diff --git a/src/crypto/x509/pkits_test.go b/src/crypto/x509/pkits_test.go new file mode 100644 index 0000000000..b1139bbf9c --- /dev/null +++ b/src/crypto/x509/pkits_test.go @@ -0,0 +1,186 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +import ( + "encoding/json" + "os" + "path/filepath" + "slices" + "testing" +) + +var nistTestPolicies = map[string]OID{ + "anyPolicy": anyPolicyOID, + "NIST-test-policy-1": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 1}), + "NIST-test-policy-2": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 2}), + "NIST-test-policy-3": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 3}), + "NIST-test-policy-6": mustNewOIDFromInts([]uint64{2, 16, 840, 1, 101, 3, 2, 1, 48, 6}), +} + +func TestNISTPKITSPolicy(t *testing.T) { + // This test runs a subset of the NIST PKI path validation test suite that + // focuses of policy validation, rather than the entire suite. Since the + // suite assumes you are only validating the path, rather than building + // _and_ validating the path, we take the path as given and run + // policiesValid on it. + + certDir := "testdata/nist-pkits/certs" + + var testcases []struct { + Name string + CertPath []string + InitialPolicySet []string + InitialPolicyMappingInhibit bool + InitialExplicitPolicy bool + InitialAnyPolicyInhibit bool + ShouldValidate bool + Skipped bool + } + b, err := os.ReadFile("testdata/nist-pkits/vectors.json") + if err != nil { + t.Fatal(err) + } + if err := json.Unmarshal(b, &testcases); err != nil { + t.Fatal(err) + } + + policyTests := map[string]bool{ + "4.8.1 All Certificates Same Policy Test1 (Subpart 1)": true, + "4.8.1 All Certificates Same Policy Test1 (Subpart 2)": true, + "4.8.1 All Certificates Same Policy Test1 (Subpart 3)": true, + "4.8.1 All Certificates Same Policy Test1 (Subpart 4)": true, + "4.8.2 All Certificates No Policies Test2 (Subpart 1)": true, + "4.8.2 All Certificates No Policies Test2 (Subpart 2)": true, + "4.8.3 Different Policies Test3 (Subpart 1)": true, + "4.8.3 Different Policies Test3 (Subpart 2)": true, + "4.8.3 Different Policies Test3 (Subpart 3)": true, + "4.8.4 Different Policies Test4": true, + "4.8.5 Different Policies Test5": true, + "4.8.6 Overlapping Policies Test6 (Subpart 1)": true, + "4.8.6 Overlapping Policies Test6 (Subpart 2)": true, + "4.8.6 Overlapping Policies Test6 (Subpart 3)": true, + "4.8.7 Different Policies Test7": true, + "4.8.8 Different Policies Test8": true, + "4.8.9 Different Policies Test9": true, + "4.8.10 All Certificates Same Policies Test10 (Subpart 1)": true, + "4.8.10 All Certificates Same Policies Test10 (Subpart 2)": true, + "4.8.10 All Certificates Same Policies Test10 (Subpart 3)": true, + "4.8.11 All Certificates AnyPolicy Test11 (Subpart 1)": true, + "4.8.11 All Certificates AnyPolicy Test11 (Subpart 2)": true, + "4.8.12 Different Policies Test12": true, + "4.8.13 All Certificates Same Policies Test13 (Subpart 1)": true, + "4.8.13 All Certificates Same Policies Test13 (Subpart 2)": true, + "4.8.13 All Certificates Same Policies Test13 (Subpart 3)": true, + "4.8.14 AnyPolicy Test14 (Subpart 1)": true, + "4.8.14 AnyPolicy Test14 (Subpart 2)": true, + "4.8.15 User Notice Qualifier Test15": true, + "4.8.16 User Notice Qualifier Test16": true, + "4.8.17 User Notice Qualifier Test17": true, + "4.8.18 User Notice Qualifier Test18 (Subpart 1)": true, + "4.8.18 User Notice Qualifier Test18 (Subpart 2)": true, + "4.8.19 User Notice Qualifier Test19": true, + "4.8.20 CPS Pointer Qualifier Test20": true, + "4.9.1 Valid RequireExplicitPolicy Test1": true, + "4.9.2 Valid RequireExplicitPolicy Test2": true, + "4.9.3 Invalid RequireExplicitPolicy Test3": true, + "4.9.4 Valid RequireExplicitPolicy Test4": true, + "4.9.5 Invalid RequireExplicitPolicy Test5": true, + "4.9.6 Valid Self-Issued requireExplicitPolicy Test6": true, + "4.9.7 Invalid Self-Issued requireExplicitPolicy Test7": true, + "4.9.8 Invalid Self-Issued requireExplicitPolicy Test8": true, + "4.10.1.1 Valid Policy Mapping Test1 (Subpart 1)": true, + "4.10.1.2 Valid Policy Mapping Test1 (Subpart 2)": true, + "4.10.1.3 Valid Policy Mapping Test1 (Subpart 3)": true, + "4.10.2 Invalid Policy Mapping Test2 (Subpart 1)": true, + "4.10.2 Invalid Policy Mapping Test2 (Subpart 2)": true, + "4.10.3 Valid Policy Mapping Test3 (Subpart 1)": true, + "4.10.3 Valid Policy Mapping Test3 (Subpart 2)": true, + "4.10.4 Invalid Policy Mapping Test4": true, + "4.10.5 Valid Policy Mapping Test5 (Subpart 1)": true, + "4.10.5 Valid Policy Mapping Test5 (Subpart 2)": true, + "4.10.6 Valid Policy Mapping Test6 (Subpart 1)": true, + "4.10.6 Valid Policy Mapping Test6 (Subpart 2)": true, + "4.10.7 Invalid Mapping From anyPolicy Test7": true, + "4.10.8 Invalid Mapping To anyPolicy Test8": true, + "4.10.9 Valid Policy Mapping Test9": true, + "4.10.10 Invalid Policy Mapping Test10": true, + "4.10.11 Valid Policy Mapping Test11": true, + "4.10.12 Valid Policy Mapping Test12 (Subpart 1)": true, + "4.10.12 Valid Policy Mapping Test12 (Subpart 2)": true, + "4.10.13 Valid Policy Mapping Test13 (Subpart 1)": true, + "4.10.13 Valid Policy Mapping Test13 (Subpart 2)": true, + "4.10.13 Valid Policy Mapping Test13 (Subpart 3)": true, + "4.10.14 Valid Policy Mapping Test14": true, + "4.11.1 Invalid inhibitPolicyMapping Test1": true, + "4.11.2 Valid inhibitPolicyMapping Test2": true, + "4.11.3 Invalid inhibitPolicyMapping Test3": true, + "4.11.4 Valid inhibitPolicyMapping Test4": true, + "4.11.5 Invalid inhibitPolicyMapping Test5": true, + "4.11.6 Invalid inhibitPolicyMapping Test6": true, + "4.11.7 Valid Self-Issued inhibitPolicyMapping Test7": true, + "4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8": true, + "4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9": true, + "4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10": true, + "4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11": true, + "4.12.1 Invalid inhibitAnyPolicy Test1": true, + "4.12.2 Valid inhibitAnyPolicy Test2": true, + "4.12.3 inhibitAnyPolicy Test3 (Subpart 1)": true, + "4.12.3 inhibitAnyPolicy Test3 (Subpart 2)": true, + "4.12.4 Invalid inhibitAnyPolicy Test4": true, + "4.12.5 Invalid inhibitAnyPolicy Test5": true, + "4.12.6 Invalid inhibitAnyPolicy Test6": true, + "4.12.7 Valid Self-Issued inhibitAnyPolicy Test7": true, + "4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8": true, + "4.12.9 Valid Self-Issued inhibitAnyPolicy Test9": true, + "4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10": true, + } + + for _, tc := range testcases { + if !policyTests[tc.Name] { + continue + } + t.Run(tc.Name, func(t *testing.T) { + var chain []*Certificate + for _, c := range tc.CertPath { + certDER, err := os.ReadFile(filepath.Join(certDir, c)) + if err != nil { + t.Fatal(err) + } + cert, err := ParseCertificate(certDER) + if err != nil { + t.Fatal(err) + } + chain = append(chain, cert) + } + slices.Reverse(chain) + + var initialPolicies []OID + for _, pstr := range tc.InitialPolicySet { + policy, ok := nistTestPolicies[pstr] + if !ok { + t.Fatalf("unknown test policy: %s", pstr) + } + initialPolicies = append(initialPolicies, policy) + } + + valid := policiesValid(chain, VerifyOptions{ + CertificatePolicies: initialPolicies, + inhibitPolicyMapping: tc.InitialPolicyMappingInhibit, + requireExplicitPolicy: tc.InitialExplicitPolicy, + inhibitAnyPolicy: tc.InitialAnyPolicyInhibit, + }) + if !valid { + if !tc.ShouldValidate { + return + } + t.Fatalf("Failed to validate: %s", err) + } + if !tc.ShouldValidate { + t.Fatal("Expected path validation to fail") + } + }) + } +} diff --git a/src/crypto/x509/testdata/nist-pkits/README.md b/src/crypto/x509/testdata/nist-pkits/README.md new file mode 100644 index 0000000000..7b761260d6 --- /dev/null +++ b/src/crypto/x509/testdata/nist-pkits/README.md @@ -0,0 +1,6 @@ +Test vectors and certificates for the "Path Validation Testing Program" + portion of the NIST Public Key Infrastructure Testing suite: https://csrc.nist.gov/projects/pki-testing. + +Vectors are extracted from the provided PDF: https://csrc.nist.gov/CSRC/media/Projects/PKI-Testing/documents/PKITS.pdf. + +Vectors and test material are public domain (United States Government Work under 17 U.S.C. 105). \ No newline at end of file diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt new file mode 100644 index 0000000000..ae6be6c4c8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesNoPoliciesTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt new file mode 100644 index 0000000000..e36fdb8fc3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt new file mode 100644 index 0000000000..c296e5a430 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesSamePoliciesTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt new file mode 100644 index 0000000000..7439f85152 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AllCertificatesanyPolicyTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/AnyPolicyTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/AnyPolicyTest14EE.crt new file mode 100644 index 0000000000..a6cf3528fa Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/AnyPolicyTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadCRLIssuerNameCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLIssuerNameCACert.crt new file mode 100644 index 0000000000..05e4b3ddbe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLIssuerNameCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt new file mode 100644 index 0000000000..6dfa00d6b8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadCRLSignatureCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadSignedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadSignedCACert.crt new file mode 100644 index 0000000000..0a598fcb8e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadSignedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt new file mode 100644 index 0000000000..7a7dcec665 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadnotAfterDateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BadnotBeforeDateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BadnotBeforeDateCACert.crt new file mode 100644 index 0000000000..33cfbd7ce8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BadnotBeforeDateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt new file mode 100644 index 0000000000..4e1245299d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt new file mode 100644 index 0000000000..7f86064c26 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt new file mode 100644 index 0000000000..1f83cb863f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt new file mode 100644 index 0000000000..8773e48464 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt new file mode 100644 index 0000000000..b00748cc26 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt new file mode 100644 index 0000000000..963f57a485 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/CPSPointerQualifierTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/CPSPointerQualifierTest20EE.crt new file mode 100644 index 0000000000..706d98d63b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/CPSPointerQualifierTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DSACACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/DSACACert.crt new file mode 100644 index 0000000000..14787b0580 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DSACACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DSAParametersInheritedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/DSAParametersInheritedCACert.crt new file mode 100644 index 0000000000..5e2fa5bc92 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DSAParametersInheritedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest12EE.crt new file mode 100644 index 0000000000..7873bd8d36 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt new file mode 100644 index 0000000000..57f1df4334 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest4EE.crt new file mode 100644 index 0000000000..4967f41d30 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt new file mode 100644 index 0000000000..b6d31236e2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt new file mode 100644 index 0000000000..4c9c82bbcd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt new file mode 100644 index 0000000000..6c01f377f4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt new file mode 100644 index 0000000000..b2e30bd692 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/DifferentPoliciesTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt new file mode 100644 index 0000000000..f4acda66ec Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GoodCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GoodCACert.crt new file mode 100644 index 0000000000..edbfa648f2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GoodCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCACert.crt new file mode 100644 index 0000000000..7a770c31ae Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000..9f4d95f395 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt new file mode 100644 index 0000000000..e24d88d444 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt new file mode 100644 index 0000000000..4b35bd248e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBadCRLSignatureTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt new file mode 100644 index 0000000000..348df8fe0d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt new file mode 100644 index 0000000000..3ca7995460 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt new file mode 100644 index 0000000000..6cc192b8ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt new file mode 100644 index 0000000000..18033bc34b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidCASignatureTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCASignatureTest2EE.crt new file mode 100644 index 0000000000..1f4ad3e1a1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCASignatureTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt new file mode 100644 index 0000000000..a9938aa80e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotAfterDateTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt new file mode 100644 index 0000000000..f15d6a9ed2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidCAnotBeforeDateTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt new file mode 100644 index 0000000000..5f7ad1535a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest31EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt new file mode 100644 index 0000000000..fa59d6fbd0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest33EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt new file mode 100644 index 0000000000..334fed1f11 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNSnameConstraintsTest38EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt new file mode 100644 index 0000000000..f724473de8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt new file mode 100644 index 0000000000..468cb7bede Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt new file mode 100644 index 0000000000..806ebf3ce7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt new file mode 100644 index 0000000000..5f3a49f93e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt new file mode 100644 index 0000000000..d64ddf53c7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt new file mode 100644 index 0000000000..fd864ced34 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt new file mode 100644 index 0000000000..455658dbc9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt new file mode 100644 index 0000000000..63f262b99f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt new file mode 100644 index 0000000000..a7ef322043 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt new file mode 100644 index 0000000000..3fd895c924 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt new file mode 100644 index 0000000000..decbf34aac Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt new file mode 100644 index 0000000000..6ac76654e5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt new file mode 100644 index 0000000000..48adc0a6d5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt new file mode 100644 index 0000000000..ed753d42e6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDNnameConstraintsTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidDSASignatureTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDSASignatureTest6EE.crt new file mode 100644 index 0000000000..a1725b19da Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidDSASignatureTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt new file mode 100644 index 0000000000..9238109b64 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEESignatureTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt new file mode 100644 index 0000000000..af6fdf8c5a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotAfterDateTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt new file mode 100644 index 0000000000..3ddef09cab Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidEEnotBeforeDateTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt new file mode 100644 index 0000000000..5cf92f7ce4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt new file mode 100644 index 0000000000..c4b45f8783 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt new file mode 100644 index 0000000000..56b1ab4583 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidLongSerialNumberTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt new file mode 100644 index 0000000000..eec4c3c3a6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt new file mode 100644 index 0000000000..ee6914c15a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMappingToanyPolicyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt new file mode 100644 index 0000000000..30b0275903 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingCRLTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt new file mode 100644 index 0000000000..80ba7a03dd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidMissingbasicConstraintsTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt new file mode 100644 index 0000000000..6b7d7de29c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingOrderTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt new file mode 100644 index 0000000000..ee18fa08fb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNameChainingTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt new file mode 100644 index 0000000000..2c479ca231 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidNegativeSerialNumberTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt new file mode 100644 index 0000000000..1ec410d755 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt new file mode 100644 index 0000000000..053a608d7e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt new file mode 100644 index 0000000000..1ed661582c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt new file mode 100644 index 0000000000..a194a040a7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidPolicyMappingTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt new file mode 100644 index 0000000000..c9ad311ac0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt new file mode 100644 index 0000000000..28ef8f7491 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt new file mode 100644 index 0000000000..0e7f71937a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRFC822nameConstraintsTest26EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt new file mode 100644 index 0000000000..8054597114 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedCATest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt new file mode 100644 index 0000000000..455cb0240c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidRevokedEETest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt new file mode 100644 index 0000000000..2e85ce5c21 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt new file mode 100644 index 0000000000..ee48b7fc85 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt new file mode 100644 index 0000000000..e729fe77cd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt new file mode 100644 index 0000000000..103e0940fe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt new file mode 100644 index 0000000000..3eaa74deb8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt new file mode 100644 index 0000000000..1a1da9fe7a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt new file mode 100644 index 0000000000..2ff84b8b7d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt new file mode 100644 index 0000000000..d4050e6f4f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt new file mode 100644 index 0000000000..77b6a3c147 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt new file mode 100644 index 0000000000..2cbab480b1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt new file mode 100644 index 0000000000..e703d67905 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt new file mode 100644 index 0000000000..65096685fe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest35EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt new file mode 100644 index 0000000000..e64db473af Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidURInameConstraintsTest37EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt new file mode 100644 index 0000000000..8630e99cb2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt new file mode 100644 index 0000000000..42fda8fc12 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt new file mode 100644 index 0000000000..c3f93b5bd7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt new file mode 100644 index 0000000000..9200cccb39 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt new file mode 100644 index 0000000000..148f9fb23a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidWrongCRLTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest2EE.crt new file mode 100644 index 0000000000..3d5b82946b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt new file mode 100644 index 0000000000..f791140ced Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcAFalseTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt new file mode 100644 index 0000000000..2433e3b95e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest27EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt new file mode 100644 index 0000000000..210bb41fef Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest31EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt new file mode 100644 index 0000000000..5509dda847 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest32EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt new file mode 100644 index 0000000000..8b9041f5ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest34EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt new file mode 100644 index 0000000000..32e72a225e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidcRLIssuerTest35EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt new file mode 100644 index 0000000000..10da321247 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt new file mode 100644 index 0000000000..d60812c6a4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt new file mode 100644 index 0000000000..6b3c374331 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt new file mode 100644 index 0000000000..b959414934 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt new file mode 100644 index 0000000000..ea141b173a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt new file mode 100644 index 0000000000..de4da9d69b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddeltaCRLTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest2EE.crt new file mode 100644 index 0000000000..a60b030e9e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest3EE.crt new file mode 100644 index 0000000000..bbb8271d6b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt new file mode 100644 index 0000000000..a47f7b2085 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest8EE.crt new file mode 100644 index 0000000000..af3a366dd7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt new file mode 100644 index 0000000000..3456831e0b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvaliddistributionPointTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt new file mode 100644 index 0000000000..828203b11c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt new file mode 100644 index 0000000000..2ffd9dd8ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt new file mode 100644 index 0000000000..2fc212d33e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt new file mode 100644 index 0000000000..9aafebfc25 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt new file mode 100644 index 0000000000..65ca6340ea Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt new file mode 100644 index 0000000000..c8b06f07e4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt new file mode 100644 index 0000000000..f3526efb69 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt new file mode 100644 index 0000000000..733c152685 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt new file mode 100644 index 0000000000..cfddd3a435 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt new file mode 100644 index 0000000000..16c103f744 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt new file mode 100644 index 0000000000..5583f19690 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt new file mode 100644 index 0000000000..f3062e9e48 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt new file mode 100644 index 0000000000..279306ed18 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt new file mode 100644 index 0000000000..f206348963 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsCACertsTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt new file mode 100644 index 0000000000..ecf51285fa Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlyContainsUserCertsTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt new file mode 100644 index 0000000000..f536fc6d2b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt new file mode 100644 index 0000000000..af5aa4b0d4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt new file mode 100644 index 0000000000..59722f9622 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt new file mode 100644 index 0000000000..4a0f191650 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest20EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt new file mode 100644 index 0000000000..59a02de9d7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidonlySomeReasonsTest21EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt new file mode 100644 index 0000000000..447115e636 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt new file mode 100644 index 0000000000..c28c455abb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt new file mode 100644 index 0000000000..dc6d0dda96 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt new file mode 100644 index 0000000000..b8830a2405 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt new file mode 100644 index 0000000000..b96d3c626f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt new file mode 100644 index 0000000000..c339f6fae7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidpathLenConstraintTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt new file mode 100644 index 0000000000..3e1ba073e1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt new file mode 100644 index 0000000000..4a7e31caf0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt new file mode 100644 index 0000000000..e9b7cf2510 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt new file mode 100644 index 0000000000..971d0a5de6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/LongSerialNumberCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/LongSerialNumberCACert.crt new file mode 100644 index 0000000000..12830d9069 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/LongSerialNumberCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Mapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/Mapping1to2CACert.crt new file mode 100644 index 0000000000..4b70c9a4fc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Mapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/MappingFromanyPolicyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/MappingFromanyPolicyCACert.crt new file mode 100644 index 0000000000..0a8f1e9811 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/MappingFromanyPolicyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/MappingToanyPolicyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/MappingToanyPolicyCACert.crt new file mode 100644 index 0000000000..d93d8c79c9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/MappingToanyPolicyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/MissingbasicConstraintsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/MissingbasicConstraintsCACert.crt new file mode 100644 index 0000000000..e6f41a446b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/MissingbasicConstraintsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NameOrderingCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NameOrderingCACert.crt new file mode 100644 index 0000000000..f1c4a55fbf Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NameOrderingCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NegativeSerialNumberCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NegativeSerialNumberCACert.crt new file mode 100644 index 0000000000..1a4d9ba374 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NegativeSerialNumberCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NoCRLCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NoCRLCACert.crt new file mode 100644 index 0000000000..71c607dac4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NoCRLCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NoPoliciesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NoPoliciesCACert.crt new file mode 100644 index 0000000000..3a94cb157d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NoPoliciesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt new file mode 100644 index 0000000000..c4f182ad7f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/NoissuingDistributionPointCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt new file mode 100644 index 0000000000..2666670afb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/OldCRLnextUpdateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/OverlappingPoliciesTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/OverlappingPoliciesTest6EE.crt new file mode 100644 index 0000000000..82b5b5e0ee Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/OverlappingPoliciesTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3CACert.crt new file mode 100644 index 0000000000..9139bd730d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subCACert.crt new file mode 100644 index 0000000000..3b9c2a751c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt new file mode 100644 index 0000000000..91fc36a727 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P12Mapping1to3subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt new file mode 100644 index 0000000000..3500737ab8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234subCACert.crt new file mode 100644 index 0000000000..eb900ebc1c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P1Mapping1to234subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000..3818b6a7f5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/P1anyPolicyMapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt new file mode 100644 index 0000000000..db220487cc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PanyPolicyMapping1to2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234CACert.crt new file mode 100644 index 0000000000..36cf4ce24e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt new file mode 100644 index 0000000000..1ab7ab104f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subCAP123Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt new file mode 100644 index 0000000000..df834464bb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123CACert.crt new file mode 100644 index 0000000000..26262a3d72 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subCAP12Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subCAP12Cert.crt new file mode 100644 index 0000000000..cef6abeb29 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subCAP12Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt new file mode 100644 index 0000000000..49e66b5be0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt new file mode 100644 index 0000000000..d7b5a42353 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubCAP12P2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt new file mode 100644 index 0000000000..3a79422477 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12CACert.crt new file mode 100644 index 0000000000..dc1b60de0e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt new file mode 100644 index 0000000000..081f951b80 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subCAP1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt new file mode 100644 index 0000000000..e8d0bb8ba8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP12subsubCAP1P2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt new file mode 100644 index 0000000000..c734009d05 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCACert.crt new file mode 100644 index 0000000000..0f3fbbb01a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP2subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP3CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP3CACert.crt new file mode 100644 index 0000000000..9740b309d4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/PoliciesP3CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt new file mode 100644 index 0000000000..9c648a30be Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt new file mode 100644 index 0000000000..306303a846 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RFC3280OptionalAttributeTypesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RevokedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RevokedsubCACert.crt new file mode 100644 index 0000000000..25705b2f67 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RevokedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt new file mode 100644 index 0000000000..32ddfe3e31 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/RolloverfromPrintableStringtoUTF8StringCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt new file mode 100644 index 0000000000..17b3cbba30 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt new file mode 100644 index 0000000000..d747ea1fe5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt new file mode 100644 index 0000000000..3c1730f41a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt new file mode 100644 index 0000000000..e75eb4cd70 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt b/src/crypto/x509/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt new file mode 100644 index 0000000000..04efaa0659 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/TrustAnchorRootCertificate.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/TwoCRLsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/TwoCRLsCACert.crt new file mode 100644 index 0000000000..28eb60a071 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/TwoCRLsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UIDCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UIDCACert.crt new file mode 100644 index 0000000000..ec04d74455 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UIDCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt new file mode 100644 index 0000000000..2d653ef65b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringCaseInsensitiveMatchCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt new file mode 100644 index 0000000000..ae2ce8a7b4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UTF8StringEncodedNamesCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt new file mode 100644 index 0000000000..69128811ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLEntryExtensionCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLExtensionCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLExtensionCACert.crt new file mode 100644 index 0000000000..2e2c3ef3d6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UnknownCRLExtensionCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest15EE.crt new file mode 100644 index 0000000000..afb3455e36 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest16EE.crt new file mode 100644 index 0000000000..7d3bcc5d0b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt new file mode 100644 index 0000000000..5fefe19944 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt new file mode 100644 index 0000000000..1168b580e8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt new file mode 100644 index 0000000000..3cb86cd1ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/UserNoticeQualifierTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt new file mode 100644 index 0000000000..c91b9f3665 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt new file mode 100644 index 0000000000..34197f0360 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt new file mode 100644 index 0000000000..9a7919b00a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt new file mode 100644 index 0000000000..038e4d7a80 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt new file mode 100644 index 0000000000..69ba3019d4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidCertificatePathTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt new file mode 100644 index 0000000000..e5235c7ff2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest30EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt new file mode 100644 index 0000000000..8bc3e87b9f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNSnameConstraintsTest32EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt new file mode 100644 index 0000000000..2332d4c189 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt new file mode 100644 index 0000000000..f8fe122324 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt new file mode 100644 index 0000000000..4364e1bcbf Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt new file mode 100644 index 0000000000..3b5ac8be53 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt new file mode 100644 index 0000000000..20fa140e19 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt new file mode 100644 index 0000000000..c59e921bac Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt new file mode 100644 index 0000000000..c6cfcbb778 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt new file mode 100644 index 0000000000..f2c4dfc553 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt new file mode 100644 index 0000000000..675711970c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDNnameConstraintsTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt new file mode 100644 index 0000000000..d8b6ce36d0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSAParameterInheritanceTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidDSASignaturesTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSASignaturesTest4EE.crt new file mode 100644 index 0000000000..2fc40a6c2f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidDSASignaturesTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt new file mode 100644 index 0000000000..7f77ee8196 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt new file mode 100644 index 0000000000..f97ed0a3e9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt new file mode 100644 index 0000000000..2ef73e1f69 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt new file mode 100644 index 0000000000..66296ac7e7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest22EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt new file mode 100644 index 0000000000..0a1b85dc68 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest24EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt new file mode 100644 index 0000000000..6f69c0c8bc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidIDPwithindirectCRLTest25EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt new file mode 100644 index 0000000000..44e890546d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest16EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt new file mode 100644 index 0000000000..9618658722 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidLongSerialNumberTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt new file mode 100644 index 0000000000..c0a6b3d03e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingCapitalizationTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt new file mode 100644 index 0000000000..fc0f65d079 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt new file mode 100644 index 0000000000..a8ffc872ca Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameChainingWhitespaceTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt new file mode 100644 index 0000000000..7d0b706113 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNameUIDsTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt new file mode 100644 index 0000000000..ab39228409 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNegativeSerialNumberTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt new file mode 100644 index 0000000000..89eac753f3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidNoissuingDistributionPointTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt new file mode 100644 index 0000000000..865c97542e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest12EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest12EE.crt new file mode 100644 index 0000000000..eb4306ab5a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest12EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt new file mode 100644 index 0000000000..2d1b18c33f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt new file mode 100644 index 0000000000..2487d626f7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest1EE.crt new file mode 100644 index 0000000000..f2bd7d381d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest3EE.crt new file mode 100644 index 0000000000..e941bbbad0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt new file mode 100644 index 0000000000..d084fc7215 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt new file mode 100644 index 0000000000..97dd2e72c1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt new file mode 100644 index 0000000000..ef1ac897e0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidPolicyMappingTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt new file mode 100644 index 0000000000..15825d7eb3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt new file mode 100644 index 0000000000..60a2031681 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt new file mode 100644 index 0000000000..576a1b8171 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest21EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt new file mode 100644 index 0000000000..c0ff7596a0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest23EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt new file mode 100644 index 0000000000..75f67b73c8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRFC822nameConstraintsTest25EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt new file mode 100644 index 0000000000..0a4e150700 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt new file mode 100644 index 0000000000..16968ab59b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt new file mode 100644 index 0000000000..1516f1ee70 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt new file mode 100644 index 0000000000..a4385c1d95 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt new file mode 100644 index 0000000000..1cb0924ec3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt new file mode 100644 index 0000000000..ed34676087 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt new file mode 100644 index 0000000000..44e5c1e253 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt new file mode 100644 index 0000000000..0826091976 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidTwoCRLsTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidTwoCRLsTest7EE.crt new file mode 100644 index 0000000000..c42779d70c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidTwoCRLsTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt new file mode 100644 index 0000000000..be8ef42f19 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest34EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt new file mode 100644 index 0000000000..6a24838f5d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidURInameConstraintsTest36EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt new file mode 100644 index 0000000000..d1f80a74a4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt new file mode 100644 index 0000000000..b14d789b5d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt new file mode 100644 index 0000000000..d55dcb1a6f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt new file mode 100644 index 0000000000..4059c017a7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidbasicConstraintsNotCriticalTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest28EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest28EE.crt new file mode 100644 index 0000000000..9145515308 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest28EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt new file mode 100644 index 0000000000..b10632b209 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest29EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt new file mode 100644 index 0000000000..593ef98e35 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest30EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt new file mode 100644 index 0000000000..2ae810abf9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidcRLIssuerTest33EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt new file mode 100644 index 0000000000..a2eb9a7dc4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt new file mode 100644 index 0000000000..1a3f7f5142 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt new file mode 100644 index 0000000000..43b44bc5d8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt new file mode 100644 index 0000000000..8be24581eb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddeltaCRLTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest1EE.crt new file mode 100644 index 0000000000..b2c832fa41 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest4EE.crt new file mode 100644 index 0000000000..47feb00fd0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt new file mode 100644 index 0000000000..a93d666384 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest5EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest7EE.crt new file mode 100644 index 0000000000..107f102c98 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValiddistributionPointTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt new file mode 100644 index 0000000000..df4ba44450 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitAnyPolicyTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt new file mode 100644 index 0000000000..f13524a0dc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt new file mode 100644 index 0000000000..75daa87028 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidinhibitPolicyMappingTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt new file mode 100644 index 0000000000..6da79065ea Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt new file mode 100644 index 0000000000..3eec5cc6fe Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlyContainsCACertsTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt new file mode 100644 index 0000000000..f255d3ad71 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest18EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt new file mode 100644 index 0000000000..912968e950 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidonlySomeReasonsTest19EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt new file mode 100644 index 0000000000..1ad52efdb6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest13EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt new file mode 100644 index 0000000000..76800f5159 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest14EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt new file mode 100644 index 0000000000..f3368edd5d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest7EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt new file mode 100644 index 0000000000..8ff0a131e7 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidpathLenConstraintTest8EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt new file mode 100644 index 0000000000..15b2928401 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt new file mode 100644 index 0000000000..7cf888e16a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest1EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt new file mode 100644 index 0000000000..23889360cc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest2EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt new file mode 100644 index 0000000000..e93a0e1fe9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/ValidrequireExplicitPolicyTest4EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/WrongCRLCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/WrongCRLCACert.crt new file mode 100644 index 0000000000..3a96d87cfc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/WrongCRLCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/anyPolicyCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/anyPolicyCACert.crt new file mode 100644 index 0000000000..df54668adb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/anyPolicyCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt new file mode 100644 index 0000000000..4b678fee0c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsCriticalcAFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt new file mode 100644 index 0000000000..d6c7fb805f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt new file mode 100644 index 0000000000..27e670ec16 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt new file mode 100644 index 0000000000..6815e4f888 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt new file mode 100644 index 0000000000..2f64a74e13 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA3Cert.crt new file mode 100644 index 0000000000..31e6b33a46 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt new file mode 100644 index 0000000000..7cd82a4363 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/deltaCRLIndicatorNoBaseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint1CACert.crt new file mode 100644 index 0000000000..23250812d9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint2CACert.crt new file mode 100644 index 0000000000..205b62ad16 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/distributionPoint2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt new file mode 100644 index 0000000000..046deefaec Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt new file mode 100644 index 0000000000..de9a0be510 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt new file mode 100644 index 0000000000..03bb3eb2da Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt new file mode 100644 index 0000000000..20e8267eee Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA3cRLIssuerCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt new file mode 100644 index 0000000000..f1cb26b375 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt new file mode 100644 index 0000000000..ff1203df3a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA4cRLIssuerCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt new file mode 100644 index 0000000000..c4f9f17874 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt new file mode 100644 index 0000000000..46443aab94 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/indirectCRLCA6Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt new file mode 100644 index 0000000000..cf3611025e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1CACert.crt new file mode 100644 index 0000000000..0494c8fe5b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt new file mode 100644 index 0000000000..6512e9d2e9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt new file mode 100644 index 0000000000..42e00344af Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt new file mode 100644 index 0000000000..633536c33a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt new file mode 100644 index 0000000000..319e809878 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt new file mode 100644 index 0000000000..a3c4f2134e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt new file mode 100644 index 0000000000..3c4512ac28 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt new file mode 100644 index 0000000000..fc9b423299 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt new file mode 100644 index 0000000000..11ceeb78cc Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt new file mode 100644 index 0000000000..32bbffeb44 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicy5subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt new file mode 100644 index 0000000000..2c8fd4f6d1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitAnyPolicyTest3EE.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0CACert.crt new file mode 100644 index 0000000000..16808f7c50 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt new file mode 100644 index 0000000000..846abc924d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping0subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt new file mode 100644 index 0000000000..5baaf35e0f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt new file mode 100644 index 0000000000..b2f0979cce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt new file mode 100644 index 0000000000..4ad9f1e174 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt new file mode 100644 index 0000000000..f514e5d88b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt new file mode 100644 index 0000000000..b1e9ff8d06 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt new file mode 100644 index 0000000000..ec47ee6373 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt new file mode 100644 index 0000000000..65155c7b5a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt new file mode 100644 index 0000000000..ae1891624b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt new file mode 100644 index 0000000000..80135df869 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt new file mode 100644 index 0000000000..3a72ec12fb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5CACert.crt new file mode 100644 index 0000000000..fd092230fb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt new file mode 100644 index 0000000000..93857ab656 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt new file mode 100644 index 0000000000..134b7f8cb1 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt new file mode 100644 index 0000000000..dfb268d1d3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/inhibitPolicyMapping5subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt new file mode 100644 index 0000000000..2467c945ad Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt new file mode 100644 index 0000000000..aa19cec73d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageCriticalkeyCertSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt new file mode 100644 index 0000000000..bab8307e33 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt new file mode 100644 index 0000000000..a6d878c8df Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt new file mode 100644 index 0000000000..ef1056f1c3 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1CACert.crt new file mode 100644 index 0000000000..206359f913 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt new file mode 100644 index 0000000000..452ea54752 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt new file mode 100644 index 0000000000..645f0ae7c4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt new file mode 100644 index 0000000000..6cfc5926a5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt new file mode 100644 index 0000000000..840d073f6b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN1subCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN2CACert.crt new file mode 100644 index 0000000000..c68d496e65 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt new file mode 100644 index 0000000000..87ba14d13a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt new file mode 100644 index 0000000000..7eed575fb4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt new file mode 100644 index 0000000000..08f2245ef6 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN3subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt new file mode 100644 index 0000000000..3b11463186 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN4CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN5CACert.crt new file mode 100644 index 0000000000..c190f7a7f2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDN5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt new file mode 100644 index 0000000000..a7ec3bd1eb Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS2CACert.crt new file mode 100644 index 0000000000..c70846206c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsDNS2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt new file mode 100644 index 0000000000..1be8e99335 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt new file mode 100644 index 0000000000..58308f8939 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt new file mode 100644 index 0000000000..ff6ba166ba Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsRFC822CA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt new file mode 100644 index 0000000000..5f638c093c Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI2CACert.crt new file mode 100644 index 0000000000..e06b6377a9 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/nameConstraintsURI2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt new file mode 100644 index 0000000000..e8d2b7224a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsAttributeCertsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsCACertsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsCACertsCACert.crt new file mode 100644 index 0000000000..d75988ad00 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsCACertsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt new file mode 100644 index 0000000000..0d0b95030b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlyContainsUserCertsCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt new file mode 100644 index 0000000000..ca247b06b4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt new file mode 100644 index 0000000000..c1cce6e0ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA3Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA3Cert.crt new file mode 100644 index 0000000000..cd65a820e4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA3Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt new file mode 100644 index 0000000000..f205db0a3b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/onlySomeReasonsCA4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0CACert.crt new file mode 100644 index 0000000000..ce9b90d284 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt new file mode 100644 index 0000000000..6e8f97c203 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt new file mode 100644 index 0000000000..2fc8fb590f Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCA2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt new file mode 100644 index 0000000000..b156179e3a Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint0subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt new file mode 100644 index 0000000000..a424261672 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt new file mode 100644 index 0000000000..87590c3d26 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt new file mode 100644 index 0000000000..f2c43ea893 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt new file mode 100644 index 0000000000..05a2bac1da Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint1subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt new file mode 100644 index 0000000000..c254a2376d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt new file mode 100644 index 0000000000..0a8c99dd3e Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA0Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt new file mode 100644 index 0000000000..bd686290ef Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA1Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt new file mode 100644 index 0000000000..822a383d05 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subCA4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt new file mode 100644 index 0000000000..e2fd7ae3cd Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA00Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt new file mode 100644 index 0000000000..44c0162e94 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA11Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt new file mode 100644 index 0000000000..284f4a9e48 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubCA41Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt new file mode 100644 index 0000000000..9766cf0159 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt new file mode 100644 index 0000000000..e14753174b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pathLenConstraint6subsubsubCA41XCert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt new file mode 100644 index 0000000000..30aff16129 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/pre2000CRLnextUpdateCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0CACert.crt new file mode 100644 index 0000000000..16594b9e97 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt new file mode 100644 index 0000000000..b7a1518eb8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt new file mode 100644 index 0000000000..db57e9b337 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt new file mode 100644 index 0000000000..4952094eef Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy0subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt new file mode 100644 index 0000000000..3a54e7f2b8 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt new file mode 100644 index 0000000000..650a53f4c2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt new file mode 100644 index 0000000000..139be532a5 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt new file mode 100644 index 0000000000..a7c216c164 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy10subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt new file mode 100644 index 0000000000..f7ca7ae7e2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt new file mode 100644 index 0000000000..9d16269090 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt new file mode 100644 index 0000000000..b53bec1560 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt new file mode 100644 index 0000000000..36fc0d8df4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy2subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4CACert.crt new file mode 100644 index 0000000000..723ae42a47 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subCACert.crt new file mode 100644 index 0000000000..1bd237f766 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt new file mode 100644 index 0000000000..1a37158581 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt new file mode 100644 index 0000000000..3047d74341 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy4subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5CACert.crt new file mode 100644 index 0000000000..c6b69ad95d Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt new file mode 100644 index 0000000000..16958532f0 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt new file mode 100644 index 0000000000..093963aeca Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt new file mode 100644 index 0000000000..58da176c46 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy5subsubsubCACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7CACert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7CACert.crt new file mode 100644 index 0000000000..aba4a7fde4 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7CACert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt new file mode 100644 index 0000000000..c57e9e4a5b Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subCARE2Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt new file mode 100644 index 0000000000..343efa5ec2 Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt new file mode 100644 index 0000000000..9a8e72a1ce Binary files /dev/null and b/src/crypto/x509/testdata/nist-pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt differ diff --git a/src/crypto/x509/testdata/nist-pkits/vectors.json b/src/crypto/x509/testdata/nist-pkits/vectors.json new file mode 100644 index 0000000000..5842b4326d --- /dev/null +++ b/src/crypto/x509/testdata/nist-pkits/vectors.json @@ -0,0 +1,5010 @@ +[ + { + "Name": "4.1.1 Valid Signatures Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.2 Invalid CA Signature Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadSignedCACert.crt", + "InvalidCASignatureTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadSignedCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.3 Invalid EE Signature Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidEESignatureTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.4 Valid DSA Signatures Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "DSACACert.crt", + "ValidDSASignaturesTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "DSACACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.5 Valid DSA Parameter Inheritance Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "DSACACert.crt", + "DSAParametersInheritedCACert.crt", + "ValidDSAParameterInheritanceTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "DSACACRL.crl", + "DSAParametersInheritedCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.1.6 Invalid DSA Signature Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "DSACACert.crt", + "InvalidDSASignatureTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "DSACACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.1 Invalid CA notBefore Date Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadnotBeforeDateCACert.crt", + "InvalidCAnotBeforeDateTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadnotBeforeDateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.2 Invalid EE notBefore Date Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidEEnotBeforeDateTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.3 Valid pre2000 UTC notBefore Date Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "Validpre2000UTCnotBeforeDateTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.4 Valid GeneralizedTime notBefore Date Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidGeneralizedTimenotBeforeDateTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.5 Invalid CA notAfter Date Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadnotAfterDateCACert.crt", + "InvalidCAnotAfterDateTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadnotAfterDateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.6 Invalid EE notAfter Date Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidEEnotAfterDateTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.7 Invalid pre2000 UTC EE notAfter Date Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "Invalidpre2000UTCEEnotAfterDateTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.2.8 Valid GeneralizedTime notAfter Date Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidGeneralizedTimenotAfterDateTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.1 Invalid Name Chaining EE Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidNameChainingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.2 Invalid Name Chaining Order Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NameOrderingCACert.crt", + "InvalidNameChainingOrderTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NameOrderCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.3 Valid Name Chaining Whitespace Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidNameChainingWhitespaceTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.4 Valid Name Chaining Whitespace Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidNameChainingWhitespaceTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.5 Valid Name Chaining Capitalization Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidNameChainingCapitalizationTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.6 Valid Name Chaining UIDs Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UIDCACert.crt", + "ValidNameUIDsTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UIDCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.7 Valid RFC3280 Mandatory Attribute Types Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "RFC3280MandatoryAttributeTypesCACert.crt", + "ValidRFC3280MandatoryAttributeTypesTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "RFC3280MandatoryAttributeTypesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.8 Valid RFC3280 Optional Attribute Types Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "RFC3280OptionalAttributeTypesCACert.crt", + "ValidRFC3280OptionalAttributeTypesTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "RFC3280OptionalAttributeTypesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.9 Valid UTF8String Encoded Names Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UTF8StringEncodedNamesCACert.crt", + "ValidUTF8StringEncodedNamesTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UTF8StringEncodedNamesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.10 Valid Rollover from PrintableString to UTF8String Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "RolloverfromPrintableStringtoUTF8StringCACert.crt", + "ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "RolloverfromPrintableStringtoUTF8StringCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.3.11 Valid UTF8String Case Insensitive Match Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UTF8StringCaseInsensitiveMatchCACert.crt", + "ValidUTF8StringCaseInsensitiveMatchTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UTF8StringCaseInsensitiveMatchCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.1 Missing CRL Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoCRLCACert.crt", + "InvalidMissingCRLTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.2 Invalid Revoked CA Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "RevokedsubCACert.crt", + "InvalidRevokedCATest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "RevokedsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.3 Invalid Revoked EE Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "InvalidRevokedEETest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.4 Invalid Bad CRL Signature Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadCRLSignatureCACert.crt", + "InvalidBadCRLSignatureTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadCRLSignatureCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.5 Invalid Bad CRL Issuer Name Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BadCRLIssuerNameCACert.crt", + "InvalidBadCRLIssuerNameTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BadCRLIssuerNameCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.6 Invalid Wrong CRL Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "WrongCRLCACert.crt", + "InvalidWrongCRLTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "WrongCRLCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.7 Valid Two CRLs Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "TwoCRLsCACert.crt", + "ValidTwoCRLsTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "TwoCRLsCAGoodCRL.crl", + "TwoCRLsCABadCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.8 Invalid Unknown CRL Entry Extension Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UnknownCRLEntryExtensionCACert.crt", + "InvalidUnknownCRLEntryExtensionTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UnknownCRLEntryExtensionCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.9 Invalid Unknown CRL Extension Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UnknownCRLExtensionCACert.crt", + "InvalidUnknownCRLExtensionTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UnknownCRLExtensionCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.10 Invalid Unknown CRL Extension Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UnknownCRLExtensionCACert.crt", + "InvalidUnknownCRLExtensionTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "UnknownCRLExtensionCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.11 Invalid Old CRL nextUpdate Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "OldCRLnextUpdateCACert.crt", + "InvalidOldCRLnextUpdateTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "OldCRLnextUpdateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.12 Invalid pre2000 CRL nextUpdate Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pre2000CRLnextUpdateCACert.crt", + "Invalidpre2000CRLnextUpdateTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pre2000CRLnextUpdateCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.13 Valid GeneralizedTime CRL nextUpdate Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GeneralizedTimeCRLnextUpdateCACert.crt", + "ValidGeneralizedTimeCRLnextUpdateTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GeneralizedTimeCRLnextUpdateCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.14 Valid Negative Serial Number Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NegativeSerialNumberCACert.crt", + "ValidNegativeSerialNumberTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NegativeSerialNumberCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.15 Invalid Negative Serial Number Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NegativeSerialNumberCACert.crt", + "InvalidNegativeSerialNumberTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NegativeSerialNumberCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.16 Valid Long Serial Number Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "LongSerialNumberCACert.crt", + "ValidLongSerialNumberTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "LongSerialNumberCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.17 Valid Long Serial Number Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "LongSerialNumberCACert.crt", + "ValidLongSerialNumberTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "LongSerialNumberCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.18 Invalid Long Serial Number Test18", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "LongSerialNumberCACert.crt", + "InvalidLongSerialNumberTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "LongSerialNumberCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.19 Valid Separate Certificate and CRL Keys Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", + "SeparateCertificateandCRLKeysCRLSigningCert.crt", + "ValidSeparateCertificateandCRLKeysTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "SeparateCertificateandCRLKeysCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.20 Invalid Separate Certificate and CRL Keys Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", + "SeparateCertificateandCRLKeysCRLSigningCert.crt", + "InvalidSeparateCertificateandCRLKeysTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "SeparateCertificateandCRLKeysCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.4.21 Invalid Separate Certificate and CRL Keys Test21", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt", + "SeparateCertificateandCRLKeysCA2CRLSigningCert.crt", + "InvalidSeparateCertificateandCRLKeysTest21EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "SeparateCertificateandCRLKeysCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.1 Valid Basic Self-Issued Old With New Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedNewKeyCACert.crt", + "BasicSelfIssuedNewKeyOldWithNewCACert.crt", + "ValidBasicSelfIssuedOldWithNewTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedNewKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.2 Invalid Basic Self-Issued Old With New Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedNewKeyCACert.crt", + "BasicSelfIssuedNewKeyOldWithNewCACert.crt", + "InvalidBasicSelfIssuedOldWithNewTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedNewKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.3 Valid Basic Self-Issued New With Old Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedOldKeyCACert.crt", + "BasicSelfIssuedOldKeyNewWithOldCACert.crt", + "ValidBasicSelfIssuedNewWithOldTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", + "BasicSelfIssuedOldKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.4 Valid Basic Self-Issued New With Old Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedOldKeyCACert.crt", + "BasicSelfIssuedOldKeyNewWithOldCACert.crt", + "ValidBasicSelfIssuedNewWithOldTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", + "BasicSelfIssuedOldKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.5 Invalid Basic Self-Issued New With Old Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedOldKeyCACert.crt", + "BasicSelfIssuedOldKeyNewWithOldCACert.crt", + "InvalidBasicSelfIssuedNewWithOldTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", + "BasicSelfIssuedOldKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.6 Valid Basic Self-Issued CRL Signing Key Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedCRLSigningKeyCACert.crt", + "BasicSelfIssuedCRLSigningKeyCRLCert.crt", + "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", + "BasicSelfIssuedCRLSigningKeyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedCRLSigningKeyCACert.crt", + "BasicSelfIssuedCRLSigningKeyCRLCert.crt", + "InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", + "BasicSelfIssuedCRLSigningKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "BasicSelfIssuedCRLSigningKeyCACert.crt", + "BasicSelfIssuedCRLSigningKeyCRLCert.crt", + "InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", + "BasicSelfIssuedCRLSigningKeyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.1 Invalid Missing basicConstraints Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "MissingbasicConstraintsCACert.crt", + "InvalidMissingbasicConstraintsTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "MissingbasicConstraintsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.2 Invalid cA False Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "basicConstraintsCriticalcAFalseCACert.crt", + "InvalidcAFalseTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "basicConstraintsCriticalcAFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.3 Invalid cA False Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "basicConstraintsNotCriticalcAFalseCACert.crt", + "InvalidcAFalseTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "basicConstraintsNotCriticalcAFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.4 Valid basicConstraints Not Critical Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "basicConstraintsNotCriticalCACert.crt", + "ValidbasicConstraintsNotCriticalTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "basicConstraintsNotCriticalCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.5 Invalid pathLenConstraint Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0subCACert.crt", + "InvalidpathLenConstraintTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl", + "pathLenConstraint0subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.6 Invalid pathLenConstraint Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0subCACert.crt", + "InvalidpathLenConstraintTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl", + "pathLenConstraint0subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.7 Valid pathLenConstraint Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "ValidpathLenConstraintTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.8 Valid pathLenConstraint Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "ValidpathLenConstraintTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.9 Invalid pathLenConstraint Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA0Cert.crt", + "pathLenConstraint6subsubCA00Cert.crt", + "InvalidpathLenConstraintTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA0CRL.crl", + "pathLenConstraint6subsubCA00CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.10 Invalid pathLenConstraint Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA0Cert.crt", + "pathLenConstraint6subsubCA00Cert.crt", + "InvalidpathLenConstraintTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA0CRL.crl", + "pathLenConstraint6subsubCA00CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.11 Invalid pathLenConstraint Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA1Cert.crt", + "pathLenConstraint6subsubCA11Cert.crt", + "pathLenConstraint6subsubsubCA11XCert.crt", + "InvalidpathLenConstraintTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA1CRL.crl", + "pathLenConstraint6subsubCA11CRL.crl", + "pathLenConstraint6subsubsubCA11XCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.12 Invalid pathLenConstraint Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA1Cert.crt", + "pathLenConstraint6subsubCA11Cert.crt", + "pathLenConstraint6subsubsubCA11XCert.crt", + "InvalidpathLenConstraintTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA1CRL.crl", + "pathLenConstraint6subsubCA11CRL.crl", + "pathLenConstraint6subsubsubCA11XCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.13 Valid pathLenConstraint Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA4Cert.crt", + "pathLenConstraint6subsubCA41Cert.crt", + "pathLenConstraint6subsubsubCA41XCert.crt", + "ValidpathLenConstraintTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA4CRL.crl", + "pathLenConstraint6subsubCA41CRL.crl", + "pathLenConstraint6subsubsubCA41XCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.14 Valid pathLenConstraint Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint6CACert.crt", + "pathLenConstraint6subCA4Cert.crt", + "pathLenConstraint6subsubCA41Cert.crt", + "pathLenConstraint6subsubsubCA41XCert.crt", + "ValidpathLenConstraintTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint6CACRL.crl", + "pathLenConstraint6subCA4CRL.crl", + "pathLenConstraint6subsubCA41CRL.crl", + "pathLenConstraint6subsubsubCA41XCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.15 Valid Self-Issued pathLenConstraint Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0SelfIssuedCACert.crt", + "ValidSelfIssuedpathLenConstraintTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.16 Invalid Self-Issued pathLenConstraint Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint0SelfIssuedCACert.crt", + "pathLenConstraint0subCA2Cert.crt", + "InvalidSelfIssuedpathLenConstraintTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint0CACRL.crl", + "pathLenConstraint0subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.6.17 Valid Self-Issued pathLenConstraint Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "pathLenConstraint1CACert.crt", + "pathLenConstraint1SelfIssuedCACert.crt", + "pathLenConstraint1subCACert.crt", + "pathLenConstraint1SelfIssuedsubCACert.crt", + "ValidSelfIssuedpathLenConstraintTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "pathLenConstraint1CACRL.crl", + "pathLenConstraint1subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.1 Invalid keyUsage Critical keyCertSign False Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageCriticalkeyCertSignFalseCACert.crt", + "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageCriticalkeyCertSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageNotCriticalkeyCertSignFalseCACert.crt", + "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageNotCriticalkeyCertSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.3 Valid keyUsage Not Critical Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageNotCriticalCACert.crt", + "ValidkeyUsageNotCriticalTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageNotCriticalCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.4 Invalid keyUsage Critical cRLSign False Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageCriticalcRLSignFalseCACert.crt", + "InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageCriticalcRLSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.7.5 Invalid keyUsage Not Critical cRLSign False Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "keyUsageNotCriticalcRLSignFalseCACert.crt", + "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "keyUsageNotCriticalcRLSignFalseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.1 All Certificates Same Policy Test1 (Subpart 4)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "ValidCertificatePathTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1", + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.2 All Certificates No Policies Test2 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoPoliciesCACert.crt", + "AllCertificatesNoPoliciesTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NoPoliciesCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.2 All Certificates No Policies Test2 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoPoliciesCACert.crt", + "AllCertificatesNoPoliciesTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NoPoliciesCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.3 Different Policies Test3 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCACert.crt", + "DifferentPoliciesTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.3 Different Policies Test3 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCACert.crt", + "DifferentPoliciesTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.3 Different Policies Test3 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCACert.crt", + "DifferentPoliciesTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-1", + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.4 Different Policies Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "GoodsubCACert.crt", + "DifferentPoliciesTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "GoodsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.5 Different Policies Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "PoliciesP2subCA2Cert.crt", + "DifferentPoliciesTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "PoliciesP2subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.6 Overlapping Policies Test6 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP1234CACert.crt", + "PoliciesP1234subCAP123Cert.crt", + "PoliciesP1234subsubCAP123P12Cert.crt", + "OverlappingPoliciesTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP1234CACRL.crl", + "PoliciesP1234subCAP123CRL.crl", + "PoliciesP1234subsubCAP123P12CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.6 Overlapping Policies Test6 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP1234CACert.crt", + "PoliciesP1234subCAP123Cert.crt", + "PoliciesP1234subsubCAP123P12Cert.crt", + "OverlappingPoliciesTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP1234CACRL.crl", + "PoliciesP1234subCAP123CRL.crl", + "PoliciesP1234subsubCAP123P12CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.6 Overlapping Policies Test6 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP1234CACert.crt", + "PoliciesP1234subCAP123Cert.crt", + "PoliciesP1234subsubCAP123P12Cert.crt", + "OverlappingPoliciesTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP1234CACRL.crl", + "PoliciesP1234subCAP123CRL.crl", + "PoliciesP1234subsubCAP123P12CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.7 Different Policies Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "PoliciesP123subCAP12Cert.crt", + "PoliciesP123subsubCAP12P1Cert.crt", + "DifferentPoliciesTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl", + "PoliciesP123subCAP12CRL.crl", + "PoliciesP123subsubCAP12P1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.8 Different Policies Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "PoliciesP12subCAP1Cert.crt", + "PoliciesP12subsubCAP1P2Cert.crt", + "DifferentPoliciesTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl", + "PoliciesP12subCAP1CRL.crl", + "PoliciesP12subsubCAP1P2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.9 Different Policies Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "PoliciesP123subCAP12Cert.crt", + "PoliciesP123subsubCAP12P2Cert.crt", + "PoliciesP123subsubsubCAP12P2P1Cert.crt", + "DifferentPoliciesTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl", + "PoliciesP123subCAP12CRL.crl", + "PoliciesP123subsubCAP2P2CRL.crl", + "PoliciesP123subsubsubCAP12P2P1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.10 All Certificates Same Policies Test10 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "AllCertificatesSamePoliciesTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.10 All Certificates Same Policies Test10 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "AllCertificatesSamePoliciesTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.10 All Certificates Same Policies Test10 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "AllCertificatesSamePoliciesTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.11 All Certificates AnyPolicy Test11 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AllCertificatesanyPolicyTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.11 All Certificates AnyPolicy Test11 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AllCertificatesanyPolicyTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.12 Different Policies Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP3CACert.crt", + "DifferentPoliciesTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP3CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.13 All Certificates Same Policies Test13 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "AllCertificatesSamePoliciesTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.13 All Certificates Same Policies Test13 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "AllCertificatesSamePoliciesTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.13 All Certificates Same Policies Test13 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP123CACert.crt", + "AllCertificatesSamePoliciesTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP123CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-3" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.14 AnyPolicy Test14 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AnyPolicyTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.14 AnyPolicy Test14 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "anyPolicyCACert.crt", + "AnyPolicyTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "anyPolicyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.15 User Notice Qualifier Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UserNoticeQualifierTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.16 User Notice Qualifier Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "UserNoticeQualifierTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.17 User Notice Qualifier Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "UserNoticeQualifierTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.18 User Notice Qualifier Test18 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "UserNoticeQualifierTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.18 User Notice Qualifier Test18 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PoliciesP12CACert.crt", + "UserNoticeQualifierTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PoliciesP12CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.19 User Notice Qualifier Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "UserNoticeQualifierTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.8.20 CPS Pointer Qualifier Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "CPSPointerQualifierTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": true, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.1 Valid RequireExplicitPolicy Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy10CACert.crt", + "requireExplicitPolicy10subCACert.crt", + "requireExplicitPolicy10subsubCACert.crt", + "requireExplicitPolicy10subsubsubCACert.crt", + "ValidrequireExplicitPolicyTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy10CACRL.crl", + "requireExplicitPolicy10subCACRL.crl", + "requireExplicitPolicy10subsubCACRL.crl", + "requireExplicitPolicy10subsubsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.2 Valid RequireExplicitPolicy Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy5CACert.crt", + "requireExplicitPolicy5subCACert.crt", + "requireExplicitPolicy5subsubCACert.crt", + "requireExplicitPolicy5subsubsubCACert.crt", + "ValidrequireExplicitPolicyTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy5CACRL.crl", + "requireExplicitPolicy5subCACRL.crl", + "requireExplicitPolicy5subsubCACRL.crl", + "requireExplicitPolicy5subsubsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.3 Invalid RequireExplicitPolicy Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy4CACert.crt", + "requireExplicitPolicy4subCACert.crt", + "requireExplicitPolicy4subsubCACert.crt", + "requireExplicitPolicy4subsubsubCACert.crt", + "InvalidrequireExplicitPolicyTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy4CACRL.crl", + "requireExplicitPolicy4subCACRL.crl", + "requireExplicitPolicy4subsubCACRL.crl", + "requireExplicitPolicy4subsubsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.4 Valid RequireExplicitPolicy Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy0CACert.crt", + "requireExplicitPolicy0subCACert.crt", + "requireExplicitPolicy0subsubCACert.crt", + "requireExplicitPolicy0subsubsubCACert.crt", + "ValidrequireExplicitPolicyTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy0CACRL.crl", + "requireExplicitPolicy0subCACRL.crl", + "requireExplicitPolicy0subsubCACRL.crl", + "requireExplicitPolicy0subsubsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.5 Invalid RequireExplicitPolicy Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy7CACert.crt", + "requireExplicitPolicy7subCARE2Cert.crt", + "requireExplicitPolicy7subsubCARE2RE4Cert.crt", + "requireExplicitPolicy7subsubsubCARE2RE4Cert.crt", + "InvalidrequireExplicitPolicyTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy7CACRL.crl", + "requireExplicitPolicy7subCARE2CRL.crl", + "requireExplicitPolicy7subsubCARE2RE4CRL.crl", + "requireExplicitPolicy7subsubsubCARE2RE4CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.6 Valid Self-Issued requireExplicitPolicy Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy2CACert.crt", + "requireExplicitPolicy2SelfIssuedCACert.crt", + "ValidSelfIssuedrequireExplicitPolicyTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.7 Invalid Self-Issued requireExplicitPolicy Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy2CACert.crt", + "requireExplicitPolicy2SelfIssuedCACert.crt", + "requireExplicitPolicy2subCACert.crt", + "InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy2CACRL.crl", + "requireExplicitPolicy2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.9.8 Invalid Self-Issued requireExplicitPolicy Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "requireExplicitPolicy2CACert.crt", + "requireExplicitPolicy2SelfIssuedCACert.crt", + "requireExplicitPolicy2subCACert.crt", + "requireExplicitPolicy2SelfIssuedsubCACert.crt", + "InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "requireExplicitPolicy2CACRL.crl", + "requireExplicitPolicy2subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.1.1 Valid Policy Mapping Test1 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "ValidPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.1.2 Valid Policy Mapping Test1 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "ValidPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.1.3 Valid Policy Mapping Test1 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "ValidPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": true, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.2 Invalid Policy Mapping Test2 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "InvalidPolicyMappingTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.2 Invalid Policy Mapping Test2 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "Mapping1to2CACert.crt", + "InvalidPolicyMappingTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "Mapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": true, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.3 Valid Policy Mapping Test3 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "P12Mapping1to3subCACert.crt", + "P12Mapping1to3subsubCACert.crt", + "ValidPolicyMappingTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl", + "P12Mapping1to3subCACRL.crl", + "P12Mapping1to3subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.3 Valid Policy Mapping Test3 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "P12Mapping1to3subCACert.crt", + "P12Mapping1to3subsubCACert.crt", + "ValidPolicyMappingTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl", + "P12Mapping1to3subCACRL.crl", + "P12Mapping1to3subsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.4 Invalid Policy Mapping Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "P12Mapping1to3subCACert.crt", + "P12Mapping1to3subsubCACert.crt", + "InvalidPolicyMappingTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl", + "P12Mapping1to3subCACRL.crl", + "P12Mapping1to3subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.5 Valid Policy Mapping Test5 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.5 Valid Policy Mapping Test5 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-6" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.6 Valid Policy Mapping Test6 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.6 Valid Policy Mapping Test6 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1Mapping1to234CACert.crt", + "P1Mapping1to234subCACert.crt", + "ValidPolicyMappingTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1Mapping1to234CACRL.crl", + "P1Mapping1to234subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-6" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.7 Invalid Mapping From anyPolicy Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "MappingFromanyPolicyCACert.crt", + "InvalidMappingFromanyPolicyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "MappingFromanyPolicyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.8 Invalid Mapping To anyPolicy Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "MappingToanyPolicyCACert.crt", + "InvalidMappingToanyPolicyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "MappingToanyPolicyCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.9 Valid Policy Mapping Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "PanyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "PanyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.10 Invalid Policy Mapping Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "GoodsubCAPanyPolicyMapping1to2CACert.crt", + "InvalidPolicyMappingTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "GoodsubCAPanyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.11 Valid Policy Mapping Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "GoodCACert.crt", + "GoodsubCAPanyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl", + "GoodsubCAPanyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.12 Valid Policy Mapping Test12 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "ValidPolicyMappingTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.12 Valid Policy Mapping Test12 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P12Mapping1to3CACert.crt", + "ValidPolicyMappingTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P12Mapping1to3CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.13 Valid Policy Mapping Test13 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.13 Valid Policy Mapping Test13 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "NIST-test-policy-1", + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.13 Valid Policy Mapping Test13 (Subpart 3)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "NIST-test-policy-2" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.10.14 Valid Policy Mapping Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "P1anyPolicyMapping1to2CACert.crt", + "ValidPolicyMappingTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "P1anyPolicyMapping1to2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.1 Invalid inhibitPolicyMapping Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping0CACert.crt", + "inhibitPolicyMapping0subCACert.crt", + "InvalidinhibitPolicyMappingTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping0CACRL.crl", + "inhibitPolicyMapping0subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.2 Valid inhibitPolicyMapping Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCACert.crt", + "ValidinhibitPolicyMappingTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.3 Invalid inhibitPolicyMapping Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCACert.crt", + "inhibitPolicyMapping1P12subsubCACert.crt", + "InvalidinhibitPolicyMappingTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCACRL.crl", + "inhibitPolicyMapping1P12subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.4 Valid inhibitPolicyMapping Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCACert.crt", + "inhibitPolicyMapping1P12subsubCACert.crt", + "ValidinhibitPolicyMappingTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCACRL.crl", + "inhibitPolicyMapping1P12subsubCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.5 Invalid inhibitPolicyMapping Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping5CACert.crt", + "inhibitPolicyMapping5subCACert.crt", + "inhibitPolicyMapping5subsubCACert.crt", + "inhibitPolicyMapping5subsubsubCACert.crt", + "InvalidinhibitPolicyMappingTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping5CACRL.crl", + "inhibitPolicyMapping5subCACRL.crl", + "inhibitPolicyMapping5subsubCACRL.crl", + "inhibitPolicyMapping5subsubsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.6 Invalid inhibitPolicyMapping Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P12CACert.crt", + "inhibitPolicyMapping1P12subCAIPM5Cert.crt", + "inhibitPolicyMapping1P12subsubCAIPM5Cert.crt", + "InvalidinhibitPolicyMappingTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P12CACRL.crl", + "inhibitPolicyMapping1P12subCAIPM5CRL.crl", + "inhibitPolicyMapping1P12subsubCAIPM5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.7 Valid Self-Issued inhibitPolicyMapping Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "ValidSelfIssuedinhibitPolicyMappingTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1subsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl", + "inhibitPolicyMapping1P1subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1subsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl", + "inhibitPolicyMapping1P1subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1SelfIssuedsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitPolicyMapping1P1CACert.crt", + "inhibitPolicyMapping1P1SelfIssuedCACert.crt", + "inhibitPolicyMapping1P1subCACert.crt", + "inhibitPolicyMapping1P1SelfIssuedsubCACert.crt", + "InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitPolicyMapping1P1CACRL.crl", + "inhibitPolicyMapping1P1subCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.1 Invalid inhibitAnyPolicy Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy0CACert.crt", + "InvalidinhibitAnyPolicyTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy0CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.2 Valid inhibitAnyPolicy Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy0CACert.crt", + "ValidinhibitAnyPolicyTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy0CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.3 inhibitAnyPolicy Test3 (Subpart 1)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCA1Cert.crt", + "inhibitAnyPolicyTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.3 inhibitAnyPolicy Test3 (Subpart 2)", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCA1Cert.crt", + "inhibitAnyPolicyTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": true + }, + { + "Name": "4.12.4 Invalid inhibitAnyPolicy Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCA1Cert.crt", + "InvalidinhibitAnyPolicyTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.5 Invalid inhibitAnyPolicy Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy5CACert.crt", + "inhibitAnyPolicy5subCACert.crt", + "inhibitAnyPolicy5subsubCACert.crt", + "InvalidinhibitAnyPolicyTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy5CACRL.crl", + "inhibitAnyPolicy5subCACRL.crl", + "inhibitAnyPolicy5subsubCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.6 Invalid inhibitAnyPolicy Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1subCAIAP5Cert.crt", + "InvalidinhibitAnyPolicyTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCAIAP5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.7 Valid Self-Issued inhibitAnyPolicy Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "ValidSelfIssuedinhibitAnyPolicyTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "inhibitAnyPolicy1subsubCA2Cert.crt", + "InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl", + "inhibitAnyPolicy1subsubCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.9 Valid Self-Issued inhibitAnyPolicy Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt", + "ValidSelfIssuedinhibitAnyPolicyTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "inhibitAnyPolicy1CACert.crt", + "inhibitAnyPolicy1SelfIssuedCACert.crt", + "inhibitAnyPolicy1subCA2Cert.crt", + "InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "inhibitAnyPolicy1CACRL.crl", + "inhibitAnyPolicy1subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.1 Valid DN nameConstraints Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "ValidDNnameConstraintsTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.2 Invalid DN nameConstraints Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "InvalidDNnameConstraintsTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.3 Invalid DN nameConstraints Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "InvalidDNnameConstraintsTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.4 Valid DN nameConstraints Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "ValidDNnameConstraintsTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.5 Valid DN nameConstraints Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN2CACert.crt", + "ValidDNnameConstraintsTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.6 Valid DN nameConstraints Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "ValidDNnameConstraintsTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.7 Invalid DN nameConstraints Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "InvalidDNnameConstraintsTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.8 Invalid DN nameConstraints Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN4CACert.crt", + "InvalidDNnameConstraintsTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN4CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.9 Invalid DN nameConstraints Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN4CACert.crt", + "InvalidDNnameConstraintsTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN4CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.10 Invalid DN nameConstraints Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN5CACert.crt", + "InvalidDNnameConstraintsTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN5CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.11 Valid DN nameConstraints Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN5CACert.crt", + "ValidDNnameConstraintsTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN5CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.12 Invalid DN nameConstraints Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA1Cert.crt", + "InvalidDNnameConstraintsTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.13 Invalid DN nameConstraints Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA2Cert.crt", + "InvalidDNnameConstraintsTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.14 Valid DN nameConstraints Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA2Cert.crt", + "ValidDNnameConstraintsTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.15 Invalid DN nameConstraints Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA1Cert.crt", + "InvalidDNnameConstraintsTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.16 Invalid DN nameConstraints Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA1Cert.crt", + "InvalidDNnameConstraintsTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.17 Invalid DN nameConstraints Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA2Cert.crt", + "InvalidDNnameConstraintsTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.18 Valid DN nameConstraints Test18", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN3CACert.crt", + "nameConstraintsDN3subCA2Cert.crt", + "ValidDNnameConstraintsTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN3CACRL.crl", + "nameConstraintsDN3subCA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.19 Valid Self-Issued DN nameConstraints Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1SelfIssuedCACert.crt", + "ValidDNnameConstraintsTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.20 Invalid Self-Issued DN nameConstraints Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "InvalidDNnameConstraintsTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.21 Valid RFC822 nameConstraints Test21", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA1Cert.crt", + "ValidRFC822nameConstraintsTest21EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.22 Invalid RFC822 nameConstraints Test22", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA1Cert.crt", + "InvalidRFC822nameConstraintsTest22EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.23 Valid RFC822 nameConstraints Test23", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA2Cert.crt", + "ValidRFC822nameConstraintsTest23EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA2CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.24 Invalid RFC822 nameConstraints Test24", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA2Cert.crt", + "InvalidRFC822nameConstraintsTest24EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA2CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.25 Valid RFC822 nameConstraints Test25", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA3Cert.crt", + "ValidRFC822nameConstraintsTest25EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA3CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.26 Invalid RFC822 nameConstraints Test26", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsRFC822CA3Cert.crt", + "InvalidRFC822nameConstraintsTest26EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsRFC822CA3CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.27 Valid DN and RFC822 nameConstraints Test27", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA3Cert.crt", + "ValidDNandRFC822nameConstraintsTest27EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA3CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.28 Invalid DN and RFC822 nameConstraints Test28", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA3Cert.crt", + "InvalidDNandRFC822nameConstraintsTest28EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA3CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.29 Invalid DN and RFC822 nameConstraints Test29", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDN1CACert.crt", + "nameConstraintsDN1subCA3Cert.crt", + "InvalidDNandRFC822nameConstraintsTest29EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDN1CACRL.crl", + "nameConstraintsDN1subCA3CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.30 Valid DNS nameConstraints Test30", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS1CACert.crt", + "ValidDNSnameConstraintsTest30EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.31 Invalid DNS nameConstraints Test31", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS1CACert.crt", + "InvalidDNSnameConstraintsTest31EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.32 Valid DNS nameConstraints Test32", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS2CACert.crt", + "ValidDNSnameConstraintsTest32EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.33 Invalid DNS nameConstraints Test33", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS2CACert.crt", + "InvalidDNSnameConstraintsTest33EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.34 Valid URI nameConstraints Test34", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI1CACert.crt", + "ValidURInameConstraintsTest34EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.35 Invalid URI nameConstraints Test35", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI1CACert.crt", + "InvalidURInameConstraintsTest35EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.36 Valid URI nameConstraints Test36", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI2CACert.crt", + "ValidURInameConstraintsTest36EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.37 Invalid URI nameConstraints Test37", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsURI2CACert.crt", + "InvalidURInameConstraintsTest37EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsURI2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.13.38 Invalid DNS nameConstraints Test38", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "nameConstraintsDNS1CACert.crt", + "InvalidDNSnameConstraintsTest38EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "nameConstraintsDNS1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.1 Valid distributionPoint Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "ValiddistributionPointTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.2 Invalid distributionPoint Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "InvaliddistributionPointTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.3 Invalid distributionPoint Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "InvaliddistributionPointTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.4 Valid distributionPoint Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint1CACert.crt", + "ValiddistributionPointTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint1CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.5 Valid distributionPoint Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "ValiddistributionPointTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.6 Invalid distributionPoint Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "InvaliddistributionPointTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.7 Valid distributionPoint Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "ValiddistributionPointTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.8 Invalid distributionPoint Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "InvaliddistributionPointTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.9 Invalid distributionPoint Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "distributionPoint2CACert.crt", + "InvaliddistributionPointTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "distributionPoint2CACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.10 Valid No issuingDistributionPoint Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "NoissuingDistributionPointCACert.crt", + "ValidNoissuingDistributionPointTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "NoissuingDistributionPointCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.11 Invalid onlyContainsUserCerts CRL Test11", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsUserCertsCACert.crt", + "InvalidonlyContainsUserCertsTest11EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsUserCertsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.12 Invalid onlyContainsCACerts CRL Test12", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsCACertsCACert.crt", + "InvalidonlyContainsCACertsTest12EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsCACertsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.13 Valid onlyContainsCACerts CRL Test13", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsCACertsCACert.crt", + "ValidonlyContainsCACertsTest13EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsCACertsCACRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.14 Invalid onlyContainsAttributeCerts Test14", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlyContainsAttributeCertsCACert.crt", + "InvalidonlyContainsAttributeCertsTest14EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlyContainsAttributeCertsCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.15 Invalid onlySomeReasons Test15", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA1Cert.crt", + "InvalidonlySomeReasonsTest15EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA1compromiseCRL.crl", + "onlySomeReasonsCA1otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.16 Invalid onlySomeReasons Test16", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA1Cert.crt", + "InvalidonlySomeReasonsTest16EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA1compromiseCRL.crl", + "onlySomeReasonsCA1otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.17 Invalid onlySomeReasons Test17", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA2Cert.crt", + "InvalidonlySomeReasonsTest17EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA2CRL1.crl", + "onlySomeReasonsCA2CRL2.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.18 Valid onlySomeReasons Test18", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA3Cert.crt", + "ValidonlySomeReasonsTest18EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA3compromiseCRL.crl", + "onlySomeReasonsCA3otherreasonsCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.19 Valid onlySomeReasons Test19", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA4Cert.crt", + "ValidonlySomeReasonsTest19EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA4compromiseCRL.crl", + "onlySomeReasonsCA4otherreasonsCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.20 Invalid onlySomeReasons Test20", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA4Cert.crt", + "InvalidonlySomeReasonsTest20EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA4compromiseCRL.crl", + "onlySomeReasonsCA4otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.21 Invalid onlySomeReasons Test21", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "onlySomeReasonsCA4Cert.crt", + "InvalidonlySomeReasonsTest21EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "onlySomeReasonsCA4compromiseCRL.crl", + "onlySomeReasonsCA4otherreasonsCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.22 Valid IDP with indirectCRL Test22", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA1Cert.crt", + "ValidIDPwithindirectCRLTest22EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.23 Invalid IDP with indirectCRL Test23", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA1Cert.crt", + "InvalidIDPwithindirectCRLTest23EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.24 Valid IDP with indirectCRL Test24", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "indirectCRLCA1Cert.crt", + "ValidIDPwithindirectCRLTest24EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.25 Valid IDP with indirectCRL Test25", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "indirectCRLCA1Cert.crt", + "ValidIDPwithindirectCRLTest25EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.26 Invalid IDP with indirectCRL Test26", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "indirectCRLCA1Cert.crt", + "InvalidIDPwithindirectCRLTest26EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA1CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.27 Invalid cRLIssuer Test27", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA2Cert.crt", + "GoodCACert.crt", + "InvalidcRLIssuerTest27EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "GoodCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.28 Valid cRLIssuer Test28", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA3Cert.crt", + "indirectCRLCA3cRLIssuerCert.crt", + "ValidcRLIssuerTest28EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA3CRL.crl", + "indirectCRLCA3cRLIssuerCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.29 Valid cRLIssuer Test29", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA3Cert.crt", + "indirectCRLCA3cRLIssuerCert.crt", + "ValidcRLIssuerTest29EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA3CRL.crl", + "indirectCRLCA3cRLIssuerCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.30 Valid cRLIssuer Test30", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA4Cert.crt", + "indirectCRLCA4cRLIssuerCert.crt", + "ValidcRLIssuerTest30EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA4cRLIssuerCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.31 Invalid cRLIssuer Test31", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "indirectCRLCA6Cert.crt", + "InvalidcRLIssuerTest31EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.32 Invalid cRLIssuer Test32", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "indirectCRLCA6Cert.crt", + "InvalidcRLIssuerTest32EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.33 Valid cRLIssuer Test33", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "indirectCRLCA6Cert.crt", + "ValidcRLIssuerTest33EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.34 Invalid cRLIssuer Test34", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "InvalidcRLIssuerTest34EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.14.35 Invalid cRLIssuer Test35", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "indirectCRLCA5Cert.crt", + "InvalidcRLIssuerTest35EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "indirectCRLCA5CRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.1 Invalid deltaCRLIndicator No Base Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLIndicatorNoBaseCACert.crt", + "InvaliddeltaCRLIndicatorNoBaseTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLIndicatorNoBaseCACRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.2 Valid delta-CRL Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "ValiddeltaCRLTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.3 Invalid delta-CRL Test3", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "InvaliddeltaCRLTest3EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.4 Invalid delta-CRL Test4", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "InvaliddeltaCRLTest4EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.5 Valid delta-CRL Test5", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "ValiddeltaCRLTest5EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.6 Invalid delta-CRL Test6", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "InvaliddeltaCRLTest6EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.7 Valid delta-CRL Test7", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA1Cert.crt", + "ValiddeltaCRLTest7EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA1CRL.crl", + "deltaCRLCA1deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.8 Valid delta-CRL Test8", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA2Cert.crt", + "ValiddeltaCRLTest8EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA2CRL.crl", + "deltaCRLCA2deltaCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.9 Invalid delta-CRL Test9", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA2Cert.crt", + "InvaliddeltaCRLTest9EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA2CRL.crl", + "deltaCRLCA2deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.15.10 Invalid delta-CRL Test10", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "deltaCRLCA3Cert.crt", + "InvaliddeltaCRLTest10EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl", + "deltaCRLCA3CRL.crl", + "deltaCRLCA3deltaCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.16.1 Valid Unknown Not Critical Certificate Extension Test1", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "ValidUnknownNotCriticalCertificateExtensionTest1EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": true, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + }, + { + "Name": "4.16.2 Invalid Unknown Critical Certificate Extension Test2", + "CertPath": [ + "TrustAnchorRootCertificate.crt", + "InvalidUnknownCriticalCertificateExtensionTest2EE.crt" + ], + "CRLPath": [ + "TrustAnchorRootCRL.crl" + ], + "ShouldValidate": false, + "InitialPolicySet": [ + "anyPolicy" + ], + "InitialPolicyMappingInhibit": false, + "InitialExplicitPolicy": false, + "InitialAnyPolicyInhibit": false + } +] \ No newline at end of file