Integration tests make use of a set of certificates signed by the DataONE test certicate authority. Reguirements for the certificates are: 1. they need to be long-lived to be useful for testing. (>1 year?) 2. they need to contain serialized SubjectInfo, as typical certs used in production would. 3. they should not be trusted by production Nodes. 4. the filename for each certificate needs to match the subject common name. Testing Design ================== Most of the certificates in the set are used to test Authorization, which requires several different users to thoroughly test authorization scenarios. Authorization testing imagines a set of related subjects (for Groups, Persons, and Nodes): CommonName Details testGroup testGroupie is a member of testGroup testPerson is a member of testGroup is verified has equivalent identity of 'CN=someLegacyAcct,DC=somewhere,DC=org' has equivalent identity of testEQPerson1 testEQPerson1 has equivalent identity of testPerson has equivalent identity of testEQPerson2 testEQPerson2 has equivalent identity of testPerson1 has equivalent identity of testEQPerson3 testEQPerson3 has equivalent identity of testPerson2 testSubmitter testRightsHolder I'm using subjects with the following common names as client subjects/certificates for integration testing: testSubmitter ( full subject becomes: "CN=testSubmitter,DC=dataone,DC=org" ) testRightsHolder testPerson testMappedPerson testGroupie We're also testing various certificate situations, so I am creating a handful of certificate variants for testPerson, and give them the following names: testPerson_Expired.crt testPerson_NoSubjectInfo.crt testPerson_MissingSelf.crt testPerson_MissingMappedID.crt testPerson_InvalidVsSchema.crt Attached is a zip file containing serialized xml for the subject info to be included in the certificate: testGroupieSI.xml testMappedPersonSI.xml ... there should be an SI file for all but 2 of the above certificates needed: 1. testPerson_Expired.crt uses testPersonSI.xml, but expiration set to 1 hour or day from now (I think that's the lowest increment possible) 2. testPerson_NoSubjectInfo.crt (certificate doesn't include any SI.xml) The cilogon oid for the subjectInfo is: "1.3.6.1.4.1.34998.2.1" Thanks for generating them.