 Invalid DN nameConstraints Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN5CACert.crt", + "InvalidDNnameConstraintsTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN5CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.11 Valid DN nameConstraints Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN5CACert.crt", + "ValidDNnameConstraintsTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN5CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.12 Invalid DN nameConstraints Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA1Cert.crt", + "InvalidDNnameConstraintsTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.13 Invalid DN nameConstraints Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA2Cert.crt", + "InvalidDNnameConstraintsTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.14 Valid DN nameConstraints Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA2Cert.crt", + "ValidDNnameConstraintsTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.15 Invalid DN nameConstraints Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA1Cert.crt", + "InvalidDNnameConstraintsTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.16 Invalid DN nameConstraints Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA1Cert.crt", + "InvalidDNnameConstraintsTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.17 Invalid DN nameConstraints Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA2Cert.crt", + "InvalidDNnameConstraintsTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.18 Valid DN nameConstraints Test18", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA2Cert.crt", + "ValidDNnameConstraintsTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.19 Valid Self-Issued DN nameConstraints Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1SelfIssuedCACert.crt", + "ValidDNnameConstraintsTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.20 Invalid Self-Issued DN nameConstraints Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "InvalidDNnameConstraintsTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.21 Valid RFC822 nameConstraints Test21", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA1Cert.crt", + "ValidRFC822nameConstraintsTest21EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.22 Invalid RFC822 nameConstraints Test22", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA1Cert.crt", + "InvalidRFC822nameConstraintsTest22EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.23 Valid RFC822 nameConstraints Test23", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA2Cert.crt", + "ValidRFC822nameConstraintsTest23EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.24 Invalid RFC822 nameConstraints Test24", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA2Cert.crt", + "InvalidRFC822nameConstraintsTest24EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.25 Valid RFC822 nameConstraints Test25", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA3Cert.crt", + "ValidRFC822nameConstraintsTest25EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA3CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.26 Invalid RFC822 nameConstraints Test26", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA3Cert.crt", + "InvalidRFC822nameConstraintsTest26EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA3CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.27 Valid DN and RFC822 nameConstraints Test27", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA3Cert.crt", + "ValidDNandRFC822nameConstraintsTest27EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA3CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.28 Invalid DN and RFC822 nameConstraints Test28", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA3Cert.crt", + "InvalidDNandRFC822nameConstraintsTest28EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA3CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.29 Invalid DN and RFC822 nameConstraints Test29", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA3Cert.crt", + "InvalidDNandRFC822nameConstraintsTest29EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA3CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.30 Valid DNS nameConstraints Test30", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS1CACert.crt", + "ValidDNSnameConstraintsTest30EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.31 Invalid DNS nameConstraints Test31", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS1CACert.crt", + "InvalidDNSnameConstraintsTest31EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.32 Valid DNS nameConstraints Test32", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS2CACert.crt", + "ValidDNSnameConstraintsTest32EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.33 Invalid DNS nameConstraints Test33", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS2CACert.crt", + "InvalidDNSnameConstraintsTest33EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.34 Valid URI nameConstraints Test34", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI1CACert.crt", + "ValidURInameConstraintsTest34EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.35 Invalid URI nameConstraints Test35", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI1CACert.crt", + "InvalidURInameConstraintsTest35EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.36 Valid URI nameConstraints Test36", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI2CACert.crt", + "ValidURInameConstraintsTest36EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.37 Invalid URI nameConstraints Test37", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI2CACert.crt", + "InvalidURInameConstraintsTest37EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.38 Invalid DNS nameConstraints Test38", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS1CACert.crt", + "InvalidDNSnameConstraintsTest38EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.1 Valid distributionPoint Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "ValiddistributionPointTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.2 Invalid distributionPoint Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "InvaliddistributionPointTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.3 Invalid distributionPoint Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "InvaliddistributionPointTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.4 Valid distributionPoint Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "ValiddistributionPointTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.5 Valid distributionPoint Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "ValiddistributionPointTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.6 Invalid distributionPoint Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "InvaliddistributionPointTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.7 Valid distributionPoint Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "ValiddistributionPointTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.8 Invalid distributionPoint Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "InvaliddistributionPointTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.9 Invalid distributionPoint Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "InvaliddistributionPointTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.10 Valid No issuingDistributionPoint Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoissuingDistributionPointCACert.crt", + "ValidNoissuingDistributionPointTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NoissuingDistributionPointCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.11 Invalid onlyContainsUserCerts CRL Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsUserCertsCACert.crt", + "InvalidonlyContainsUserCertsTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsUserCertsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.12 Invalid onlyContainsCACerts CRL Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsCACertsCACert.crt", + "InvalidonlyContainsCACertsTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsCACertsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.13 Valid onlyContainsCACerts CRL Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsCACertsCACert.crt", + "ValidonlyContainsCACertsTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsCACertsCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.14 Invalid onlyContainsAttributeCerts Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsAttributeCertsCACert.crt", + "InvalidonlyContainsAttributeCertsTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsAttributeCertsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.15 Invalid onlySomeReasons Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA1Cert.crt", + "InvalidonlySomeReasonsTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA1compromiseCRL.crl", + "onlySomeReasonsCA1otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.16 Invalid onlySomeReasons Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA1Cert.crt", + "InvalidonlySomeReasonsTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA1compromiseCRL.crl", + "onlySomeReasonsCA1otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.17 Invalid onlySomeReasons Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA2Cert.crt", + "InvalidonlySomeReasonsTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA2CRL1.crl", + "onlySomeReasonsCA2CRL2.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.18 Valid onlySomeReasons Test18", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA3Cert.crt", + "ValidonlySomeReasonsTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA3compromiseCRL.crl", + "onlySomeReasonsCA3otherreasonsCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.19 Valid onlySomeReasons Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA4Cert.crt", + "ValidonlySomeReasonsTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA4compromiseCRL.crl", + "onlySomeReasonsCA4otherreasonsCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.20 Invalid onlySomeReasons Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA4Cert.crt", + "InvalidonlySomeReasonsTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA4compromiseCRL.crl", + "onlySomeReasonsCA4otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.21 Invalid onlySomeReasons Test21", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA4Cert.crt", + "InvalidonlySomeReasonsTest21EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA4compromiseCRL.crl", + "onlySomeReasonsCA4otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.22 Valid IDP with indirectCRL Test22", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA1Cert.crt", + "ValidIDPwithindirectCRLTest22EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.23 Invalid IDP with indirectCRL Test23", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA1Cert.crt", + "InvalidIDPwithindirectCRLTest23EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.24 Valid IDP with indirectCRL Test24", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "indirectCRLCA1Cert.crt", + "ValidIDPwithindirectCRLTest24EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.25 Valid IDP with indirectCRL Test25", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "indirectCRLCA1Cert.crt", + "ValidIDPwithindirectCRLTest25EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.26 Invalid IDP with indirectCRL Test26", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "indirectCRLCA1Cert.crt", + "InvalidIDPwithindirectCRLTest26EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.27 Invalid cRLIssuer Test27", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "GoodCACert.crt", + "InvalidcRLIssuerTest27EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.28 Valid cRLIssuer Test28", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA3Cert.crt", + "indirectCRLCA3cRLIssuerCert.crt", + "ValidcRLIssuerTest28EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA3CRL.crl", + "indirectCRLCA3cRLIssuerCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.29 Valid cRLIssuer Test29", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA3Cert.crt", + "indirectCRLCA3cRLIssuerCert.crt", + "ValidcRLIssuerTest29EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA3CRL.crl", + "indirectCRLCA3cRLIssuerCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.30 Valid cRLIssuer Test30", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA4Cert.crt", + "indirectCRLCA4cRLIssuerCert.crt", + "ValidcRLIssuerTest30EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA4cRLIssuerCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.31 Invalid cRLIssuer Test31", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "indirectCRLCA6Cert.crt", + "InvalidcRLIssuerTest31EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.32 Invalid cRLIssuer Test32", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "indirectCRLCA6Cert.crt", + "InvalidcRLIssuerTest32EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.33 Valid cRLIssuer Test33", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "indirectCRLCA6Cert.crt", + "ValidcRLIssuerTest33EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.34 Invalid cRLIssuer Test34", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "InvalidcRLIssuerTest34EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.35 Invalid cRLIssuer Test35", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "InvalidcRLIssuerTest35EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.1 Invalid deltaCRLIndicator No Base Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLIndicatorNoBaseCACert.crt", + "InvaliddeltaCRLIndicatorNoBaseTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLIndicatorNoBaseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.2 Valid delta-CRL Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "ValiddeltaCRLTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.3 Invalid delta-CRL Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "InvaliddeltaCRLTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.4 Invalid delta-CRL Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "InvaliddeltaCRLTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.5 Valid delta-CRL Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "ValiddeltaCRLTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.6 Invalid delta-CRL Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "InvaliddeltaCRLTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.7 Valid delta-CRL Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "ValiddeltaCRLTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.8 Valid delta-CRL Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA2Cert.crt", + "ValiddeltaCRLTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA2CRL.crl", + "deltaCRLCA2deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.9 Invalid delta-CRL Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA2Cert.crt", + "InvaliddeltaCRLTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA2CRL.crl", + "deltaCRLCA2deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.10 Invalid delta-CRL Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA3Cert.crt", + "InvaliddeltaCRLTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA3CRL.crl", + "deltaCRLCA3deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.16.1 Valid Unknown Not Critical Certificate Extension Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "ValidUnknownNotCriticalCertificateExtensionTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.16.2 Invalid Unknown Critical Certificate Extension Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "InvalidUnknownCriticalCertificateExtensionTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + } +] \ No newline at end of file