Integration tests make use of a set of certificates signed by the DataONE test
certicate authority.  Reguirements for the certificates are:

1. they need to be long-lived to be useful for testing. (>1 year?)
2. they need to contain serialized SubjectInfo, as typical certs used in production would.
3. they should not be trusted by production Nodes.
4. the filename for each certificate needs to match the subject common name.

Testing Design
==================
Most of the certificates in the set are used to test Authorization, which requires
several different users to thoroughly test authorization scenarios.

Authorization testing imagines a set of related subjects (for Groups, Persons, and Nodes):
CommonName              Details
testGroup               

testGroupie             is a member of testGroup

testPerson              is a member of testGroup
                        is verified
                        has equivalent identity of 'CN=someLegacyAcct,DC=somewhere,DC=org'
                        has equivalent identity of testEQPerson1


testEQPerson1           has equivalent identity of testPerson
                        has equivalent identity of testEQPerson2
                        
testEQPerson2           has equivalent identity of testPerson1
                        has equivalent identity of testEQPerson3
                        
testEQPerson3           has equivalent identity of testPerson2

testSubmitter           

testRightsHolder






I'm using subjects with the following common names as client subjects/certificates for integration testing:

testSubmitter             (  full subject becomes:    "CN=testSubmitter,DC=dataone,DC=org"    )
testRightsHolder
testPerson
testMappedPerson
testGroupie

We're also testing various certificate situations, so I am creating a handful of certificate variants for testPerson, and give them the following names:
                        
testPerson_Expired.crt                  
testPerson_NoSubjectInfo.crt       
testPerson_MissingSelf.crt            
testPerson_MissingMappedID.crt   
testPerson_InvalidVsSchema.crt    


Attached is a zip file containing serialized xml for the subject info to be included in the certificate:

testGroupieSI.xml
testMappedPersonSI.xml
...

there should be an SI file for all but 2 of the above certificates needed:

1. testPerson_Expired.crt                  uses testPersonSI.xml, but expiration set to 1 hour or day from now (I think that's the lowest increment possible)
2. testPerson_NoSubjectInfo.crt        (certificate doesn't include any SI.xml)


The cilogon oid for the subjectInfo is:  "1.3.6.1.4.1.34998.2.1"


Thanks for generating them.