@Test
  /**
   * Verify that all certificates returned will validate signForApp(). Any invalid signature or
   * exception will cause the test to fail.
   */
  public void testSignForApp() throws Exception {
    Collection<PublicCertificate> certs = appIdentity.getPublicCertificatesForApp();
    byte[] blob = "abcdefg".getBytes();
    AppIdentityService.SigningResult result = appIdentity.signForApp(blob);
    byte[] signedBlob = result.getSignature();
    boolean res = verifySignatureWithAllCertsForApp(blob, signedBlob, certs);

    // assertTrue(res) returns null, so using assertEquals()
    Assert.assertEquals("signature.verify() returned false. See logs.", true, res);
    Assert.assertTrue(!result.getKeyName().isEmpty());
  }
  @Test
  public void testGetPublicCertificates() throws Exception {
    Collection<PublicCertificate> certs = appIdentity.getPublicCertificatesForApp();
    Assert.assertTrue("No certificates returned.", !certs.isEmpty());

    for (PublicCertificate publicCert : certs) {
      Assert.assertTrue(
          "No name for certificate.", !publicCert.getCertificateName().trim().isEmpty());

      String pemFormat = publicCert.getX509CertificateInPemFormat();
      String errMsg = "getX509CertificateInPemFormat():" + pemFormat;
      // TODO better check?
      Assert.assertTrue(errMsg, pemFormat.startsWith("-----BEGIN"));
      Assert.assertTrue(errMsg, pemFormat.contains("-----END"));

      InputStream stream =
          new ByteArrayInputStream(publicCert.getX509CertificateInPemFormat().getBytes("UTF-8"));
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      Certificate cert = cf.generateCertificate(stream);

      PublicKey pk = cert.getPublicKey();
      Assert.assertNotNull(pk.getEncoded());
    }
  }