The samples in the pkits folder run validation tests on the Public Key Infrastructure Testing Suite (PKITS).

Downloading the PKITS files
Compiling the Public Key Infrastructure Testing Suite sample files
Running PKITSTestRunner

Downloading the PKITS files

Download the PKITS file from:

http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/PKITS_data.zip

Extract the contents of this compressed file into the following folder.

etjava/examples/data/pkits

Compiling the Public Key Infrastructure Testing Suite sample files

Run the following command line in the etjava/examples directory.

javac -sourcepath source -d classes -classpath ../lib/enttoolkit.jar \
source/com/entrust/toolkit/examples/pkits/PKITSTest.java \
source/com/entrust/toolkit/examples/pkits/PKITSTestConfiguration.java \
source/com/entrust/toolkit/examples/pkits/PKITSTestResult.java \
source/com/entrust/toolkit/examples/pkits/PKITSTestRunner.java

Running PKITSTestRunner

Run the following command line in the etjava/examples directory.

java -classpath classes; ../lib/enttoolkit.jar com.entrust.toolkit.examples.pkits.PKITSTestRunner

See the documentation of PKITSTestRunner class for a description of optional command-line parameters.

For example:

C:\etjava\examples>java -classpath classes;../lib/enttoolkit.jar com.entrust.toolkit.examples.pkits.PKITSTestRunner
 
Running test 4.1.1 Valid Signatures Test1
Running test 4.1.2 Invalid CA Signature Test2
Running test 4.1.3 Invalid EE Signature Test3
Running test 4.1.4 Valid DSA Signatures Test4
[more outputs deleted]
Running test 4.15.9 Invalid delta-CRL Test9
Running test 4.15.10 Invalid delta-CRL Test10
Running test 4.16.1 Valid Unknown Not Critical Certificate Extension Test1
Running test 4.16.2 Invalid Unknown Critical Certificate Extension Test2
 
D:\java\etjava\examples>java -classpath classes;..\lib\enttoolkit.jar com.entrust.toolkit.examples.pkits.PKITSTestRunner
Running test 4.1.1 Valid Signatures Test1
Running test 4.1.2 Invalid CA Signature Test2
Running test 4.1.3 Invalid EE Signature Test3
Running test 4.1.4 Valid DSA Signatures Test4
[more outputs deleted]
Running test 4.15.9 Invalid delta-CRL Test9
Running test 4.15.10 Invalid delta-CRL Test10
Running test 4.16.1 Valid Unknown Not Critical Certificate Extension Test1
Running test 4.16.2 Invalid Unknown Critical Certificate Extension Test2
 
Results of tests:
4.1.1 Valid Signatures Test1: Success
4.1.2 Invalid CA Signature Test2: Success
4.1.3 Invalid EE Signature Test3: Success
4.1.4 Valid DSA Signatures Test4: Success
4.1.5 Valid DSA Parameter Inheritance Test5: FAIL
Comment: The Java toolkit does not support DSA parameter inheritance, so this pa
th will not validate.
com.entrust.toolkit.exceptions.CertificationRootException: Could not find the CA
 certificate that issued this certificate
        at com.entrust.toolkit.x509.certstore.CollectionCS.b(Unknown Source)
        at com.entrust.toolkit.x509.certstore.CollectionCS.validate(Unknown Source)
        at com.entrust.toolkit.x509.CertVerifier.validate(Unknown Source)
        at com.entrust.toolkit.examples.pkits.PKITSTest.runTest(PKITSTest.java:365)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.runAllTests(PKITSTestRunner.java:495)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.run(PKITSTestRunner.java:152)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.main(PKITSTestRunner.java:105)
 
4.1.6 Invalid DSA Signature Test6: Success
4.2.1 Invalid CA notBefore Date Test1: Success
4.2.2 Invalid EE notBefore Date Test2: Success
4.2.3 Valid pre2000 UTC notBefore Date Test3: Success
[more output deleted]
4.14.11 Invalid onlyContainsUserCerts CRL Test11: Success
4.14.12 Invalid onlyContainsCACerts CRL Test12: Success
4.14.13 Valid onlyContainsCACerts CRL Test13: Success
4.14.14 Invalid onlyContainsAttributeCerts Test14: Success
4.14.15 Invalid onlySomeReasons Test15: Success
Comment: The Java toolkit does not support onlySomeReasons for CRLs, so this pat
h will not validate
4.14.16 Invalid onlySomeReasons Test16: Success
Comment: The Java toolkit does not support onlySomeReasons for CRLs, so this pat
h will not validate
4.14.17 Invalid onlySomeReasons Test17: Success
Comment: The Java toolkit does not support onlySomeReasons for CRLs, so this pat
h will not validate
4.14.18 Valid onlySomeReasons Test18: FAIL
Comment: The Java toolkit does not support onlySomeReasons for CRLs, so this pat
h will not validate
com.entrust.toolkit.exceptions.CertificationException: No CRLs were available
        at com.entrust.toolkit.x509.revocation.CollectionRS.a(Unknown Source)
        at com.entrust.toolkit.x509.revocation.CollectionRS.check(Unknown Source)
        at com.entrust.toolkit.x509.certstore.CollectionCS.a(Unknown Source)
        at com.entrust.toolkit.x509.certstore.CollectionCS.b(Unknown Source)
        at com.entrust.toolkit.x509.certstore.CollectionCS.validate(Unknown Source)
        at com.entrust.toolkit.x509.CertVerifier.validate(Unknown Source)
        at com.entrust.toolkit.examples.pkits.PKITSTest.runTest(PKITSTest.java:365)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.runAllTests(PKITST estRunner.java:495)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.run(PKITSTestRunner.java:152)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.main(PKITSTestRunner.java:105)
 
4.14.19 Valid onlySomeReasons Test19: FAIL
Comment: The Java toolkit does not support onlySomeReasons for CRLs, so this pat
h will not validate
com.entrust.toolkit.exceptions.CertificationException: No CRLs were available
        at com.entrust.toolkit.x509.revocation.CollectionRS.a(Unknown Source)
        at com.entrust.toolkit.x509.revocation.CollectionRS.check(Unknown Source)
        at com.entrust.toolkit.x509.certstore.CollectionCS.a(Unknown Source)
        at com.entrust.toolkit.x509.certstore.CollectionCS.b(Unknown Source)
        at com.entrust.toolkit.x509.certstore.CollectionCS.validate(Unknown Source)
        at com.entrust.toolkit.x509.CertVerifier.validate(Unknown Source)
        at com.entrust.toolkit.examples.pkits.PKITSTest.runTest(PKITSTest.java:365)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.runAllTests(PKITSTestRunner.java:495)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.run(PKITSTestRunner.java:152)
        at com.entrust.toolkit.examples.pkits.PKITSTestRunner.main(PKITSTestRunner.java:105)
 
[more output deleted]
 
4.14.20 Invalid onlySomeReasons Test20: Success
Comment: The Java toolkit does not support onlySomeReasons for CRLs, so this path will not validate
4.14.21 Invalid onlySomeReasons Test21: Success
Comment: The Java toolkit does not support onlySomeReasons for CRLs, so this path will not validate
4.14.22 Valid IDP with indirectCRL Test22: Success
4.14.23 Invalid IDP with indirectCRL Test23: Success
4.14.24 Valid IDP with indirectCRL Test24: Success
4.14.25 Valid IDP with indirectCRL Test25: Success
4.14.26 Invalid IDP with indirectCRL Test26: Success
4.14.27 Invalid cRLIssuer Test27: Success
4.14.28 Valid cRLIssuer Test28: Success
4.14.29 Valid cRLIssuer Test29: Success
4.14.30 Valid cRLIssuer Test30: Success
4.14.31 Invalid cRLIssuer Test31: Success
4.14.32 Invalid cRLIssuer Test32: Success
4.14.33 Valid cRLIssuer Test33: Success
4.14.34 Invalid cRLIssuer Test34: Success
4.14.35 Invalid cRLIssuer Test35: Success
4.15.1 Invalid deltaCRLIndicator No Base Test1: Success
4.15.2 Valid delta-CRL Test2: Success
4.15.3 Invalid delta-CRL Test3: Success
4.15.4 Invalid delta-CRL Test4: Success
4.15.5 Valid delta-CRL Test5: Success
4.15.6 Invalid delta-CRL Test6: Success
4.15.7 Valid delta-CRL Test7: Success
4.15.8 Valid delta-CRL Test8: Success
4.15.9 Invalid delta-CRL Test9: Success
4.15.10 Invalid delta-CRL Test10: Success
4.16.1 Valid Unknown Not Critical Certificate Extension Test1: Success
4.16.2 Invalid Unknown Critical Certificate Extension Test2: Success
Total tests run: 250
Total passes: 247
Total failures: 3
Total possible failures: 0
Total Run time: 5880 