changeset 17450:ab654e93e1b6

8189131: Open-source the Oracle JDK Root Certificates Summary: Open-source the Oracle JDK Root Certificates Reviewed-by: mullan, pkoppula
author rhalade
date Fri, 08 Dec 2017 03:06:19 -0800
parents 84021b910d1e
children 4696b1eea8e9
files src/java.base/share/lib/security/cacerts test/TEST.groups test/lib/security/cacerts/VerifyCACerts.java test/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java test/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java test/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java test/security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java test/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java test/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java test/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java
diffstat 10 files changed, 2823 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
Binary file src/java.base/share/lib/security/cacerts has changed
--- a/test/TEST.groups	Tue Dec 05 18:24:45 2017 -0800
+++ b/test/TEST.groups	Fri Dec 08 03:06:19 2017 -0800
@@ -203,6 +203,9 @@
     :jdk_security3 \
     :jdk_security4
 
+jdk_security_infra = \
+    security/infra/java/security/cert/CertPathValidator/certification
+
 jdk_text = \
     java/text \
     sun/text
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/lib/security/cacerts/VerifyCACerts.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,314 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8189131
+ * @requires java.runtime.name ~= "OpenJDK.*"
+ * @summary Check root CA entries in cacerts file
+ */
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.MessageDigest;
+import java.security.cert.*;
+import java.util.*;
+
+public class VerifyCACerts {
+
+    private static final String CACERTS
+            = System.getProperty("java.home") + File.separator + "lib"
+            + File.separator + "security" + File.separator + "cacerts";
+
+    private static final String BASE = System.getProperty("test.src", "./");
+
+    // The numbers of certs now.
+    private static final int COUNT = 80;
+
+    // map of cert alias to SHA-256 fingerprint
+    private static final Map<String, String> FINGERPRINT_MAP
+            = new HashMap<String, String>() {{
+        put("actalisauthenticationrootca [jdk]",
+                "55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66");
+        put("buypassclass2ca [jdk]",
+                "9A:11:40:25:19:7C:5B:B9:5D:94:E6:3D:55:CD:43:79:08:47:B6:46:B2:3C:DF:11:AD:A4:A0:0E:FF:15:FB:48");
+        put("buypassclass3ca [jdk]",
+                "ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D");
+        put("camerfirmachambersca [jdk]",
+                "06:3E:4A:FA:C4:91:DF:D3:32:F3:08:9B:85:42:E9:46:17:D8:93:D7:FE:94:4E:10:A7:93:7E:E2:9D:96:93:C0");
+        put("camerfirmachambersignca [jdk]",
+                "13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA");
+        put("camerfirmachamberscommerceca [jdk]",
+                "0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3");
+        put("certumca [jdk]",
+                "D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24");
+        put("certumtrustednetworkca [jdk]",
+                "5C:58:46:8D:55:F5:8E:49:7E:74:39:82:D2:B5:00:10:B6:D1:65:37:4A:CF:83:A7:D4:A3:2D:B7:68:C4:40:8E");
+        put("chunghwaepkirootca [jdk]",
+                "C0:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5");
+        put("comodorsaca [jdk]",
+                "52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34");
+        put("comodoaaaca [jdk]",
+                "D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4");
+        put("comodoeccca [jdk]",
+                "17:93:92:7A:06:14:54:97:89:AD:CE:2F:8F:34:F7:F0:B6:6D:0F:3A:E3:A3:B8:4D:21:EC:15:DB:BA:4F:AD:C7");
+        put("usertrustrsaca [jdk]",
+                "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2");
+        put("usertrusteccca [jdk]",
+                "4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A");
+        put("utnuserfirstobjectca [jdk]",
+                "6F:FF:78:E4:00:A7:0C:11:01:1C:D8:59:77:C4:59:FB:5A:F9:6A:3D:F0:54:08:20:D0:F4:B8:60:78:75:E5:8F");
+        put("utnuserfirstclientauthemailca [jdk]",
+                "43:F2:57:41:2D:44:0D:62:74:76:97:4F:87:7D:A8:F1:FC:24:44:56:5A:36:7A:E6:0E:DD:C2:7A:41:25:31:AE");
+        put("utnuserfirsthardwareca [jdk]",
+                "6E:A5:47:41:D0:04:66:7E:ED:1B:48:16:63:4A:A3:A7:9E:6E:4B:96:95:0F:82:79:DA:FC:8D:9B:D8:81:21:37");
+        put("addtrustclass1ca [jdk]",
+                "8C:72:09:27:9A:C0:4E:27:5E:16:D0:7F:D3:B7:75:E8:01:54:B5:96:80:46:E3:1F:52:DD:25:76:63:24:E9:A7");
+        put("addtrustexternalca [jdk]",
+                "68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2");
+        put("addtrustqualifiedca [jdk]",
+                "80:95:21:08:05:DB:4B:BC:35:5E:44:28:D8:FD:6E:C2:CD:E3:AB:5F:B9:7A:99:42:98:8E:B8:F4:DC:D0:60:16");
+        put("baltimorecybertrustca [jdk]",
+                "16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB");
+        put("baltimorecodesigningca [jdk]",
+                "A9:15:45:DB:D2:E1:9C:4C:CD:F9:09:AA:71:90:0D:18:C7:35:1C:89:B3:15:F0:F1:3D:05:C1:3A:8F:FB:46:87");
+        put("digicertglobalrootca [jdk]",
+                "43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61");
+        put("digicertglobalrootg2 [jdk]",
+                "CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F");
+        put("digicertglobalrootg3 [jdk]",
+                "31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0");
+        put("digicerttrustedrootg4 [jdk]",
+                "55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88");
+        put("digicertassuredidrootca [jdk]",
+                "3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C");
+        put("digicertassuredidg2 [jdk]",
+                "7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85");
+        put("digicertassuredidg3 [jdk]",
+                "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
+        put("digicerthighassuranceevrootca [jdk]",
+                "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF");
+        put("equifaxsecureca [jdk]",
+                "08:29:7A:40:47:DB:A2:36:80:C7:31:DB:6E:31:76:53:CA:78:48:E1:BE:BD:3A:0B:01:79:A7:07:F9:2C:F1:78");
+        put("equifaxsecureebusinessca1 [jdk]",
+                "2E:3A:2B:B5:11:25:05:83:6C:A8:96:8B:E2:CB:37:27:CE:9B:56:84:5C:6E:E9:8E:91:85:10:4A:FB:9A:F5:96");
+        put("equifaxsecureglobalebusinessca1 [jdk]",
+                "86:AB:5A:65:71:D3:32:9A:BC:D2:E4:E6:37:66:8B:A8:9C:73:1E:C2:93:B6:CB:A6:0F:71:63:40:A0:91:CE:AE");
+        put("geotrustglobalca [jdk]",
+                "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A");
+        put("geotrustprimaryca [jdk]",
+                "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C");
+        put("geotrustprimarycag2 [jdk]",
+                "5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66");
+        put("geotrustprimarycag3 [jdk]",
+                "B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4");
+        put("geotrustuniversalca [jdk]",
+                "A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12");
+        put("gtecybertrustglobalca [jdk]",
+                "A5:31:25:18:8D:21:10:AA:96:4B:02:C7:B7:C6:DA:32:03:17:08:94:E5:FB:71:FF:FB:66:67:D5:E6:81:0A:36");
+        put("thawteprimaryrootca [jdk]",
+                "8D:72:2F:81:A9:C1:13:C0:79:1D:F1:36:A2:96:6D:B2:6C:95:0A:97:1D:B4:6B:41:99:F4:EA:54:B7:8B:FB:9F");
+        put("thawteprimaryrootcag2 [jdk]",
+                "A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57");
+        put("thawteprimaryrootcag3 [jdk]",
+                "4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C");
+        put("thawtepremiumserverca [jdk]",
+                "3F:9F:27:D5:83:20:4B:9E:09:C8:A3:D2:06:6C:4B:57:D3:A2:47:9C:36:93:65:08:80:50:56:98:10:5D:BC:E9");
+        put("verisigntsaca [jdk]",
+                "CB:6B:05:D9:E8:E5:7C:D8:82:B1:0B:4D:B7:0D:E4:BB:1D:E4:2B:A4:8A:7B:D0:31:8B:63:5B:F6:E7:78:1A:9D");
+        put("verisignclass1ca [jdk]",
+                "51:84:7C:8C:BD:2E:9A:72:C9:1E:29:2D:2A:E2:47:D7:DE:1E:3F:D2:70:54:7A:20:EF:7D:61:0F:38:B8:84:2C");
+        put("verisignclass1g2ca [jdk]",
+                "34:1D:E9:8B:13:92:AB:F7:F4:AB:90:A9:60:CF:25:D4:BD:6E:C6:5B:9A:51:CE:6E:D0:67:D0:0E:C7:CE:9B:7F");
+        put("verisignclass1g3ca [jdk]",
+                "CB:B5:AF:18:5E:94:2A:24:02:F9:EA:CB:C0:ED:5B:B8:76:EE:A3:C1:22:36:23:D0:04:47:E4:F3:BA:55:4B:65");
+        put("verisignclass2g2ca [jdk]",
+                "3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F:D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1");
+        put("verisignclass2g3ca [jdk]",
+                "92:A9:D9:83:3F:E1:94:4D:B3:66:E8:BF:AE:7A:95:B6:48:0C:2D:6C:6C:2A:1B:E6:5D:42:36:B6:08:FC:A1:BB");
+        put("verisignclass3ca [jdk]",
+                "A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09:CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05");
+        put("verisignclass3g2ca [jdk]",
+                "83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E:DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B");
+        put("verisignuniversalrootca [jdk]",
+                "23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C");
+        put("verisignclass3g3ca [jdk]",
+                "EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44");
+        put("verisignclass3g4ca [jdk]",
+                "69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79");
+        put("verisignclass3g5ca [jdk]",
+                "9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF");
+        put("certplusclass2primaryca [jdk]",
+                "0F:99:3C:8A:EF:97:BA:AF:56:87:14:0E:D5:9A:D1:82:1B:B4:AF:AC:F0:AA:9A:58:B5:D5:7A:33:8A:3A:FB:CB");
+        put("certplusclass3pprimaryca [jdk]",
+                "CC:C8:94:89:37:1B:AD:11:1C:90:61:9B:EA:24:0A:2E:6D:AD:D9:9F:9F:6E:1D:4D:41:E5:8E:D6:DE:3D:02:85");
+        put("keynectisrootca [jdk]",
+                "42:10:F1:99:49:9A:9A:C3:3C:8D:E0:2B:A6:DB:AA:14:40:8B:DD:8A:6E:32:46:89:C1:92:2D:06:97:15:A3:32");
+        put("dtrustclass3ca2 [jdk]",
+                "49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1");
+        put("dtrustclass3ca2ev [jdk]",
+                "EE:C5:49:6B:98:8C:E9:86:25:B9:34:09:2E:EC:29:08:BE:D0:B0:F3:16:C2:D4:73:0C:84:EA:F1:F3:D3:48:81");
+        put("identrustdstx3 [jdk]",
+                "06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39");
+        put("identrustpublicca [jdk]",
+                "30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F");
+        put("identrustcommercial [jdk]",
+                "5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE");
+        put("letsencryptisrgx1 [jdk]",
+                "96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6");
+        put("luxtrustglobalrootca [jdk]",
+                "A1:B2:DB:EB:64:E7:06:C6:16:9E:3C:41:18:B2:3B:AA:09:01:8A:84:27:66:6D:8B:F0:E2:88:91:EC:05:19:50");
+        put("quovadisrootca [jdk]",
+                "A4:5E:DE:3B:BB:F0:9C:8A:E1:5C:72:EF:C0:72:68:D6:93:A2:1C:99:6F:D5:1E:67:CA:07:94:60:FD:6D:88:73");
+        put("quovadisrootca1g3 [jdk]",
+                "8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74");
+        put("quovadisrootca2 [jdk]",
+                "85:A0:DD:7D:D7:20:AD:B7:FF:05:F8:3D:54:2B:20:9D:C7:FF:45:28:F7:D6:77:B1:83:89:FE:A5:E5:C4:9E:86");
+        put("quovadisrootca2g3 [jdk]",
+                "8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40");
+        put("quovadisrootca3 [jdk]",
+                "18:F1:FC:7F:20:5D:F8:AD:DD:EB:7F:E0:07:DD:57:E3:AF:37:5A:9C:4D:8D:73:54:6B:F4:F1:FE:D1:E1:8D:35");
+        put("quovadisrootca3g3 [jdk]",
+                "88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46");
+        put("secomscrootca1 [jdk]",
+                "E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C");
+        put("secomscrootca2 [jdk]",
+                "51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6");
+        put("secomevrootca1 [jdk]",
+                "A2:2D:BA:68:1E:97:37:6E:2D:39:7D:72:8A:AE:3A:9B:62:96:B9:FD:BA:60:BC:2E:11:F6:47:F2:C6:75:FB:37");
+        put("swisssigngoldg2ca [jdk]",
+                "62:DD:0B:E9:B9:F5:0A:16:3E:A0:F8:E7:5C:05:3B:1E:CA:57:EA:55:C8:68:8F:64:7C:68:81:F2:C8:35:7B:95");
+        put("swisssignplatinumg2ca [jdk]",
+                "3B:22:2E:56:67:11:E9:92:30:0D:C0:B1:5A:B9:47:3D:AF:DE:F8:C8:4D:0C:EF:7D:33:17:B4:C1:82:1D:14:36");
+        put("swisssignsilverg2ca [jdk]",
+                "BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5");
+        put("soneraclass2ca [jdk]",
+                "79:08:B4:03:14:C1:38:10:0B:51:8D:07:35:80:7F:FB:FC:F8:51:8A:00:95:33:71:05:BA:38:6B:15:3D:D9:27");
+        put("securetrustca [jdk]",
+                "F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73");
+        put("xrampglobalca [jdk]",
+                "CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2");
+    }};
+
+    // Ninety days in milliseconds
+    private static final long NINETY_DAYS = 7776000000L;
+
+    private static boolean atLeastOneFailed = false;
+
+    private static MessageDigest md;
+
+    public static void main(String[] args) throws Exception {
+        System.out.println("cacerts file: " + CACERTS);
+        md = MessageDigest.getInstance("SHA-256");
+        KeyStore ks = KeyStore.getInstance("JKS");
+        ks.load(new FileInputStream(CACERTS), "changeit".toCharArray());
+
+        // check the count of certs inside
+        if (ks.size() != COUNT) {
+            atLeastOneFailed = true;
+            System.err.println("ERROR: " + ks.size() + " entries, should be "
+                    + COUNT);
+        }
+
+        // check that all entries in the map are in the keystore
+        for (String alias : FINGERPRINT_MAP.keySet()) {
+            if (!ks.isCertificateEntry(alias)) {
+                atLeastOneFailed = true;
+                System.err.println("ERROR: " + alias + " is not in cacerts");
+            }
+        }
+
+        // pull all the trusted self-signed CA certs out of the cacerts file
+        // and verify their signatures
+        Enumeration<String> aliases = ks.aliases();
+        while (aliases.hasMoreElements()) {
+            String alias = aliases.nextElement();
+            System.out.println("\nVerifying " + alias);
+            if (!ks.isCertificateEntry(alias)) {
+                atLeastOneFailed = true;
+                System.err.println("ERROR: " + alias
+                        + " is not a trusted cert entry");
+            }
+            X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
+            if (!checkFingerprint(alias, cert)) {
+                atLeastOneFailed = true;
+                System.err.println("ERROR: " + alias + " SHA-256 fingerprint is incorrect");
+            }
+            // Make sure cert can be self-verified
+            try {
+                cert.verify(cert.getPublicKey());
+            } catch (Exception e) {
+                atLeastOneFailed = true;
+                System.err.println("ERROR: cert cannot be verified:"
+                        + e.getMessage());
+            }
+
+            // Make sure cert is not expired or not yet valid
+            try {
+                cert.checkValidity();
+            } catch (CertificateExpiredException cee) {
+                atLeastOneFailed = true;
+                System.err.println("ERROR: cert is expired");
+            } catch (CertificateNotYetValidException cne) {
+                atLeastOneFailed = true;
+                System.err.println("ERROR: cert is not yet valid");
+            }
+
+            // If cert is within 90 days of expiring, mark as failure so
+            // that cert can be scheduled to be removed/renewed.
+            Date notAfter = cert.getNotAfter();
+            if (notAfter.getTime() - System.currentTimeMillis() < NINETY_DAYS) {
+                atLeastOneFailed = true;
+                System.err.println("WARNING: cert will expire within 90 days");
+            }
+        }
+
+        if (atLeastOneFailed) {
+            throw new Exception("At least one cacert test failed");
+        }
+    }
+
+    private static boolean checkFingerprint(String alias, Certificate cert)
+            throws Exception {
+        String fingerprint = FINGERPRINT_MAP.get(alias);
+        if (fingerprint == null) {
+            // no entry for alias
+            return true;
+        }
+        System.out.println("Checking fingerprint of " + alias);
+        byte[] digest = md.digest(cert.getEncoded());
+        return fingerprint.equals(toHexString(digest));
+    }
+
+    private static String toHexString(byte[] block) {
+        StringBuilder buf = new StringBuilder();
+        int len = block.length;
+        for (int i = 0; i < len; i++) {
+            buf.append(String.format("%02X", block[i]));
+            if (i < len - 1) {
+                buf.append(":");
+            }
+        }
+        return buf.toString();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,253 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8189131
+ * @summary Interoperability tests with Actalis CA
+ * @build ValidatePathWithParams
+ * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA OCSP
+ * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA CRL
+ */
+
+ /*
+ * Obtain test artifacts for Actalis CA from:
+ *
+ * Test web site with *active *TLS Server certificate:
+ * https://ssltest-a.actalis.it:8443
+ * If doesn't work then use certificate of https://www.actalis.it
+ *
+ * Test web site with *revoked *TLS Server certificate:
+ * https://ssltest-r.actalis.it:8444
+ *
+ * Test web site with *expired *TLS Server certificate:
+ * https://ssltest-e.actalis.it:8445
+ */
+public class ActalisCA {
+
+    // Owner: CN=Actalis Extended Validation Server CA G1,
+    // O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT
+    // Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967,
+    // L=Milan, C=IT
+    private static final String INT_VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGTDCCBDSgAwIBAgIIMtYr/GdQGsswDQYJKoZIhvcNAQELBQAwazELMAkGA1UE\n"
+            + "BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w\n"
+            + "MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290\n"
+            + "IENBMB4XDTE1MDUxNDA3MDAzOFoXDTMwMDUxNDA3MDAzOFowgYcxCzAJBgNVBAYT\n"
+            + "AklUMQ8wDQYDVQQIDAZNaWxhbm8xDzANBgNVBAcMBk1pbGFubzEjMCEGA1UECgwa\n"
+            + "QWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxMTAvBgNVBAMMKEFjdGFsaXMgRXh0\n"
+            + "ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EgRzEwggEiMA0GCSqGSIb3DQEBAQUA\n"
+            + "A4IBDwAwggEKAoIBAQD1Ygc1CwmqXqjd3dTEKMLUwGdb/3+00ytg0uBb4RB+89/O\n"
+            + "4K/STFZcGUjcCq6Job5cmxZBGyRRBYfCEn4vg8onedFztkO0NvD04z4wLFyxjSRT\n"
+            + "bcMm2d+/Xci5XLA3Q9wG8TGzHTVQKmdvFpQ7b7EsmOc0uXA7w3UGhLjb2EYpu/Id\n"
+            + "uZ1LUTyEOHc3XHXI3a3udkRBDs/bObTcbte80DPbNetRFB+jHbIw5sH171IeBFGN\n"
+            + "PB92Iebp01yE8g3X9RqPXrrV7ririEtwFMYp+KgA8BRHxsoNV3xZmhdzJm0AMzC2\n"
+            + "waLM3H562xPM0UntAYh2pRrAUUtgURRizCT1kr6tAgMBAAGjggHVMIIB0TBBBggr\n"
+            + "BgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMDUuYWN0YWxpcy5p\n"
+            + "dC9WQS9BVVRILVJPT1QwHQYDVR0OBBYEFGHB5IYeTW10dLzZlzsxcXjLP5/cMA8G\n"
+            + "A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAw\n"
+            + "RQYDVR0gBD4wPDA6BgRVHSAAMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFj\n"
+            + "dGFsaXMuaXQvYXJlYS1kb3dubG9hZDCB4wYDVR0fBIHbMIHYMIGWoIGToIGQhoGN\n"
+            + "bGRhcDovL2xkYXAwNS5hY3RhbGlzLml0L2NuJTNkQWN0YWxpcyUyMEF1dGhlbnRp\n"
+            + "Y2F0aW9uJTIwUm9vdCUyMENBLG8lM2RBY3RhbGlzJTIwUy5wLkEuJTJmMDMzNTg1\n"
+            + "MjA5NjcsYyUzZElUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5MD2g\n"
+            + "O6A5hjdodHRwOi8vY3JsMDUuYWN0YWxpcy5pdC9SZXBvc2l0b3J5L0FVVEgtUk9P\n"
+            + "VC9nZXRMYXN0Q1JMMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEA\n"
+            + "OD8D2Z2fw76+GIu+mDEgygH/y7F9K4I6rZOc3LqGBecO3C0fGcIuuG7APtxGGk7Y\n"
+            + "nk97Qt+3pDoek9EP65/1u128pRncZcjEAeMgKb7UuJxwoR6Sj5zhOadotKcCQqmF\n"
+            + "Si99ExNo6dTq5Eyp1KrqepLmezbO9owx4Q44mtNpfKLMgzDqOn/dwNMo/pGYbMfP\n"
+            + "DjhxEnta1HXgcEcgCk1Au16xkdzapwY4sXpKuwB24phfWF+cveKAQ0Rncmvrm34i\n"
+            + "9B6leZUkSHDe4mRkbO5nObhKHYRmVSr0Q/wvGCmTgGTKuw/Gj8+RFb5MEkOKEcJn\n"
+            + "I32CPohpiW/jlpeLaFBIgJnXuZTxmfTX55sqtXDlKxRxFwq1W3kML4UfGZsgjx1l\n"
+            + "hX5fQ1QlEZeO9CyPpgGO5Py2KXXKhUxCtF7tawAYimWwslxvPCjHDND/WhM1Fz9e\n"
+            + "2yqwHcSQAOUVv5mk9uYc6/NSLwLb5in3R728GNEpHHhbx5QZhtdqR8mb56uJUDKI\n"
+            + "AwnnZckcR+SLGL2Agx7hY7YCMOQhSsO6PA81M/mGW2hGCiZw3GULJe9ejL/vdS0I\n"
+            + "PWrp7YLnXUa6mtXVSBKGrVrlbpJaN10+fB4Yrlk4O2sF4WNUAHMBn9T+zOXaBAhj\n"
+            + "vNlMU7+elLkTcKIB7qJJuSZChxzoevM2ciO3BpGuRxg=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: OID.1.3.6.1.4.1.311.60.2.1.3=IT, STREET=Via S. Clemente 53,
+    // OID.2.5.4.15=Private Organization, CN=www.actalis.it,
+    // SERIALNUMBER=03358520967, O=Actalis S.p.A., L=Ponte San Pietro, ST=Bergamo, C=IT
+    // Issuer: CN=Actalis Extended Validation Server CA G1,
+    // O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT
+    // Serial number: eeeee6d6463bde2
+    // Valid from: Sat Jun 17 05:59:17 PDT 2017 until: Mon Jun 17 05:59:17 PDT 2019
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIHwTCCBqmgAwIBAgIIDu7ubWRjveIwDQYJKoZIhvcNAQELBQAwgYcxCzAJBgNV\n"
+            + "BAYTAklUMQ8wDQYDVQQIDAZNaWxhbm8xDzANBgNVBAcMBk1pbGFubzEjMCEGA1UE\n"
+            + "CgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxMTAvBgNVBAMMKEFjdGFsaXMg\n"
+            + "RXh0ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EgRzEwHhcNMTcwNjE3MTI1OTE3\n"
+            + "WhcNMTkwNjE3MTI1OTE3WjCB0zELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0Jlcmdh\n"
+            + "bW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMg\n"
+            + "Uy5wLkEuMRQwEgYDVQQFEwswMzM1ODUyMDk2NzEXMBUGA1UEAwwOd3d3LmFjdGFs\n"
+            + "aXMuaXQxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRswGQYDVQQJDBJW\n"
+            + "aWEgUy4gQ2xlbWVudGUgNTMxEzARBgsrBgEEAYI3PAIBAxMCSVQwggEiMA0GCSqG\n"
+            + "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwZ3++4pQYGfhXSqin1CKRJ6SOqkTcX3O0\n"
+            + "6b4jZbSNomyqyn6aHOz6ztOlj++fPzxmIzErEySOTd3G0pr+iwpYQVdeg1Y27KL8\n"
+            + "OiwwUrlV4ZMa8KKXr4BnWlDbFIo+eIcSew5V7CiodDyxpj9zjqJK497LF1jxgXtr\n"
+            + "IoMRwrh2Y0NbJCZGUCL30sQr/W4xBnO1+pi2DbCieGe/XoK8yEtx9FdnEFvyT9qn\n"
+            + "zYyrXvnTvfVSwzwtEIn+akjomI4WfCFLBF0M7v4dAHypfnPAAoW1c0BBqNB32zf0\n"
+            + "rYwNnD7UwZlcDihEYlgC70Dfy7bPsdq2spmOMk/VUqb3U0LHRVM3AgMBAAGjggPh\n"
+            + "MIID3TB9BggrBgEFBQcBAQRxMG8wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jYWNlcnQu\n"
+            + "YWN0YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGV2ZzEwMQYIKwYBBQUHMAGGJWh0\n"
+            + "dHA6Ly9vY3NwMDUuYWN0YWxpcy5pdC9WQS9BVVRIRVYtRzEwHQYDVR0OBBYEFK9y\n"
+            + "954QoY/5XV6TayD1gWVy0gQOMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUYcHk\n"
+            + "hh5NbXR0vNmXOzFxeMs/n9wwUAYDVR0gBEkwRzA8BgYrgR8BEQEwMjAwBggrBgEF\n"
+            + "BQcCARYkaHR0cHM6Ly93d3cuYWN0YWxpcy5pdC9hcmVhLWRvd25sb2FkMAcGBWeB\n"
+            + "DAEBMIHvBgNVHR8EgecwgeQwgaKggZ+ggZyGgZlsZGFwOi8vbGRhcDA1LmFjdGFs\n"
+            + "aXMuaXQvY24lM2RBY3RhbGlzJTIwRXh0ZW5kZWQlMjBWYWxpZGF0aW9uJTIwU2Vy\n"
+            + "dmVyJTIwQ0ElMjBHMSxvJTNkQWN0YWxpcyUyMFMucC5BLi8wMzM1ODUyMDk2Nyxj\n"
+            + "JTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0\n"
+            + "dHA6Ly9jcmwwNS5hY3RhbGlzLml0L1JlcG9zaXRvcnkvQVVUSEVWLUcxL2dldExh\n"
+            + "c3RDUkwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\n"
+            + "BQcDAjAZBgNVHREEEjAQgg53d3cuYWN0YWxpcy5pdDCCAX4GCisGAQQB1nkCBAIE\n"
+            + "ggFuBIIBagFoAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFc\n"
+            + "tiwHywAABAMARzBFAiEA7GC5/kja3l8cBw1/wBpHl/AKH6eL1MKpmICtf5G09c4C\n"
+            + "IBM887DQEwD2E4Xx/IP+33NMvUOhSwZ4XODgqFVXsz0wAHYA7ku9t3XOYLrhQmkf\n"
+            + "q+GeZqMPfl+wctiDAMR7iXqo/csAAAFctiwIqwAABAMARzBFAiEAwwiR95ozXdKs\n"
+            + "+uULfrzgENbHc2rLgGIac6ZMv0xHDLACIFLQVpvQBRQfys2KVRGHQKGxqAeghQZw\n"
+            + "9nJL+U5huzfaAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFc\n"
+            + "tiwMqwAABAMARzBFAiEAifV9ocxbO6b3I22jb2zxBvG2e83hXHitOhYXkHdSmZkC\n"
+            + "IDJLuPvGOczF9axgphImlUbT9dX3wRpjEi5IeV+pxMiYMA0GCSqGSIb3DQEBCwUA\n"
+            + "A4IBAQB5U6k1Onv9Y7POHGnUOI0ATHevbpbS/7r68DZQ6cRmDIpsZyjW6PxYs9nc\n"
+            + "3ob3Pjomm+S7StDl9ehI7rYLlZC52QlXlsq1fzEQ9xSkf+VSD70A91dPIFAdI/jQ\n"
+            + "aWvIUvQEbhfUZc0ihIple0VyWGH5bza0DLW+C8ttF8KqICUfL8S8mZgjbXvVg2fY\n"
+            + "HLW9lWR/Pkco2yRc8gZyr9FGkXOcmJ8aFaCuJnGm/IVRCieYp60If4DoAKz49xpF\n"
+            + "CF6RjOAJ//UGSp/ySjHMmT8PLO7NvhsT4XDDGTSeIYYpO++tbEIcLcjW9m2k5Gnh\n"
+            + "kmEenr0hdcpeLgsP3Fsy7JxyQNpL\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner:  CN=Actalis Authentication CA G3, O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT
+    // Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
+    // SN:     741d584a 72fc06bc
+    // Valid from: Wed Feb 12 22:32:23 PST 2014
+    // Valid till: Mon Feb 12 22:32:23 PST 2024
+    private static final String INT_REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGTTCCBDWgAwIBAgIIdB1YSnL8BrwwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE\n"
+            + "BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w\n"
+            + "MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290\n"
+            + "IENBMB4XDTE0MDIxMzE1MDIyM1oXDTI0MDIxMzE1MDIyM1owezELMAkGA1UEBhMC\n"
+            + "SVQxDzANBgNVBAgMBk1pbGFubzEPMA0GA1UEBwwGTWlsYW5vMSMwIQYDVQQKDBpB\n"
+            + "Y3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzElMCMGA1UEAwwcQWN0YWxpcyBBdXRo\n"
+            + "ZW50aWNhdGlvbiBDQSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+            + "AMzhDjmhNDym6ze3PegbIKmiavXpAjgVCZ344k1DOtdSCV6k3h3rqfHqFn3mrayA\n"
+            + "btmJ0NeC886WxUUsJwHJ3bOnNBQZIHxLV+1RVD/6TQqb6/bPJu4rDwEfhbJSmErc\n"
+            + "29wUJWqxXMhSAWTHi3Pq0vrkx59e5KTEyfB2kHo6InlR72sCCRdtCL9aDuDm8nYK\n"
+            + "pTSAJr36ultwME5NyCNSyN2JIK0wYbEi7MVNbp5KN9MusTp3cOMDoVBreYulmnEu\n"
+            + "TNazmoAv0K8oLS7iX7c9x+zGjUUAucFEuSlRn3sL6hFAiKjy4PDClvnyqQHBBdZr\n"
+            + "/3JOxAcgXv7aZ4/STeXeDXsCAwEAAaOCAeMwggHfMEEGCCsGAQUFBwEBBDUwMzAx\n"
+            + "BggrBgEFBQcwAYYlaHR0cDovL3BvcnRhbC5hY3RhbGlzLml0L1ZBL0FVVEgtUk9P\n"
+            + "VDAdBgNVHQ4EFgQUqqr9yowdTfEug+EG/PqO6g4jrj0wDwYDVR0TAQH/BAUwAwEB\n"
+            + "/zAfBgNVHSMEGDAWgBRS2Ig6yJ94Zu2J83s4cJTJAgI20DBUBgNVHSAETTBLMEkG\n"
+            + "BFUdIAAwQTA/BggrBgEFBQcCARYzaHR0cHM6Ly9wb3J0YWwuYWN0YWxpcy5pdC9S\n"
+            + "ZXBvc2l0b3J5L1BvbGljeS9TU0wvQ1BTMIHiBgNVHR8EgdowgdcwgZSggZGggY6G\n"
+            + "gYtsZGFwOi8vbGRhcC5hY3RhbGlzLml0L2NuJTNkQWN0YWxpcyUyMEF1dGhlbnRp\n"
+            + "Y2F0aW9uJTIwUm9vdCUyMENBLG8lM2RBY3RhbGlzJTIwUy5wLkEuJTJmMDMzNTg1\n"
+            + "MjA5NjcsYyUzZElUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5MD6g\n"
+            + "PKA6hjhodHRwOi8vcG9ydGFsLmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRILVJP\n"
+            + "T1QvZ2V0TGFzdENSTDAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIB\n"
+            + "ABP93l+9QBgzHF0Clf3gMAelGqwXT25DwZVFIkBw6YyqOPcaqzw1XKHJJEMQ8xOp\n"
+            + "8uuiPLP/ObxEXBBvH7ofNW7nRUIzGsuLPhzdfJhdzilCVAvz4WRsX44nWOQS4Qu0\n"
+            + "npo7dbq/KxFUCUO9yNEJp6YxNloy8XFIlazkHFTKGJqoUpsGoc7B9YmPchhE2FPb\n"
+            + "OZiOCg4Y2Qp43UJfnENgZ3gJFh16juQE1uS8Q/JJI7ZzJfJ/W0uQoDnCprOPUpLF\n"
+            + "G03e0asFxwQqhL84Jvf7rJZaWvwydHP4hH47nzpHWEGXwfJLXXoO7LHgqVB7K9Ar\n"
+            + "Zf3pY0S/3Fs+AN/PrEY3Z3rb7ypQLRiot1oJLl8matiGEF4aFL5DDkr9wfRAZ8S8\n"
+            + "WT69vN68ENGgEwyeZSlQxn+4g6quHRav0fmF2fGnLaq7tteSPVocT7XaMEpkHqNs\n"
+            + "x1q/PJbr39s/1QVZtS9CrdoCr0QAnBaX//PPB6ansSLFcvEqM9QcV9xQZex88ToX\n"
+            + "nk3TcHtA0ezWJlCkg626MhdQZrhHbkauHfIGSOmCkn3zHp0BZQ6Vo7UOdRMT7QS7\n"
+            + "y7AkET9Qmapwh2CFUdCJSXklVRd+06XhhOB37NQU0pGJQJ3xjEPrILZ8kLhW3Tyq\n"
+            + "Iv30LW7MXZ4yQn/JHEZbuiOOb4R45hsPZxe6gOq/e+sf\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner:  CN=ssltest-r.actalis.it, O=Actalis S.p.A., L=Ponte San Pietro, ST=Bergamo, C=IT
+    // Issuer: CN=Actalis Authentication CA G3, O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT
+    // SN:     0455de97 5c71c96f
+    // Valid from: Thu Jan 28 16:23:52 PST 2016
+    // Valid till: Mon Jan 28 16:23:52 PST 2019
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFmDCCBICgAwIBAgIIBFXel1xxyW8wDQYJKoZIhvcNAQELBQAwezELMAkGA1UE\n"
+            + "BhMCSVQxDzANBgNVBAgMBk1pbGFubzEPMA0GA1UEBwwGTWlsYW5vMSMwIQYDVQQK\n"
+            + "DBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzElMCMGA1UEAwwcQWN0YWxpcyBB\n"
+            + "dXRoZW50aWNhdGlvbiBDQSBHMzAeFw0xNjAxMjkwODUzNTJaFw0xOTAxMjkwODUz\n"
+            + "NTJaMHIxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJnYW1vMRkwFwYDVQQHDBBQ\n"
+            + "b250ZSBTYW4gUGlldHJvMRcwFQYDVQQKDA5BY3RhbGlzIFMucC5BLjEdMBsGA1UE\n"
+            + "AwwUc3NsdGVzdC1yLmFjdGFsaXMuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n"
+            + "ggEKAoIBAQClbzoXCvD21FD7Oy/TKZu4fmDFJrISrNfasLlC3krLHkgb1vg23Z1P\n"
+            + "+7rIymDgrJSzjvYmisl+VM7xXxTsyI2pp9Qp/uzTMAMML9ISd/s0LaMBiNN5iPyj\n"
+            + "W91gGzGe30Jc319afKwFBaveSv7NO3DWsmHw9koezWkKUug2dnQCVXk1uTSdobnq\n"
+            + "wOgwxdd86LpZnFLxBIYdU68S4vogAQZjdja/S1+tF6JnfvY6o/xRJmQckVtNmUs6\n"
+            + "Dj3KoN2o/8BEgSCYcJz8tfoZcVazVkWOp/u6moUnm1/IKSYNgtHnB1ub0fB2AttW\n"
+            + "Vi7cs3SG/tDMMP8yc1kWScWf8CYj/AI1AgMBAAGjggInMIICIzA/BggrBgEFBQcB\n"
+            + "AQQzMDEwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwMDMuYWN0YWxpcy5pdC9WQS9B\n"
+            + "VVRILUczMB0GA1UdDgQWBBRIKN5WmrjivlnT1rDzsH1WZ+PuvTAMBgNVHRMBAf8E\n"
+            + "AjAAMB8GA1UdIwQYMBaAFKqq/cqMHU3xLoPhBvz6juoOI649MGAGA1UdIARZMFcw\n"
+            + "SwYGK4EfARQBMEEwPwYIKwYBBQUHAgEWM2h0dHBzOi8vcG9ydGFsLmFjdGFsaXMu\n"
+            + "aXQvUmVwb3NpdG9yeS9Qb2xpY3kvU1NML0NQUzAIBgZngQwBAgIwgd8GA1UdHwSB\n"
+            + "1zCB1DCBlKCBkaCBjoaBi2xkYXA6Ly9sZGFwMDMuYWN0YWxpcy5pdC9jbiUzZEFj\n"
+            + "dGFsaXMlMjBBdXRoZW50aWNhdGlvbiUyMENBJTIwRzMsbyUzZEFjdGFsaXMlMjBT\n"
+            + "LnAuQS4lMmYwMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9u\n"
+            + "TGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwwMy5hY3RhbGlzLml0L1JlcG9z\n"
+            + "aXRvcnkvQVVUSC1HMy9nZXRMYXN0Q1JMMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE\n"
+            + "FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0RBBgwFoIUc3NsdGVzdC1yLmFj\n"
+            + "dGFsaXMuaXQwDQYJKoZIhvcNAQELBQADggEBAHZLND53/CZoMlDtfln0ZByCEhoF\n"
+            + "/XtA9cYy2azRGgS/VY4WUccvg99MM50cwn5GPRsJpoaFXeDrjV3DkOUK1jERzjx4\n"
+            + "5y83K/AkCGe7uU17aS+tweETizBAfHNj78oHmZDmkDSEY2STaeuHNDJ9ft0v3QTb\n"
+            + "VW54R5W3OBU7L/sJoEUdRxzGN7vO82PboGvyApMCWDRLKE7bPP4genQtF3XPcaFl\n"
+            + "ekuSiEVYS+KnM2v9tCWHqw6x7raWHFB9w1kAKNwv0hbEJkeC+a2bCdPwv8hs//sa\n"
+            + "gUF4p61mIpf+5qmQ6gcZOClPWyrbYdQdfCvKgbEdKhwB0v5KS0NIRRn41SE=\n"
+            + "-----END CERTIFICATE-----";
+
+    public static void main(String[] args) throws Exception {
+
+        ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
+        boolean ocspEnabled = false;
+
+        if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
+            pathValidator.enableCRLCheck();
+        } else {
+            // OCSP check by default
+            pathValidator.enableOCSPCheck();
+            ocspEnabled = true;
+        }
+
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT_VALID},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Revoked certificate is using SHA1 signature
+        if (ocspEnabled) {
+            // Revoked test certificate is expired
+            // and backdated revocation check is only possible with OCSP
+            pathValidator.setValidationDate("July 01, 2016");
+        }
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED, INT_REVOKED},
+                ValidatePathWithParams.Status.REVOKED,
+                "Fri Jan 29 01:06:42 PST 2016", System.out);
+
+        // reset validation date back to current date
+        pathValidator.resetValidationDate();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,291 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8189131
+ * @summary Interoperability tests with Buypass Class 2 and Class 3 CA
+ * @build ValidatePathWithParams
+ * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA OCSP
+ * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA CRL
+ */
+
+ /*
+ * Obtain test artifacts for Buypass Class 2 and Class 3 CAs from:
+ *  Class 2:
+ *      https://valid.domainplus.ca22.ssl.buypass.no/CA2Class2   (valid)
+ *      https://revoked.domainplus.ca22.ssl.buypass.no        (revoked)
+ *
+ *  Class3:
+ *      https://valid.business.ca23.ssl.buypass.no    (valid)
+ *      https://revoked.business.ca23.ssl.buypass.no    (revoked)
+ */
+public class BuypassCA {
+
+    public static void main(String[] args) throws Exception {
+
+        ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
+
+        boolean ocspEnabled = true;
+
+        if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
+            pathValidator.enableCRLCheck();
+            ocspEnabled = false;
+        } else {
+            // OCSP check by default
+            pathValidator.enableOCSPCheck();
+        }
+
+        new BuypassClass2().runTest(pathValidator);
+        new BuypassClass3().runTest(pathValidator, ocspEnabled);
+    }
+}
+
+class BuypassClass2 {
+
+    // Owner: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO
+    // Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
+    private static final String INT_CLASS_2 = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFCzCCAvOgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd\n"
+            + "MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg\n"
+            + "Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjEwMTYxN1oXDTMwMTAyNjEwMTYxN1ow\n"
+            + "SzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0w\n"
+            + "GwYDVQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQAD\n"
+            + "ggEPADCCAQoCggEBAJyrZ8aWSw0PkdLsyswzK/Ny/A5/uU6EqQ99c6omDMpI+yNo\n"
+            + "HjUO42ryrATs4YHla+xj+MieWyvz9HYaCnrGL0CE4oX8M7WzD+g8h6tUCS0AakJx\n"
+            + "dC5PBocUkjQGZ5ZAoF92ms6C99qfQXhHx7lBP/AZT8sCWP0chOf9/cNxCplspYVJ\n"
+            + "HkQjKN3VGa+JISavCcBqf33ihbPZ+RaLjOTxoaRaWTvlkFxHqsaZ3AsW71qSJwaE\n"
+            + "55l9/qH45vn5mPrHQJ8h5LjgQcN5KBmxUMoA2iT/VSLThgcgl+Iklbcv9rs6aaMC\n"
+            + "JH+zKbub+RyRijmyzD9YBr+ZTaowHvJs9G59uZMCAwEAAaOB9jCB8zAPBgNVHRMB\n"
+            + "Af8EBTADAQH/MB8GA1UdIwQYMBaAFMmAd+BikoL1RpzzuvdMw964o605MB0GA1Ud\n"
+            + "DgQWBBSSrWWJsgAPy1ENwSPslE6PwQQ/dzAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0g\n"
+            + "BAowCDAGBgRVHSAAMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuYnV5cGFz\n"
+            + "cy5uby9jcmwvQlBDbGFzczJSb290Q0EuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggr\n"
+            + "BgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFzcy5uby9vY3NwL0JQT2NzcDANBgkq\n"
+            + "hkiG9w0BAQsFAAOCAgEAq8IVUouNdeHQljyp8xpa9GC7rpSRXGRRTolSXNa9TUfU\n"
+            + "48Z0Vj3x9jT58I+I8P7fKp+p4Wdu0kcwxOXsooP8hdGLqXY4nV9amkNRiTs99xa3\n"
+            + "Qu/KdLeAPEeeKztxDCLXGmsC4+1G6DuDrOkwSm9Tm+HxSZRGR4Qo3mU3CCSz37us\n"
+            + "q7I0mnY4cCeBPQ3zW5J7k7KmMpUlxOPnLpaASY2JhoeiWIWddH6LUsMkZk1jDv+M\n"
+            + "Hyw2JWZUEUMCZoxLZ7F+4xP7v8wcEtICFo6tZIaawq9p/S6+mJLcoQ7wdQBM0+NA\n"
+            + "cc1MnSbPz75WP4cFhVf1SFq5gBBMCgzYaw+A9bJxDgqV3IMG6TtWfOWz7KhMV+EL\n"
+            + "iVp0fXua2GITRwr+htWnID3ShbHOtCMUm9qrqC6aWNPvJqqKLdhgU9bQ/s5o05a0\n"
+            + "D8NFT07l8yY6+ge+PPHOidnZrTNFIF9dtEdtyXGNrcqhZF0QvqeV1yZ/Kf2+W4pa\n"
+            + "Wor82CuDZNfcf0lje3guk+oZexxpIO57eGJQh9iGLM5dBeEMF7+f5j/1/rGsf6vA\n"
+            + "KkudpjiTl1v/GoO2zMDTTQVcjEsLSYSV0+s2p5QTXuAXrL0/ER3KQRvewIAtmzFg\n"
+            + "IaPy7t2TV0olHISRMvaEz4Guh2biuO/N6SP3pkk3dsMxiEVw7Xc+ouCb03Rz3aA=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=valid.domainplus.ca22.ssl.buypass.no
+    // Issuer: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO
+    // Serial number: f0673c7183c95b38c93
+    // Valid from: Mon Jan 25 00:20:55 PST 2016 until: Fri Jan 25 14:59:00 PST 2019
+    private static final String VALID_CLASS_2 = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIEgzCCA2ugAwIBAgIKDwZzxxg8lbOMkzANBgkqhkiG9w0BAQsFADBLMQswCQYD\n"
+            + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n"
+            + "FEJ1eXBhc3MgQ2xhc3MgMiBDQSAyMB4XDTE2MDEyNTA4MjA1NVoXDTE5MDEyNTIy\n"
+            + "NTkwMFowLzEtMCsGA1UEAwwkdmFsaWQuZG9tYWlucGx1cy5jYTIyLnNzbC5idXlw\n"
+            + "YXNzLm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhA0eVz8ADqx\n"
+            + "dcrIZUzCf1n+kaBFyEF4WteUMtM4ta7szTm19f1/O4LRwr+pI5qQDgWHnHMX9sit\n"
+            + "rKOJPfMRgWrViaQ5y9QCZ4h2BIuDe61XVGkEcUiOoNojLRvDrbjpknI69nb1wbjn\n"
+            + "fpmCQVjYXoandr7RsexdWG4e+s6rk5Jk/zAUzU3Vbi0lmDJ62Dd+Dk3/IVrSebOp\n"
+            + "eIDniRX4vjIeucnDDTQ1VqSIN+gYNR/bMxXKFbScGAG+BpgZMwetJBJhTi7zlOgR\n"
+            + "4zAtdvvpJNN1pmNCsmJaM25WQgH6a05cTQtgYN//MKqTDww7z+LfK37mOxh3vBTu\n"
+            + "TR5S6VxzQQIDAQABo4IBgzCCAX8wCQYDVR0TBAIwADAfBgNVHSMEGDAWgBSSrWWJ\n"
+            + "sgAPy1ENwSPslE6PwQQ/dzAdBgNVHQ4EFgQUIs9OWkfc6S1c8mbYgi6Ns1kzh0Mw\n"
+            + "DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAf\n"
+            + "BgNVHSAEGDAWMAoGCGCEQgEaAQIEMAgGBmeBDAECATA6BgNVHR8EMzAxMC+gLaAr\n"
+            + "hilodHRwOi8vY3JsLmJ1eXBhc3Mubm8vY3JsL0JQQ2xhc3MyQ0EyLmNybDAvBgNV\n"
+            + "HREEKDAmgiR2YWxpZC5kb21haW5wbHVzLmNhMjIuc3NsLmJ1eXBhc3Mubm8wdQYI\n"
+            + "KwYBBQUHAQEEaTBnMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5idXlwYXNzLm5v\n"
+            + "L29jc3AvQlBPY3NwMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8v\n"
+            + "Y3J0L0JQQ2xhc3MyQ0EyLmNlcjANBgkqhkiG9w0BAQsFAAOCAQEAjDPxDQnnzH+v\n"
+            + "Mnj8dRM6NPBVXl4JNofWlwqzYdu+HauFeF3AOZVVyr/YbOR9/ewDrScOvrGohndV\n"
+            + "7Si0l5hz3fo51Ra81TyR8kWR7nJC2joidT1X4a0hF9zu8CNQNVmkOhoACgeuv42R\n"
+            + "NDwmj9TfpNRyC4RA7/NzXMeRJYfOrh18S9VHhCzsWScd9td3u7hrhBOPPOql9f2K\n"
+            + "t9Hcevo+cceE6bGYwbW6xNr3iPOh31shMxgRUMojVamtH70tYMi+0e0lrzXdxgGO\n"
+            + "ISnXBS2HptakUIxF3feTOjBhhh5vb9RJxfdJA///ggkR3L51MfjrusucpNoz3k3P\n"
+            + "f5e7ZlSJ6g==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=revoked.domainplus.ca22.ssl.buypass.no
+    // Issuer: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO
+    // Serial number: f07a517dfc19ea8bf8f
+    // Valid from: Mon Jan 25 00:22:09 PST 2016 until: Fri Jan 25 14:59:00 PST 2019
+    private static final String REVOKED_CLASS_2 = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIEhzCCA2+gAwIBAgIKDwelF9/Bnqi/jzANBgkqhkiG9w0BAQsFADBLMQswCQYD\n"
+            + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n"
+            + "FEJ1eXBhc3MgQ2xhc3MgMiBDQSAyMB4XDTE2MDEyNTA4MjIwOVoXDTE5MDEyNTIy\n"
+            + "NTkwMFowMTEvMC0GA1UEAwwmcmV2b2tlZC5kb21haW5wbHVzLmNhMjIuc3NsLmJ1\n"
+            + "eXBhc3Mubm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjp/5BLRjH\n"
+            + "03XNNT2YXqg+txclRaUu88Rjbj4oEudFbkGTl+oBhmXX4QjM4WGvgw1AHW7nePWF\n"
+            + "/j3aR1kWJCl/ZOe097mb0V0dIwK6u6RVx9ERd4ITa/cmUJjy1+D+vCsT0elJY1vf\n"
+            + "vbwCdaloS7MZDG3wmJGxrUz7fo7t/JdsW481Ymau3xVTQ+45MusPmOE8RZ6nggIQ\n"
+            + "dZIA00XPhlQwg5ivuPwtcNNZIkk1fkU+5J+RUOI5qHA9zH2s1Hly6PzTATCxSDSi\n"
+            + "zqAmBH0ehrWqCWiKH5P3J8dCRA6qa2n5pD71CweLrUsbmztkBHUlYKlZ0fP6bGiI\n"
+            + "ZDMBLL/aFQybAgMBAAGjggGFMIIBgTAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFJKt\n"
+            + "ZYmyAA/LUQ3BI+yUTo/BBD93MB0GA1UdDgQWBBQZICByGObE/pJISOcMavbKRl2L\n"
+            + "+zAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n"
+            + "MB8GA1UdIAQYMBYwCgYIYIRCARoBAgQwCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6At\n"
+            + "oCuGKWh0dHA6Ly9jcmwuYnV5cGFzcy5uby9jcmwvQlBDbGFzczJDQTIuY3JsMDEG\n"
+            + "A1UdEQQqMCiCJnJldm9rZWQuZG9tYWlucGx1cy5jYTIyLnNzbC5idXlwYXNzLm5v\n"
+            + "MHUGCCsGAQUFBwEBBGkwZzAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFz\n"
+            + "cy5uby9vY3NwL0JQT2NzcDA1BggrBgEFBQcwAoYpaHR0cDovL2NydC5idXlwYXNz\n"
+            + "Lm5vL2NydC9CUENsYXNzMkNBMi5jZXIwDQYJKoZIhvcNAQELBQADggEBAAdjMdlP\n"
+            + "qYNK+YkrqTgQV0dblIazL/cIhMPByjnEkfxew9tDxpcMWafIFKcgM/QxYJG/mzoL\n"
+            + "sSQ9pzzuGLQX7eAPA3rlWoQBusOeOaC3HQqy73kGStd7H8HPa3m+q47Z6JG0w+Fb\n"
+            + "rk8odrml+8rAEPLBlldB39xJuNVHjmlyTEDSC4azEXjfV4+kj8uE86sm+AoTt4Ba\n"
+            + "tEZSbKp70oH63QKBAEHORMM4gXeP+WG276p3kTcL1VUfgQw7vVmGN0C8DjhK4BAC\n"
+            + "0PUChr8agu0F5YcqpGxjLemMnDrqW+Bi/JYmGhEjWTiLSyYSlvJb1dAFUyPlc958\n"
+            + "pmOu5xTMEatiPFI=\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator) throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID_CLASS_2, INT_CLASS_2},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED_CLASS_2, INT_CLASS_2},
+                ValidatePathWithParams.Status.REVOKED,
+                "Mon Jan 25 00:24:47 PST 2016", System.out);
+    }
+}
+
+class BuypassClass3 {
+
+    // Owner: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO
+    // Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
+    private static final String INT_CLASS_3 = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFCzCCAvOgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd\n"
+            + "MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg\n"
+            + "Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA5MTYxN1oXDTMwMTAyNjA5MTYxN1ow\n"
+            + "SzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0w\n"
+            + "GwYDVQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQAD\n"
+            + "ggEPADCCAQoCggEBAL1OFdoURRXuCuwTBJpuCKDE8Euzcg0AeCRGq3VdagbChyCE\n"
+            + "CQ5vYWwmpHCyFl1b+r2KyWdQBBdG+msAcIYZal5cjZzrTWvbkfiAD/OneMjhqYB0\n"
+            + "pTQIXbTjpPUMOjFM8waNZcqGJqC9H+Z9NkjK5THAK0oOOfKNPHg1MeImbOHVw0fR\n"
+            + "48WnNrPpnQDt+SbPFSvw+dACDAybx1XgjMPq7pmZDWbkajOz4yCvrgZm6jvAPeT3\n"
+            + "qkBFh7zOZ3IZVdfmRjVahx0iXp5TJ1SsrRr/uCiae1O+NR//XDG3dl9j17HsFlhY\n"
+            + "Rl6EvEfVV0OcW94Ret9uBUF73ANZl0b+gwCXnV0CAwEAAaOB9jCB8zAPBgNVHRMB\n"
+            + "Af8EBTADAQH/MB8GA1UdIwQYMBaAFEe4zf/lb+74suwvTg75JbCOPGvDMB0GA1Ud\n"
+            + "DgQWBBQiMC7S+/ZLysC4O9IExOly5pebDDAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0g\n"
+            + "BAowCDAGBgRVHSAAMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuYnV5cGFz\n"
+            + "cy5uby9jcmwvQlBDbGFzczNSb290Q0EuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggr\n"
+            + "BgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFzcy5uby9vY3NwL0JQT2NzcDANBgkq\n"
+            + "hkiG9w0BAQsFAAOCAgEAaOLyxpj2t9k9Rzkxkcj/teTNOWxBLPZDi+eFx3u7laf2\n"
+            + "mX/ZUSSE4g7OiKnD7ozWk9Qgocn3rBWGDKsp676RwWV97Elofz73Oebei6P3Gg/9\n"
+            + "CD8y6rf8xHRxru5d1ZQ1NkWdPwYI38jlt3LaDjJKZjJW7pOPIMRvw1Y1AY3mYgCJ\n"
+            + "Qqpw8jgukHIP0454DPzkUXzg/ZVJG0swmFmjYfARleSPidcs5BJx5ngpcUS4745g\n"
+            + "mN9PQ578+ROIbML4Jx83myivlyTQSPdYSwzSswb1RVBJmiF9qC0B1hivCrs4BATu\n"
+            + "YeaPV6CiNDr0jGnbxAskz7QDNR6uJSUKX3L9iY2TB/4/5hJ9TZ/YDI6OEG/wVtBz\n"
+            + "5FkU0ucztyQa4UG1mXR8Zbs/zt9Fj0Xn8f5IM3dB/s/r8c1AFDIcLRUqP/LkI9Wj\n"
+            + "XovWr79PEJcIfIln0AfzYfBBxCRE+4QHcVhci6p/mbyl2a+Rf8ZGNTiDLaWSZp5x\n"
+            + "jqdaq5UQaoZK8XQ+JVR0etep/KPgVMXq5Zv16YEb2vjs//RfxT8psDZLe/37+Bs4\n"
+            + "AG9sdT/bsH7HDQwodTon/HvMmxt4EiU/1Sjco4Fok9VmSE2UVjIghajbbTSKR3LV\n"
+            + "UuU19x12fKp+htO8L+wVlGgxXb9WvDBNHCe6RmR4jqavmvrAyCPtrx3cXwqGmXA=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: SERIALNUMBER=983163327, CN=valid.business.ca23.ssl.buypass.no,
+    // O=BUYPASS AS, L=OSLO, OID.2.5.4.17=0484, C=NO
+    // Issuer: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO
+    // Serial number: 97631b91e98293b35c8
+    // Valid from: Fri Feb 06 00:57:04 PST 2015 until: Fri Feb 09 14:59:00 PST 2018
+    private static final String VALID_CLASS_3 = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIE1DCCA7ygAwIBAgIKCXYxuR6YKTs1yDANBgkqhkiG9w0BAQsFADBLMQswCQYD\n"
+            + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n"
+            + "FEJ1eXBhc3MgQ2xhc3MgMyBDQSAyMB4XDTE1MDIwNjA4NTcwNFoXDTE4MDIwOTIy\n"
+            + "NTkwMFowgYExCzAJBgNVBAYTAk5PMQ0wCwYDVQQRDAQwNDg0MQ0wCwYDVQQHDARP\n"
+            + "U0xPMRMwEQYDVQQKDApCVVlQQVNTIEFTMSswKQYDVQQDDCJ2YWxpZC5idXNpbmVz\n"
+            + "cy5jYTIzLnNzbC5idXlwYXNzLm5vMRIwEAYDVQQFEwk5ODMxNjMzMjcwggEiMA0G\n"
+            + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbahUoF2A7upqIxDQKraZ+aEOzNkHF\n"
+            + "1fIQEtUMQS1OTB8la7pWsBnv1gk9Ja2ifIrwdSxAjefL3SXR47h4vxUMnufMnkTk\n"
+            + "PERXft/XR8/jZQZRpznnN/V89ctb8qcVhHCooTIELOBzF9QAmDnawZQogwhDNLNy\n"
+            + "kLtWsl75X547DS/Z5hsqCqXPyOiFzkHY59uamYu48TF9d7HwQ741H0YhehoxTl/O\n"
+            + "YqzW2wqYxqhQuCX5IuYER7G/P3G6UAm+VB9aujtWW+TBT9+iWh0aT+C7ezDtREse\n"
+            + "lwb44svf8S3iW18KlSF8EMT0qwqNpA8njOCQiSgluYD+Uk9E5f8505UzAgMBAAGj\n"
+            + "ggGBMIIBfTAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFCIwLtL79kvKwLg70gTE6XLm\n"
+            + "l5sMMB0GA1UdDgQWBBQncKIaP6HdQV8RIBO+dddWDSKvJjAOBgNVHQ8BAf8EBAMC\n"
+            + "BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIAQYMBYwCgYI\n"
+            + "YIRCARoBAwQwCAYGZ4EMAQICMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwu\n"
+            + "YnV5cGFzcy5uby9jcmwvQlBDbGFzczNDQTIuY3JsMC0GA1UdEQQmMCSCInZhbGlk\n"
+            + "LmJ1c2luZXNzLmNhMjMuc3NsLmJ1eXBhc3Mubm8wdQYIKwYBBQUHAQEEaTBnMC4G\n"
+            + "CCsGAQUFBzABhiJodHRwOi8vb2NzcC5idXlwYXNzLm5vL29jc3AvQlBPY3NwMDUG\n"
+            + "CCsGAQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8vY3J0L0JQQ2xhc3MzQ0Ey\n"
+            + "LmNlcjANBgkqhkiG9w0BAQsFAAOCAQEAqeA3IqMPn/az52twbNnimXIhIb7tWj7U\n"
+            + "NSBqr+httoQvNo7NbtVCgO/fM3/t0YN7rgZfP07QTn7L7CwoddrgHbnuCuFr9UhD\n"
+            + "df7cfY3cwDhWx+YKgXTkRZpXXrOPqeY2+9gaJlcQCnw66t5EBa4lSBnN0ZtkB4lT\n"
+            + "ujFP6BAyzZAjRdXWUidtErDWZri1uLmWAP0kQNez2toOcQ0XpbrbL8+nQtvOVOJv\n"
+            + "b/c8WoaoC14C32mAeC5bx4dQ3mpf3hQv9man1SPjY/rsDsWWjsaJAijl3YPtP2bU\n"
+            + "JRCCM7qfZWrY8/uBLG2llfjviKV9I6sT76w7TnawPsz+SkDXFm/nwg==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: SERIALNUMBER=983163327, CN=revoked.business.ca23.ssl.buypass.no,
+    // O=BUYPASS AS, L=OSLO, OID.2.5.4.17=0402, C=NO
+    // Issuer: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO
+    private static final String REVOKED_CLASS_3 = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIE2DCCA8CgAwIBAgIKARno/wYhPtNtmjANBgkqhkiG9w0BAQsFADBLMQswCQYD\n"
+            + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n"
+            + "FEJ1eXBhc3MgQ2xhc3MgMyBDQSAyMB4XDTEzMDIwMTA5MTE0NFoXDTE2MDIwMTA5\n"
+            + "MTE0NFowgYMxCzAJBgNVBAYTAk5PMQ0wCwYDVQQRDAQwNDAyMQ0wCwYDVQQHDARP\n"
+            + "U0xPMRMwEQYDVQQKDApCVVlQQVNTIEFTMS0wKwYDVQQDDCRyZXZva2VkLmJ1c2lu\n"
+            + "ZXNzLmNhMjMuc3NsLmJ1eXBhc3Mubm8xEjAQBgNVBAUTCTk4MzE2MzMyNzCCASIw\n"
+            + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmBUI0wNCz4kLikR5wog4QTUEmO\n"
+            + "XoGgjnQv0cKfDogbewK+0ngdyyR8dZOqSauQTGLlPTpo6DEWpD3Jqrr444MV6Vc1\n"
+            + "AGWnjk3T+KT5tKl6qJOQq17Y+HEnsTEzCo1kieVygpSu7FBa2OnhHNmLWThhGUEi\n"
+            + "mLqrEyfjMSb9zacvo06Zr7S8BauLRB3aM5BeMVF7Bj/9f/FvnB/y1cRDLG32WRCx\n"
+            + "K9IAFwCaJkfWsXx+bnaO4uEQwLFZ96p7L5mr+QNvI6QuweIY1hDM3RDM6HQkGTK9\n"
+            + "8iHSzGBSCGwOM24Ym3XM5vTbiV5uLno+QEYlJL/+qbYvarbO2gPF+6A6M10CAwEA\n"
+            + "AaOCAYMwggF/MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUIjAu0vv2S8rAuDvSBMTp\n"
+            + "cuaXmwwwHQYDVR0OBBYEFNI2C2XKZkNRHZrHLkBhCMeDRN0KMA4GA1UdDwEB/wQE\n"
+            + "AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0gBBgwFjAK\n"
+            + "BghghEIBGgEDBDAIBgZngQwBAgIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2Ny\n"
+            + "bC5idXlwYXNzLm5vL2NybC9CUENsYXNzM0NBMi5jcmwwLwYDVR0RBCgwJoIkcmV2\n"
+            + "b2tlZC5idXNpbmVzcy5jYTIzLnNzbC5idXlwYXNzLm5vMHUGCCsGAQUFBwEBBGkw\n"
+            + "ZzAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFzcy5uby9vY3NwL0JQT2Nz\n"
+            + "cDA1BggrBgEFBQcwAoYpaHR0cDovL2NydC5idXlwYXNzLm5vL2NydC9CUENsYXNz\n"
+            + "M0NBMi5jZXIwDQYJKoZIhvcNAQELBQADggEBAGNQe9cgrw/mN7bChof205NRS+TH\n"
+            + "A8f0JcKk1KrPYYW+ilyp6j3My26Sm9a4ZyKRhAS8fCxYUXWzfNvJNFYv2ttLuegl\n"
+            + "SFfeXjSJJZW9+wC5oRLta++62UTTxXp0Zf5UkMsHZCIjvnk0yGWZa0phyRCH89ca\n"
+            + "4vfRTOGNTNfX3d0jm/+fm70UNYHKZ/VcxVj0vH2Ij/kDUy7r2cw1gQ65RDUotnTu\n"
+            + "Yt59y3COyMZeYNMcuoss2XWnedFoD7fwCSkNqVbwjCxGVkL1+ivbWhqlCefaniZX\n"
+            + "Wy35oP1635RSxHbCMU9msmUO7FS8n1VH2edEC797gduK5pn2aBhy/MW0unU=\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled)
+            throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID_CLASS_3, INT_CLASS_3},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        if (ocspEnabled) {
+            // Revoked test certificate is expired
+            // and backdated revocation check is only possible with OCSP
+            pathValidator.setValidationDate("July 01, 2013");
+        }
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED_CLASS_3, INT_CLASS_3},
+                ValidatePathWithParams.Status.REVOKED,
+                "Wed Feb 06 02:56:32 PST 2013", System.out);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,674 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8189131
+ * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and
+ *          userTrust ECC CAs
+ * @build ValidatePathWithParams
+ * @run main/othervm -Djava.security.debug=certpath ComodoCA OCSP
+ * @run main/othervm -Djava.security.debug=certpath ComodoCA CRL
+ */
+
+ /*
+ * Obtain TLS test artifacts for Comodo CAs from:
+ *
+ * Valid TLS Certificates:
+ * https://comodorsacertificationauthority-ev.comodoca.com
+ * https://comodoecccertificationauthority-ev.comodoca.com
+ * https://usertrustrsacertificationauthority-ev.comodoca.com
+ * https://usertrustecccertificationauthority-ev.comodoca.com
+ *
+ * Revoked TLS Certificates:
+ * https://comodorsacertificationauthority-ev.comodoca.com:444
+ * https://comodoecccertificationauthority-ev.comodoca.com:444
+ * https://usertrustrsacertificationauthority-ev.comodoca.com:444
+ * https://usertrustecccertificationauthority-ev.comodoca.com:444
+ */
+public class ComodoCA {
+
+    public static void main(String[] args) throws Exception {
+
+        ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
+
+        if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
+            pathValidator.enableCRLCheck();
+        } else {
+            // OCSP check by default
+            pathValidator.enableOCSPCheck();
+        }
+
+        new ComodoRSA().runTest(pathValidator);
+        new ComodoECC().runTest(pathValidator);
+        new ComodoUserTrustRSA().runTest(pathValidator);
+        new ComodoUserTrustECC().runTest(pathValidator);
+    }
+}
+
+class ComodoRSA {
+
+    // Owner: CN=COMODO RSA Extended Validation Secure Server CA,
+    // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
+    // Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited,
+    // L=Salford, ST=Greater Manchester, C=GB
+    // Serial number: 6a74380d4ebfed435b5a3f7e16abdd8
+    // Valid from: Sat Feb 11 16:00:00 PST 2012 until: Thu Feb 11 15:59:59 PST 2027
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB\n"
+            + "hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\n"
+            + "A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV\n"
+            + "BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy\n"
+            + "MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT\n"
+            + "EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR\n"
+            + "Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg\n"
+            + "VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\n"
+            + "AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf\n"
+            + "CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj\n"
+            + "vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA\n"
+            + "xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6\n"
+            + "WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg\n"
+            + "iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j\n"
+            + "BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI\n"
+            + "ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G\n"
+            + "A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j\n"
+            + "b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k\n"
+            + "b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr\n"
+            + "BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t\n"
+            + "L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz\n"
+            + "cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R\n"
+            + "AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk\n"
+            + "jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk\n"
+            + "1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i\n"
+            + "teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o\n"
+            + "fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA\n"
+            + "KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e\n"
+            + "ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9\n"
+            + "XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA\n"
+            + "tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2\n"
+            + "jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn\n"
+            + "pLwltum95OmYdBbxN4SBB7SC\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=COMODO RSA Extended Validation Secure Server CA,
+    // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
+    // Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited,
+    // L=Salford, ST=Greater Manchester, C=GB
+    // Serial number: 6a74380d4ebfed435b5a3f7e16abdd8
+    // Valid from: Sat Feb 11 16:00:00 PST 2012 until: Thu Feb 11 15:59:59 PST 2027
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIH8jCCBtqgAwIBAgIQcgqiz6QAlFISJPkBqYSxZzANBgkqhkiG9w0BAQsFADCB\n"
+            + "kjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\n"
+            + "A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNV\n"
+            + "BAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy\n"
+            + "IENBMB4XDTE3MDYzMDAwMDAwMFoXDTE5MDkyOTIzNTk1OVowggFdMREwDwYDVQQF\n"
+            + "EwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0\n"
+            + "ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZ\n"
+            + "BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQG\n"
+            + "A1UECRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMG\n"
+            + "A1UECRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09N\n"
+            + "T0RPIENBIExpbWl0ZWQxGjAYBgNVBAsTEUNPTU9ETyBFViBTR0MgU1NMMTgwNgYD\n"
+            + "VQQDEy9jb21vZG9yc2FjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9kb2Nh\n"
+            + "LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAND/eZQBTjpBDsut\n"
+            + "eKwl+zpTitF8tJzwHAhcQHC2AaLF/GJl1rnjx4OfelMhKhN1Od9KU6onHGOd2w4m\n"
+            + "D4EiYK9TpXwuwTyzfkCmnkqxZjYK3KAJN013o4L+8y1zsGVUulpN/GfMaxTb4Xdm\n"
+            + "eSekTP91Phw3xezijBq3sa++1rO5RBaT1IHeHhHviC9WNrG8CIg/j5MyC9i43LZH\n"
+            + "iRXLER1LzT/MCIRsiG5AEbiYXV5BNd5SiiHtBJ1q0ZJH+AxL2ERaT41VCppboZwT\n"
+            + "hmJGGoky9FWjp6z8U6Enx0fAMJIZNEzW6LAJFKPEynEU004jFFCEumPUqqCC4ogx\n"
+            + "ulphY80CAwEAAaOCA3QwggNwMB8GA1UdIwQYMBaAFDna/8ooFIqodBMIueQOqdL6\n"
+            + "fp1pMB0GA1UdDgQWBBQ+S4ZhIrwOoeGs9BBT4uXq89Ux/jAOBgNVHQ8BAf8EBAMC\n"
+            + "BaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+            + "TwYDVR0gBEgwRjA7BgwrBgEEAbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6\n"
+            + "Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8wTTBLoEmg\n"
+            + "R4ZFaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRXh0ZW5kZWRWYWxp\n"
+            + "ZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGHBggrBgEFBQcBAQR7MHkwUQYIKwYB\n"
+            + "BQUHMAKGRWh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUV4dGVuZGVk\n"
+            + "VmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDov\n"
+            + "L29jc3AuY29tb2RvY2EuY29tMDoGA1UdEQQzMDGCL2NvbW9kb3JzYWNlcnRpZmlj\n"
+            + "YXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMIIBgAYKKwYBBAHWeQIEAgSC\n"
+            + "AXAEggFsAWoAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVz5\n"
+            + "cV7GAAAEAwBHMEUCIQCpgc0Eqw3g4pr+oX88h5xgL1VEAiDpqAhbRtilgYwBbgIg\n"
+            + "UaIm+n8AHi55nB//Sb4Nz18GYVcfELfpIzRh1vW9HbYAdwBWFAaaL9fC7NP14b1E\n"
+            + "sj7HRna5vJkRXMDvlJhV1onQ3QAAAVz5cVybAAAEAwBIMEYCIQDdsgC4KZ++OP44\n"
+            + "X7LbUcNaxe0kFzbctF2L3bnmhp9nXQIhAM0/g+PrZBIBpYlOtzidePi8bBHrLWn2\n"
+            + "uBiP3pYIntl4AHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFc\n"
+            + "+XFeoQAABAMASDBGAiEAoySTb/QKw7JwtZtPHnECEMzgENQSFy58Kl+Mvcd3SmcC\n"
+            + "IQD8cU66Ih3ejvt0OTX+lfxQPKyggQfm4Uk/lwn5LEJXbDANBgkqhkiG9w0BAQsF\n"
+            + "AAOCAQEAKEaSYWn3Hi8rfJS4cMTJoMkVp2vpPH2dGXySBEy67TEGRw9+f75w3q95\n"
+            + "r1m3P+xsR6dBoidTq/6wqUYI51lB4Fq9ylh1Stp5Gj54CuyT+S31l7lD7sl0KMsn\n"
+            + "HDUDQHId7hKeORYpiIZOcrKOglKdi1uiGwDgoiLKh98lUrZA6durrhH+sl69wqp2\n"
+            + "0XAu+3hurXzCoZFJfyngTO1kt9qcFUAxc5LofIa9QvC6VR7dI4aAh7dUpIRlnjG3\n"
+            + "jJ1mUMTqWO6TFTtddb+uQjDqNgkYYYNuSax1WMEIZWbIi13EjXK1GPQUXJe6gQin\n"
+            + "NUq9JH9NPK6m8A1YKT+wgzfTDeaV2Q==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=comodorsacertificationauthority-ev.comodoca.com,
+    // OU=COMODO EV SGC SSL, O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village",
+    // STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Greater Manchester,
+    // OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization,
+    // OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690
+    // Issuer: CN=COMODO RSA Extended Validation Secure Server CA,
+    // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
+    // Serial number: ff6ecae8c73f9b5ca811a1d2b14768be
+    // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIIGzCCBwOgAwIBAgIRAP9uyujHP5tcqBGh0rFHaL4wDQYJKoZIhvcNAQELBQAw\n"
+            + "gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\n"
+            + "BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD\n"
+            + "VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl\n"
+            + "ciBDQTAeFw0xNjA4MTcwMDAwMDBaFw0xODExMTYyMzU5NTlaMIIBXTERMA8GA1UE\n"
+            + "BRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFByaXZh\n"
+            + "dGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VRMRsw\n"
+            + "GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxFjAU\n"
+            + "BgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkxJTAj\n"
+            + "BgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGjAYBgNVBAoTEUNP\n"
+            + "TU9ETyBDQSBMaW1pdGVkMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDE4MDYG\n"
+            + "A1UEAxMvY29tb2RvcnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9j\n"
+            + "YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ/3mUAU46QQ7L\n"
+            + "rXisJfs6U4rRfLSc8BwIXEBwtgGixfxiZda548eDn3pTISoTdTnfSlOqJxxjndsO\n"
+            + "Jg+BImCvU6V8LsE8s35App5KsWY2CtygCTdNd6OC/vMtc7BlVLpaTfxnzGsU2+F3\n"
+            + "ZnknpEz/dT4cN8Xs4owat7GvvtazuUQWk9SB3h4R74gvVjaxvAiIP4+TMgvYuNy2\n"
+            + "R4kVyxEdS80/zAiEbIhuQBG4mF1eQTXeUooh7QSdatGSR/gMS9hEWk+NVQqaW6Gc\n"
+            + "E4ZiRhqJMvRVo6es/FOhJ8dHwDCSGTRM1uiwCRSjxMpxFNNOIxRQhLpj1KqgguKI\n"
+            + "MbpaYWPNAgMBAAGjggOcMIIDmDAfBgNVHSMEGDAWgBQ52v/KKBSKqHQTCLnkDqnS\n"
+            + "+n6daTAdBgNVHQ4EFgQUPkuGYSK8DqHhrPQQU+Ll6vPVMf4wDgYDVR0PAQH/BAQD\n"
+            + "AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n"
+            + "MEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQUBMCswKQYIKwYBBQUHAgEWHWh0dHBz\n"
+            + "Oi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6\n"
+            + "Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUV4dGVuZGVkVmFsaWRhdGlvblNl\n"
+            + "Y3VyZVNlcnZlckNBLmNybDCBhwYIKwYBBQUHAQEEezB5MFEGCCsGAQUFBzAChkVo\n"
+            + "dHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FFeHRlbmRlZFZhbGlkYXRp\n"
+            + "b25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNv\n"
+            + "bW9kb2NhLmNvbTBvBgNVHREEaDBmgi9jb21vZG9yc2FjZXJ0aWZpY2F0aW9uYXV0\n"
+            + "aG9yaXR5LWV2LmNvbW9kb2NhLmNvbYIzd3d3LmNvbW9kb3JzYWNlcnRpZmljYXRp\n"
+            + "b25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMIIBfAYKKwYBBAHWeQIEAgSCAWwE\n"
+            + "ggFoAWYAdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVaYyfL5\n"
+            + "AAAEAwBGMEQCIBW1F2heN1IccknFpDVED66I/tb4BpkqWLwqzn5dwWQXAiAzSPv7\n"
+            + "1zuXUelPvK6l1gOLB/6VlD7gwVGg7M3B1+Vt7wB1AFYUBpov18Ls0/XhvUSyPsdG\n"
+            + "drm8mRFcwO+UmFXWidDdAAABVpjJ8k0AAAQDAEYwRAIgfTjxLr4edpWLyOGi32TW\n"
+            + "48I3c0YWQMM5qsMe7zDzdrACIBng0I2+XksdOXoz5CKMAZGYict+TnZ/p7sRPAYo\n"
+            + "dl05AHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFWmMnyzgAA\n"
+            + "BAMARzBFAiBiTeFCsfBnC4gKolnPUpL5S0eEkb0esucY40qhPqUnDgIhAOZrZz3G\n"
+            + "fLtEq73nEdAfvocUQC7IdMTEJRceb25Pk5J/MA0GCSqGSIb3DQEBCwUAA4IBAQBB\n"
+            + "YldVJKeAwqpPejxa0h3n3G8WefmAJXJtBcMKMDZ8thofgOyVDnVTkNVtY5UwwV8D\n"
+            + "a0bt0UhCzr88v7BrZ8PNci3qiTQgGz9q27s4x64og47sGREoil/0h3xdZ8cWVsAa\n"
+            + "i/aIHD0frCktX/PUZClpAuTQwJgKHurl1Apn1+RVZ3gozebOOopXmopscgp3FQV0\n"
+            + "RqBVietPoq6koeaJKf2ux102yW/Ef4RxXLJOLZ7ynV4tbIGyz4q+RhXbDknNrUcZ\n"
+            + "ugRTCaWUQ3cxtFQjA6MvY4G4eTycyiQTf/qFH5D7mrqY9ZLUuwH3AgLx49UZvQMk\n"
+            + "03iaUVSV6CNAsQVv4S5p\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator) throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Fri Jun 30 07:20:56 PDT 2017", System.out);
+    }
+}
+
+class ComodoECC {
+
+    // Owner: CN=COMODO ECC Extended Validation Secure Server CA,
+    // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
+    // Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited,
+    // L=Salford, ST=Greater Manchester, C=GB
+    // Serial number: 61d4643b412b5d8d715499d8553aa03
+    // Valid from: Sun Apr 14 17:00:00 PDT 2013 until: Fri Apr 14 16:59:59 PDT 2028
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIDojCCAyigAwIBAgIQBh1GQ7QStdjXFUmdhVOqAzAKBggqhkjOPQQDAzCBhTEL\n"
+            + "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n"
+            + "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT\n"
+            + "IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTMwNDE1MDAw\n"
+            + "MDAwWhcNMjgwNDE0MjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy\n"
+            + "ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N\n"
+            + "T0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFs\n"
+            + "aWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n"
+            + "QgAEV3AaPyeTQy0aWXXkBJMR42DsJ5pnbliJe7ndaHzCDslVlY8ofpxeFiqluZrK\n"
+            + "KNcJeBU/Jl1YI9jLMyMZKsfSoaOCAWkwggFlMB8GA1UdIwQYMBaAFHVxpxlIGbyd\n"
+            + "nepBR9+UxEh3mdN5MB0GA1UdDgQWBBTTTsMZulhZ0Rxgt2FTRzund4/4ijAOBgNV\n"
+            + "HQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1MDMGBFUd\n"
+            + "IAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw\n"
+            + "TAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RP\n"
+            + "RUNDQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsG\n"
+            + "CCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9FQ0NBZGRU\n"
+            + "cnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29t\n"
+            + "MAoGCCqGSM49BAMDA2gAMGUCMQDmPWS98nREWdt4xB83r9MVvgG5INpKHi6V1dUY\n"
+            + "lCqvSvXXjK0QvZSrOB7cj9RavGgCMG2xJNG+SvlTWEYpmK7eXSgmRUgoBDeQ0yDK\n"
+            + "lnxmeeOBnnCaDIxAcA3aCj2Gtdt3sA==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=comodoecccertificationauthority-ev.comodoca.com, OU=COMODO EV SSL,
+    // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay,
+    // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ,
+    // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB,
+    // SERIALNUMBER=04058690
+    // Issuer: CN=COMODO ECC Extended Validation Secure Server CA, O=COMODO CA Limited,
+    // L=Salford, ST=Greater Manchester, C=GB
+    // Serial number: 414e5d66ec7d15ca504213f2811d57af
+    // Valid from: Mon Jul 03 17:00:00 PDT 2017 until: Thu Oct 03 16:59:59 PDT 2019
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGYDCCBgWgAwIBAgIQQU5dZux9FcpQQhPygR1XrzAKBggqhkjOPQQDAjCBkjEL\n"
+            + "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n"
+            + "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMT\n"
+            + "L0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\n"
+            + "MB4XDTE3MDcwNDAwMDAwMFoXDTE5MTAwMzIzNTk1OVowggFZMREwDwYDVQQFEwgw\n"
+            + "NDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP\n"
+            + "cmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZBgNV\n"
+            + "BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQGA1UE\n"
+            + "CRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMGA1UE\n"
+            + "CRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09NT0RP\n"
+            + "IENBIExpbWl0ZWQxFjAUBgNVBAsTDUNPTU9ETyBFViBTU0wxODA2BgNVBAMTL2Nv\n"
+            + "bW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMFkw\n"
+            + "EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt26qBS7TRu/yfR+RiqLAzW2C+UspFZlO\n"
+            + "Rc4EhLfNYMgFkoZKjEnwJzudH6a+uRPqPOhPgUd6PFfRQFOcLjmhgaOCA3EwggNt\n"
+            + "MB8GA1UdIwQYMBaAFNNOwxm6WFnRHGC3YVNHO6d3j/iKMB0GA1UdDgQWBBTpZ0tz\n"
+            + "KscFw6Z3vCEDFzGR5VSkVzAOBgNVHQ8BAf8EBAMCBYAwDAYDVR0TAQH/BAIwADAd\n"
+            + "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA7BgwrBgEE\n"
+            + "AbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv\n"
+            + "bS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5jb21v\n"
+            + "ZG9jYS5jb20vQ09NT0RPRUNDRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVy\n"
+            + "Q0EuY3JsMIGHBggrBgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQu\n"
+            + "Y29tb2RvY2EuY29tL0NPTU9ET0VDQ0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNl\n"
+            + "cnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29t\n"
+            + "MDoGA1UdEQQzMDGCL2NvbW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYu\n"
+            + "Y29tb2RvY2EuY29tMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgCkuQmQtBhY\n"
+            + "FIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAV0NLqsqAAAEAwBHMEUCIAz9Jjq3\n"
+            + "qLUd/a2PYZnLGsEG/MrL7vab5rmGBg8RGAJxAiEA7JJnar07NIjCLLO77xJ3UFcu\n"
+            + "UMM3M8JgGC8wbuRwxbUAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ\n"
+            + "3QAAAV0NLqjmAAAEAwBHMEUCIHRvPWKr7vPMBWx1gLPkt8inPINWPNSoax178e5A\n"
+            + "D0cPAiEAvRL/VP4DLiyHvcU9AOqTzQXGuWCzswWKG59hSm7gS4kAdQDuS723dc5g\n"
+            + "uuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAV0NLqsDAAAEAwBGMEQCIFALT043\n"
+            + "X5IffLsxIAGXTrWgkZHf12QKgrYKXVB629eOAiAIeci2xi3fUW6mU8tT4LwyjowV\n"
+            + "DkrSCw1ZMo0JApsfzTAKBggqhkjOPQQDAgNJADBGAiEA7HUxjwx0MBC+4PuPx4Z1\n"
+            + "WpKz7jdHOMTh1sdaoVV5hNoCIQDrnjBFUopXHTvm/rj+aMFIeYejggPqv14KJOqT\n"
+            + "gym+uA==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=comodoecccertificationauthority-ev.comodoca.com, OU=COMODO EV SSL,
+    // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay,
+    // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ,
+    // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB,
+    // SERIALNUMBER=04058690
+    // Issuer: CN=COMODO ECC Extended Validation Secure Server CA, O=COMODO CA Limited,
+    // L=Salford, ST=Greater Manchester, C=GB
+    // Serial number: 6923086d88824ee9800742fcb82fdaa
+    // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGizCCBjGgAwIBAgIQBpIwhtiIJO6YAHQvy4L9qjAKBggqhkjOPQQDAjCBkjEL\n"
+            + "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n"
+            + "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMT\n"
+            + "L0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\n"
+            + "MB4XDTE2MDgxNzAwMDAwMFoXDTE4MTExNjIzNTk1OVowggFZMREwDwYDVQQFEwgw\n"
+            + "NDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP\n"
+            + "cmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZBgNV\n"
+            + "BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQGA1UE\n"
+            + "CRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMGA1UE\n"
+            + "CRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09NT0RP\n"
+            + "IENBIExpbWl0ZWQxFjAUBgNVBAsTDUNPTU9ETyBFViBTU0wxODA2BgNVBAMTL2Nv\n"
+            + "bW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMFkw\n"
+            + "EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt26qBS7TRu/yfR+RiqLAzW2C+UspFZlO\n"
+            + "Rc4EhLfNYMgFkoZKjEnwJzudH6a+uRPqPOhPgUd6PFfRQFOcLjmhgaOCA50wggOZ\n"
+            + "MB8GA1UdIwQYMBaAFNNOwxm6WFnRHGC3YVNHO6d3j/iKMB0GA1UdDgQWBBTpZ0tz\n"
+            + "KscFw6Z3vCEDFzGR5VSkVzAOBgNVHQ8BAf8EBAMCBYAwDAYDVR0TAQH/BAIwADAd\n"
+            + "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEE\n"
+            + "AbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv\n"
+            + "bS9DUFMwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5jb21vZG9jYS5jb20v\n"
+            + "Q09NT0RPRUNDRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGH\n"
+            + "BggrBgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQuY29tb2RvY2Eu\n"
+            + "Y29tL0NPTU9ET0VDQ0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy\n"
+            + "dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMG8GA1UdEQRo\n"
+            + "MGaCL2NvbW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2Eu\n"
+            + "Y29tgjN3d3cuY29tb2RvZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21v\n"
+            + "ZG9jYS5jb20wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB3AGj2mPgfZIK+Oozu\n"
+            + "uSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABVpjKocAAAAQDAEgwRgIhAKIobm0UJdom\n"
+            + "Hrg1HZv6ESYoYQtlqBj5bR5Ge8RGF+7pAiEAupYu0q3X27KNIsrQpmSzfiEsCQWY\n"
+            + "C97ToQgEhbBNZUYAdQBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAA\n"
+            + "AVaYyqEdAAAEAwBGMEQCIEWbMoAJpig9oTbuW2R1x/sZwDbt0Z1iUhkbEwqhkRWu\n"
+            + "AiByCmEY/MEtEmVcsu3uMXtJ/SMBo1JcfFCHbPf5VleQpAB1AO5Lvbd1zmC64UJp\n"
+            + "H6vhnmajD35fsHLYgwDEe4l6qP3LAAABVpjKoaYAAAQDAEYwRAIgVB/p/u8amjg4\n"
+            + "Qlq0rKv4oYYqIVKL/kFtpeH3Lm4hpnwCIDYdBZBo2cpF+KjKDn68kqFysy7MbP9r\n"
+            + "h/zPjAm72GeRMAoGCCqGSM49BAMCA0gAMEUCIHL5pdruv0yoFggKHPN7PXT4BfRr\n"
+            + "1ksLXKgF/xANjsuFAiEA9bt7u96U5OrAzJBgSkJFmNE20vEdwoQDL+99JeX4bAc=\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator) throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Tue Jul 04 03:34:40 PDT 2017", System.out);
+    }
+}
+
+class ComodoUserTrustRSA {
+
+    // Owner: CN=USERTrust RSA Extended Validation Secure Server CA,
+    // O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
+    // Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network,
+    // L=Jersey City, ST=New Jersey, C=US
+    // Serial number: f6bb751efa7d2e8368e606407334f83
+    // Valid from: Sat Feb 11 16:00:00 PST 2012 until: Thu Feb 11 15:59:59 PST 2027
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGGTCCBAGgAwIBAgIQD2u3Ue+n0ug2jmBkBzNPgzANBgkqhkiG9w0BAQwFADCB\n"
+            + "iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\n"
+            + "cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\n"
+            + "BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIw\n"
+            + "MjEyMDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBlTELMAkGA1UEBhMCVVMxEzARBgNV\n"
+            + "BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\n"
+            + "aGUgVVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNVBAMTMlVTRVJUcnVzdCBSU0EgRXh0\n"
+            + "ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0B\n"
+            + "AQEFAAOCAQ8AMIIBCgKCAQEAlJwjjGNzAgMFwLu05RnhYFJS1PpbcyPH6VZOij+z\n"
+            + "PyvCILGvwXC8A+EgBthY080+kIlSxrNyOdnrUfNj8IsBtBlmtOF9nMWgD0Cb4HB1\n"
+            + "Y/tCNas8IHMtKr6eI4nJa4NjPhTcST+GtC8r+bVGHk0QpX4LbT+Z8WeE7pXIOUGs\n"
+            + "9j66/hsMwgnBxkQ9xXN0jhTFITUZfnCuM0vOo5hRYlCNtwD8iaHJPaKxYe6qHSKH\n"
+            + "WCBK7GUQiQRngry+YKLx3YtC3k/NQIyhaTLY/gUFi57kPcpZoa0h3RGfS9MpPFoe\n"
+            + "mk3rGH3jwjVFxR1ep1FtP/kprzLaR1UL81gxENhWvZEWXQIDAQABo4IBbjCCAWow\n"
+            + "HwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFC+BT+Jm\n"
+            + "+rxov5lDhFKJIDqC86SlMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/\n"
+            + "AgEAMDoGA1UdIAQzMDEwLwYEVR0gADAnMCUGCCsGAQUFBwIBFhlodHRwczovL2Nw\n"
+            + "cy51c2VydHJ1c3QuY29tMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl\n"
+            + "cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy\n"
+            + "bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy\n"
+            + "dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ\n"
+            + "aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAa2bX\n"
+            + "Xf22zjY/QLzzdZwJ9JO86qH/czwCFPK4o9Cb7rixQL9S7zHw1dm3n/+Lx5kT9lqx\n"
+            + "wB0dqoZ8o0XwFgVcksGz7QRhEBjrB0nSUNYG8kuFaMxRWa9ze6Ovov44WDrq1uyF\n"
+            + "npi3eeQiwMr3xHmY76b1NX0WqvlTTFw4L5DrcIohBz1zKVkRp7LH/s5vxjDECM+/\n"
+            + "erdy1WTILNFv09gwz4iFyfu/WmYYNUKlQJaSoUqja/KHcqY8zYKKjq5o982Ji3Ti\n"
+            + "/Odkx1NJA1Yf5ivDxxRFQmij6knL1pi1wgQxGjd67V3/+HfHF7MCRWk8mXnT32B9\n"
+            + "1Hk3jm10GL0R6y/XFsLhv0mGkmKD1vTP7vz1hdMLlVgxEs1k5dLMybtjUJ3LuENz\n"
+            + "avmZ/G/vOi284ZRo/gA/YjT5CeeWgI11IHbpRDAqKy4BWhmtIi11u12i9ftPxxrD\n"
+            + "/VwHtC0hTTOBnYgbJAK9ZLvaJUBU22EimU4Jv3ELkeV7SWedbAdfjXolI1mCcAbq\n"
+            + "RgzRC+RaTloSmO2dWicDBW7KlRHmKZXrkDUAExSBY/1j9HmNcYzWv4NCTtK7t0en\n"
+            + "gsE/OP2b7zHrHWtC/F1JwOCrH1JkbPA7c/6nNJVY2AscGM16pIU89OL0Ez1PyZYG\n"
+            + "4fokbdNREXoShKClNIPbB5iY+WdSzb9CKLyb96g=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=usertrustrsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL,
+    // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay,
+    // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ,
+    // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB,
+    // SERIALNUMBER=04058690
+    // Issuer: CN=USERTrust RSA Extended Validation Secure Server CA, O=The USERTRUST Network,
+    // L=Jersey City, ST=New Jersey, C=US
+    // Serial number: ffcada019c9fb1155a32300083cb99c9
+    // Valid from: Mon Jul 03 17:00:00 PDT 2017 until: Thu Oct 03 16:59:59 PDT 2019
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIIATCCBumgAwIBAgIRAP/K2gGcn7EVWjIwAIPLmckwDQYJKoZIhvcNAQELBQAw\n"
+            + "gZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK\n"
+            + "ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMTswOQYD\n"
+            + "VQQDEzJVU0VSVHJ1c3QgUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNl\n"
+            + "cnZlciBDQTAeFw0xNzA3MDQwMDAwMDBaFw0xOTEwMDMyMzU5NTlaMIIBYDERMA8G\n"
+            + "A1UEBRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFBy\n"
+            + "aXZhdGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VR\n"
+            + "MRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQx\n"
+            + "FjAUBgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkx\n"
+            + "JTAjBgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGjAYBgNVBAoT\n"
+            + "EUNPTU9ETyBDQSBMaW1pdGVkMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDE7\n"
+            + "MDkGA1UEAxMydXNlcnRydXN0cnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5j\n"
+            + "b21vZG9jYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeH+vF\n"
+            + "6JjCktrrnV4u8adH5ESuENaRNm2plwfD07Lskva4QvIQ9sz6/RrPjRwEdLRtBkll\n"
+            + "taZc26QxQxLAhvjPu3w5eXHP26/ES5++WoGXip4L/PcukUFFEcR6ujfIYpXCSh7V\n"
+            + "o/Y+rtR2L7uLt5Vll0DW2JzFlaj9QFT2bBsg5ip//jHNnobz3WEpv40C64R/Ebna\n"
+            + "9dmXyh0xOF8e4OWR9LudkxAFo7jQol5IQGGv7lMhLt3u1ZbJ78XqgRDT50cGIX0/\n"
+            + "JnV1eg7xq57/zSY/7QUxhOZEWwoeB7pmOiN8f1wuVHmROq0/lOqHkYFDjOne7IgE\n"
+            + "FTrKUqn080eR7AZRAgMBAAGjggN8MIIDeDAfBgNVHSMEGDAWgBQvgU/iZvq8aL+Z\n"
+            + "Q4RSiSA6gvOkpTAdBgNVHQ4EFgQUfPty8OfUth7Yz7PimXBCfuu33fwwDgYDVR0P\n"
+            + "AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\n"
+            + "AQUFBwMCMEsGA1UdIAREMEIwNwYMKwYBBAGyMQECAQUBMCcwJQYIKwYBBQUHAgEW\n"
+            + "GWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wBwYFZ4EMAQEwWgYDVR0fBFMwUTBP\n"
+            + "oE2gS4ZJaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUV4dGVu\n"
+            + "ZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBjQYIKwYBBQUHAQEEgYAw\n"
+            + "fjBVBggrBgEFBQcwAoZJaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVz\n"
+            + "dFJTQUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAlBggrBgEF\n"
+            + "BQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA9BgNVHREENjA0gjJ1c2Vy\n"
+            + "dHJ1c3Ryc2FjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9kb2NhLmNvbTCC\n"
+            + "AX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5\n"
+            + "G9+443fNDsgN3BAAAAFdDU2iYQAABAMARzBFAiB0o4GnVHD8MeVQ32D0XYu+EQQW\n"
+            + "jvN78rmCfk0OEBxyFAIhAKgyctIn0IaDJiZzsrtAiqEnkcMtuh8o+R0Rqw1ygAjk\n"
+            + "AHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFdDU2gFgAABAMA\n"
+            + "SDBGAiEA7mcmZ8H5uHuNCdI0CVxsqDZQcZX/gVk94KckePkzQoACIQCHwm5hcvNC\n"
+            + "M8vNmFkboQN79DglRctHrlh143A6mUTk8QB2AO5Lvbd1zmC64UJpH6vhnmajD35f\n"
+            + "sHLYgwDEe4l6qP3LAAABXQ1NojoAAAQDAEcwRQIhAPqwijgE0Fr6uJ+yF+TvyXco\n"
+            + "Hduv9h7R5WWwJfghXiMyAiBB4+fJm4rIcOnJBZmOqFnRpIjPN0jwDqJT0nDHxaXA\n"
+            + "nDANBgkqhkiG9w0BAQsFAAOCAQEACXitF1bTEvV1HX11WrT/XuoMhsoPK4TS16rs\n"
+            + "FqztV4iXKlA1/h5qbsjYY1gVrM+/6kQkmEs5qrxsek2WNxY80NO3WAzroRJ3H9Sd\n"
+            + "mPn0No2P8LZ5Fs5hvaD/PfWO5xxey80c3kGyvWOej90P3IrL/1RiULyh95TrXBjI\n"
+            + "ddCBsZ28904wsQUrPBPMpiu0DKl1HR/em9WkcipMi+onJxxFWjucssz5PW/BzGYF\n"
+            + "jfWLDEI0tN5L4CWV3iVXFXOURY1Mwhtsey9jvlEyxSsys55QdKF40yGgtV9VC+os\n"
+            + "7hJP33+qA0cvCTaRytiPP6z/l2G/KSIXTyv6SxzGhsTFfzLAOg==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=usertrustrsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL,
+    // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay,
+    // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ,
+    // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB,
+    // SERIALNUMBER=04058690
+    // Issuer: CN=USERTrust RSA Extended Validation Secure Server CA, O=The USERTRUST Network,
+    // L=Jersey City, ST=New Jersey, C=US
+    // Serial number: 643d7e2b0112d51a05a4efb266ebd70d
+    // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIILjCCBxagAwIBAgIQZD1+KwES1RoFpO+yZuvXDTANBgkqhkiG9w0BAQsFADCB\n"
+            + "lTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\n"
+            + "cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNV\n"
+            + "BAMTMlVTRVJUcnVzdCBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2Vy\n"
+            + "dmVyIENBMB4XDTE2MDgxNzAwMDAwMFoXDTE4MTExNjIzNTk1OVowggFgMREwDwYD\n"
+            + "VQQFEwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJp\n"
+            + "dmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVEx\n"
+            + "GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEW\n"
+            + "MBQGA1UECRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTEl\n"
+            + "MCMGA1UECRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMR\n"
+            + "Q09NT0RPIENBIExpbWl0ZWQxGjAYBgNVBAsTEUNPTU9ETyBFViBTR0MgU1NMMTsw\n"
+            + "OQYDVQQDEzJ1c2VydHJ1c3Ryc2FjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNv\n"
+            + "bW9kb2NhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ4f68Xo\n"
+            + "mMKS2uudXi7xp0fkRK4Q1pE2bamXB8PTsuyS9rhC8hD2zPr9Gs+NHAR0tG0GSWW1\n"
+            + "plzbpDFDEsCG+M+7fDl5cc/br8RLn75agZeKngv89y6RQUURxHq6N8hilcJKHtWj\n"
+            + "9j6u1HYvu4u3lWWXQNbYnMWVqP1AVPZsGyDmKn/+Mc2ehvPdYSm/jQLrhH8Rudr1\n"
+            + "2ZfKHTE4Xx7g5ZH0u52TEAWjuNCiXkhAYa/uUyEu3e7VlsnvxeqBENPnRwYhfT8m\n"
+            + "dXV6DvGrnv/NJj/tBTGE5kRbCh4HumY6I3x/XC5UeZE6rT+U6oeRgUOM6d7siAQV\n"
+            + "OspSqfTzR5HsBlECAwEAAaOCA6owggOmMB8GA1UdIwQYMBaAFC+BT+Jm+rxov5lD\n"
+            + "hFKJIDqC86SlMB0GA1UdDgQWBBR8+3Lw59S2HtjPs+KZcEJ+67fd/DAOBgNVHQ8B\n"
+            + "Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n"
+            + "BQUHAwIwQgYDVR0gBDswOTA3BgwrBgEEAbIxAQIBBQEwJzAlBggrBgEFBQcCARYZ\n"
+            + "aHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTBaBgNVHR8EUzBRME+gTaBLhklodHRw\n"
+            + "Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBRXh0ZW5kZWRWYWxpZGF0\n"
+            + "aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGNBggrBgEFBQcBAQSBgDB+MFUGCCsGAQUF\n"
+            + "BzAChklodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBRXh0ZW5k\n"
+            + "ZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRw\n"
+            + "Oi8vb2NzcC51c2VydHJ1c3QuY29tMHUGA1UdEQRuMGyCMnVzZXJ0cnVzdHJzYWNl\n"
+            + "cnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tgjZ3d3cudXNlcnRy\n"
+            + "dXN0cnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9jYS5jb20wggF+\n"
+            + "BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE\n"
+            + "0QpnrLtPT/vEAAABVpjLYnEAAAQDAEcwRQIhAL6/noD1PEwlZBByj9MKJSXPrEpW\n"
+            + "jpL335zhD+hrmvuqAiBizohmz9W29E8DoEuhca5PzKL8lSl5DpAOUGjMN0ihmgB2\n"
+            + "AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABVpjLYOgAAAQDAEcw\n"
+            + "RQIhAIRRWFG7M/XEgivLEdgEHWVNN7hk2QdVTvjr1DfRV2c3AiADq0LWpJ3dV7Je\n"
+            + "2Z3zKvqJEmRFNj5Pn9TwsIcEe1iNNgB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLY\n"
+            + "gwDEe4l6qP3LAAABVpjLYZ8AAAQDAEcwRQIge8b8UhHJWJ8/XWGIg6rQpaVXGP6q\n"
+            + "evL01KFNB28t8VQCIQCzddHCr/LLTVE+dB4kZHxuW5pOB+AtZlrAAQcuLoEauDAN\n"
+            + "BgkqhkiG9w0BAQsFAAOCAQEAPYqfbjlMjMJ2CEoIOUih/1BBnzXXkmmqXsXFI9gJ\n"
+            + "/tV1u4OzYOXHwOPhy/1JHv5dtNDSzyoeagYcjxEpl64kAJHrtzYwFlrqCU1xSIwd\n"
+            + "qrfmupyc5JwRqGE0Q01lryCxflUikh/pyDBtsxED4r+Topb+QwVZCzIMtOr49/S9\n"
+            + "GHA7HJo6nwSoV6rfrnLDCtcJN4ezEzOs7MOOq9K1MiAoAOXa/maelXwqbNGVpN2p\n"
+            + "HihRuBRDqusdS8zNGPxhvbviCDf8mJRvFoPgk/5o6mxf6bKfjmtkWOxMApvJU3Nd\n"
+            + "ib1aMX9KArEiNFwHFxOSYmE8c8x/zhLlk1btOo7gQrVNyw==\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator) throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Tue Jul 04 04:09:55 PDT 2017", System.out);
+    }
+}
+
+class ComodoUserTrustECC {
+
+    // Owner: CN=USERTrust ECC Extended Validation Secure Server CA, O=The USERTRUST Network,
+    // L=Jersey City, ST=New Jersey, C=US
+    // Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network,
+    // L=Jersey City, ST=New Jersey, C=US
+    // Serial number: 3d09b24f5c08a7ce8eb85a51d3c1aa52
+    // Valid from: Sun Apr 14 17:00:00 PDT 2013 until: Fri Apr 14 16:59:59 PDT 2028
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIDwTCCA0igAwIBAgIQPQmyT1wIp86OuFpR08GqUjAKBggqhkjOPQQDAzCBiDEL\n"
+            + "MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl\n"
+            + "eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT\n"
+            + "JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTMwNDE1\n"
+            + "MDAwMDAwWhcNMjgwNDE0MjM1OTU5WjCBlTELMAkGA1UEBhMCVVMxEzARBgNVBAgT\n"
+            + "Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg\n"
+            + "VVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNVBAMTMlVTRVJUcnVzdCBFQ0MgRXh0ZW5k\n"
+            + "ZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMFkwEwYHKoZIzj0CAQYIKoZI\n"
+            + "zj0DAQcDQgAEkSRGk0F0N82ZCZ+kVZ/StqVUiWRirw1ebViS06+j+HgS9xZKRGh7\n"
+            + "bqSas/gNMyg1LZusGu5IvEmXmNC5hzOT06OCAYMwggF/MB8GA1UdIwQYMBaAFDrh\n"
+            + "CYbUzxnClnZ0SXbc4DXGY2OaMB0GA1UdDgQWBBQqnFr5TqEw2kBLK+lL8fWc3AL5\n"
+            + "LjAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADA/BgNVHSAEODA2\n"
+            + "MDQGBFUdIAAwLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9jcHMudHJ1c3QtcHJvdmlk\n"
+            + "ZXIuY29tMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly9jcmwudHJ1c3QtcHJvdmlk\n"
+            + "ZXIuY29tL1VTRVJUcnVzdEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMIGA\n"
+            + "BggrBgEFBQcBAQR0MHIwRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQudHJ1c3QtcHJv\n"
+            + "dmlkZXIuY29tL1VTRVJUcnVzdEVDQ0FkZFRydXN0Q0EuY3J0MCoGCCsGAQUFBzAB\n"
+            + "hh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5jb20wCgYIKoZIzj0EAwMDZwAw\n"
+            + "ZAIwSzIqrW8TN9/aCfkhUtz0t8IIK+Z46z3wm+crwjThpQ/VoPgTNbvP/lGTi1xR\n"
+            + "qJvLAjBFa27l4uqeAQZHNJnIx1Mu9OXzoJelx1cYP7ToQUms/g+PK77yImJcXUU3\n"
+            + "s1rWGRU=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=usertrustecccertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL,
+    // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay,
+    // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ,
+    // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB,
+    // SERIALNUMBER=04058690
+    // Issuer: CN=USERTrust ECC Extended Validation Secure Server CA, O=The USERTRUST Network,
+    // L=Jersey City, ST=New Jersey, C=US
+    // Serial number: 9bd0c93cac9ca2edc1a7dd923316b3c6
+    // Valid from: Mon Jul 03 17:00:00 PDT 2017 until: Thu Oct 03 16:59:59 PDT 2019
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGhzCCBi2gAwIBAgIRAJvQyTysnKLtwafdkjMWs8YwCgYIKoZIzj0EAwIwgZUx\n"
+            + "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz\n"
+            + "ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMTswOQYDVQQD\n"
+            + "EzJVU0VSVHJ1c3QgRUNDIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl\n"
+            + "ciBDQTAeFw0xNzA3MDQwMDAwMDBaFw0xOTEwMDMyMzU5NTlaMIIBYDERMA8GA1UE\n"
+            + "BRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFByaXZh\n"
+            + "dGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VRMRsw\n"
+            + "GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxFjAU\n"
+            + "BgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkxJTAj\n"
+            + "BgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGjAYBgNVBAoTEUNP\n"
+            + "TU9ETyBDQSBMaW1pdGVkMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDE7MDkG\n"
+            + "A1UEAxMydXNlcnRydXN0ZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21v\n"
+            + "ZG9jYS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQtMl8R33ZaWD6H8BW0\n"
+            + "+wybBf0+6+L5YYK/eyAVGm6vwjLaQZWlcdFBMKfaP1qTLi0VAabs4baSUkD8wR56\n"
+            + "8pVpo4IDjjCCA4owHwYDVR0jBBgwFoAUKpxa+U6hMNpASyvpS/H1nNwC+S4wHQYD\n"
+            + "VR0OBBYEFLOtYfOaIfDHZGubtKNELRR6A2srMA4GA1UdDwEB/wQEAwIFgDAMBgNV\n"
+            + "HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQBgNVHSAE\n"
+            + "STBHMDwGDCsGAQQBsjEBAgEFATAsMCoGCCsGAQUFBwIBFh5odHRwczovL2Nwcy50\n"
+            + "cnVzdC1wcm92aWRlci5jb20wBwYFZ4EMAQEwXwYDVR0fBFgwVjBUoFKgUIZOaHR0\n"
+            + "cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vVVNFUlRydXN0RUNDRXh0ZW5kZWRW\n"
+            + "YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGYBggrBgEFBQcBAQSBizCBiDBa\n"
+            + "BggrBgEFBQcwAoZOaHR0cDovL2NydC50cnVzdC1wcm92aWRlci5jb20vVVNFUlRy\n"
+            + "dXN0RUNDRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCoGCCsG\n"
+            + "AQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5jb20wPQYDVR0RBDYw\n"
+            + "NIIydXNlcnRydXN0ZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9j\n"
+            + "YS5jb20wggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AKS5CZC0GFgUh7sTosxn\n"
+            + "cAo8NZgE+RvfuON3zQ7IDdwQAAABXQ0/jQ0AAAQDAEYwRAIgPbaNWgoi6OfyNwL2\n"
+            + "+jiySsoLrkx+0d4NJE1WnZQcfzwCICW4yvsXaMxoOXpQp3EPgrYk5Ajfvy/dY3Ui\n"
+            + "0/dbQtHxAHYAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFdDT+K\n"
+            + "xwAABAMARzBFAiB3GQasrX+akoHX02ZvXCcvhWCqv6qQOhLCUqflPoRbuAIhALwe\n"
+            + "hrQo8S1Tm5vbMcxGiViq5ZcawxENWhxZ9hS0BZweAHUA7ku9t3XOYLrhQmkfq+Ge\n"
+            + "ZqMPfl+wctiDAMR7iXqo/csAAAFdDT+M4AAABAMARjBEAiAjvp8w/fdTVW1VGE0T\n"
+            + "I0YcCIXTYFDgzUMsEUiKHANAgwIgETQUcac7Hiis2fgQ+GdGF9yuh+xMo2Z8QXNu\n"
+            + "1Cknf+8wCgYIKoZIzj0EAwIDSAAwRQIgQ5UiUI7xodmmMYNs3CmqlZHw/04BQRAR\n"
+            + "4gRm7blZSIMCIQDHvIWTaPzSO6vwVzs6wSD6FqebLiFxoddC6aZG8Nm0wQ==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=usertrustecccertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL,
+    // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay,
+    // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ,
+    // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB,
+    // SERIALNUMBER=04058690
+    // Issuer: CN=USERTrust ECC Extended Validation Secure Server CA, O=The USERTRUST Network,
+    // L=Jersey City, ST=New Jersey, C=US
+    // Serial number: 4a2545ad661540057c81281ff8c101b9
+    // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGtzCCBlygAwIBAgIQSiVFrWYVQAV8gSgf+MEBuTAKBggqhkjOPQQDAjCBlTEL\n"
+            + "MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl\n"
+            + "eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNVBAMT\n"
+            + "MlVTRVJUcnVzdCBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy\n"
+            + "IENBMB4XDTE2MDgxNzAwMDAwMFoXDTE4MTExNjIzNTk1OVowggFgMREwDwYDVQQF\n"
+            + "EwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0\n"
+            + "ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZ\n"
+            + "BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQG\n"
+            + "A1UECRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMG\n"
+            + "A1UECRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09N\n"
+            + "T0RPIENBIExpbWl0ZWQxGjAYBgNVBAsTEUNPTU9ETyBFViBTR0MgU1NMMTswOQYD\n"
+            + "VQQDEzJ1c2VydHJ1c3RlY2NjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9k\n"
+            + "b2NhLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC0yXxHfdlpYPofwFbT7\n"
+            + "DJsF/T7r4vlhgr97IBUabq/CMtpBlaVx0UEwp9o/WpMuLRUBpuzhtpJSQPzBHnry\n"
+            + "lWmjggO+MIIDujAfBgNVHSMEGDAWgBQqnFr5TqEw2kBLK+lL8fWc3AL5LjAdBgNV\n"
+            + "HQ4EFgQUs61h85oh8Mdka5u0o0QtFHoDayswDgYDVR0PAQH/BAQDAgWAMAwGA1Ud\n"
+            + "EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEcGA1UdIARA\n"
+            + "MD4wPAYMKwYBBAGyMQECAQUBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vY3BzLnRy\n"
+            + "dXN0LXByb3ZpZGVyLmNvbTBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsLnRy\n"
+            + "dXN0LXByb3ZpZGVyLmNvbS9VU0VSVHJ1c3RFQ0NFeHRlbmRlZFZhbGlkYXRpb25T\n"
+            + "ZWN1cmVTZXJ2ZXJDQS5jcmwwgZgGCCsGAQUFBwEBBIGLMIGIMFoGCCsGAQUFBzAC\n"
+            + "hk5odHRwOi8vY3J0LnRydXN0LXByb3ZpZGVyLmNvbS9VU0VSVHJ1c3RFQ0NFeHRl\n"
+            + "bmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwKgYIKwYBBQUHMAGGHmh0\n"
+            + "dHA6Ly9vY3NwLnRydXN0LXByb3ZpZGVyLmNvbTB1BgNVHREEbjBsgjJ1c2VydHJ1\n"
+            + "c3RlY2NjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9kb2NhLmNvbYI2d3d3\n"
+            + "LnVzZXJ0cnVzdGVjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2Eu\n"
+            + "Y29tMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQBo9pj4H2SCvjqM7rkoHUz8\n"
+            + "cVFdZ5PURNEKZ6y7T0/7xAAAAVaYy/EsAAAEAwBGMEQCIATN694opYRAY9yCNZXZ\n"
+            + "TBJapGSqKHg1GBtlifmy+WB+AiACeljNAF3VK9Ma1bbJiRtB9ZRAN7mPbzaC3wha\n"
+            + "+5riaAB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABVpjL8F8A\n"
+            + "AAQDAEcwRQIgLq1mfWnNQWNTtQYtNCWm8wUm1Jez6AqfzmFLKJc4NC8CIQCsaHIH\n"
+            + "b/nKPPyKL9hxi2o5n0K3DpnHFv5V+0dtTBjOCgB2AO5Lvbd1zmC64UJpH6vhnmaj\n"
+            + "D35fsHLYgwDEe4l6qP3LAAABVpjL8RMAAAQDAEcwRQIhAOR5Hx0Mq6iX7lE6mfIR\n"
+            + "efJknMqXCnjcDsvzk6ZiXwSQAiB31TTkVHIVyscNYsup34Vcid7nWMuZiLjEElBo\n"
+            + "vYYh3jAKBggqhkjOPQQDAgNJADBGAiEA0CZ8Utr9boJ2y9mfVkOv2US4Nk9oWT/y\n"
+            + "P5YGb+ox/EICIQCBHZdD3tPNJ5BDkIdUCjnaFkNsHJchsU8e5a+1CV4knQ==\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator) throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Tue Jul 04 03:51:20 PDT 2017", System.out);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,280 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8189131
+ * @summary Interoperability tests with "D-Trust Root Class 3 CA 2 2009" and
+ *          "D-Trust Root Class 3 CA 2 EV 2009" CAs
+ * @build ValidatePathWithParams
+ * @run main/othervm -Djava.security.debug=certpath DTrustCA OCSP
+ * @run main/othervm -Djava.security.debug=certpath DTrustCA CRL
+ */
+public class DTrustCA {
+
+    public static void main(String[] args) throws Exception {
+
+        ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
+
+        boolean ocspEnabled = true;
+
+        if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
+            pathValidator.enableCRLCheck();
+            ocspEnabled = false;
+        } else {
+            // OCSP check by default
+            pathValidator.enableOCSPCheck();
+        }
+
+        new RootClass3CA2().runTest(pathValidator, ocspEnabled);
+        new RootClass3CA2EV().runTest(pathValidator, ocspEnabled);
+    }
+}
+
+class RootClass3CA2 {
+
+    // Owner: CN=D-TRUST SSL Class 3 CA 1 2009, O=D-Trust GmbH, C=DE
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFMjCCBBqgAwIBAgIDCZBjMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF\n"
+            + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD\n"
+            + "bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMTIxMjQ2NTVaFw0yOTExMDUwODM1NTha\n"
+            + "MEwxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJjAkBgNVBAMM\n"
+            + "HUQtVFJVU1QgU1NMIENsYXNzIDMgQ0EgMSAyMDA5MIIBIjANBgkqhkiG9w0BAQEF\n"
+            + "AAOCAQ8AMIIBCgKCAQEAoal0SyLSijE0JkuhHJmOCbmQznyxuSY7DaEwhUsdUpI+\n"
+            + "2llkDLz6s9BWQe1zCVXDhrt3qz5U5H4h6jxm5Ec+ZbFiU3Gv2yxpI5cRPrqj9mJU\n"
+            + "1CGgy1+29khuUnoopzSq66HPuGZGh06I7bJkXTQ7AQ92z1MdL2wATj1UWdNid3sQ\n"
+            + "NiWIm+69nURHY6tmCNenNcG6aV4qjHMUPsjpCRabNY9nUO12rsmiDW2mbAC3gcxQ\n"
+            + "lqLgLYur9HvB8cW0xu2JZ/B3PXmNphVuWskp3Y1u0SvIYzuEsE7lWDbBmtWZtabB\n"
+            + "hzThkDQvd+3keQ1sU/beq1NeXfgKzQ5G+4Ql2PUY/wIDAQABo4ICGjCCAhYwHwYD\n"
+            + "VR0jBBgwFoAU/doUxJ8w3iG9HkI5/KtjI0ng8YQwRAYIKwYBBQUHAQEEODA2MDQG\n"
+            + "CCsGAQUFBzABhihodHRwOi8vcm9vdC1jMy1jYTItMjAwOS5vY3NwLmQtdHJ1c3Qu\n"
+            + "bmV0MF8GA1UdIARYMFYwVAYEVR0gADBMMEoGCCsGAQUFBwIBFj5odHRwOi8vd3d3\n"
+            + "LmQtdHJ1c3QubmV0L2ludGVybmV0L2ZpbGVzL0QtVFJVU1RfUm9vdF9QS0lfQ1BT\n"
+            + "LnBkZjAzBgNVHREELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZodHRwOi8vd3d3LmQt\n"
+            + "dHJ1c3QubmV0MIHTBgNVHR8EgcswgcgwgYCgfqB8hnpsZGFwOi8vZGlyZWN0b3J5\n"
+            + "LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El\n"
+            + "MjAyJTIwMjAwOSxPPUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZv\n"
+            + "Y2F0aW9ubGlzdDBDoEGgP4Y9aHR0cDovL3d3dy5kLXRydXN0Lm5ldC9jcmwvZC10\n"
+            + "cnVzdF9yb290X2NsYXNzXzNfY2FfMl8yMDA5LmNybDAdBgNVHQ4EFgQUUBkylJrE\n"
+            + "tQRNVtDAgyHVNVWwsXowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C\n"
+            + "AQAwDQYJKoZIhvcNAQELBQADggEBABM5QRHX/yInsmZLWVlvmWmKb3c4IB3hAIVR\n"
+            + "sAGhkvQJ/RD1GZjZUBBYMWkD1P37fTQxlqTOe3NecVvElkYZuCq7HSM6o7awzb3m\n"
+            + "yLn1kN+hDCsxX0EYbVSNjEjkW3QEkqJH9owH4qeMDxf7tfXB7BVKO+rarYPa2PR8\n"
+            + "Wz2KhjFDmAeFg2J89YcpeJJEEJXoweAkgJEEwwEIfJ2yLjYo78RD0Rvij/+zkfj9\n"
+            + "+dSvTiZTuqicyo37qNoYHgchuqXnKodhWkW89oo2NKhfeNHHbqvXEJmx0PbI6YyQ\n"
+            + "50GnYECZRHNKhgbPEtNy/QetU53aWlTlvu4NIwLW5XVsrxlQ2Zw=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=certdemo-ov-valid.ssl.d-trust.net, O=D-Trust GmbH, OU=IT,
+    // L=Berlin, ST=Berlin, C=DE, SERIALNUMBER=DTRWS354803406304201, DNQ=7223150018
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIF1jCCBL6gAwIBAgIDD07RMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkRF\n"
+            + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJjAkBgNVBAMMHUQtVFJVU1QgU1NMIENs\n"
+            + "YXNzIDMgQ0EgMSAyMDA5MB4XDTEyMTIxMTEwMTgzN1oXDTE1MTIyMTExMTgwOVow\n"
+            + "gbMxEzARBgNVBC4TCjcyMjMxNTAwMTgxHTAbBgNVBAUTFERUUldTMzU0ODAzNDA2\n"
+            + "MzA0MjAxMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZC\n"
+            + "ZXJsaW4xCzAJBgNVBAsMAklUMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV\n"
+            + "BAMMIWNlcnRkZW1vLW92LXZhbGlkLnNzbC5kLXRydXN0Lm5ldDCCASIwDQYJKoZI\n"
+            + "hvcNAQEBBQADggEPADCCAQoCggEBAMbo9ih0Bo4zKaKwl+mClCxhedC3YOpBzrun\n"
+            + "zbqYJuy6vbHuZdMtU3nO7ziTPbnoVFboKmyEtAMwJ+qudHdWaa/nA4Hlhmg5+CWZ\n"
+            + "OolX3VmMlrZ+LpaeajduOgDa7DQDcixZ+ndd24Xc/u9L83CH7ziQDs4XNJxx63Wf\n"
+            + "lSMKBKkmvry7CfCXcsR4dYW8tTBm1PESJZVNqOKkOiwHwMA69knpXwghmDbKgZro\n"
+            + "01chjeyYb39ZhwHNWlxh5rgd2HZpgrl8kUY3yV9PrQcjFPbKT6ZgHfRiHlax4vbX\n"
+            + "qiHHcHRr7iVPruyCf0DU3BqhDVUhnrJ+vqTyg+m/OJduznF2nXcCAwEAAaOCAlcw\n"
+            + "ggJTMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRQ\n"
+            + "GTKUmsS1BE1W0MCDIdU1VbCxejBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGG\n"
+            + "J2h0dHA6Ly9zc2wtYzMtY2ExLTIwMDkub2NzcC5kLXRydXN0Lm5ldDBmBgNVHSAE\n"
+            + "XzBdMFsGCysGAQQBpTQCgUgBMEwwSgYIKwYBBQUHAgEWPmh0dHA6Ly93d3cuZC10\n"
+            + "cnVzdC5uZXQvaW50ZXJuZXQvZmlsZXMvRC1UUlVTVF9Sb290X1BLSV9DUFMucGRm\n"
+            + "MIHRBgNVHR8EgckwgcYwgcOggcCggb2GeWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVz\n"
+            + "dC5uZXQvQ049RC1UUlVTVCUyMFNTTCUyMENsYXNzJTIwMyUyMENBJTIwMSUyMDIw\n"
+            + "MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxp\n"
+            + "c3SGQGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfc3NsX2NsYXNz\n"
+            + "XzNfY2FfMV8yMDA5LmRlci5jcmwwMwYDVR0SBCwwKoEQaW5mb0BkLXRydXN0Lm5l\n"
+            + "dIYWaHR0cDovL3d3dy5kLXRydXN0Lm5ldDAdBgNVHQ4EFgQUHjGMR/EdDBRf+Ejf\n"
+            + "WW5a8beoBrwwDgYDVR0PAQH/BAQDAgSwMCwGA1UdEQQlMCOCIWNlcnRkZW1vLW92\n"
+            + "LXZhbGlkLnNzbC5kLXRydXN0Lm5ldDANBgkqhkiG9w0BAQsFAAOCAQEAGN4yxyF3\n"
+            + "sszODgDSkCNX1s4R874jmBmMYy4Af9/kwKNp2GtqPPhnDu8VFtq0bqs1e06XZ4/W\n"
+            + "6pUPRZIlynjPASkQl+aJGzyZlaH+K0Al80M/7FRRmLCW9Do/RszRihdhcjeyG+Bi\n"
+            + "2k+A35aVqKMAWzoH4M7TCPg4+ECltaFgJ+25loXl3j0yiP/DmBwATO80Nx78ILl5\n"
+            + "D6cDyftMKUwdKKlUsB2RMOJsVBcotBMGTB1i/YoSKIu6t7QnoVFMHEia2wZegPCj\n"
+            + "hBKhLf/Zde/VrSN3IIft93XRabqXWqjpDCvpb/b06/0o5aZIycrj+Kya54dsdXMO\n"
+            + "FRy9N0HZYzvt9g==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=certdemo-ov-revoked.ssl.d-trust.net, O=D-Trust GmbH, OU=IT,
+    // L=Berlin, ST=Berlin, C=DE, DNQ=5562882417
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFuzCCBKOgAwIBAgIDExFnMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkRF\n"
+            + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJjAkBgNVBAMMHUQtVFJVU1QgU1NMIENs\n"
+            + "YXNzIDMgQ0EgMSAyMDA5MB4XDTE0MDYyNjE2MTg1NloXDTE1MDYyOTE2MTg1Nlow\n"
+            + "gZYxEzARBgNVBC4TCjU1NjI4ODI0MTcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC\n"
+            + "ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjELMAkGA1UECxMCSVQxFTATBgNVBAoTDEQt\n"
+            + "VHJ1c3QgR21iSDEsMCoGA1UEAxMjY2VydGRlbW8tb3YtcmV2b2tlZC5zc2wuZC10\n"
+            + "cnVzdC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtdH2wqHgG\n"
+            + "tqlekrfRQzJuhMzRllfYcmmsxr7jsnwgPe0+zib+GeTDm9U5+XKjT1uYETL501ov\n"
+            + "HfKsZ/aK+k58iFF5evEtdHic/2v868uwxcm/Kcn+zt2uX9QvfSUzJPQkW/Ynu3w2\n"
+            + "IhuBNBlFAJgxjYr2xMUmDrVDx1/ZfBc0ddyo87MccLZOdmqLhef8bJQ+3q6DA+Z1\n"
+            + "bGk1wHl9KgFNtOjlKws5nKzCzyugy+MhLo+4wPxi0UhUA7QA7fk7lWBwJ9fZRTT/\n"
+            + "cKfP4lUucXdQBS2ZhvpEZggjjBDhTHtZLwdfEUlf1GZ+GwD8IB9whlwqT2cS9WUR\n"
+            + "XI9b14TJM2zfAgMBAAGjggJZMIICVTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n"
+            + "BQUHAwIwHwYDVR0jBBgwFoAUUBkylJrEtQRNVtDAgyHVNVWwsXowQwYIKwYBBQUH\n"
+            + "AQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vc3NsLWMzLWNhMS0yMDA5Lm9jc3Au\n"
+            + "ZC10cnVzdC5uZXQwZgYDVR0gBF8wXTBbBgsrBgEEAaU0AoFIATBMMEoGCCsGAQUF\n"
+            + "BwIBFj5odHRwOi8vd3d3LmQtdHJ1c3QubmV0L2ludGVybmV0L2ZpbGVzL0QtVFJV\n"
+            + "U1RfUm9vdF9QS0lfQ1BTLnBkZjCB0QYDVR0fBIHJMIHGMIHDoIHAoIG9hnlsZGFw\n"
+            + "Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBTU0wlMjBDbGFz\n"
+            + "cyUyMDMlMjBDQSUyMDElMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0\n"
+            + "aWZpY2F0ZXJldm9jYXRpb25saXN0hkBodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2Ny\n"
+            + "bC9kLXRydXN0X3NzbF9jbGFzc18zX2NhXzFfMjAwOS5kZXIuY3JsMDMGA1UdEgQs\n"
+            + "MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwHQYD\n"
+            + "VR0OBBYEFC4+5qwI2S+t/TaZ/kMADTR7FjdOMA4GA1UdDwEB/wQEAwIEsDAuBgNV\n"
+            + "HREEJzAlgiNjZXJ0ZGVtby1vdi1yZXZva2VkLnNzbC5kLXRydXN0Lm5ldDANBgkq\n"
+            + "hkiG9w0BAQsFAAOCAQEAO3sbXee7GbEyXSRZOgwk2LloPNIFriFGP8WAWnsaf056\n"
+            + "jxHRnjjPQRyqhBmGQAGwrEp3a3uF+6gbM2XuoKPjNFqjqnQNR2+lVRs8pVTTjJ+r\n"
+            + "SekcOUbCx6nIe98OBheAljAxfeal3e8bBrP3VA+QvOscaLJiC1ZsGfqvrGYJDt6b\n"
+            + "UFMKbNuwDcfpKkrB0AyW0NvYALwgTPr+SgbxB0Xrp0W+dg6XfHmpuRSSPUkZqzEY\n"
+            + "uPTmIgs7qCtVEIpV91gDFBDNfr4QbFVCNvDmMIZNMnXUEmTW81N1KUVTNdz8k5TY\n"
+            + "HO/7TeeAi2u0m3ERrLXE9SKtNwUMJujEOQ/UmQkIQw==\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled)
+            throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        if (ocspEnabled) {
+            // Test certificates are expired in 2015
+            // and backdated revocation check is only possible with OCSP
+            pathValidator.setValidationDate("Jan 01, 2015");
+        }
+
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Thu Jun 26 09:28:39 PDT 2014", System.out);
+
+        // reset validation date back to current date
+        pathValidator.resetValidationDate();
+    }
+}
+
+class RootClass3CA2EV {
+
+    // Owner: CN=D-TRUST SSL Class 3 CA 1 EV 2009, O=D-Trust GmbH, C=DE
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFRTCCBC2gAwIBAgIDCZBkMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF\n"
+            + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD\n"
+            + "bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMTIxMjUyNDNaFw0yOTExMDUwODUw\n"
+            + "NDZaME8xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKTAnBgNV\n"
+            + "BAMMIEQtVFJVU1QgU1NMIENsYXNzIDMgQ0EgMSBFViAyMDA5MIIBIjANBgkqhkiG\n"
+            + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygp+ZziakFyPq80fk1QIT9UCcPy0R3UIyq56\n"
+            + "hXA6lhgfs1l9R9wRM9/DIVX2olb0gHCXdpnHRm+jwzeL3dHJO8Im5Om/c24ZfSVE\n"
+            + "zBcgKxS5X7X5e7oCYb9tozd9xs04WqYd5kWrvCJsSQf5gtv5gAeJt+QiU7dtXs3A\n"
+            + "YDflWv4g9eEaDExxM0VQmceEAo5qc7I7dk5ry356G14zQmr29cxie6YS0kH+7qn5\n"
+            + "g+c21M01sENle0tBPxIfkv+nV95Ih3JkpHSPm/wgFKfCtwRtG+5VehUoMEpgfi0X\n"
+            + "fmVkag558aQpaaeQCtYZnXuq6g1D1LAcjIqMpOP4wNRp1ldLzQIDAQABo4ICJzCC\n"
+            + "AiMwHwYDVR0jBBgwFoAU05SKTGITKhkuzK9yin0215oc3GcwRwYIKwYBBQUHAQEE\n"
+            + "OzA5MDcGCCsGAQUFBzABhitodHRwOi8vcm9vdC1jMy1jYTItZXYtMjAwOS5vY3Nw\n"
+            + "LmQtdHJ1c3QubmV0MF8GA1UdIARYMFYwVAYEVR0gADBMMEoGCCsGAQUFBwIBFj5o\n"
+            + "dHRwOi8vd3d3LmQtdHJ1c3QubmV0L2ludGVybmV0L2ZpbGVzL0QtVFJVU1RfUm9v\n"
+            + "dF9QS0lfQ1BTLnBkZjAzBgNVHREELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZodHRw\n"
+            + "Oi8vd3d3LmQtdHJ1c3QubmV0MIHdBgNVHR8EgdUwgdIwgYeggYSggYGGf2xkYXA6\n"
+            + "Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3QlMjBDbGFz\n"
+            + "cyUyMDMlMjBDQSUyMDIlMjBFViUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURF\n"
+            + "P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwRqBEoEKGQGh0dHA6Ly93d3cuZC10\n"
+            + "cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfZXZfMjAwOS5j\n"
+            + "cmwwHQYDVR0OBBYEFKztpZ16orZD8RiKJWpsscyo8lrUMA4GA1UdDwEB/wQEAwIB\n"
+            + "BjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQA6I3sGyvb4\n"
+            + "MdTyEZFBBWBN/5Kx1SVkkPsll8DvgosJiuuK4I7mD6FFKDjKgogr407EoDSS2t1+\n"
+            + "pSmQCb0rNXoJT3YIlpZGqPYU2rcwrelabJQZWAfoRnbkDx2aqofhp5u45dyQpM2t\n"
+            + "R93/oA36iuHYc9Ewq8CaLGolrpT138RD7i4nN7sZFuFH0IseNz0+EZm88NHi9WeJ\n"
+            + "UyshWFKBKARi+589Y4P/G2XnbckxFKUxa7uEroZcMwvKBy469K0Au0zVTxs1zNtf\n"
+            + "Ol3QkNgPwzOPeHhOnpzcenyPgNEm+HQ0FPTnB4HeKBqTeLpkM7h4gq5MZ2TPmfuX\n"
+            + "KDz3AHrWLLdH\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=certdemo-ev-revoked.ssl.d-trust.net, O=D-Trust GmbH, OU=IT,
+    // STREET=Berlin, OID.2.5.4.17=10969, L=Berlin, ST=Berlin, C=DE,
+    // SERIALNUMBER=HRB74346, OID.2.5.4.15=Private Organization,
+    // OID.1.3.6.1.4.1.311.60.2.1.1=Berlin, OID.1.3.6.1.4.1.311.60.2.1.2=Berlin,
+    // OID.1.3.6.1.4.1.311.60.2.1.3=DE, DNQ=4028175542
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGZDCCBUygAwIBAgIDExFtMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNVBAYTAkRF\n"
+            + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKTAnBgNVBAMMIEQtVFJVU1QgU1NMIENs\n"
+            + "YXNzIDMgQ0EgMSBFViAyMDA5MB4XDTE0MDYyNjE2NDMyOFoXDTE1MDYyOTE2NDMy\n"
+            + "OFowggEwMRMwEQYDVQQuEwo0MDI4MTc1NTQyMRMwEQYLKwYBBAGCNzwCAQMMAkRF\n"
+            + "MRcwFQYLKwYBBAGCNzwCAQIMBkJlcmxpbjEXMBUGCysGAQQBgjc8AgEBDAZCZXJs\n"
+            + "aW4xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMREwDwYDVQQFEwhIUkI3\n"
+            + "NDM0NjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy\n"
+            + "bGluMQ4wDAYDVQQRDAUxMDk2OTEPMA0GA1UECRMGQmVybGluMQswCQYDVQQLEwJJ\n"
+            + "VDEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSwwKgYDVQQDEyNjZXJ0ZGVtby1ldi1y\n"
+            + "ZXZva2VkLnNzbC5kLXRydXN0Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\n"
+            + "AQoCggEBAMjX4zZxaSl+7eLXXVyO1HzQTymgsI4WlMpVMczyA21kXnx4iBZ9JeHW\n"
+            + "W3Jv4SxxqtHut98eCq30r7yniCy7zGX35iuSy2zMf0u0tRraP5b2c590UMRgKOSU\n"
+            + "DvahC+SlyJWGimt2Dtej2T1kcQvhUmonUkIimQOpM0MOIFxB5d494TzkQAYOV6yb\n"
+            + "AHoIsMWMeMm24Rr6o8QnJqhb9A13keYRK8t0u7F5+fvONlFT2YnjbCoRlxa48i1b\n"
+            + "PZwtE/NZ4bpZmv765tyfl9R5FatANnuja04Dd9StbTbjDezYzilF4qpSWtSKwmEl\n"
+            + "J6fRxJ1kNAEThyzNZMnFjh8htZ7PL18CAwEAAaOCAmQwggJgMB0GA1UdJQQWMBQG\n"
+            + "CCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSs7aWdeqK2Q/EYiiVqbLHM\n"
+            + "qPJa1DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9zc2wtYzMt\n"
+            + "Y2ExLWV2LTIwMDkub2NzcC5kLXRydXN0Lm5ldDBmBgNVHSAEXzBdMFsGCysGAQQB\n"
+            + "pTQCgUoBMEwwSgYIKwYBBQUHAgEWPmh0dHA6Ly93d3cuZC10cnVzdC5uZXQvaW50\n"
+            + "ZXJuZXQvZmlsZXMvRC1UUlVTVF9Sb290X1BLSV9DUFMucGRmMIHZBgNVHR8EgdEw\n"
+            + "gc4wgcuggciggcWGfmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1U\n"
+            + "UlVTVCUyMFNTTCUyMENsYXNzJTIwMyUyMENBJTIwMSUyMEVWJTIwMjAwOSxPPUQt\n"
+            + "VHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdIZDaHR0\n"
+            + "cDovL2NybC5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9zc2xfY2xhc3NfM19jYV8x\n"
+            + "X2V2XzIwMDkuZGVyLmNybDAzBgNVHRIELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZo\n"
+            + "dHRwOi8vd3d3LmQtdHJ1c3QubmV0MB0GA1UdDgQWBBTFei056yoNM1HWYbBCixQw\n"
+            + "wXnf0TAOBgNVHQ8BAf8EBAMCBLAwLgYDVR0RBCcwJYIjY2VydGRlbW8tZXYtcmV2\n"
+            + "b2tlZC5zc2wuZC10cnVzdC5uZXQwDQYJKoZIhvcNAQELBQADggEBALv0OA+x401T\n"
+            + "CvGQL1Ah7rclRgtxT3UjmphiLs9EE1YbweIUrN3R4tZuryyv9xslAoLCfMrHUe+f\n"
+            + "jv1hsKqw+gGlrA8d5VnAqKfUR+KCiZivdlQ2sl4PDTZWpUQYlBnjQrD8h6UrcgTA\n"
+            + "g1zUpDnioAKAQSWWxHVpcOX0IXCl3RgRz0GqUIZQ0Q8ZwYbIDEI+JzDEJgKkTzet\n"
+            + "uzin8P54PjuJO801gENp43z++xHVuBcEWkU0TMDbmdL9vPZqnxsaoL5e/llGzor5\n"
+            + "6JbU6Fc0MkuziaLPUsIxVVx3ZhZ6UFdv34swKyq6ycvKW2fgccwsQCFMrVjIo6HR\n"
+            + "qiZC9Z+23vM=\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled)
+            throws Exception {
+        // Validate valid
+        // Valid cert received as test artifact was revoked so remove test
+
+        // Validate Revoked
+        if (ocspEnabled) {
+            // Revoked certificates are expired in 2015
+            // and backdated revocation check is only possible with OCSP
+            pathValidator.setValidationDate("Jan 01, 2015");
+        }
+
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Thu Jun 26 09:45:14 PDT 2014", System.out);
+
+        // reset validation date back to current date
+        pathValidator.resetValidationDate();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,181 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8189131
+ * @summary Interoperability tests with Let's Encrypt CA
+ * @build ValidatePathWithParams
+ * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA OCSP
+ * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA CRL
+ */
+
+ /*
+ * "Lets Encrypt Authority X1" intermediate CA is retired.
+ * Test certs should be chained through "Lets Encrypt Authority X3" CA.
+ *
+ * Obtain TLS test artifacts for Let's Encrypt CA from:
+ *
+ * Valid TLS Certificates:
+ * https://valid-isrgrootx1.letsencrypt.org/
+ *
+ * Revoked TLS Certificates:
+ * https://revoked-isrgrootx1.letsencrypt.org/
+ *
+ * Test artifacts don't have CRLs listed.
+ */
+public class LetsEncryptCA {
+
+    // Owner: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
+    // Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw\n"
+            + "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n"
+            + "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1\n"
+            + "WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n"
+            + "RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi\n"
+            + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX\n"
+            + "NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf\n"
+            + "89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl\n"
+            + "Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc\n"
+            + "Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz\n"
+            + "uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB\n"
+            + "AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU\n"
+            + "BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB\n"
+            + "FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo\n"
+            + "SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js\n"
+            + "LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF\n"
+            + "BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG\n"
+            + "AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD\n"
+            + "VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB\n"
+            + "ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx\n"
+            + "A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM\n"
+            + "UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2\n"
+            + "DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1\n"
+            + "eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu\n"
+            + "OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw\n"
+            + "p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY\n"
+            + "2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0\n"
+            + "ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR\n"
+            + "PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b\n"
+            + "rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=valid-isrgrootx1.letsencrypt.org
+    // Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
+    // Serial number: 36916d6db9151ad4428d458a32eae518671
+    // Valid from: Wed Nov 08 07:00:24 PST 2017 until: Tue Feb 06 07:00:24 PST 2018
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFIzCCBAugAwIBAgISA2kW1tuRUa1EKNRYoy6uUYZxMA0GCSqGSIb3DQEBCwUA\n"
+            + "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\n"
+            + "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMDgxNTAwMjRaFw0x\n"
+            + "ODAyMDYxNTAwMjRaMCsxKTAnBgNVBAMTIHZhbGlkLWlzcmdyb290eDEubGV0c2Vu\n"
+            + "Y3J5cHQub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyugIOCxl\n"
+            + "4p0Rrs4aggnzKGYezhMyyvqlBgVBkf3DJV5uHbz/B/CxcoFo2rZzIetJEsb7Qnt1\n"
+            + "U8L2O5BKnBeOsI5eFv6WUAQs96VayQ09+xCV3jSNjVpbmKKp1TNWboF/V+EDFq6f\n"
+            + "fxK9h+b88RhBn4gfe+BorPnVTmZZQHgcZCjMGyzlXt68r45dXmZOuh0855Y7z6Et\n"
+            + "wCHTT8k/7VC0DTIs0+veKv+yblUqwGD0htdOh7POkQGfBeJ432FsCCcLCDjg2Jj2\n"
+            + "oYQNpLao55ZnVJGXfP8dJpHqJvuEQVuNT1TbHTs4x7IMftqGcPuhXKhA5FCVf0Hb\n"
+            + "osbVmZ/b2b/WswIDAQABo4ICIDCCAhwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW\n"
+            + "MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQZ\n"
+            + "Mod3QzNPUL56tDMtELpCiwkQOTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv\n"
+            + "86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmlu\n"
+            + "dC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu\n"
+            + "dC14My5sZXRzZW5jcnlwdC5vcmcvMCsGA1UdEQQkMCKCIHZhbGlkLWlzcmdyb290\n"
+            + "eDEubGV0c2VuY3J5cHQub3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsr\n"
+            + "BgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlw\n"
+            + "dC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25s\n"
+            + "eSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4g\n"
+            + "YWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQg\n"
+            + "aHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQEL\n"
+            + "BQADggEBAFBiwKeCZfIh8a7x0Y5QEqGwejil/BY6MOVuIU9FRIJKmhJGdh6lI6ln\n"
+            + "zlBbMZBAjZ+TqDxU0pvM1AsRDyCqt8GbCAC2xQsGyATLdCjedLQ7U7ORm7pBZdbe\n"
+            + "cT7h9Sblj53o5MKa1yFeS89WGjI4UueUemGxp7EQjat0NeAvbnpU+YmuevNYKX2M\n"
+            + "kK33reMC+rgD+wKet1CXcB/ZYl3fDzVH3SwkT/bKW5bsuwxBuD2noScnKCitRgiv\n"
+            + "Ew7YjwqNOm2naki/xr2sfJirR+lJtZ9KC3H8xWeEHrD8Cf7pnmMYqV59uR+hJwMP\n"
+            + "YsjjDbDFCmNN9FBqDwvXs7g86ttkdC8=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=revoked-isrgrootx1.letsencrypt.org
+    // Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
+    // Serial number: 3ddd39c0755648d6687a5d8ded37775657e
+    // Valid from: Wed Nov 08 07:00:32 PST 2017 until: Tue Feb 06 07:00:32 PST 2018
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIFJzCCBA+gAwIBAgISA93TnAdVZI1mh6XY3tN3dWV+MA0GCSqGSIb3DQEBCwUA\n"
+            + "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\n"
+            + "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMDgxNTAwMzJaFw0x\n"
+            + "ODAyMDYxNTAwMzJaMC0xKzApBgNVBAMTInJldm9rZWQtaXNyZ3Jvb3R4MS5sZXRz\n"
+            + "ZW5jcnlwdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5qlZ0\n"
+            + "jslNLn/1uICdZPwflcvsoA2S2Nk+O7cPNew+KQmSIf+LK9AbaWHCkABKx1GdMtfN\n"
+            + "4Q/nKBtzqZ5jX1V1XbPqPd1eeyJo0rNaDFk/gEUHw/zIYi1AtsxVHztMqOXRcsw+\n"
+            + "6QHRKU2XFVsfSctMv+MKnMTEJZARyhr5ur9bQ4/LmxPMhrlHAst97hiSsXKXeyMK\n"
+            + "DWPHmUDn1vz/1mwLMaeYYmuhuRP5HNwYq+LdYvjMV580i6LHY72TwQCfVgOHfqI0\n"
+            + "larISk2p4q6DmTEEiAzJB3yEYaxDn0kEXbKhL9efDC+eirVFa0ta2OnH87s9L8z9\n"
+            + "fm9JIiSFM9ATQ16/AgMBAAGjggIiMIICHjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l\n"
+            + "BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE\n"
+            + "FP64lxiV8KwkkzoNaM7iuwX8UBG/MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF\n"
+            + "Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au\n"
+            + "aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu\n"
+            + "aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYDVR0RBCYwJIIicmV2b2tlZC1pc3Jn\n"
+            + "cm9vdHgxLmxldHNlbmNyeXB0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB\n"
+            + "5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu\n"
+            + "Y3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5\n"
+            + "IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5\n"
+            + "IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k\n"
+            + "IGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3\n"
+            + "DQEBCwUAA4IBAQCBiokogdgIZxwuPSr43S4GZ9FwrpZNMHADMEZB8ykuotJBGyr1\n"
+            + "QLWDVeoAJ8OIi1AzjcdwKFQks/MKUJwxJ9hYmm9aM14d5lMKGTyoLSI/Z/Vrpx8w\n"
+            + "0GpktSK0WfPeLBHuSpMdrIMWyziSu/bdZtiOIIvMasFwyRhDgII++CIdsnboWXF+\n"
+            + "DZcwy0Yd6XzirXuwENwaWrkrbZPr/JB0xLFmydqXAnA1VFTudwL87q4CTlEo8EiD\n"
+            + "ucKZ/vAhD+ip3/kQFXg90om+9TdHo8D8GxTC1CLZteJt+nqWFRj0e/7eCXIZuUBE\n"
+            + "aSsFCd5RNTHs6tioN9vYJqLojObgF75MgIAC\n"
+            + "-----END CERTIFICATE-----";
+
+    public static void main(String[] args) throws Exception {
+
+        ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
+
+        if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
+            pathValidator.enableCRLCheck();
+
+            // Validate int, EE certs don't have CRLs
+            pathValidator.validate(new String[]{INT},
+                    ValidatePathWithParams.Status.GOOD, null, System.out);
+
+            return;
+        } else {
+            // OCSP check by default
+            pathValidator.enableOCSPCheck();
+        }
+
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Wed Nov 08 08:00:35 PST 2017", System.out);
+
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,473 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 8189131
+ * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 CAs
+ * @build ValidatePathWithParams
+ * @run main/othervm -Djava.security.debug=certpath QuoVadisCA OCSP
+ * @run main/othervm -Djava.security.debug=certpath QuoVadisCA CRL
+ */
+
+ /*
+ * Obtain TLS test artifacts for QuoVadis CAs from:
+ *
+ * Valid TLS Certificates:
+ * CA1: https://qvica1g3-v.quovadisglobal.com
+ * CA2: https://qvsslicag3-v.quovadisglobal.com
+ * CA2 EV: https://evsslicag3-v.quovadisglobal.com
+ * CA3: https://qvica3g3-v.quovadisglobal.com
+ *
+ * Revoked TLS Certificates:
+ * CA1: https://qvica1g3-r.quovadisglobal.com
+ * CA2: https://qvsslicag3-r.quovadisglobal.com
+ * CA2 EV: https://evsslicag3-r.quovadisglobal.com
+ * CA3: https://qvica3g3-r.quovadisglobal.com
+ */
+public class QuoVadisCA {
+
+    public static void main(String[] args) throws Exception {
+
+        ValidatePathWithParams pathValidator = new ValidatePathWithParams(null);
+
+        boolean ocspEnabled = true;
+
+        if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
+            pathValidator.enableCRLCheck();
+            ocspEnabled = false;
+        } else {
+            // OCSP check by default
+            pathValidator.enableOCSPCheck();
+        }
+
+        new RootCA1().runTest(pathValidator, ocspEnabled);
+        new RootCA2().runTest(pathValidator, ocspEnabled);
+        new RootCA3().runTest(pathValidator, ocspEnabled);
+    }
+}
+
+class RootCA1 {
+
+    // Owner: CN=QuoVadis Issuing CA 1 G3, O=QuoVadis Limited, C=BM
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGFTCCA/2gAwIBAgIUPybG62jqpxKYOV5MlXAGPJYDy9MwDQYJKoZIhvcNAQEL\n"
+            + "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n"
+            + "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjExMDYxNjA5NTJaFw0y\n"
+            + "MjExMDYxNjA5NTJaMEsxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\n"
+            + "aW1pdGVkMSEwHwYDVQQDExhRdW9WYWRpcyBJc3N1aW5nIENBIDEgRzMwggIiMA0G\n"
+            + "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2Ud42yCfjYm4WlQ+nhTpZ9aPp0r8a\n"
+            + "yz+kKpPxc8ZWvEi7HDPhr7f5nWnEruHE0HbH8WyFGE+sICF788VpZLbFhL4wbIWV\n"
+            + "tHIrYan7+yL2yoNbHUBgeWxa48P96WxrW34K/OyQkJoSvY4iNk4BGI0wOYD9wsl9\n"
+            + "6wIaQFNu25Wsv0CcDSsyNjw8O8Ib6dmS6iib+KnZlKJnYqSTrzbnzf/2CU+Wb9V0\n"
+            + "yExk7shcfDpqxo9yyyEBPP1GUEb5SSr9qXYP2d4UsrRIgzKpD5feqdjk6ZGA4xeM\n"
+            + "JHo6GLjddNvVvopaKaLrDzlOXgqgbMIPQu+xkzpKW3IJOylxN55oVuH25MwbS9IL\n"
+            + "kDMv//kdiTUl1wXERZiUmcBdpWt9D9liyVxe5+HeI5VlhDuHsxDoPFmoOGTa6brX\n"
+            + "PXlNc0xji+grBQjIRNs43T5+GyYzCyjzG3dSb0BTYGLnfUAEQ1+MCC3K33DKL/me\n"
+            + "iUrWNclh85BQQigJr5HNLym3+J6Jf0OCnq4VmD1OFrhZrui02Xmz/hOECK2Mciga\n"
+            + "DxRgXBKjLebV0RW3j6libuPiKbxSinfqNqf2Q9eCfKrzgWQkuCHZvkt0Cqgzjbm1\n"
+            + "n5xu9zXR8YG5/680Nyb3tywUb6FhA8l1L/KLoK79RGjKgPotCog6Ykvy/667jlyo\n"
+            + "ZII0YUf6S3uyeQIDAQABo4HzMIHwMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0g\n"
+            + "BAowCDAGBgRVHSAAMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDov\n"
+            + "L29jc3AucXVvdmFkaXNnbG9iYWwuY29tMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSME\n"
+            + "GDAWgBSjl9bzXqIQ4atFnzwXZDzuAXCczDA7BgNVHR8ENDAyMDCgLqAshipodHRw\n"
+            + "Oi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdnJjYTFnMy5jcmwwHQYDVR0OBBYE\n"
+            + "FF0EGBL7w+p4fbRXCaH+bf6Cn2TNMA0GCSqGSIb3DQEBCwUAA4ICAQAF6qNCo3LP\n"
+            + "Qk8jthU1aiuo5WW9jQC+PqWeyVe4JjHK+5PRM+BtoErOItfZyPqoIBMedC/Ya9L1\n"
+            + "Sv0gncvifjtTD3jIBz0FVCbIMJLRp63b4qtmAGuB00XTXgCFcYoiIq5kyNedJnLe\n"
+            + "IxMqb0xx8IAqvP9kfEVNdGfvYraSswiGXADftZ3yM24zIc3Ysewi3JeTbzDhEGfb\n"
+            + "yv9eBplkfKfcoKyOds4sLcxj1QpUxcXgjX1mKTbfOSD5ac/Cjrz6Kqnl2+PNrc5N\n"
+            + "kXBVKhcCAjpqX5OyI86IUg9XY8i7Lz+tXzAQhllh+rPyTyAmieGf2iV9wrl//OZB\n"
+            + "l2nXwbgfA7QwQ2VdsmGJfW3a7Zc13GCNx0M2RUGJKLMJOavY72d41wAYPQ46AXls\n"
+            + "Ic7RJi6EWmwLi6lvw4kKFfWZ0c6vIJur1hLUUmLOt0UBZ226eIREVpmFbDGOLzfl\n"
+            + "gU0xKhqmU0aIOORzBGDfOrnctvaXORNNhCZ78zS96Egzu2w2OC47Zry7k+EOatzA\n"
+            + "5zrdJJM3UP7aMSNPvEygbcFUw2I04vpxUuPYTwCtogqNMHqFbCjLM9YxhzsGMdh/\n"
+            + "9aD1krboaSXUjrS9cOr5P2A9kFHCMsXBaDoaijQXNeyhu+oCeYsdv4S3djFwDW3+\n"
+            + "iPLo51aqZGsTZ1S22vYdkp+QFByLtArVMQ==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=qvica1g3-v.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton,
+    // ST=Pembroke, C=BM
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIF9DCCA9ygAwIBAgIUGug3BoLw4/auIdDQ0mHS6QnPHB8wDQYJKoZIhvcNAQEL\n"
+            + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n"
+            + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMSBHMzAeFw0xNDExMTQxNDA1MDda\n"
+            + "Fw0xNzExMTQxNDA0NTFaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n"
+            + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n"
+            + "JjAkBgNVBAMTHXF2aWNhMWczLXYucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n"
+            + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHoNPHE0C/tEwI5jeYvKJdo5SXSccB/c\n"
+            + "nCHJVs/4i9F8oRmPqNiFMD99UVylk4nn8iqi8MoxrFAhqtmplPslgRDLwyLMmnGO\n"
+            + "1cNoPKGMKxQq9EerBgSk4wqeSsSH+7qnZhCamIlvEm0PUaEH8rcjXokTs0fyjadF\n"
+            + "UmVwcmSZdmnNjseOMgm+G6C8tEPHRQl/Oezy6DzS9PQVLUFCBSyOaAgDnr4EvwGE\n"
+            + "u2fd3m+ys80XXGq4eLy1MmuC7U+bIQuupuydk/S7kVh7Rl+5nT1eTv0LEOj5gYFc\n"
+            + "C5SBnhiLibuRTOr+LsC9HpvN4vnoCaOogWxDQj/f1KRn45PNJncsbwIDAQABo4IB\n"
+            + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n"
+            + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n"
+            + "YWRpc2dsb2JhbC5jb20vcXZpY2ExZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhMWcz\n"
+            + "LXYucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n"
+            + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n"
+            + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n"
+            + "BgEFBQcDAjAfBgNVHSMEGDAWgBRdBBgS+8PqeH20Vwmh/m3+gp9kzTA7BgNVHR8E\n"
+            + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTFn\n"
+            + "My5jcmwwHQYDVR0OBBYEFJO98+S7NZMTz2JRogpUwLuxjTa0MA0GCSqGSIb3DQEB\n"
+            + "CwUAA4ICAQCq1O/BnzpQjbTbmEob/bWH/p92ZYRV0Lr01CdYkRXl4XKL2ZLusel6\n"
+            + "126AIvAK51o65wiGVaLGs49AKXOjcaAnTfwoFembqFRlBiGFSOdglTIsZUGdmhtP\n"
+            + "x1meetkOY8bY79viGkVCufAVq0hAF+AYh4nYM+/n7IijIcM5uhzIDb2Vw8+wKPTB\n"
+            + "7k2K/e1GGwbqrIAkjrZ6kpRg632RkbR18anaDVOgXuKzmZMRbIAii/N+lo7u3DhC\n"
+            + "5mJEIjP4cQXd569AfKQzvBO+syGDAJyX5PbTrd59IXZ+EjiisIq/DNQi6QalWMfS\n"
+            + "BnK97nUzH/BjAofMaUufbB8dxg+RT0QC/Yl1lmlA3CYmr6YWn06DiAuWL14ZFFwh\n"
+            + "2HQ7juU9oQ1I/HTfhVBoTzuKGCW1ZNXA64IdKlBsYp8NO9xKjBWIxwU/+S/IgoQP\n"
+            + "aTNkY4Mc353bdLi9082JwaiQ9B5eH0V9pZ17OSRU44o2TeDDT85sjF+krqCnnolR\n"
+            + "3lk7iqYDRHsvgqJqtkhhX/boF3wJAnKqaZ6j97PVqV75kwAak7XaH7C50RsPQGk2\n"
+            + "j5OFa6ioobW7tN5PfWAZPMZn98yX2Wh8Z95aGhdsHSJHsrlcUiWa+X2D1kF/dOKd\n"
+            + "R8rPqdPIPjUglrXS4yP+cJHx6fCJxW7me1R60lpuL6JNvHp54u7GGA==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=qvica1g3-r.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton,
+    // ST=Pembroke, C=BM
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIF9DCCA9ygAwIBAgIUBAG4l0ZPYhEdLJSMWYCr7LHngvswDQYJKoZIhvcNAQEL\n"
+            + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n"
+            + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMSBHMzAeFw0xMjExMTQxMzQ4MDda\n"
+            + "Fw0xNDExMTQxMzQ4MDdaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n"
+            + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n"
+            + "JjAkBgNVBAMTHXF2aWNhMWczLXIucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n"
+            + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlof1qJLTiqI7bf0IU7zOxy0HqjIn0pW\n"
+            + "lNIEVAjQRR1jnfpsMapicIGZfnnNaYpwdsIjGPwpvWXGA+30ezJNGfWMjhb/tiis\n"
+            + "qjrHdwXAob5MyXOXP5ZS8K34GwKeL45oJZZG0cf2FSta9/CSsRC9wnDUp/kA+VkH\n"
+            + "n5vlg7VpUExYO0CBXe4C4ehnvCZHjW5nqpVpm993f9i8E0W3vHPxjGuyuqVEEfma\n"
+            + "WfOV78+HF4hxALnr+73mp0i6Do2oa/v85mZzyKeBm2YHhwdQ6CC7UZtABlHyWuz9\n"
+            + "h/ocTGbX92rbUaW6icu9bKQkQ9jsomnQkU5b8CWseo2O0NXBevvCowIDAQABo4IB\n"
+            + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n"
+            + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n"
+            + "YWRpc2dsb2JhbC5jb20vcXZpY2ExZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhMWcz\n"
+            + "LXIucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n"
+            + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n"
+            + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n"
+            + "BgEFBQcDAjAfBgNVHSMEGDAWgBRdBBgS+8PqeH20Vwmh/m3+gp9kzTA7BgNVHR8E\n"
+            + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTFn\n"
+            + "My5jcmwwHQYDVR0OBBYEFNrefqnat67/DMlw0Z/xdQ478leyMA0GCSqGSIb3DQEB\n"
+            + "CwUAA4ICAQBG1TxJNbWzG4ShZefK4wEdScBzxSB7StYO3mmIP2D3LTlEk+zWjDVP\n"
+            + "ERPL41Si92asMHvMai7GcFT82XyHxsQGZIPcgIm+rC2NiSPDx2Vd6lkMaO8J9mrU\n"
+            + "3Z4Ks3G5HmszQ/gXRT3DCoNng+k+JqdZjrvMcsGTH+AzRdoinwOi+QnpphAcZRhS\n"
+            + "Io8C7w9osUPYFdDaE3Io+oYr2mWJg4n+FGsjxunQgIhLiiNaVF8zHxER7gW0YsCW\n"
+            + "vw1jX0dmfQZSdo2ybVeHuznUxtUWRHJ/nv6v2B2anUsVEbPyrpQ3i9+BzWaYolPU\n"
+            + "ZYxfMHBQ7HvncRP6rgrHF4x+iOnIxWsErYdEj5nQJkptYbVl41VzO6xMP7WvXFPa\n"
+            + "dqxwihqILRmAZrI9p/6k/HqV9xMPKprUhnWDGQ/bYnPKyXoTx6uwamaonX4DpW83\n"
+            + "b3CJTvBHwKh5eJQoBykAkakPdrmbOhe4/XWnDqQVUgJNmEvkg33AexviJo4mW3HG\n"
+            + "K2MdM60GRIC3Lcnd+Q8SnSCCxp+YtuE/C3Fu8VI/8vz9MC159GGtDzyC7OeKPCpU\n"
+            + "7H1X0X/OhBkiv7anK/oIhtSw+4DrM2eaVjdWkEa+di2jvI/2us8TXxO1LL+eeSxT\n"
+            + "E+LbdNO0jSp8azw2Aw4zL+Q41Fzt7OlH7mTkw1mxLF3aWsUNUz/p4w==\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled)
+            throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        if (ocspEnabled) {
+            // Revoked certificates are expired in Nov 2014
+            // and backdated revocation check is only possible with OCSP
+            pathValidator.setValidationDate("Jan 01, 2014");
+        }
+
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Thu Jan 03 23:47:34 PST 2013", System.out);
+
+        // reset validation date back to current date
+        pathValidator.resetValidationDate();
+    }
+}
+
+class RootCA2 {
+
+    // Owner: CN=QuoVadis Global SSL ICA G3, O=QuoVadis Limited, C=BM
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGFzCCA/+gAwIBAgIUftbnnMmtgcTIGT75XUQodw40ExcwDQYJKoZIhvcNAQEL\n"
+            + "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n"
+            + "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjExMDYxNDUwMThaFw0y\n"
+            + "MjExMDYxNDUwMThaME0xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\n"
+            + "aW1pdGVkMSMwIQYDVQQDExpRdW9WYWRpcyBHbG9iYWwgU1NMIElDQSBHMzCCAiIw\n"
+            + "DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANf8Od17be6c6lTGJDhEXpmkTs4y\n"
+            + "Q39Rr5VJyBeWCg06nSS71s6xF3sZvKcV0MbXlXCYM2ZX7cNTbJ81gs7uDsKFp+vK\n"
+            + "EymiKyEiI2SImOtECNnSg+RVR4np/xz/UlC0yFUisH75cZsJ8T1pkGMfiEouR0EM\n"
+            + "7O0uFgoboRfUP582TTWy0F7ynSA6YfGKnKj0OFwZJmGHVkLs1VevWjhj3R1fsPan\n"
+            + "H05P5moePFnpQdj1FofoSxUHZ0c7VB+sUimboHm/uHNY1LOsk77qiSuVC5/yrdg3\n"
+            + "2EEfP/mxJYT4r/5UiD7VahySzeZHzZ2OibQm2AfgfMN3l57lCM3/WPQBhMAPS1jz\n"
+            + "kE+7MjajM2f0aZctimW4Hasrj8AQnfAdHqZehbhtXaAlffNEzCdpNK584oCTVR7N\n"
+            + "UR9iZFx83ruTqpo+GcLP/iSYqhM4g7fy45sNhU+IS+ca03zbxTl3TTlkofXunI5B\n"
+            + "xxE30eGSQpDZ5+iUJcEOAuVKrlYocFbB3KF45hwcbzPWQ1DcO2jFAapOtQzeS+MZ\n"
+            + "yZzT2YseJ8hQHKu8YrXZWwKaNfyl8kFkHUBDICowNEoZvBwRCQp8sgqL6YRZy0uD\n"
+            + "JGxmnC2e0BVKSjcIvmq/CRWH7yiTk9eWm73xrsg9iIyD/kwJEnLyIk8tR5V8p/hc\n"
+            + "1H2AjDrZH12PsZ45AgMBAAGjgfMwgfAwEgYDVR0TAQH/BAgwBgEB/wIBATARBgNV\n"
+            + "HSAECjAIMAYGBFUdIAAwOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRw\n"
+            + "Oi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wDgYDVR0PAQH/BAQDAgEGMB8GA1Ud\n"
+            + "IwQYMBaAFO3nb3Zav2DsSVvGpXe7chZxm8Q9MDsGA1UdHwQ0MDIwMKAuoCyGKmh0\n"
+            + "dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3F2cmNhMmczLmNybDAdBgNVHQ4E\n"
+            + "FgQUsxKJtalLNbwVAPCA6dh4h/ETfHYwDQYJKoZIhvcNAQELBQADggIBAFGm1Fqp\n"
+            + "RMiKr7a6h707M+km36PVXZnX1NZocCn36MrfRvphotbOCDm+GmRkar9ZMGhc8c/A\n"
+            + "Vn7JSCjwF9jNOFIOUyNLq0w4luk+Pt2YFDbgF8IDdx53xIo8Gv05e9xpTvQYaIto\n"
+            + "qeHbQjGXfSGc91olfX6JUwZlxxbhdJH+rxTFAg0jcbqToJoScWTfXSr1QRcNbSTs\n"
+            + "Y4CPG6oULsnhVvrzgldGSK+DxFi2OKcDsOKkV7W4IGg8Do2L/M588AfBnV8ERzpl\n"
+            + "qgMBBQxC2+0N6RdFHbmZt0HQE/NIg1s0xcjGx1XW3YTOfje31rmAXKHOehm4Bu48\n"
+            + "gr8gePq5cdQ2W9tA0Dnytb9wzH2SyPPIXRI7yNxaX9H8wYeDeeiKSSmQtfh1v5cV\n"
+            + "7RXvm8F6hLJkkco/HOW3dAUwZFcKsUH+1eUJKLN18eDGwB8yGawjHvOKqcfg5Lf/\n"
+            + "TvC7hgcx7pDYaCCaqHaekgUwXbB2Enzqr1fdwoU1c01W5YuQAtAx5wk1bf34Yq/J\n"
+            + "ph7wNXGvo88N0/EfP9AdVGmJzy7VuRXeVAOyjKAIeADMlwpjBRhcbs9m3dkqvoMb\n"
+            + "SXKJxv/hFmNgEOvOlaFsXX1dbKg1v+C1AzKAFdiuAIa62JzASiEhigqNSdqdTsOh\n"
+            + "8W8hdONuKKpe9zKedhBFAvuxhDgKmnySglYc\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=qvsslicag3-v.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton,
+    // ST=Pembroke, C=BM
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIF+DCCA+CgAwIBAgIUE3XHqPhbZc2CY3aRtVHRlQwm3tcwDQYJKoZIhvcNAQEL\n"
+            + "BQAwTTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxIzAh\n"
+            + "BgNVBAMTGlF1b1ZhZGlzIEdsb2JhbCBTU0wgSUNBIEczMB4XDTE0MTExNDE0MDUz\n"
+            + "MVoXDTE3MTExNDE0MDUxM1oweDELMAkGA1UEBhMCQk0xETAPBgNVBAgTCFBlbWJy\n"
+            + "b2tlMREwDwYDVQQHEwhIYW1pbHRvbjEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRl\n"
+            + "ZDEoMCYGA1UEAxMfcXZzc2xpY2FnMy12LnF1b3ZhZGlzZ2xvYmFsLmNvbTCCASIw\n"
+            + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK621GAU2/hywjuxi2Q9rCMncWIY\n"
+            + "FbDngS69N6+qe9NUktfs/Rlh+jKUDHyf27G79xYGmDGZ0NTYI7tUyOvRanaq8ngd\n"
+            + "NkZI4DS/Au2vpwuXucrtm3V/XRcsWHAsyevVzfiqfZzu+vU7/2KT/k7sByRzED4x\n"
+            + "B4tMGaodvzIAzhFAmnmVXSUw7zvU07G/6/mfwYy9gwegJwVby/ZPWXefzHbLGDUz\n"
+            + "xtO/6Ow9e5T2hedpo3IgfKptkzy0kA501DNaTMulW1gJwB+1duJ9OxZOAVgGCANX\n"
+            + "IzWvgbONLEdkYGK+K8EAuMaa57WlG0wBZ9Y62iuvgw4XRd90/PS2RAFf/DsCAwEA\n"
+            + "AaOCAaMwggGfMHMGCCsGAQUFBwEBBGcwZTAqBggrBgEFBQcwAYYeaHR0cDovL29j\n"
+            + "c3AucXVvdmFkaXNnbG9iYWwuY29tMDcGCCsGAQUFBzAChitodHRwOi8vdHJ1c3Qu\n"
+            + "cXVvdmFkaXNnbG9iYWwuY29tL3F2c3NsZzMuY3J0MCoGA1UdEQQjMCGCH3F2c3Ns\n"
+            + "aWNhZzMtdi5xdW92YWRpc2dsb2JhbC5jb20wUQYDVR0gBEowSDBGBgwrBgEEAb5Y\n"
+            + "AAJkAQEwNjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5j\n"
+            + "b20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH\n"
+            + "AwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFLMSibWpSzW8FQDwgOnYeIfxE3x2MDoG\n"
+            + "A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3F2\n"
+            + "c3NsZzMuY3JsMB0GA1UdDgQWBBSSYP84MQGz6cU/fyXfebv/8zn93TANBgkqhkiG\n"
+            + "9w0BAQsFAAOCAgEAbqX71QIeoOJ36Aoiwg+oEwdDSRzXkR05kZU2y9qOCArrkgSj\n"
+            + "ycdIRQFjHYNAWJrPP17PErk6+6NDWiwxLXbeHaY7pFIDCsgcCTWpixVlpVPKKxAE\n"
+            + "uaomHo5K2AWWkJYNNPSLF411CmyN4eJjYQVrkCfJwFSUrQml8pFDedNDNuTaDsZo\n"
+            + "klvUDYWM18gFrAbNF4Wi+dvj3qPOpTVyrTk2oBXtVUesNu4JF/O6li10YJ+kdox+\n"
+            + "DUeq4Gk4B8zoWRTKa9Pp/RALI8TeNcfjBKbPtuXyfly1Cm8AXoQA5sus2SMMPQXE\n"
+            + "S1+IsdnnKb60pT1EOX571SIBKV16xpRpbC3mDU6IG/+Sjm0TJxwSGbBO5bX69+bq\n"
+            + "F8Im1QAKqVSYCtoypvieG3iGqHmj4SAaSqdmDDzmOPEtgX63ZmYVs+ey6tN+VThi\n"
+            + "eaLRs+pHeBLMhh7Npt85c+xqRlIFBp0e84EzST0oE7pjuZcFFWstFXD2Pt1JQfXo\n"
+            + "9szkw6EMhYbrgNqsh8lxkg8cZKHnP8KGLefyHajp3EIfC2MX7nUOeNmNoCxdsfBW\n"
+            + "lmzRbv7H7eeAmQYHmxUaRnDMGR6QVX8/NrF1w0hqLkIpDj+29Mvv/Gp2azJrvqrL\n"
+            + "w2bJ2mPD8rzBDmEFY317RWc8VBd8ZUxO/dYPWqsXNwBTdPMRQpYcN55po3g=\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=qvsslicag3-r.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton,
+    // ST=Pembroke, C=BM
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIF+DCCA+CgAwIBAgIUMJWFWsVjz9o3zQoG9bZ/IsdRWDkwDQYJKoZIhvcNAQEL\n"
+            + "BQAwTTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxIzAh\n"
+            + "BgNVBAMTGlF1b1ZhZGlzIEdsb2JhbCBTU0wgSUNBIEczMB4XDTEyMTExNDEzMTI1\n"
+            + "NFoXDTE0MTExNDEzMTI1NFoweDELMAkGA1UEBhMCQk0xETAPBgNVBAgTCFBlbWJy\n"
+            + "b2tlMREwDwYDVQQHEwhIYW1pbHRvbjEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRl\n"
+            + "ZDEoMCYGA1UEAxMfcXZzc2xpY2FnMy1yLnF1b3ZhZGlzZ2xvYmFsLmNvbTCCASIw\n"
+            + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlwpCyabhrQYeRzEn0O7S505Fv4\n"
+            + "ScJlJRHskcyZHBt0vt2tsDJNh2xJKJpnXzW14oGh+xrccEGeUw77qeFgfy+LTIHD\n"
+            + "YDkYVHVhfs4NJD5wdyWL9Fn3A7pMFpapPBPJdsAAwByfzYFjRJsPHMSlGcroyGNm\n"
+            + "+LquU5r965afaRkWQzZy+lY+OHO19Jis8EfUusYj2fQ3SXB8tBwFylDTnbCoM1HZ\n"
+            + "BlbksbtLjFYKtyaNeQuoA7NnB3Q9XEONNK9KZ0S87KIqEKjIWK7ThO6lvhMQy2Zk\n"
+            + "k+UVXVLpop7+Nkz3Fn08pE4OMfLjn1KVnk5l40WGabinfE6hz4vk0XREaKcCAwEA\n"
+            + "AaOCAaMwggGfMHMGCCsGAQUFBwEBBGcwZTAqBggrBgEFBQcwAYYeaHR0cDovL29j\n"
+            + "c3AucXVvdmFkaXNnbG9iYWwuY29tMDcGCCsGAQUFBzAChitodHRwOi8vdHJ1c3Qu\n"
+            + "cXVvdmFkaXNnbG9iYWwuY29tL3F2c3NsZzMuY3J0MCoGA1UdEQQjMCGCH3F2c3Ns\n"
+            + "aWNhZzMtci5xdW92YWRpc2dsb2JhbC5jb20wUQYDVR0gBEowSDBGBgwrBgEEAb5Y\n"
+            + "AAJkAQEwNjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5j\n"
+            + "b20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH\n"
+            + "AwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFLMSibWpSzW8FQDwgOnYeIfxE3x2MDoG\n"
+            + "A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3F2\n"
+            + "c3NsZzMuY3JsMB0GA1UdDgQWBBSS2t3Itp/XsAppEeGyH+Ew8vEQ0zANBgkqhkiG\n"
+            + "9w0BAQsFAAOCAgEAo8MJ2ek95Cs3chn1ecEMdGkUANnCBmgdvQjFt6XVLzYWs37n\n"
+            + "j6Ac/nGj+Tzb30nTVdE2laRuTeLuGfYmd1AdBLHuRhWYG6A6jnlzqhmDRL3fvRYk\n"
+            + "wjeWQn6Kx/lOoWC1xOa2EJYOWDr/rUY2PKo9rSVdGKmU6NFI/+FOFLaUD8tU77Qq\n"
+            + "p9rfOYJwekckA2I2891lTRbnJfQhPD8mQjttd+nS46RwZxxAI5Pr6Jcr+BG3ARP5\n"
+            + "oM/ifTCLXCc4L/0nozUDSweU17TCuFXWGEpIXbOVmE3kpmHaVe1FRQ0PUr2XHCbJ\n"
+            + "H1vumQcJmOaUxiB4EzP+M+HnKg6rwhWlfgQEAnCcKkMF5ei1NAaHCwhRMC7ijJFA\n"
+            + "Wt7s0/PpP2tChU7uXctMk2d36Dpibyn6Rc5a/QJX444ZRFEGrSe4nO/MXt3iEcat\n"
+            + "fgYHOWoBunLIm7x/fd611xvyhifjqKVCPpqodpwFrXOlCQhXehhRvJSPDXWgDJeR\n"
+            + "cDLLIcit4Sn1uyebQcZafaxgYPWpaYHFd7dzkO+kTVqOVAm7LukC5QQ9qFY1z7a5\n"
+            + "IDUAFtEYg/c4XxX+pReOxydnnHeYZBrfRTTxOfMrg6dxsb1QcOeElXHgXRpHyiMh\n"
+            + "XYsZWE2WHT7of4wMfNzCUrVSN0tCGDRW0MI48RM4BYbRnz3YNKafjnszeXI=\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled)
+            throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        if (ocspEnabled) {
+            // Revoked certificates are expired in Nov 2014
+            // and backdated revocation check is only possible with OCSP
+            pathValidator.setValidationDate("Jan 01, 2014");
+        }
+
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Fri Jan 04 03:49:46 PST 2013", System.out);
+
+        // reset validation date back to current date
+        pathValidator.resetValidationDate();
+    }
+}
+
+class RootCA3 {
+
+    // wner: CN=QuoVadis Issuing CA 3 G3, O=QuoVadis Limited, C=BM
+    private static final String INT = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIGFTCCA/2gAwIBAgIUHZxbikClihb+1PM2ck0SDEZ8/dIwDQYJKoZIhvcNAQEL\n"
+            + "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n"
+            + "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjExMDYxODM5MDVaFw0y\n"
+            + "MjExMDYxODM5MDVaMEsxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\n"
+            + "aW1pdGVkMSEwHwYDVQQDExhRdW9WYWRpcyBJc3N1aW5nIENBIDMgRzMwggIiMA0G\n"
+            + "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCs6x3rpBdA1tTXgPYNjL1MKHuoDyb9\n"
+            + "d4mxxk41t5Cvo3BnS0/cBlRIl91oqu3Iv9goVCMStla+GW9iRdX/53jYM1rXePDa\n"
+            + "OnE/MJNLcVjmABZmEUtpzxUYLftwGEg1w/Wgi6z68vqZn7vbHJtFV8inlMIsdBVY\n"
+            + "o3VmU9h+pGZU8JrF8x8U3voX4vm56OBCAM/1osUGXsVL2AY3z2Gjyb1Hv6fqHma7\n"
+            + "PWrWV1hYS/EAnRUPO8iQqJwrbT/j7Mlo3khULV+T02M+oqs1ckIihl38n1eGvYcp\n"
+            + "z40cceA2Ej5aglyF9i+ypA4XnxKF3f+6vvEYRPCMQB8Hiwuyy6naj6lPoLZ+nolT\n"
+            + "t++xSkZ5imAoTXewA9JxyGCdiO9G4sZFIy4jjW7HBmKx6pZy3wWf48eawXPIpjop\n"
+            + "EC+Kayf3foeyq40CAOjysVkblhUBawvVjAqKJ5aoKD4Ghnv02jdVvI4W7ME/fYYb\n"
+            + "gm+XD7KJv4gHks+SIV93eXiUhYHvofJ3AG/1kp1p4tvIKCUtm2LCihmp53n9uLGA\n"
+            + "NvizEnkuQmwlXtqOquKDluwSpHVFPxePMdRICUOnoZBdHv6f3LQCOU7AczRJYh8+\n"
+            + "WYSKQy675/Itucgd+ABfY1H07F4FisCP75j8YknBdv4nfQsb0RcTg2P89dJNwAhL\n"
+            + "rpk452WD4LuvsQIDAQABo4HzMIHwMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0g\n"
+            + "BAowCDAGBgRVHSAAMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDov\n"
+            + "L29jc3AucXVvdmFkaXNnbG9iYWwuY29tMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSME\n"
+            + "GDAWgBTGF9C8qOoCQ/IbBpldK5Agudec5DA7BgNVHR8ENDAyMDCgLqAshipodHRw\n"
+            + "Oi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdnJjYTNnMy5jcmwwHQYDVR0OBBYE\n"
+            + "FBPyQfSNOURHBZ37q8ZaNQwelu9eMA0GCSqGSIb3DQEBCwUAA4ICAQAsbJU89ZB9\n"
+            + "1XVlOLmw8MaoWwOgI3DwM/g30YyIV1SERtDMKDOUnLVGTORTGv7Y8X789nGkMbKq\n"
+            + "OEEa9Hty4jwyTnt2OISpCAb4GwBtH+FxNcLkJwZU2qtpTX8zDndofE/JLGo0rte5\n"
+            + "bKchF2JTg+oby/Wpu2IO0CMd1phou3LLi8sWQGcY/f5vk+MUDnskH6NRXte4m8HW\n"
+            + "FtYb7nOgLzY5FOJDtQuUFFioNoQzUHuj3SpUjIBxXf4VRFXz+FKIQ4jqzD/SnHG6\n"
+            + "/7g/28x66LNpYjvaQ0T45EqxqPDCztfJO67GsNLXeSKq+BteqXcnKI77ZkqmwnWl\n"
+            + "cYt5qek0GBYRYVOM8dUIvDryWHZIEqbeI0DAu06dyPuvIJNQ6WweqxJ+hH++BqGh\n"
+            + "P4bViNNuP/Lqarb1RP7JiJW3wlyIUDD34JLzkusBgU++ptdYg1o0VnEB8KWDG8Of\n"
+            + "cABL+TMoUldUp9DFFgFJIfnPX5XjXyG9mw2wwiUvClo93qFvC8+rhEGeZFd29rKi\n"
+            + "dmmCc8FaCfBV9XdHHx/0ORTQp3HxnRDDiz+MN7p1Y4SXbHE3XXyQAUVTISGpPe3X\n"
+            + "TUhmoARNmBBPALDm3EAvEBikTUMBFGR63wtu0pjA2cF5nvOyY8mBSsNk0R6+ZJSl\n"
+            + "Cok3lH5oBM2H+KBk+sNZIBQ8BHcgbwlghg==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=qvica3g3-v.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton,
+    // ST=Pembroke, C=BM
+    private static final String VALID = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIF9DCCA9ygAwIBAgIUTkK7g7zoijtiLY/YV9ASX+pEsx0wDQYJKoZIhvcNAQEL\n"
+            + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n"
+            + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMyBHMzAeFw0xNDExMTQxNDA1NTJa\n"
+            + "Fw0xNzExMTQxNDA1MzhaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n"
+            + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n"
+            + "JjAkBgNVBAMTHXF2aWNhM2czLXYucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n"
+            + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosZjGbZtvAM45zdlTtT+uL12F5nebQrE\n"
+            + "F9Fb8z1uhRJKgXAfjlfsMIjv7Xc7F80Li39yO0CmWHTMJS41auktW8IGVEkVV2og\n"
+            + "EL7SKLjtgDJ1I3HAX02hfuOW0b/jkfPEcqTeZVE5Xew/HTAuTJMTqCEHM5hFieWL\n"
+            + "tADPm7kANu5q6HaFXndKN/k1ozZXQn9YNTpDvvH6oD0Kqn/Peezi+C+6asTMSCk0\n"
+            + "Xoi2TBHNi9dl2tfb6hu+T5VFwFsC9dGqYt07V8TbvKRAVV0MC8DnXnS89quFVmPS\n"
+            + "I3ZSKeU4dlp8FzmTrd5nk3y9GL8GTkCsSN3RZbeAbLCpzcG5weS3GQIDAQABo4IB\n"
+            + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n"
+            + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n"
+            + "YWRpc2dsb2JhbC5jb20vcXZpY2EzZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhM2cz\n"
+            + "LXYucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n"
+            + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n"
+            + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n"
+            + "BgEFBQcDAjAfBgNVHSMEGDAWgBQT8kH0jTlERwWd+6vGWjUMHpbvXjA7BgNVHR8E\n"
+            + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTNn\n"
+            + "My5jcmwwHQYDVR0OBBYEFINCE86z3wESNeL4rz3eiaYA5LIWMA0GCSqGSIb3DQEB\n"
+            + "CwUAA4ICAQBPe+Y5xDGZLYaVNOxxiyqFZrntGJGGQW1w4GtEfkH9oD8WGs5kBhMM\n"
+            + "/XPGqw2FzzrvA5GfSdh+EMuXUfJY933AxwPcNfwGHzYGAHIDFsW17y5ZdKfBMN4Y\n"
+            + "82e13iSfHQrbI0P6l8IIExfCw4HC8PxuEalg6H9fj9/1Q7mzdpwT3uG/HP6Dr2z+\n"
+            + "PGYFMaH77MsOjfANT8UIdo5SAyXiJI5Y0cyKjuXhR6eJEKwNfri27UaV5cJJuV7I\n"
+            + "fRcjb0h0Grr6gpKFb7JnhDZVGR3fDHTzuybuCqZk9TYKQ2sn1YfBFDqDpWODpykt\n"
+            + "vyFO7eugpvSUgdTKRMPCtyppYgo2RwIsMmLrU4wPzdnPi8oo+cM0f5zXrmrkOLY0\n"
+            + "PZo+K8QT/SrNT+9yZnHupLy01aYGJ4RJ047Wthr7a9S6i6DxbQ+ps4Ajh0X1bvOK\n"
+            + "KCEKq5aoivYQMLn8pjudiMjbnKU4mgpmZK15D6lLmAprW3L6F8AEBJsK1BunPWhJ\n"
+            + "nkQUyBnFgq2epmDfZ4f6SztNoLfDbatYNRb2KJfW1lks7UHDjuZ4PM20KkmmFJEE\n"
+            + "LKR76WJzKi/+aks/csdFD7+/TMXrkY+JWlT4mCoHR1ol0m3DiqApKvRFZkMARfJq\n"
+            + "npjt2cXyzDnguyQuLrHhdkKW+/LYeNckmVX+cPIxShLbuVhqMgdnWg==\n"
+            + "-----END CERTIFICATE-----";
+
+    // Owner: CN=qvica3g3-r.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton,
+    // ST=Pembroke, C=BM
+    private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n"
+            + "MIIF9DCCA9ygAwIBAgIUSTXTLsMPxg4n9YY6GASBcJsgcaEwDQYJKoZIhvcNAQEL\n"
+            + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n"
+            + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMyBHMzAeFw0xMjExMTQxMzQ4MTda\n"
+            + "Fw0xNDExMTQxMzQ4MTdaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n"
+            + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n"
+            + "JjAkBgNVBAMTHXF2aWNhM2czLXIucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n"
+            + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaZUVAvasDtoFhZqL2fH+rI/IKeY0zj7\n"
+            + "hGuYpLlT32JZX8cmkWUywZt6VxA8A5o82Ay0xT9vHy4MPnmmZExEvmkaECBmOh6+\n"
+            + "WzWydYGKeeheUERJ1hLj2T7MKz/CCFY6NxD9XzvYOyhDpCUQKCOx4LMn0nMFrXrS\n"
+            + "6IVirDUmH26dpl3IfsdVXyn6N3wLSNf+UX7in/PXsfD/A6RVtqYsfx4fxFJIPIhv\n"
+            + "XG/cDOVIyfq6Oo1hthzGm8cnOSjvK/UfQV5iVBK68rqoGG+r9uBG9BfZtd7o0wrf\n"
+            + "SSJkJAPJVpWTLvnD8RYpJIBz01vNgEOCEgF54bvjhBOjx15mrH7roQIDAQABo4IB\n"
+            + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n"
+            + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n"
+            + "YWRpc2dsb2JhbC5jb20vcXZpY2EzZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhM2cz\n"
+            + "LXIucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n"
+            + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n"
+            + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n"
+            + "BgEFBQcDAjAfBgNVHSMEGDAWgBQT8kH0jTlERwWd+6vGWjUMHpbvXjA7BgNVHR8E\n"
+            + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTNn\n"
+            + "My5jcmwwHQYDVR0OBBYEFLnaKDrPemoRtOZaUReSV5rWp3OoMA0GCSqGSIb3DQEB\n"
+            + "CwUAA4ICAQA+B+R1TDmE4jC6itHBMPgqRoETJxtTdKyp6/egk5My4MATXRCSrStA\n"
+            + "gp1c86hljmlN2gq05HKlAz9cC4W80pypJGfEbhYIi9B4Jxdo6zJNJqcFz3zj/otx\n"
+            + "hvZ2nOO5qqEupAP8aHju0LhUlkcFQlbqaA+IiuQUh0VFQxk8LwkKEA8oIib7wLie\n"
+            + "P1zBMXeRyDM5CnFWQmIFKXR4+9f51Dfv40Gy2RKQT7I8oXuADhrG9iXFJPXz4yYK\n"
+            + "LazlDjnn0wv4vB9BmlcVdM2HPYqIPdvWBtPxT9vpNYHnB9Dq/zGqKJNUh8I4jB9k\n"
+            + "8iQYJgoj62mQW2o1fObkVwrGgglAyzUzUzJfJyy9OEECjLY5o/9TJAKBAnewJ5B9\n"
+            + "PagYo+klH937s2MOLqzl/uvbjXUBBvql1UU/lb8tSK9xCaXMEDhgiVricr13k32y\n"
+            + "XmUcA/im96CI5cF5i4xHMnqprzPehFB/Mmi6g2tpiE0bmLkYj7MMJcmtUowa3FqA\n"
+            + "QHtqKrK8wOfHep6qPx6VMD6Ypaf6yq66/kkSg05i6VO7V371UTibHeVLTr7LPRQJ\n"
+            + "Emp8k/6qCXOtf5OdXwHBIDqvszf8ry85Rl3q813TntF0pPRvqLEYadC4Bwq7Snf+\n"
+            + "PR0MPNhuwZBCmxZcyZqhVG2PyvvEmhPxhEdbO5DWUFwUP17WHNlgeQ==\n"
+            + "-----END CERTIFICATE-----";
+
+    public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled)
+            throws Exception {
+        // Validate valid
+        pathValidator.validate(new String[]{VALID, INT},
+                ValidatePathWithParams.Status.GOOD, null, System.out);
+
+        // Validate Revoked
+        if (ocspEnabled) {
+            // Revoked certificates are expired in Nov 2014
+            // and backdated revocation check is only possible with OCSP
+            pathValidator.setValidationDate("Jan 01, 2014");
+        }
+
+        pathValidator.validate(new String[]{REVOKED, INT},
+                ValidatePathWithParams.Status.REVOKED,
+                "Thu Jan 03 23:47:02 PST 2013", System.out);
+
+        // reset validation date back to current date
+        pathValidator.resetValidationDate();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java	Fri Dec 08 03:06:19 2017 -0800
@@ -0,0 +1,354 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Security;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateRevokedException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.PKIXRevocationChecker;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.EnumSet;
+import java.util.Locale;
+
+/**
+ * Utility class to validate certificate path. It supports OCSP and/or CRL
+ * validation.
+ */
+public class ValidatePathWithParams {
+
+    private static final String FS = System.getProperty("file.separator");
+    private static final String CACERTS_STORE = System.getProperty("test.jdk")
+            + FS + "lib" + FS + "security" + FS + "cacerts";
+
+    private final String[] trustedRootCerts;
+
+    // use this for expired cert validation
+    private Date validationDate = null;
+
+    // expected certificate status
+    private Status expectedStatus = Status.UNKNOWN;
+    private Date expectedRevDate = null;
+
+    private final CertPathValidator certPathValidator;
+    private final PKIXRevocationChecker certPathChecker;
+    private final CertificateFactory cf;
+
+    /**
+     * Possible status values supported for EE certificate
+     */
+    public static enum Status {
+        UNKNOWN, GOOD, REVOKED, EXPIRED;
+    }
+
+    /**
+     * Constructor
+     *
+     * @param additionalTrustRoots trusted root certificates
+     * @throws IOException
+     * @throws CertificateException
+     * @throws NoSuchAlgorithmException
+     */
+    public ValidatePathWithParams(String[] additionalTrustRoots)
+            throws IOException, CertificateException, NoSuchAlgorithmException {
+
+        cf = CertificateFactory.getInstance("X509");
+        certPathValidator = CertPathValidator.getInstance("PKIX");
+        certPathChecker
+                = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
+
+        if ((additionalTrustRoots == null) || (additionalTrustRoots[0] == null)) {
+            trustedRootCerts = null;
+        } else {
+            trustedRootCerts = additionalTrustRoots.clone();
+        }
+    }
+
+    /**
+     * Validate certificates
+     *
+     * @param certsToValidate Certificates to validate
+     * @param st expected certificate status
+     * @param revDate if revoked, expected revocation date
+     * @param out PrintStream to log messages
+     * @throws IOException
+     * @throws CertificateException
+     * @throws InvalidAlgorithmParameterException
+     * @throws ParseException
+     * @throws NoSuchAlgorithmException
+     * @throws KeyStoreException
+     */
+    public void validate(String[] certsToValidate,
+            Status st,
+            String revDate,
+            PrintStream out)
+            throws IOException, CertificateException,
+            InvalidAlgorithmParameterException, ParseException,
+            NoSuchAlgorithmException, KeyStoreException {
+
+        expectedStatus = st;
+        if (expectedStatus == Status.REVOKED) {
+            if (revDate != null) {
+                expectedRevDate = new SimpleDateFormat("EEE MMM dd HH:mm:ss Z yyyy",
+                        Locale.US).parse(revDate);
+            }
+        }
+
+        Status certStatus = null;
+        Date revocationDate = null;
+
+        logSettings(out);
+
+        try {
+            doCertPathValidate(certsToValidate, out);
+            certStatus = Status.GOOD;
+        } catch (IOException ioe) {
+            // Some machines don't have network setup correctly to be able to
+            // reach outside world, skip such failures
+            out.println("WARNING: Network setup issue, skip this test");
+            ioe.printStackTrace(System.err);
+            return;
+        } catch (CertPathValidatorException cpve) {
+            out.println("Received exception: " + cpve);
+
+            if (cpve.getCause() instanceof IOException) {
+                out.println("WARNING: CertPathValidatorException caused by IO"
+                        + " error, skip this test");
+                return;
+            }
+
+            if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) {
+                out.println("WARNING: CertPathValidatorException caused by"
+                        + " restricted algorithm, skip this test");
+                return;
+            }
+
+            if (cpve.getReason() == CertPathValidatorException.BasicReason.REVOKED
+                    || cpve.getCause() instanceof CertificateRevokedException) {
+                certStatus = Status.REVOKED;
+                if (cpve.getCause() instanceof CertificateRevokedException) {
+                    CertificateRevokedException cre
+                            = (CertificateRevokedException) cpve.getCause();
+                    revocationDate = cre.getRevocationDate();
+                }
+            } else if (cpve.getReason() == CertPathValidatorException.BasicReason.EXPIRED
+                    || cpve.getCause() instanceof CertificateExpiredException) {
+                certStatus = Status.EXPIRED;
+            } else {
+                throw new RuntimeException(
+                        "TEST FAILED: couldn't determine EE certificate status");
+            }
+        }
+
+        out.println("Expected Certificate status: " + expectedStatus);
+        out.println("Certificate status after validation: " + certStatus.name());
+
+        // Don't want test to fail in case certificate is expired when not expected
+        // Simply skip the test.
+        if (expectedStatus != Status.EXPIRED && certStatus == Status.EXPIRED) {
+            out.println("WARNING: Certificate expired, skip the test");
+            return;
+        }
+
+        if (certStatus != expectedStatus) {
+            throw new RuntimeException(
+                    "TEST FAILED: unexpected status of EE certificate");
+        }
+
+        if (certStatus == Status.REVOKED) {
+            // Check revocation date
+            if (revocationDate != null) {
+                out.println(
+                        "Certificate revocation date:" + revocationDate.toString());
+                if (expectedRevDate != null) {
+                    out.println(
+                            "Expected revocation date:" + expectedRevDate.toString());
+                    if (!expectedRevDate.equals(revocationDate)) {
+                        throw new RuntimeException(
+                                "TEST FAILED: unexpected revocation date");
+                    }
+                }
+            } else {
+                throw new RuntimeException("TEST FAILED: no revocation date");
+            }
+        }
+    }
+
+    private void logSettings(PrintStream out) {
+        out.println();
+        out.println("=====================================================");
+        out.println("CONFIGURATION");
+        out.println("=====================================================");
+        out.println("http.proxyHost :" + System.getProperty("http.proxyHost"));
+        out.println("http.proxyPort :" + System.getProperty("http.proxyPort"));
+        out.println("https.proxyHost :" + System.getProperty("https.proxyHost"));
+        out.println("https.proxyPort :" + System.getProperty("https.proxyPort"));
+        out.println("https.socksProxyHost :"
+                + System.getProperty("https.socksProxyHost"));
+        out.println("https.socksProxyPort :"
+                + System.getProperty("https.socksProxyPort"));
+        out.println("jdk.certpath.disabledAlgorithms :"
+                + Security.getProperty("jdk.certpath.disabledAlgorithms"));
+        out.println("Revocation options :" + certPathChecker.getOptions());
+        out.println("OCSP responder set :" + certPathChecker.getOcspResponder());
+        out.println("Trusted root set: " + (trustedRootCerts != null));
+
+        if (validationDate != null) {
+            out.println("Validation Date:" + validationDate.toString());
+        }
+        out.println("Expected EE Status:" + expectedStatus.name());
+        if (expectedStatus == Status.REVOKED && expectedRevDate != null) {
+            out.println(
+                    "Expected EE Revocation Date:" + expectedRevDate.toString());
+        }
+        out.println("=====================================================");
+    }
+
+    private void doCertPathValidate(String[] certsToValidate, PrintStream out)
+            throws IOException, CertificateException,
+            InvalidAlgorithmParameterException, ParseException,
+            NoSuchAlgorithmException, CertPathValidatorException, KeyStoreException {
+
+        if (certsToValidate == null) {
+            throw new RuntimeException("Require atleast one cert to validate");
+        }
+
+        // Generate CertPath with certsToValidate
+        ArrayList<X509Certificate> certs = new ArrayList();
+        for (String cert : certsToValidate) {
+            if (cert != null) {
+                certs.add(getCertificate(cert));
+            }
+        }
+        CertPath certPath = (CertPath) cf.generateCertPath(certs);
+
+        // Set cacerts as anchor
+        KeyStore cacerts = KeyStore.getInstance("JKS");
+        try (FileInputStream fis = new FileInputStream(CACERTS_STORE)) {
+            cacerts.load(fis, "changeit".toCharArray());
+        } catch (IOException | NoSuchAlgorithmException | CertificateException ex) {
+            throw new RuntimeException(ex);
+        }
+
+        // Set additional trust certificates
+        if (trustedRootCerts != null) {
+            for (int i = 0; i < trustedRootCerts.length; i++) {
+                X509Certificate rootCACert = getCertificate(trustedRootCerts[i]);
+                cacerts.setCertificateEntry("tempca" + i, rootCACert);
+            }
+        }
+
+        PKIXParameters params;
+        params = new PKIXParameters(cacerts);
+        params.addCertPathChecker(certPathChecker);
+
+        // Set backdated validation if requested, if null, current date is set
+        params.setDate(validationDate);
+
+        // Validate
+        certPathValidator.validate(certPath, params);
+        out.println("Successful CertPath validation");
+    }
+
+    private X509Certificate getCertificate(String encodedCert)
+            throws IOException, CertificateException {
+        ByteArrayInputStream is
+                = new ByteArrayInputStream(encodedCert.getBytes());
+        X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
+        return cert;
+    }
+
+    /**
+     * Set list of disabled algorithms
+     *
+     * @param algos algorithms to disable
+     */
+    public static void setDisabledAlgorithms(String algos) {
+        Security.setProperty("jdk.certpath.disabledAlgorithms", algos);
+    }
+
+    /**
+     * Enable OCSP only revocation checks, treat network error as success
+     */
+    public void enableOCSPCheck() {
+        // OCSP is by default, disable fallback to CRL
+        certPathChecker.setOptions(EnumSet.of(
+                PKIXRevocationChecker.Option.NO_FALLBACK));
+    }
+
+    /**
+     * Enable CRL only revocation check, treat network error as success
+     */
+    public void enableCRLCheck() {
+        certPathChecker.setOptions(EnumSet.of(
+                PKIXRevocationChecker.Option.PREFER_CRLS,
+                PKIXRevocationChecker.Option.NO_FALLBACK));
+    }
+
+    /**
+     * Overrides OCSP responder URL in AIA extension of certificate
+     *
+     * @param url OCSP responder
+     * @throws URISyntaxException
+     */
+    public void setOCSPResponderURL(String url) throws URISyntaxException {
+        certPathChecker.setOcspResponder(new URI(url));
+    }
+
+    /**
+     * Set validation date for EE certificate
+     *
+     * @param vDate string formatted date
+     * @throws ParseException if vDate is incorrect
+     */
+    public void setValidationDate(String vDate) throws ParseException {
+        validationDate = DateFormat.getDateInstance(DateFormat.MEDIUM,
+                Locale.US).parse(vDate);
+    }
+
+    /**
+     * Reset validation date for EE certificate to current date
+     */
+    public void resetValidationDate() {
+        validationDate = null;
+    }
+}