From fb54f8a71f59bcb1d23cf11969b0ed827fcc5b13 Mon Sep 17 00:00:00 2001
From: Rajan Halade <rhalade@openjdk.org>
Date: Thu, 28 Jun 2018 11:41:45 -0700
Subject: [PATCH] 8195774: Add Entrust root certificates

Reviewed-by: weijun
---
 src/java.base/share/lib/security/cacerts      | Bin 85358 -> 93412 bytes
 .../lib/security/cacerts/VerifyCACerts.java   |  20 ++-
 .../certification/EntrustCA.java              | 169 ++++++++++++++++++
 3 files changed, 187 insertions(+), 2 deletions(-)
 create mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java

diff --git a/src/java.base/share/lib/security/cacerts b/src/java.base/share/lib/security/cacerts
index 350636c26f1a54b406db61cc45f0d56219a7ef34..9adede1ddabbfca30343e99ab04a409c1ceb9233 100644
GIT binary patch
delta 7140
zcmd6Lc{r5++x8e^tSS4>Sh5@U3}fGSg$OBRANv-v#@Ho9jU{8Lq-2TgvW+C6#ga85
zTcnUIS)ymix1XNh@_yg<c#h+Jjydi>uKWJXeSJR1b)MIC-scjIWM+hfYHx9G5d;E(
z372s>6`seG5$);cbJ^F=$IHvl-WF|-fLXXYxLpK+h#b_a-_U|c&cjiFEa4x!KqPpJ
zaE0F?1`~n7$3PDff`kaK0U7q(*a9e^WWupJZxkWK#6Scd+wz{-QuEh~MPa(0_HcwC
zzz-!hg;3IQ8Kcp#fPet_VPd!^+E3ga?PTjN=7;w2@I}Z1(!W*$g7!i%B!ED|{&*Ek
z4Ca_|2}Q(2BLN`xR}#|+A1=U7?s5nbo@=Tj08XZ32qfVrgFqos5>n<&$0VeGg{b}T
z|MM=Pzjlc=5@EK9rt9pf_fQR)a_{+UYV8PS<y*6echR1%YYkob27Z3~&W6Q60+c28
zjPVH%Qa*vZcQyyKS#0$}yRZTaepJg|>EwI%U%W3$J#q>t?aaAisv(zWZ^X4eZP#C@
zO{(+?hHat)=xgogSl=goB70yOmH)xjP!&z1ri-O{L1$+hG(4-OJ;7dToXJ$<#U46|
zr%CN4zIu5kDL(&NfY!K&?J{_Mr+VVmp25$(!jA=Dz#?-fMjBcjLbm%^AmLQ%*5r1<
zb$+t>D>t1ze22aGOSr*xnYH|?7AI{=dvsWrpcym(5nbg7PZ>Fe?y%@cKvKru_6XGK
z$n<|h4FU%uA;Lf;G3_s?L1gU5H-TeNast9)zaJwaA|U|*5mg9!fOfz96m*n_<==-A
zLIqGdfDgU&e+QYmp{=p?erA}9r@fbtHymac1oJ^V!eN5$E*>s^zA$$eTRXTA;v~TP
z3xVwW2t>%r%KnAG{R}X@{l#bp#6Q80@HFEF4G{|lCb*wQXdi>JvIrzn5+RKOPzVAB
zkpy%TLP-P)fh1t?|K$+>=QAk(PaJ~u@DSLDVQ$PL{nLfCu@wvVV5AI;4#Fa*d-0T~
z^sg_5``>q}4OD6IRqJqW88sGpZ&l}i3x!Q!&ACD+N6lqX%h^54N6%RvQJ553_sZ=w
z@d}t~toXhP9|+@@dN+qmsPZc1dR#z`>Fb$iVMDGC#WD1;X%-nsLodaSdPl11A5C?-
zPyORDx-7db51ZoeIf=L5ZoI@|Qz!OGv@^xuF(h@WEN~EQd{JRAyP{i&cuPFru%ch*
z4GGfp+HQq|9`(#E(#xZmi6>;HHZg$ER)|i%OYAgCnKSlca4<vDGUz%3j|mefg&*5U
zt?PUPzp4E;Cr#}swf=+`fA=$HZaYVH@4<l<FzF<=jt)g{Iup@L6W%-=|Ag!wV(Ts+
zIpY&=Y<W06Mm{U~Toy2AoOvZUs6ansh$Ss$2g=nYaYf5MIo*+OTZN5VpzEWL@3%91
zh|Jv%Dm`c8_V7r$TiZ2{-d$8&dE>dkK$99twWOR@MpJxzNPL`&IN3~;v$Fxms*(1Y
z`OE{Z*P&)7#Iqpe=F!!j!yIyxgSox#K~_QR^v|bz^e|X?w8G+qV)KL9G}dR;EYF&(
zEE<0DE<3Zlq{RwY5{r2OJ)AYHCFADbdy5_lJlG40XbZ}eFsrA1T=+rF9ouzoe9t4A
zk}M%CX<_IVcl+v`LXfyscCQ{o(&QH&=~p;)%8aq_l%z_hEH520hI8Hc6_G1eIR8%<
zQl4LlLeYTHMwL;b^V|juhy4CEO`MQN8E)+K4~DA|7_LNMIR7ETPZ=i)9%VS?KEs>;
zN5=^8o5a5+(m%!s5&(XU5uqbv1Z&t1#r6zA*`)z#gftR`lH8vlgkiKFqV~i84I7Lc
zhGFWXYkWp?sobVAKLJDq{tL*uG*#BlceV!SeY*EHB7^Y0wor=u0>hQoZ#50reFhDX
z-+Zne{~pEC;~E|g(&T*nVh)F=H4|XJ=PXVU*W~I(ZG~QC4;bi=N%H2dszlBu<PF5i
zg3IgrwBO8h>bA)jjPIC)nl*o&_iPQSki$@#P8r@}MABJ`2cCP{np*kId`19wn{TN7
zOHbCx$mv(DZJN&$GlHRR!Zf!FDLi%Ly+-?KSk%5Jlj7Hnt+SQZm_$Filo%lO>;e{Q
z=Vu!v8(9)cvyJ9z!>WzTC3t2%y1f-xx2Lk4YNFPX?w8r=>3=w1;vh*&yjhc!YR?DG
zzjVM&S0Dc19?s>^Ie8bOe)pu?DYTBoSne8nOwetP^!Az{WuBzCw{gS}8&@|R{6f4h
zO^JH%I^EACS&^1+O=r9l3&j_h+9*wO``OZONhmygWS0l>FTUX73FQcDd!mtatBkha
zc9eoeOMCV6cl)O*Br5m&YS*f9QuxBF{#PNU5RvRS46C$4nAm;R;r@85uBH-2_hFB+
z0nDoZ@z?TKWq5MjvA8xxd?XuM`N8pvML%XM7`mz-wKppEM9(ikeIDz}A_MVCG})B-
zIXLdsuUV8p;ONt_IQ6|odtBG^R`$*pNk8Rj&y#(uQT!4tYOoWP{)S4yCC<b*-?tU}
z)96GAg9*{_50diuyBNPHobJ$=LC7^7uLQ8>Mx~<xgC>T<*3r?$$Kycl5yn`6myer^
zr_&!(_z6_|H%EyL3H;O}2tLVQ93{JQ1|rMepDA{fr~8vw13?Lp?-K}02R1eSJ(Z~_
zRS)u+?5j%z7l7e7AQ=_ok=rnX-}^YwYXE^?vIt2)2Kg7;BoK$;-%ayxvydDd_h6b;
zMZc0@g1e=<yV;(-^Z8zPP^#W+YIx>LQwI%nvXjFUblOr{cSAfYI+|1Ln@tX2@G3fH
zO0=6ZcTcKVA^@c^j7n!!l$sBw9v;xX>*|s)@}ohnG{}5lZSYb9E``?(S9{ejj*8Rz
zNv_y-v9ZWlgTE41kBlslGmn?O-}MoOr#_Pi?ty;U%;#vzcUncGoNZ{bHKt|!gtFpd
z-H(+OUgI%5I>T#ZOXX5hXj5AMo8~)K0=(n94|@2iK|-Guw7x3Z;FS&g#`sl@a_Obj
zAosk@9<s$PifxB1B~nZmI>xiSRNZ>7A!XY=6`<7-y0LaMLTYzZa>XZXm5Q+mT*ZLB
zBS}wB%GEcQ{jSwBPo?T{u;B?qzqXDh?8+6Mj6E?TO04HiGEBT#1!M5T*4@F8tSrga
z>?$O^enI}km*#@zP4&?m(r>Dea6?m8l!3qcCD<}Hz<|LU9{21ihsW5<YJq;ybG>Jc
z<uv+yJKESt(B^hGvzJtp5TkRF3m3Qth=PY4>KtTWcP^GKo+j2QxRXf~K8C(0Rf@i#
zb0+e12YSVfV-|A(PND2R+`B$YUgd5AqWHj|A9vZK_I$eedyhWQowY2T=4aCR^->?M
z#KmN=GUScJ^DLUmn72|4UwdEJ6mZgh`Qi?#TxhT8MRyiC$Li4C8(xv+&1Be7dhL}w
z=@**03NHf693EmPHe8}2ZNBNMNiLd$Ok&s>rEXGLZa;Vg#*bF|W39O`tVgKh?SuAk
zx$N;LZ-PGk<_*ayAd*Cjz#aG@Z#)v|waOn*EFI+y6@fRZe}^~h04tOjL-@v_qC3hP
z!(W>?N*V-k@R1`)pwK>P4#NM79RD^&B$x+V&BlRgqn#+U-cx=5e*N~f>5Y;}g+N^6
z@K;Rm9SPyFB$!31nAaS3M9SOMx%;}&y%-B8$ej~>UKa%;pJtd1>j=@+Og7)ppNOF{
zX2x;y<(*0XnioU)a!m-+mw$eVU%#{HVF+$yTV`CtjA3>&v13GM>KLN{2WLlA%*opN
zB2(2@7-F8&VmFc!KE{_hzWDT0<dZ_lyS~b2lg`=ko57%S<7=jA?mP7k@9h#MC<Bn6
z?OyTYvKor)qV%eu!9a%)ei5pl@r1n%Au?dyXiUqLooOcI7+}kdAcddQ&0+qwv?_8b
zvASNCR5#$qGW=!=Ns^d&K*+K>9@T&w-tsLF#eC~ATM{(jw@yxRCKs>U9D{y><CKgF
zdU@I?3S@NLE4O}z7RQ=R*AK=72GpxB=wLR6n|VDr@x4;+=Pg&3@>xt+*NOZ5KTak#
zDOA4IIX%^}iMjdEUn^S;t(4FCl$6+9ORO$qwRWJwlzX{;Ob?W?L!TxffuC2`*6Jh6
z#4y^(<HGtrF3K!?A>vffIj2khLQfi$dzHGychbx8laDr_bYhm0xD%%aa(|v0X4`gc
z0u#wfd7<qBGN7{2#^s#sZWS~{bkIR+q)BHnnk(!+PqJ{G+FE37zi~>Sff(y<gqOyU
zJdt0z+6T}S+->3cl21tkes7`Z;pW&z1tjQNjnhHf$Z2tUK*ck{zph#Q0DYE5U|6%n
z{&(BJ5RgqA2_^znn(3dgGmx7pS*T+#L-KZ1>Y5v6`wJ!o6`5%<4XmHtsMVM!)4(%F
z_fdwweong!G9|H%Qyr`3%T;I_?%46p6%S00f=P{EIqpJt_5Nk4TVxN~CraK-pC7DM
z8n0jdEU7Y_7qK3wEIx4m$4Fkk6@;4U(Vps8%xs0vwnn6c+Pv8L@8=Tjl<U<VXH!{*
z!O{Gd#%Dkkfnj%#Wr`)$aa_-9d%SDY1LR-tfY=qbEuzMQGZv|3tZs^9z3&%hdliJz
zafG##>6BYJeKsOH`RU_Hx3fYwvioFx$;`$xp;Z<+C!mw9poewrr@$2SJx^7;b`nwC
zp_oXSZ-pi|SWwth4_CS86+I2{vDo>n&f{_g!F6}P25N2pkQSf47QH&L2N}8Rd`Fyb
ziaZTEkk&QHm;U+629~5@(f5;B?`7GcIlj?h18eo<+#Y&ays5WNrWv9td+F3I;&gz^
z2D-$?yBA@@%c^Y`bN>~KWVlyl3G4LjuOS$nM*~D7PBn!-*ab1i>WaD<MTLrGy~Ksj
zr1)YK&NQ}>`9bwVtEwn>Hy4$+x5rkVxwt)<^dMhbDKhk@2o4Qqx@(%QmWd#LZ$pzr
z0)&0MuGO1E|Lz6T3`u%o8(%eBH$7>E%I3XX)!0Tzk6U_&aJb|yei?f2{rTrHib}~;
zd$~d%YU;?HS=gD?D|;$jAv#BOhrO4F2inKp#n%1L{@K;{yMO+Z?g$8g3h)<}U%_TY
zvt#~)!1z~_U;TH!qpcE<0uKD3!&Z3^{ylvG;{yJ3nge~Y!FI-pROBwhI+W)n7g5Eu
zuO?JOSF}O*B>mu<XSKzmXWCVfsb<@>1s2p($y}VVECof?Vo$7(U283iK?Nbj8rbcm
zzm;2@QtWzt$@-I8bLxD@_!f_jL;GxTyNJgllCRqXl-;=5uZH;v^4j-#ErNqLC6w!y
zGc%@PPX`6#G2N*<Pc#>&RhVe{{k~EnrbPH%v-HeLOJGX%n!zNiO<67srJ)8e`!<xn
z94WX{diRC)()@})hcCmojQr}3;Ghw;A`y(`-W&ci_Z%ZoWg7J+oa_J+o%2xvYh`E<
zJT2Gn`HFRCt53R=Pq^5Om`CuK?qy7^;JeHC>(gV@;2^}WMuBZNPO$1KQ@+i4d^R(!
zk#8e4`L9NC0z*UuI$yE|p?=+R>?g%;e?6nMP*aF==6T(|Dh_FVj6kRs^rCuuEL_RA
zf<N>Owy>s67+1`lL0>+e__jEnVc3nYe}%DhIN!1#V|0CynW!9V-_*Ei8;;8@f1~C-
zRTv6A87gph&+AJiC*Qm2)26H-c~q7B$k0V#H-awy8>SU1vgp)yy;Hry(v2Y=+-Ud1
z;9IpsQH9rAiaf*V4f%PvM(e1fOrgX%ofQu@iKJtR$~MwDZ@WCgB*Tu~_VG_(yX~`k
z7Nx2QP8Vmd!1?NOm+NY4YF910O44-d<6d2;9R%l^8=$LGOW7ub9y6}sLAj)IOb*qM
zYF_S43X(MWj4R8Ps9GidKa}~Qyg=LA|G|)YwbkDY0fT`^qCLVDbEq)<GEQE5p&V@T
zhYPFucjN^O;5?KUO#eb&5PVeiqr5=^2fF+(iE$7De?QN@#Q0ZfAp3dtolwj%z>19_
zhq&i%5UN&A;bw3b1N&>c)ogxCQpH)5?R$f-XcyM#t>>?^6pO=kK9(@62bT0mKWnOZ
zE&5S=iuI#?og!R3u<gv~+VOm6JyRdIG!6r1wY0!j(h4`Gvd|(z_tXHD0|IkULl`0S
zxH6&O78(?a-v|IbbKO&c43rKk>?0IQ`-0YviF`Hgs-byVM~fO>+j`yIHTFZBfZvRa
z@em1yO>(+jyt0d2K{{t>u1;%Z_wLjsFraoJPQBk~qW&#8()`WUFf+w$Yc;oZQnBi<
zk=U&ZUZoD(=Vuc*r|p}oBVK!f6N4%}-y5DgMRVwxp#A@-cwIH-cf}!T1i$14K~n}D
z`X!ofh9*b#<bfmlc;7F<9C{dsw);QK^nZ3kjbSdnhgPVUk1fH`JoH1+K4?#SG~tu&
zpw&^*G5+%50ja-S(8G6&0V2PA6TZWou(MuX*x6l9PALQeDNTTfgd}p`^E?bu`ymkV
zzhj%|JvM9@nhR5tR->-A-R>dmr8AMLCu>Hs^el)*)mdus%N~v>`L2xMkMAe69O3$$
ztmUi*?Y%8&S08u&L?lQMkJd(oD8Ztw7AwvP7HocaqH;<4`Aco;3}NRMo-{j#QSFiS
z9+97sr#l}hjq8o3gc~Z8UyBBP0VouiU+?S+U%>IEF^Otoa=AR!gFL7#Z|&(6Jm=N6
zwA%HY<E+|n*6fXqvdFuZR6Z>fzIXD{)kn>Z$t7pgPZt>_&CnrO<_+|3kCs%r4m8S|
zT<QuA#-zLt<p>{%Xt==NO0)M7JM}$$2E8LGO)V7etzRY+3(v)vmE|&(erA6u$ZcK2
zK0KEP;n{lo?%424FfkE`=w8HQAmS1BDIE`Hzo;B1AbbE%_;G?YcC?legd2ZWlWTu5
zFN7Ij45xQanQ_X0U>yD;)-iwO`)T!^=q8UNZ2LEl4_y6?P*PP8<OD#?Mn-i`8jg^Y
zgagE2NXmh^itPs;4-vzJd$#Q7Z%~oI3aweXLVOJR%SU_CcTCJ#M5)NWS2V^v%)xlb
zpRE)go$HTIwBI=XlAq{?q5GOO{S?-(g)SG6Gn}rndCvZoM<eNyc1Z_o=cg<j$cFBx
zcbGMezAjrO!`YBdlXv)>v@$o`aPFs-8TF(o8Vxx-rmQJS&G&3VQA2@H_qqc+g??{i
zQORxLo}U=ZyU>O5Md0Mq=y#HR7J*UczGO>1<Da70aMI<tS)91@`DgG_%&7vy@UI1y
zr&8h8B$*0lRX@D0vhOBRug{JeOSX|;HLt1)DSbzoB6E2;g2S=zyP3CCCH{wC*`<>)
z7Ib@@7;|uyLM@pL(H3!SvjmYLq!z3|be@LZj6Q*do-?tiT9te(zlnV5tl6^fe*t|Y
BQ^f!P

delta 102
zcmV-s0Ga>f*#+*J1q}Y}{_Ow&00IC2086n9zaq2uCA|r=4m9H-m&Gvw53_Ju0Y$U-
zqFNub&c|g0v$@YXCbKH|OIEiiR{>B2w>47%^8>ecTLD=S6kPW!WPiKfw3FHLrAy~5
Ia>6qK@Wxmy!2kdN

diff --git a/test/jdk/lib/security/cacerts/VerifyCACerts.java b/test/jdk/lib/security/cacerts/VerifyCACerts.java
index 7fe87ea374a..b702ec68cbb 100644
--- a/test/jdk/lib/security/cacerts/VerifyCACerts.java
+++ b/test/jdk/lib/security/cacerts/VerifyCACerts.java
@@ -24,7 +24,7 @@
 
 /**
  * @test
- * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923
+ * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774
  * @requires java.runtime.name ~= "OpenJDK.*"
  * @summary Check root CA entries in cacerts file
  */
@@ -42,7 +42,7 @@ public class VerifyCACerts {
             + File.separator + "security" + File.separator + "cacerts";
 
     // The numbers of certs now.
-    private static final int COUNT = 75;
+    private static final int COUNT = 83;
 
     // map of cert alias to SHA-256 fingerprint
     private static final Map<String, String> FINGERPRINT_MAP
@@ -198,6 +198,22 @@ public class VerifyCACerts {
                     "14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58");
             put("starfieldrootg2ca [jdk]",
                     "2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5");
+            put("entrustrootcaec1 [jdk]",
+                    "02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5");
+            put("entrust2048ca [jdk]",
+                    "6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77");
+            put("entrustrootcag2 [jdk]",
+                    "43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39");
+            put("entrustevca [jdk]",
+                    "73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C");
+            put("affirmtrustnetworkingca [jdk]",
+                    "0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0:B4:1B");
+            put("affirmtrustpremiumca [jdk]",
+                    "70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A");
+            put("affirmtrustcommercialca [jdk]",
+                    "03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7");
+            put("affirmtrustpremiumeccca [jdk]",
+                    "BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23");
         }
     };
 
diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java
new file mode 100644
index 00000000000..d8d6d4f5f8f
--- /dev/null
+++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8195774
+ * @summary Interoperability tests with Entrust EC CA
+ * @build ValidatePathWithParams
+ * @run main/othervm -Djava.security.debug=certpath EntrustCA OCSP
+ * @run main/othervm -Djava.security.debug=certpath EntrustCA CRL
+ */
+
+/*
+ * Obtain test artifacts for Entrust EC CA from:
+ *
+ * Valid https://validec.entrust.net
+ *
+ * Revoked https://revokedec.entrust.net
+ */
+public class EntrustCA {
+
+    // Owner: CN=Entrust Certification Authority - L1J, OU="(c) 2016 Entrust, Inc. - for authorized use only",
+    // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
+    // Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only",
+    // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n" +
+            "MIID5zCCA2ygAwIBAgIQCoPUgD5+n1EAAAAAUdTB9zAKBggqhkjOPQQDAzCBvzEL\n" +
+            "MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl\n" +
+            "ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy\n" +
+            "IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UE\n" +
+            "AxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4X\n" +
+            "DTE2MDQwNTIwMTk1NFoXDTM3MTAwNTIwNDk1NFowgboxCzAJBgNVBAYTAlVTMRYw\n" +
+            "FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu\n" +
+            "bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNiBFbnRydXN0LCBJbmMu\n" +
+            "IC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2Vy\n" +
+            "dGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUowdjAQBgcqhkjOPQIBBgUrgQQAIgNi\n" +
+            "AAT14eFXmpQX/dEf7NAxrMH13n0btz1KKvH2S1rROGPAKex2CY8yxznbffK/MbCk\n" +
+            "F7ByYXGs1+8kL5xmTysU/c+YmjOZx2mMSAk2DPw30fijJ3tRrwChZ+TBpgtB6+A5\n" +
+            "MsCjggEuMIIBKjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAz\n" +
+            "BggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3Qu\n" +
+            "bmV0MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvZWMx\n" +
+            "cm9vdC5jcmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6\n" +
+            "Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\n" +
+            "BQcDAjAdBgNVHQ4EFgQUw/lFA77I+Qs8RTXz63Ls5+jrlJswHwYDVR0jBBgwFoAU\n" +
+            "t2PnGt2N6QimVYOk4GpQQWURQkkwCgYIKoZIzj0EAwMDaQAwZgIxAPnVAOqxKDd7\n" +
+            "v37EBmpPqWCCWBFPKW6HpRx3GUWc9caeQIw8rO2HXYgf92pb/TsJYAIxAJhI0MpR\n" +
+            "z5L42xF1R9UIPfQxCMwgsnWBqIqcfMrMO+2DxQy6GIP3cFFj9gRyxguKWw==\n" +
+            "-----END CERTIFICATE-----";
+
+    // Owner: CN=validec.entrust.net, SERIALNUMBER=D15576572, OID.2.5.4.15=Private Organization, O="Entrust, Inc.",
+    // OID.1.3.6.1.4.1.311.60.2.1.2=Maryland, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Kanata, ST=Ontario, C=CA
+    // Issuer: CN=Entrust Certification Authority - L1J, OU="(c) 2016 Entrust, Inc. - for authorized use only",
+    // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n" +
+            "MIIFrTCCBTKgAwIBAgIQYtgW4DLwh74AAAAAVqBXkTAKBggqhkjOPQQDAjCBujEL\n" +
+            "MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl\n" +
+            "ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDE2\n" +
+            "IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE\n" +
+            "AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSjAeFw0xODA2\n" +
+            "MjUxMzE1NTdaFw0xOTA2MjUxMzQ1NTBaMIHJMQswCQYDVQQGEwJDQTEQMA4GA1UE\n" +
+            "CBMHT250YXJpbzEPMA0GA1UEBxMGS2FuYXRhMRMwEQYLKwYBBAGCNzwCAQMTAlVT\n" +
+            "MRkwFwYLKwYBBAGCNzwCAQITCE1hcnlsYW5kMRYwFAYDVQQKEw1FbnRydXN0LCBJ\n" +
+            "bmMuMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjESMBAGA1UEBRMJRDE1\n" +
+            "NTc2NTcyMRwwGgYDVQQDExN2YWxpZGVjLmVudHJ1c3QubmV0MFkwEwYHKoZIzj0C\n" +
+            "AQYIKoZIzj0DAQcDQgAEHQe7lUaAUgIwR9EiLJlhkbx+HfSr22M3JvQD6+fnYgqd\n" +
+            "55e6E1UE45fk92UpqPi1CEbXrdpmWKu1Z470B9cPGaOCAwcwggMDMB4GA1UdEQQX\n" +
+            "MBWCE3ZhbGlkZWMuZW50cnVzdC5uZXQwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsB\n" +
+            "aQB1AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZDcxpMkAAAQD\n" +
+            "AEYwRAIgIb0PwjCcNOchJg8Zywz/0Lwm2vEOJUSao6BqNUIsyaYCIElHHexB06LE\n" +
+            "yXWDXO7UqOtWT6uqkdJN8V4TzwT9B4o4AHcA3esdK3oNT6Ygi4GtgWhwfi6OnQHV\n" +
+            "XIiNPRHEzbbsvswAAAFkNzGkvgAABAMASDBGAiEAlxy/kxB9waIifYn+EV550pvA\n" +
+            "C3jUfS/bjsKbcsBH9cQCIQDSHTJORz6fZu8uLFhpV525pw7iHVh2dSn3gpcteObh\n" +
+            "DQB3ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZDcxpTsAAAQD\n" +
+            "AEgwRgIhAPCBqVqSvAEIXMPloV0tfBEEdjRrAhiG407cPqYwt9AFAiEAuQf4R5os\n" +
+            "MLkD3XhxvrTDvnD+PUOf8PzPevsWkuxNqcQwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud\n" +
+            "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBjBggrBgEFBQcBAQRXMFUwIwYIKwYB\n" +
+            "BQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MC4GCCsGAQUFBzAChiJodHRw\n" +
+            "Oi8vYWlhLmVudHJ1c3QubmV0L2wxai1lYzEuY2VyMDMGA1UdHwQsMCowKKAmoCSG\n" +
+            "Imh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxai5jcmwwSgYDVR0gBEMwQTA2\n" +
+            "BgpghkgBhvpsCgECMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5u\n" +
+            "ZXQvcnBhMAcGBWeBDAEBMB8GA1UdIwQYMBaAFMP5RQO+yPkLPEU18+ty7Ofo65Sb\n" +
+            "MB0GA1UdDgQWBBT+J7OhS6gskCanmOGnx10DPSF8ATAJBgNVHRMEAjAAMAoGCCqG\n" +
+            "SM49BAMCA2kAMGYCMQCQLUQABT74TmdHzAtB97uNF5+Zy15wzkmlKeRSOXCIf2C5\n" +
+            "YKjsgdkR1OdzZXcpjNgCMQDfWcdPhodNXZC4l1lLPOPaTzPPw6uVqqoITQlc6r1t\n" +
+            "dRkkD6K9ii/X8EtwoFp7s80=\n" +
+            "-----END CERTIFICATE-----";
+
+    // Owner: CN=revokedec.entrust.net, SERIALNUMBER=115868500, OID.2.5.4.15=Private Organization, O="Entrust, Inc.",
+    // OID.1.3.6.1.4.1.311.60.2.1.2=Texas, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Kanata, ST=Ontario, C=CA
+    // Issuer: CN=Entrust Certification Authority - L1J, OU="(c) 2016 Entrust, Inc. - for authorized use only",
+    // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" +
+            "MIIGJzCCBaygAwIBAgIRAM0WDfag1taIAAAAAFagJ5gwCgYIKoZIzj0EAwIwgbox\n" +
+            "CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9T\n" +
+            "ZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAx\n" +
+            "NiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNV\n" +
+            "BAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUowHhcNMTcw\n" +
+            "NTI0MTcwNzA4WhcNMTkwNTI0MTczNjU1WjCByDELMAkGA1UEBhMCQ0ExEDAOBgNV\n" +
+            "BAgTB09udGFyaW8xDzANBgNVBAcTBkthbmF0YTETMBEGCysGAQQBgjc8AgEDEwJV\n" +
+            "UzEWMBQGCysGAQQBgjc8AgECEwVUZXhhczEWMBQGA1UEChMNRW50cnVzdCwgSW5j\n" +
+            "LjEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xEjAQBgNVBAUTCTExNTg2\n" +
+            "ODUwMDEeMBwGA1UEAxMVcmV2b2tlZGVjLmVudHJ1c3QubmV0MFkwEwYHKoZIzj0C\n" +
+            "AQYIKoZIzj0DAQcDQgAEN5MP/59yrs9uwVM/Mrc8IuHonMChAZgN2twwvh8KTnR2\n" +
+            "3stfem/R+NtLccq+4ds1+8ktnXgP7u1x0as6IJOH1qOCA4EwggN9MCAGA1UdEQQZ\n" +
+            "MBeCFXJldm9rZWRlYy5lbnRydXN0Lm5ldDCCAfcGCisGAQQB1nkCBAIEggHnBIIB\n" +
+            "4wHhAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFcO4iiogAA\n" +
+            "BAMARzBFAiAgHVpryyNVgnsUIihu+5DC2/vuP8Cy5iXq8NhCBXg8UgIhAKi5jImT\n" +
+            "f1FJksvHboc0EZh9TWhWljVZ6E5jB2CL+qzeAHcAVhQGmi/XwuzT9eG9RLI+x0Z2\n" +
+            "ubyZEVzA75SYVdaJ0N0AAAFcO4ij9QAABAMASDBGAiEA4B2p2726ISSkKC9WVlzj\n" +
+            "BVwYZ1Hr7mTjPrFqkoGpEHYCIQC5iuInkJXGBANLTH06BHIQkkr4KnFRl9QBOSw4\n" +
+            "b+kNqgB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABXDuIpkcA\n" +
+            "AAQDAEYwRAIgQ9ssw19wIhHWW6IWgwnIyB7e30HacBNX6S1eQ3GUX04CICffGj3A\n" +
+            "WWmK9lixmk35YklMnSXNqHQezSYRiCYtXxejAHcApLkJkLQYWBSHuxOizGdwCjw1\n" +
+            "mAT5G9+443fNDsgN3BAAAAFcO4inUwAABAMASDBGAiEA+8T9tpPw/mU/STsNv0oz\n" +
+            "8Nla21fKlpEOyWqDKWPSUeYCIQCwI5tDyyaJtyFY9/OVqLG+BKPKjscUtTqGJYl4\n" +
+            "XbOo1jAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF\n" +
+            "BwMCMGMGCCsGAQUFBwEBBFcwVTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50\n" +
+            "cnVzdC5uZXQwLgYIKwYBBQUHMAKGImh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFq\n" +
+            "LWVjMS5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5l\n" +
+            "dC9sZXZlbDFqLmNybDBKBgNVHSAEQzBBMDYGCmCGSAGG+mwKAQIwKDAmBggrBgEF\n" +
+            "BQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQEwHwYDVR0j\n" +
+            "BBgwFoAUw/lFA77I+Qs8RTXz63Ls5+jrlJswHQYDVR0OBBYEFIj28ytR8ulo1p2t\n" +
+            "ZnBQOLK0rlLUMAkGA1UdEwQCMAAwCgYIKoZIzj0EAwIDaQAwZgIxANzqGRI0en5P\n" +
+            "gSUDcdwoQSNKrBPBfGz2AQVLHAXsxvIlGhKZAQtM49zxA8AdFy/agwIxAMEjJH6A\n" +
+            "4UbcGZc40eYu6wUbAxiUDD3gwSElNQ8Z6IhNLPCCdMM6KZORyaagAcXn4A==\n" +
+            "-----END CERTIFICATE-----";
+
+    public static void main(String[] args) throws Exception {
+
+        ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
+
+        if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
+            pathValidator.enableCRLCheck();
+        } else {
+            // OCSP check by default
+            pathValidator.enableOCSPCheck();
+        }
+
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Wed May 24 10:39:28 PDT 2017", System.out);
+    }
+
+}