@Test
  public void testV3Cert() throws Exception {
    CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert);
    CertifiedPublicKey certificate = factory.decode(v3Cert);

    assertTrue(
        "End certificate should be verified by CA.",
        certificate.isSignedBy(interCaCert.getPublicKeyParameters()));

    assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
    X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
    assertThat(cert.getVersionNumber(), equalTo(3));

    assertTrue(
        "KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID));
    assertThat(
        cert.getExtensions().getKeyUsage(),
        equalTo(EnumSet.of(KeyUsage.digitalSignature, KeyUsage.dataEncipherment)));
    assertFalse(
        "ExtendedKeyUsage extension should be non critical.",
        cert.getExtensions().isCritical(ExtendedKeyUsages.OID));
    assertThat(
        cert.getExtensions().getExtendedKeyUsage().getAll().toArray(new String[0]),
        equalTo(new String[] {ExtendedKeyUsages.EMAIL_PROTECTION}));
    assertTrue(
        "Email data protection extended usage should be set.",
        cert.getExtensions().getExtendedKeyUsage().hasUsage(ExtendedKeyUsages.EMAIL_PROTECTION));

    assertThat(
        cert.getExtensions().getAuthorityKeyIdentifier(),
        equalTo(((X509CertifiedPublicKey) interCaCert).getExtensions().getSubjectKeyIdentifier()));
    assertThat(cert.isRootCA(), equalTo(false));
  }
  @Test
  public void testV3CaCert() throws Exception {
    CertifiedPublicKey certificate = factory.decode(v3CaCert);

    assertTrue(
        "CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters()));

    assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
    X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
    assertThat(cert.getVersionNumber(), equalTo(3));

    assertTrue(
        "Basic constraints should be critical.",
        cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID));
    assertTrue(
        "Basic constraints should be set to CA.",
        cert.getExtensions().hasCertificateAuthorityBasicConstraints());
    assertTrue(
        "KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID));
    assertThat(
        cert.getExtensions().getKeyUsage(),
        equalTo(EnumSet.of(KeyUsage.keyCertSign, KeyUsage.cRLSign)));
    assertThat(cert.getExtensions().getAuthorityKeyIdentifier(), notNullValue());
    assertThat(
        cert.getExtensions().getAuthorityKeyIdentifier(),
        equalTo(cert.getExtensions().getSubjectKeyIdentifier()));
    assertThat(cert.isRootCA(), equalTo(true));
  }
  @Test
  public void testV3InterCACert() throws Exception {
    CertifiedPublicKey caCert = factory.decode(v3CaCert);
    CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert);

    assertTrue(
        "Intermediate CA certificate should be verified by CA.",
        interCaCert.isSignedBy(caCert.getPublicKeyParameters()));

    assertThat(interCaCert, instanceOf(X509CertifiedPublicKey.class));
    X509CertifiedPublicKey cert = (X509CertifiedPublicKey) interCaCert;
    assertThat(cert.getVersionNumber(), equalTo(3));

    assertTrue(
        "Basic constraints should be critical.",
        cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID));
    assertTrue(
        "Basic constraints should be set to CA.",
        cert.getExtensions().hasCertificateAuthorityBasicConstraints());
    assertThat(cert.getExtensions().getBasicConstraintsPathLen(), equalTo(0));
    assertTrue(
        "KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID));
    assertThat(
        cert.getExtensions().getKeyUsage(),
        equalTo(EnumSet.of(KeyUsage.keyCertSign, KeyUsage.cRLSign)));

    assertThat(
        cert.getExtensions().getAuthorityKeyIdentifier(),
        equalTo(((X509CertifiedPublicKey) caCert).getExtensions().getSubjectKeyIdentifier()));
    assertThat(cert.isRootCA(), equalTo(false));
  }
  @Test
  public void testV1CaCert() throws Exception {
    CertifiedPublicKey certificate = factory.decode(v1CaCert);

    assertTrue(
        "CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters()));

    assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
    X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
    assertThat(cert.getVersionNumber(), equalTo(1));
    assertThat(cert.isRootCA(), equalTo(true));
  }
  @Test
  public void testV1Cert() throws Exception {
    CertifiedPublicKey caCert = factory.decode(v1CaCert);
    CertifiedPublicKey certificate = factory.decode(v1Cert);

    assertTrue(
        "End certificate should be verified by CA.",
        certificate.isSignedBy(caCert.getPublicKeyParameters()));

    assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
    X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
    assertThat(cert.getVersionNumber(), equalTo(1));
  }