62 files changed, 0 insertions, 13229 deletions
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
deleted file mode 100644
index 1f13b2a..0000000
--- a/trust/tests/Makefile.am
+++ /dev/null
@@ -1,122 +0,0 @@
-
-include $(top_srcdir)/build/Makefile.tests
-
-COMMON = $(top_srcdir)/common
-TRUST = $(top_srcdir)/trust
-
-AM_CPPFLAGS = \
-	-I$(top_srcdir) \
-	-I$(srcdir)/.. \
-	-I$(top_srcdir)/p11-kit \
-	-I$(COMMON) \
-	-DDATADIR=\"$(datadir)\" \
-	-DSYSCONFDIR=\"$(sysconfdir)\" \
-	-DP11_KIT_FUTURE_UNSTABLE_API \
-	$(LIBTASN1_CFLAGS) \
-	$(TEST_CFLAGS) \
-	$(NULL)
-
-noinst_LTLIBRARIES = \
-	libtrust-test.la
-
-libtrust_test_la_SOURCES = \
-	test-trust.c test-trust.h \
-	$(TRUST)/digest.c
-
-LDADD = \
-	$(top_builddir)/trust/libtrust-testable.la \
-	$(top_builddir)/trust/libtrust-data.la \
-	$(builddir)/libtrust-test.la \
-	$(top_builddir)/p11-kit/libp11-kit.la \
-	$(top_builddir)/common/libp11-library.la \
-	$(top_builddir)/common/libp11-test.la \
-	$(top_builddir)/common/libp11-common.la \
-	$(LIBTASN1_LIBS) \
-	$(HASH_LIBS) \
-	$(NULL)
-
-CHECK_PROGS = \
-	test-digest \
-	test-asn1 \
-	test-base64 \
-	test-pem \
-	test-oid \
-	test-utf8 \
-	test-x509 \
-	test-persist \
-	test-index \
-	test-parser \
-	test-builder \
-	test-token \
-	test-module \
-	test-save \
-	test-enumerate \
-	test-cer \
-	test-bundle \
-	test-openssl \
-	$(NULL)
-
-noinst_PROGRAMS = \
-	frob-pow \
-	frob-token \
-	frob-nss-trust \
-	frob-cert \
-	frob-bc \
-	frob-ku \
-	frob-eku \
-	frob-ext \
-	frob-cert \
-	frob-oid \
-	$(CHECK_PROGS)
-
-frob_nss_trust_LDADD = \
-	$(top_builddir)/common/libp11-common.la \
-	$(top_builddir)/p11-kit/libp11-kit.la \
-	$(HASH_LIBS) \
-	$(NULL)
-
-TESTS = $(CHECK_PROGS)
-
-EXTRA_DIST = \
-	input \
-	files \
-	$(NULL)
-
-TEST_RUNNER = libtool --mode=execute
-
-test_save_SOURCES = \
-	test-save.c \
-	$(TRUST)/save.c \
-	$(NULL)
-
-test_enumerate_SOURCES = \
-	test-enumerate.c \
-	$(TRUST)/enumerate.c \
-	$(NULL)
-
-test_cer_SOURCES = \
-	test-cer.c \
-	$(TRUST)/enumerate.c \
-	$(TRUST)/extract-cer.c \
-	$(TRUST)/save.c \
-	$(NULL)
-
-test_bundle_SOURCES = \
-	test-bundle.c \
-	$(TRUST)/enumerate.c \
-	$(TRUST)/extract-pem.c \
-	$(TRUST)/save.c \
-	$(NULL)
-
-test_openssl_SOURCES = \
-	test-openssl.c \
-	$(TRUST)/enumerate.c \
-	$(TRUST)/extract-openssl.c \
-	$(TRUST)/save.c \
-	$(NULL)
-
-noinst_SCRIPTS = \
-	test-extract
-
-installcheck-local:
-	sh $(builddir)/test-extract
diff --git a/trust/tests/files/cacert-ca.der b/trust/tests/files/cacert-ca.der
deleted file mode 100644
index 719b0ff..0000000
--- a/trust/tests/files/cacert-ca.der
+++ /dev/null
diff --git a/trust/tests/files/cacert3-distrust-all.pem b/trust/tests/files/cacert3-distrust-all.pem
deleted file mode 100644
index ce5d887..0000000
--- a/trust/tests/files/cacert3-distrust-all.pem
+++ /dev/null
@@ -1,44 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijBSoFAGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
-CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD
-CA==
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/cacert3-distrusted-all.pem b/trust/tests/files/cacert3-distrusted-all.pem
deleted file mode 100644
index 4a04a39..0000000
--- a/trust/tests/files/cacert3-distrusted-all.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijBIoEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
-CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMI
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/cacert3-not-trusted.pem b/trust/tests/files/cacert3-not-trusted.pem
deleted file mode 100644
index eaa2e54..0000000
--- a/trust/tests/files/cacert3-not-trusted.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijACMAA=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/cacert3-trusted-alias.pem b/trust/tests/files/cacert3-trusted-alias.pem
deleted file mode 100644
index 44601ea..0000000
--- a/trust/tests/files/cacert3-trusted-alias.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/cacert3-trusted-keyid.pem b/trust/tests/files/cacert3-trusted-keyid.pem
deleted file mode 100644
index e652733..0000000
--- a/trust/tests/files/cacert3-trusted-keyid.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAJBAcAAQIDBAUG
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/cacert3-trusted-server-alias.pem b/trust/tests/files/cacert3-trusted-server-alias.pem
deleted file mode 100644
index 55593ec..0000000
--- a/trust/tests/files/cacert3-trusted-server-alias.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
-TGFiZWw=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/cacert3-trusted.pem b/trust/tests/files/cacert3-trusted.pem
deleted file mode 100644
index 55593ec..0000000
--- a/trust/tests/files/cacert3-trusted.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
-TGFiZWw=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/cacert3-twice.pem b/trust/tests/files/cacert3-twice.pem
deleted file mode 100644
index c73202d..0000000
--- a/trust/tests/files/cacert3-twice.pem
+++ /dev/null
@@ -1,84 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ig==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ig==
------END CERTIFICATE-----
diff --git a/trust/tests/files/cacert3.der b/trust/tests/files/cacert3.der
deleted file mode 100644
index 56f8c88..0000000
--- a/trust/tests/files/cacert3.der
+++ /dev/null
diff --git a/trust/tests/files/cacert3.pem b/trust/tests/files/cacert3.pem
deleted file mode 100644
index 087ca0e..0000000
--- a/trust/tests/files/cacert3.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ig==
------END CERTIFICATE-----
diff --git a/trust/tests/files/distrusted.pem b/trust/tests/files/distrusted.pem
deleted file mode 100644
index 8de6ff0..0000000
--- a/trust/tests/files/distrusted.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN
-QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n
-i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L
-WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0
-6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg
-MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV
-BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT
-MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p
-bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p
-mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41
-voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH
-AwIMEVJlZCBIYXQgSXMgdGhlIENB
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/empty-file b/trust/tests/files/empty-file
deleted file mode 100644
index e69de29..0000000
--- a/trust/tests/files/empty-file
+++ /dev/null
diff --git a/trust/tests/files/multiple.pem b/trust/tests/files/multiple.pem
deleted file mode 100644
index d3e1775..0000000
--- a/trust/tests/files/multiple.pem
+++ /dev/null
@@ -1,58 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
-TGFiZWw=
------END TRUSTED CERTIFICATE-----
------BEGIN TRUSTED CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
-NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
-Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
-MA4MDEN1c3RvbSBMYWJlbA==
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/openssl-trust-no-trust.pem b/trust/tests/files/openssl-trust-no-trust.pem
deleted file mode 100644
index 07e3917..0000000
--- a/trust/tests/files/openssl-trust-no-trust.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIEmTCCA4GgAwIBAgIQXSBhjowOuTRAk7mx2GOVtjANBgkqhkiG9w0BAQUFADBv
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
-ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
-eHRlcm5hbCBDQSBSb290MB4XDTE0MDgwNTAwMDAwMFoXDTE1MTEwMTIzNTk1OVow
-fzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSowKAYDVQQDEyFV
-U0VSVHJ1c3QgTGVnYWN5IFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDZTSA65ikwhvLphol2NE5oH5ZE99H51oJOpjie7stb
-4Y4uvfJXgP3JP/yQc0S8j7tXW+UtHxQwdTb1f7zPVvR/gf+ukc3Y0mrLl/n3zZBq
-RS3Eu6SFE2hXX+8puirK6vXMpASbY80A6/3tjd0jxnseVx02fx8Img1h21pscQJT
-KML6jf2ru7PxjXRL3729zAaTYwmVwhB6nSWQMp0BwjlTsOAVa8fXdOWkIpvklP+E
-kfstsxlDLZMPnBIJ5Ge5J3oyrXoqzEFYwG5ZX+44KxcinIn6buflVzX0Wu2SlZMt
-+cwkP6UcPSe9IgNzzPXK86n03P7P6dBc0A+rh/yD/cipAgMBAAGjggEfMIIBGzAf
-BgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUr6RAr58W
-/qsx/fvVl4v1kaMkhhYwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
-AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGA1UdIAQSMBAwDgYM
-KwYBBAGyMQECAQMEMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRy
-dXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQp
-MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
-hvcNAQEFBQADggEBAISuLWg4EWyDUWLAkcKYvMY7+qXFvTsJ5m5gbzADhiIasovz
-xs4euxt54BYUTdKaBUv/j+zwKCnqKgQdPa8REtVJmFBCn2FmOrZAmQQMaxAy6ffP
-hlhPLc3TrH7oW2qDfA2gnFxQNnUNbX5Ct9+m3JBcbyNOlx3zInW/AzXmXX/H+Zss
-h/aO1iWWWZ3P6hAe727qWpt3GDTMgXevmofCCuXlnhOVU729SRqldhL23PKRt+ka
-4bxNPZVxffiNfD4DT1Pt/lL9yl+T4RoBGwK3c066Zul4i1D+EcvRZ9AiT3fqzRQV
-QK5mXegufx6Ib1V51rl+47X9kaDA8iaHSy+d9aA=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/files/redhat-ca.der b/trust/tests/files/redhat-ca.der
deleted file mode 100644
index affae24..0000000
--- a/trust/tests/files/redhat-ca.der
+++ /dev/null
diff --git a/trust/tests/files/self-signed-with-eku.der b/trust/tests/files/self-signed-with-eku.der
deleted file mode 100644
index 33e0760..0000000
--- a/trust/tests/files/self-signed-with-eku.der
+++ /dev/null
diff --git a/trust/tests/files/self-signed-with-ku.der b/trust/tests/files/self-signed-with-ku.der
deleted file mode 100644
index 51bb227..0000000
--- a/trust/tests/files/self-signed-with-ku.der
+++ /dev/null
diff --git a/trust/tests/files/simple-string b/trust/tests/files/simple-string
deleted file mode 100644
index be13474..0000000
--- a/trust/tests/files/simple-string
+++ /dev/null
@@ -1 +0,0 @@
-The simple string is hairy
-\ No newline at end of file
diff --git a/trust/tests/files/testing-server.der b/trust/tests/files/testing-server.der
deleted file mode 100644
index cf2de65..0000000
--- a/trust/tests/files/testing-server.der
+++ /dev/null
diff --git a/trust/tests/files/thawte.pem b/trust/tests/files/thawte.pem
deleted file mode 100644
index 34af29e..0000000
--- a/trust/tests/files/thawte.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB
-rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
-Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
-MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
-BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa
-Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
-LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
-MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
-ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm
-gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
-YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
-b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
-9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
-zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
-OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
-HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA
-2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW
-oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
-t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c
-KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
-m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
-MdRAGmI0Nj81Aa6sY6A=
------END CERTIFICATE-----
diff --git a/trust/tests/files/unrecognized-file.txt b/trust/tests/files/unrecognized-file.txt
deleted file mode 100644
index 4d5bac3..0000000
--- a/trust/tests/files/unrecognized-file.txt
+++ /dev/null
@@ -1 +0,0 @@
-# This file is not recognized by the parser
-\ No newline at end of file
diff --git a/trust/tests/files/verisign-v1.der b/trust/tests/files/verisign-v1.der
deleted file mode 100644
index bcd5ebb..0000000
--- a/trust/tests/files/verisign-v1.der
+++ /dev/null
diff --git a/trust/tests/files/verisign-v1.pem b/trust/tests/files/verisign-v1.pem
deleted file mode 100644
index ace4da5..0000000
--- a/trust/tests/files/verisign-v1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
-NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
-Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
-MA4MDEN1c3RvbSBMYWJlbA==
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/frob-bc.c b/trust/tests/frob-bc.c
deleted file mode 100644
index 41fbc58..0000000
--- a/trust/tests/frob-bc.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
-	do { if ((ret) != ASN1_SUCCESS) { \
-		fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
-		exit (1); \
-	} } while (0)
-
-int
-main (int argc,
-      char *argv[])
-{
-	char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
-	node_asn *definitions = NULL;
-	node_asn *ext = NULL;
-	char *buf;
-	int len;
-	int ret;
-
-	ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "definitions: %s\n", message);
-		return 1;
-	}
-
-	ret = asn1_create_element (definitions, "PKIX1.BasicConstraints", &ext);
-	err_if_fail (ret, "BasicConstraints");
-
-	if (argc > 1) {
-		ret = asn1_write_value (ext, "cA", argv[1], 1);
-		err_if_fail (ret, "cA");
-	}
-
-	ret = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
-	err_if_fail (ret, "pathLenConstraint");
-
-	len = 0;
-	ret = asn1_der_coding (ext, "", NULL, &len, message);
-	assert (ret == ASN1_MEM_ERROR);
-
-	buf = malloc (len);
-	assert (buf != NULL);
-	ret = asn1_der_coding (ext, "", buf, &len, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "asn1_der_coding: %s\n", message);
-		free (buf);
-		return 1;
-	}
-
-	fwrite (buf, 1, len, stdout);
-	fflush (stdout);
-
-	free (buf);
-	asn1_delete_structure (&ext);
-	asn1_delete_structure (&definitions);
-
-	return 0;
-}
diff --git a/trust/tests/frob-cert.c b/trust/tests/frob-cert.c
deleted file mode 100644
index c1bc45c..0000000
--- a/trust/tests/frob-cert.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <assert.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
-	do { if ((ret) != ASN1_SUCCESS) { \
-		fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
-		exit (1); \
-	} } while (0)
-
-static ssize_t
-tlv_length (const unsigned char *data,
-            size_t length)
-{
-	unsigned char cls;
-	int counter = 0;
-	int cb, len;
-	unsigned long tag;
-
-	if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) {
-		counter += cb;
-		len = asn1_get_length_der (data + cb, length - cb, &cb);
-		counter += cb;
-		if (len >= 0) {
-			len += counter;
-			if (length >= len)
-				return len;
-		}
-	}
-
-	return -1;
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
-	node_asn *definitions = NULL;
-	node_asn *cert = NULL;
-	p11_mmap *map;
-	void *data;
-	size_t size;
-	int start, end;
-	ssize_t len;
-	int ret;
-
-	if (argc != 4) {
-		fprintf (stderr, "usage: frob-cert struct field filename\n");
-		return 2;
-	}
-
-	ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "definitions: %s\n", message);
-		return 1;
-	}
-
-	ret = asn1_create_element (definitions, argv[1], &cert);
-	err_if_fail (ret, "Certificate");
-
-	map = p11_mmap_open (argv[3], NULL, &data, &size);
-	if (map == NULL) {
-		fprintf (stderr, "couldn't open file: %s\n", argv[3]);
-		return 1;
-	}
-
-	ret = asn1_der_decoding (&cert, data, size, message);
-	err_if_fail (ret, message);
-
-	ret = asn1_der_decoding_startEnd (cert, data, size, argv[2], &start, &end);
-	err_if_fail (ret, "asn1_der_decoding_startEnd");
-
-	len = tlv_length ((unsigned char *)data + start, size - start);
-	assert (len >= 0);
-
-	fprintf (stderr, "%lu %d %d %ld\n", (unsigned long)size, start, end, (long)len);
-	fwrite ((unsigned char *)data + start, 1, len, stdout);
-	fflush (stdout);
-
-	p11_mmap_close (map);
-
-	asn1_delete_structure (&cert);
-	asn1_delete_structure (&definitions);
-
-	return 0;
-}
diff --git a/trust/tests/frob-eku.c b/trust/tests/frob-eku.c
deleted file mode 100644
index f467b36..0000000
--- a/trust/tests/frob-eku.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
-	do { if ((ret) != ASN1_SUCCESS) { \
-		fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
-		exit (1); \
-	} } while (0)
-
-int
-main (int argc,
-      char *argv[])
-{
-	char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
-	node_asn *definitions = NULL;
-	node_asn *ekus = NULL;
-	char *buf;
-	int len;
-	int ret;
-	int i;
-
-	ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "definitions: %s\n", message);
-		return 1;
-	}
-
-	ret = asn1_create_element (definitions, "PKIX1.ExtKeyUsageSyntax", &ekus);
-	err_if_fail (ret, "ExtKeyUsageSyntax");
-
-	for (i = 1; i < argc; i++) {
-		ret = asn1_write_value (ekus, "", "NEW", 1);
-		err_if_fail (ret, "NEW");
-
-		ret = asn1_write_value (ekus, "?LAST", argv[i], strlen (argv[i]));
-		err_if_fail (ret, "asn1_write_value");
-	}
-
-	len = 0;
-	ret = asn1_der_coding (ekus, "", NULL, &len, message);
-	assert (ret == ASN1_MEM_ERROR);
-
-	buf = malloc (len);
-	assert (buf != NULL);
-	ret = asn1_der_coding (ekus, "", buf, &len, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "asn1_der_coding: %s\n", message);
-		free (buf);
-		return 1;
-	}
-
-	fwrite (buf, 1, len, stdout);
-	fflush (stdout);
-
-	free (buf);
-	asn1_delete_structure (&ekus);
-	asn1_delete_structure (&definitions);
-
-	return 0;
-}
diff --git a/trust/tests/frob-ext.c b/trust/tests/frob-ext.c
deleted file mode 100644
index 2017205..0000000
--- a/trust/tests/frob-ext.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
-	do { if ((ret) != ASN1_SUCCESS) { \
-		fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
-		exit (1); \
-	} } while (0)
-
-int
-main (int argc,
-      char *argv[])
-{
-	char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
-	node_asn *definitions = NULL;
-	node_asn *ext = NULL;
-	unsigned char input[1024];
-	char *buf;
-	size_t size;
-	int len;
-	int ret;
-
-	if (argc == 1 || argc > 3) {
-		fprintf (stderr, "usage: frob-ext 1.2.3 TRUE\n");
-		return 2;
-	}
-
-	size = fread (input, 1, sizeof (input), stdin);
-	if (ferror (stdin) || !feof (stdin)) {
-		fprintf (stderr, "bad input\n");
-		return 1;
-	}
-
-	ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "definitions: %s\n", message);
-		return 1;
-	}
-
-
-	ret = asn1_create_element (definitions, "PKIX1.Extension", &ext);
-	err_if_fail (ret, "Extension");
-
-	ret = asn1_write_value (ext, "extnID", argv[1], 1);
-	err_if_fail (ret, "extnID");
-
-	if (argc == 3) {
-		ret = asn1_write_value (ext, "critical", argv[2], 1);
-		err_if_fail (ret, "critical");
-	}
-
-	ret = asn1_write_value (ext, "extnValue", input, size);
-	err_if_fail (ret, "extnValue");
-
-	len = 0;
-	ret = asn1_der_coding (ext, "", NULL, &len, message);
-	assert (ret == ASN1_MEM_ERROR);
-
-	buf = malloc (len);
-	assert (buf != NULL);
-	ret = asn1_der_coding (ext, "", buf, &len, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "asn1_der_coding: %s\n", message);
-		free (buf);
-		return 1;
-	}
-
-	fwrite (buf, 1, len, stdout);
-	fflush (stdout);
-
-	free (buf);
-	asn1_delete_structure (&ext);
-	asn1_delete_structure (&definitions);
-
-	return 0;
-}
diff --git a/trust/tests/frob-ku.c b/trust/tests/frob-ku.c
deleted file mode 100644
index 99ac217..0000000
--- a/trust/tests/frob-ku.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include "oid.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
-	do { if ((ret) != ASN1_SUCCESS) { \
-		fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
-		exit (1); \
-	} } while (0)
-
-int
-main (int argc,
-      char *argv[])
-{
-	char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
-	node_asn *definitions = NULL;
-	node_asn *ku = NULL;
-	unsigned int usage = 0;
-	char bits[2];
-	char *buf;
-	int len;
-	int ret;
-	int i;
-
-	for (i = 1; i < argc; i++) {
-		if (strcmp (argv[i], "digital-signature") == 0)
-			usage |= P11_KU_DIGITAL_SIGNATURE;
-		else if (strcmp (argv[i], "non-repudiation") == 0)
-			usage |= P11_KU_NON_REPUDIATION;
-		else if (strcmp (argv[i], "key-encipherment") == 0)
-			usage |= P11_KU_KEY_ENCIPHERMENT;
-		else if (strcmp (argv[i], "data-encipherment") == 0)
-			usage |= P11_KU_DATA_ENCIPHERMENT;
-		else if (strcmp (argv[i], "key-agreement") == 0)
-			usage |= P11_KU_KEY_AGREEMENT;
-		else if (strcmp (argv[i], "key-cert-sign") == 0)
-			usage |= P11_KU_KEY_CERT_SIGN;
-		else if (strcmp (argv[i], "crl-sign") == 0)
-			usage |= P11_KU_CRL_SIGN;
-		else {
-			fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]);
-			return 2;
-		}
-	}
-
-	ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "definitions: %s\n", message);
-		return 1;
-	}
-
-	ret = asn1_create_element (definitions, "PKIX1.KeyUsage", &ku);
-	err_if_fail (ret, "KeyUsage");
-
-	bits[0] = usage & 0xff;
-	bits[1] = (usage >> 8) & 0xff;
-
-	ret = asn1_write_value (ku, "", bits, 9);
-	err_if_fail (ret, "asn1_write_value");
-
-	len = 0;
-	ret = asn1_der_coding (ku, "", NULL, &len, message);
-	assert (ret == ASN1_MEM_ERROR);
-
-	buf = malloc (len);
-	assert (buf != NULL);
-	ret = asn1_der_coding (ku, "", buf, &len, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "asn1_der_coding: %s\n", message);
-		free (buf);
-		return 1;
-	}
-
-	fwrite (buf, 1, len, stdout);
-	fflush (stdout);
-	free (buf);
-
-	asn1_delete_structure (&ku);
-	asn1_delete_structure (&definitions);
-
-	return 0;
-}
diff --git a/trust/tests/frob-multi-init.c b/trust/tests/frob-multi-init.c
deleted file mode 100644
index d966540..0000000
--- a/trust/tests/frob-multi-init.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * gcc -Wall -o frob-multi-init $(pkg-config p11-kit-1 --cflags --libs) -ldl frob-multi-init.c
- */
-
-#include <assert.h>
-#include <dlfcn.h>
-#include <stdio.h>
-
-#include <p11-kit/p11-kit.h>
-
-#define TRUST_SO "/usr/lib64/pkcs11/p11-kit-trust.so"
-
-int
-main (void)
-{
-	CK_C_INITIALIZE_ARGS args =
-		{ NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, };
-	CK_C_GetFunctionList C_GetFunctionList;
-	CK_SESSION_HANDLE session;
-	CK_FUNCTION_LIST *module;
-	CK_SLOT_ID slots[8];
-	CK_SESSION_INFO info;
-	CK_ULONG count;
-	CK_RV rv;
-	void *dl;
-
-	dl = dlopen (TRUST_SO, RTLD_LOCAL | RTLD_NOW);
-	if (dl == NULL)
-		fprintf (stderr, "%s\n", dlerror());
-	assert (dl != NULL);
-
-	C_GetFunctionList = dlsym (dl, "C_GetFunctionList");
-	assert (C_GetFunctionList != NULL);
-
-	rv = C_GetFunctionList (&module);
-	assert (rv == CKR_OK);
-	assert (module != NULL);
-
-	rv = module->C_Initialize (&args);
-	assert (rv == CKR_OK);
-
-	count = 8;
-	rv = module->C_GetSlotList (CK_TRUE, slots, &count);
-	assert (rv == CKR_OK);
-	assert (count > 1);
-
-	rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert (rv == CKR_OK);
-
-	rv = module->C_GetSessionInfo (session, &info);
-	assert (rv == CKR_OK);
-
-	rv = p11_kit_initialize_registered ();
-	assert (rv == CKR_OK);
-
-	rv = module->C_GetSessionInfo (session, &info);
-	if (rv == CKR_OK) {
-		printf ("no reinitialization bug\n");
-		return 0;
-
-	} else if (rv == CKR_SESSION_HANDLE_INVALID) {
-		printf ("reinitialization bug present\n");
-		return 1;
-
-	} else {
-		printf ("another error: %lu\n", rv);
-		return 1;
-	}
-}
diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c
deleted file mode 100644
index fd69573..0000000
--- a/trust/tests/frob-nss-trust.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "attrs.h"
-#include "debug.h"
-#include "pkcs11x.h"
-
-#include "p11-kit/iter.h"
-#include "p11-kit/p11-kit.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-static void
-dump_object (P11KitIter *iter,
-             CK_ATTRIBUTE *attrs)
-{
-	CK_ATTRIBUTE label = { CKA_LABEL, };
-	CK_ATTRIBUTE *attr;
-	char *string;
-	char *name;
-	CK_RV rv;
-
-	attr = p11_attrs_find_valid (attrs, CKA_LABEL);
-	if (!attr) {
-		rv = p11_kit_iter_load_attributes (iter, &label, 1);
-		if (rv == CKR_OK)
-			attr = &label;
-	}
-
-	if (attr)
-		name = strndup (attr->pValue, attr->ulValueLen);
-	else
-		name = strdup ("unknown");
-
-	string = p11_attrs_to_string (attrs, -1);
-	printf ("\"%s\" = %s\n", name, string);
-	free (string);
-
-	free (label.pValue);
-	free (name);
-}
-
-static int
-dump_trust_module (const char *path)
-{
-	CK_FUNCTION_LIST *module;
-	CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-	CK_ATTRIBUTE match =
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) };
-	P11KitIter *iter;
-	CK_ATTRIBUTE *attrs;
-	CK_RV rv;
-
-	CK_ATTRIBUTE template[] = {
-		{ CKA_CLASS,},
-		{ CKA_LABEL, },
-		{ CKA_CERT_MD5_HASH, },
-		{ CKA_CERT_SHA1_HASH },
-		{ CKA_ISSUER, },
-		{ CKA_SERIAL_NUMBER, },
-		{ CKA_TRUST_SERVER_AUTH, },
-		{ CKA_TRUST_EMAIL_PROTECTION, },
-		{ CKA_TRUST_CODE_SIGNING, },
-		{ CKA_TRUST_STEP_UP_APPROVED, },
-		{ CKA_INVALID, }
-	};
-
-	CK_ULONG count = p11_attrs_count (template);
-
-	module = p11_kit_module_load (path, 0);
-	return_val_if_fail (module != NULL, 1);
-
-	rv = p11_kit_module_initialize (module);
-	return_val_if_fail (rv == CKR_OK, 1);
-
-	iter = p11_kit_iter_new (NULL, 0);
-	p11_kit_iter_add_filter (iter, &match, 1);
-	p11_kit_iter_begin_with (iter, module, 0, 0);
-
-	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		attrs = p11_attrs_dup (template);
-		rv = p11_kit_iter_load_attributes (iter, attrs, count);
-		return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1);
-		p11_attrs_purge (attrs);
-		dump_object (iter, attrs);
-		p11_attrs_free (attrs);
-	}
-
-	return_val_if_fail (rv == CKR_CANCEL, 1);
-
-	p11_kit_module_finalize (module);
-	p11_kit_module_release (module);
-
-	return 0;
-}
-
-static int
-compare_trust_modules (const char *path1,
-                       const char *path2)
-{
-	CK_FUNCTION_LIST *module1;
-	CK_FUNCTION_LIST *module2;
-	CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-	CK_ATTRIBUTE match =
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) };
-	P11KitIter *iter;
-	P11KitIter *iter2;
-	CK_ATTRIBUTE *check;
-	CK_RV rv;
-
-	CK_ATTRIBUTE template[] = {
-		{ CKA_CLASS, },
-		{ CKA_ISSUER, },
-		{ CKA_SERIAL_NUMBER, },
-		{ CKA_CERT_MD5_HASH, },
-		{ CKA_CERT_SHA1_HASH },
-		{ CKA_TRUST_SERVER_AUTH, },
-		{ CKA_TRUST_EMAIL_PROTECTION, },
-		{ CKA_TRUST_CODE_SIGNING, },
-		{ CKA_TRUST_STEP_UP_APPROVED, },
-		{ CKA_INVALID, }
-	};
-
-	module1 = p11_kit_module_load (path1, 0);
-	return_val_if_fail (module1 != NULL, 1);
-
-	rv = p11_kit_module_initialize (module1);
-	return_val_if_fail (rv == CKR_OK, 1);
-
-	module2 = p11_kit_module_load (path2, 0);
-	return_val_if_fail (module2 != NULL, 1);
-
-	rv = p11_kit_module_initialize (module2);
-	return_val_if_fail (rv == CKR_OK, 1);
-
-	iter = p11_kit_iter_new (NULL, 0);
-	p11_kit_iter_add_filter (iter, &match, 1);
-	p11_kit_iter_begin_with (iter, module1, 0, 0);
-
-	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		check = p11_attrs_dup (template);
-
-		rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check));
-		return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1);
-
-		/* Go through and remove anything not found */
-		p11_attrs_purge (check);
-
-		/* Check that this object exists */
-		iter2 = p11_kit_iter_new (NULL, 0);
-		p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check));
-		p11_kit_iter_begin_with (iter2, module2, 0, 0);
-		rv = p11_kit_iter_next (iter2);
-		p11_kit_iter_free (iter2);
-
-		if (rv != CKR_OK)
-			dump_object (iter, check);
-
-		p11_attrs_free (check);
-	}
-
-	return_val_if_fail (rv == CKR_CANCEL, 1);
-	p11_kit_module_finalize (module1);
-	p11_kit_module_release (module1);
-
-	p11_kit_module_finalize (module2);
-	p11_kit_module_release (module2);
-
-	return 0;
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	if (argc == 2) {
-		return dump_trust_module (argv[1]);
-	} else if (argc == 3) {
-		return compare_trust_modules (argv[1], argv[2]);
-	} else {
-		fprintf (stderr, "usage: frob-nss-trust module\n");
-		fprintf (stderr, "       frob-nss-trust module1 module2\n");
-		return 2;
-	}
-}
diff --git a/trust/tests/frob-oid.c b/trust/tests/frob-oid.c
deleted file mode 100644
index 5a2499a..0000000
--- a/trust/tests/frob-oid.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
-	do { if ((ret) != ASN1_SUCCESS) { \
-		fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
-		exit (1); \
-	} } while (0)
-int
-main (int argc,
-      char *argv[])
-{
-	char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
-	node_asn *definitions = NULL;
-	node_asn *oid = NULL;
-	char *buf;
-	int len;
-	int ret;
-
-	if (argc != 2) {
-		fprintf (stderr, "usage: frob-oid 1.1.1\n");
-		return 2;
-	}
-
-	ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "definitions: %s\n", message);
-		return 1;
-	}
-
-	/* AttributeType is a OBJECT IDENTIFIER */
-	ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid);
-	err_if_fail (ret, "AttributeType");
-
-	ret = asn1_write_value (oid, "", argv[1], strlen (argv[1]));
-	err_if_fail (ret, "asn1_write_value");
-
-	len = 0;
-	ret = asn1_der_coding (oid, "", NULL, &len, message);
-	assert (ret == ASN1_MEM_ERROR);
-
-	buf = malloc (len);
-	assert (buf != NULL);
-	ret = asn1_der_coding (oid, "", buf, &len, message);
-	if (ret != ASN1_SUCCESS) {
-		fprintf (stderr, "asn1_der_coding: %s\n", message);
-		free (buf);
-		return 1;
-	}
-
-	fwrite (buf, 1, len, stdout);
-	fflush (stdout);
-	free (buf);
-
-	asn1_delete_structure (&oid);
-	asn1_delete_structure (&definitions);
-
-	return 0;
-}
diff --git a/trust/tests/frob-pow.c b/trust/tests/frob-pow.c
deleted file mode 100644
index f029b2a..0000000
--- a/trust/tests/frob-pow.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include <stdio.h>
-
-static unsigned int
-nearest_pow_2 (int num)
-{
-	unsigned int n = num ? 1 : 0;
-	while (n < num && n > 0)
-		n <<= 1;
-	return n;
-}
-
-int
-main (void)
-{
-	int i;
-
-	for (i = 0; i < 40; i++)
-		printf ("nearest_pow_2 (%d) == %u\n", i, nearest_pow_2 (i));
-
-	return 0;
-}
diff --git a/trust/tests/frob-token.c b/trust/tests/frob-token.c
deleted file mode 100644
index 5d57ec1..0000000
--- a/trust/tests/frob-token.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <stdio.h>
-
-#include "token.h"
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_token *token;
-	p11_index *index;
-	int count;
-
-	if (argc != 2) {
-		fprintf (stderr, "usage: frob-token path\n");
-		return 2;
-	}
-
-	token = p11_token_new (1, argv[1], "Label");
-	count = p11_token_load (token);
-
-	printf ("%d files loaded\n", count);
-	index = p11_token_index (token);
-	printf ("%d objects loaded\n", p11_index_size (index));
-
-	p11_token_free (token);
-	return 0;
-}
diff --git a/trust/tests/input/anchors/cacert3.der b/trust/tests/input/anchors/cacert3.der
deleted file mode 100644
index 56f8c88..0000000
--- a/trust/tests/input/anchors/cacert3.der
+++ /dev/null
diff --git a/trust/tests/input/anchors/testing-ca.der b/trust/tests/input/anchors/testing-ca.der
deleted file mode 100644
index d3f70ea..0000000
--- a/trust/tests/input/anchors/testing-ca.der
+++ /dev/null
diff --git a/trust/tests/input/blacklist/self-server.der b/trust/tests/input/blacklist/self-server.der
deleted file mode 100644
index 68fe9af..0000000
--- a/trust/tests/input/blacklist/self-server.der
+++ /dev/null
diff --git a/trust/tests/input/cacert-ca.der b/trust/tests/input/cacert-ca.der
deleted file mode 100644
index 719b0ff..0000000
--- a/trust/tests/input/cacert-ca.der
+++ /dev/null
diff --git a/trust/tests/input/distrusted.pem b/trust/tests/input/distrusted.pem
deleted file mode 100644
index 8de6ff0..0000000
--- a/trust/tests/input/distrusted.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN
-QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n
-i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L
-WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0
-6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg
-MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV
-BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT
-MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p
-bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p
-mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41
-voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH
-AwIMEVJlZCBIYXQgSXMgdGhlIENB
------END TRUSTED CERTIFICATE-----
diff --git a/trust/tests/input/verisign-v1.p11-kit b/trust/tests/input/verisign-v1.p11-kit
deleted file mode 100644
index eaa080d..0000000
--- a/trust/tests/input/verisign-v1.p11-kit
+++ /dev/null
@@ -1,17 +0,0 @@
-[p11-kit-object-v1]
-trusted: true
-
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
-NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
-Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
------END CERTIFICATE-----
diff --git a/trust/tests/test-asn1.c b/trust/tests/test-asn1.c
deleted file mode 100644
index df75dfd..0000000
--- a/trust/tests/test-asn1.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "asn1.h"
-#include "debug.h"
-#include "oid.h"
-#include "x509.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-struct {
-	p11_dict *asn1_defs;
-} test;
-
-static void
-setup (void *unused)
-{
-	test.asn1_defs = p11_asn1_defs_load ();
-	assert_ptr_not_null (test.asn1_defs);
-}
-
-static void
-teardown (void *unused)
-{
-	p11_dict_free (test.asn1_defs);
-	memset (&test, 0, sizeof (test));
-}
-
-static void
-test_tlv_length (void)
-{
-	struct {
-		const char *der;
-		size_t der_len;
-		int expected;
-	} tlv_lengths[] = {
-		{ "\x01\x01\x00", 3, 3 },
-		{ "\x01\x01\x00\x01\x02", 5, 3 },
-		{ "\x01\x05\x00", 3, -1 },
-		{ NULL }
-	};
-
-	int length;
-	int i;
-
-	for (i = 0; tlv_lengths[i].der != NULL; i++) {
-		length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len);
-		assert_num_eq (tlv_lengths[i].expected, length);
-	}
-}
-
-static const unsigned char test_eku_server_and_client[] = {
-	0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
-	0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
-};
-
-static void
-test_asn1_cache (void)
-{
-	p11_asn1_cache *cache;
-	p11_dict *defs;
-	node_asn *asn;
-	node_asn *check;
-
-	cache = p11_asn1_cache_new ();
-	assert_ptr_not_null (cache);
-
-	defs = p11_asn1_cache_defs (cache);
-	assert_ptr_not_null (defs);
-
-	asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax",
-	                       test_eku_server_and_client,
-	                       sizeof (test_eku_server_and_client), NULL);
-	assert_ptr_not_null (defs);
-
-	/* Place the parsed data in the cache */
-	p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax",
-	                     test_eku_server_and_client,
-	                     sizeof (test_eku_server_and_client));
-
-	/* Get it back out */
-	check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax",
-	                            test_eku_server_and_client,
-	                            sizeof (test_eku_server_and_client));
-	assert_ptr_eq (asn, check);
-
-	/* Flush should remove it */
-	p11_asn1_cache_flush (cache);
-	check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax",
-	                            test_eku_server_and_client,
-	                            sizeof (test_eku_server_and_client));
-	assert_ptr_eq (NULL, check);
-
-	p11_asn1_cache_free (cache);
-}
-
-static void
-test_asn1_free (void)
-{
-	p11_dict *defs;
-	node_asn *asn;
-
-	defs = p11_asn1_defs_load ();
-	assert_ptr_not_null (defs);
-
-	asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax",
-	                       test_eku_server_and_client,
-	                       sizeof (test_eku_server_and_client), NULL);
-	assert_ptr_not_null (asn);
-
-	p11_asn1_free (asn);
-	p11_asn1_free (NULL);
-	p11_dict_free (defs);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_fixture (setup, teardown);
-	p11_test (test_tlv_length, "/asn1/tlv_length");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_asn1_cache, "/asn1/asn1_cache");
-	p11_test (test_asn1_free, "/asn1/free");
-
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-base64.c b/trust/tests/test-base64.c
deleted file mode 100644
index ce303e8..0000000
--- a/trust/tests/test-base64.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "base64.h"
-#include "debug.h"
-#include "message.h"
-
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static void
-check_decode_msg (const char *file,
-                  int line,
-                  const char *function,
-                  const char *input,
-                  ssize_t input_len,
-                  const unsigned char *expected,
-                  ssize_t expected_len)
-{
-	unsigned char decoded[8192];
-	int length;
-
-	if (input_len < 0)
-		input_len = strlen (input);
-	if (expected_len < 0)
-		expected_len = strlen ((char *)expected);
-	length = p11_b64_pton (input, input_len, decoded, sizeof (decoded));
-
-	if (expected == NULL) {
-		if (length >= 0)
-			p11_test_fail (file, line, function, "decoding should have failed");
-
-	} else {
-		if (length < 0)
-			p11_test_fail (file, line, function, "decoding failed");
-		if (expected_len != length)
-			p11_test_fail (file, line, function, "wrong length: (%lu != %lu)",
-				       (unsigned long)expected_len, (unsigned long)length);
-		if (memcmp (decoded, expected, length) != 0)
-			p11_test_fail (file, line, function, "decoded wrong");
-	}
-}
-
-#define check_decode_success(input, input_len, expected, expected_len) \
-	check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len)
-
-#define check_decode_failure(input, input_len) \
-	check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0)
-
-static void
-test_decode_simple (void)
-{
-	check_decode_success ("", 0, (unsigned char *)"", 0);
-	check_decode_success ("MQ==", 0, (unsigned char *)"1", 0);
-	check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1);
-	check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1);
-	check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1);
-}
-
-static void
-test_decode_thawte (void)
-{
-	const char *input =
-		"MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB"
-		"rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf"
-		"Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw"
-		"MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV"
-		"BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa"
-		"Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl"
-		"LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u"
-		"MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl"
-		"ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz"
-		"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm"
-		"gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8"
-		"YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf"
-		"b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9"
-		"9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S"
-		"zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk"
-		"OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV"
-		"HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA"
-		"2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW"
-		"oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu"
-		"t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c"
-		"KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM"
-		"m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu"
-		"MdRAGmI0Nj81Aa6sY6A=";
-
-	const unsigned char output[] = {
-		0x30, 0x82, 0x04, 0x2a, 0x30, 0x82, 0x03, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x60,
-		0x01, 0x97, 0xb7, 0x46, 0xa7, 0xea, 0xb4, 0xb4, 0x9a, 0xd6, 0x4b, 0x2f, 0xf7, 0x90, 0xfb, 0x30,
-		0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81,
-		0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15,
-		0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c,
-		0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f,
-		0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65,
-		0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31,
-		0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30,
-		0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20,
-		0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64,
-		0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55,
-		0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61,
-		0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30,
-		0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
-		0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30,
-		0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
-		0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65,
-		0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,
-		0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53,
-		0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e,
-		0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32,
-		0x30, 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
-		0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65,
-		0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03,
-		0x55, 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d,
-		0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33,
-		0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-		0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
-		0x00, 0xb2, 0xbf, 0x27, 0x2c, 0xfb, 0xdb, 0xd8, 0x5b, 0xdd, 0x78, 0x7b, 0x1b, 0x9e, 0x77, 0x66,
-		0x81, 0xcb, 0x3e, 0xbc, 0x7c, 0xae, 0xf3, 0xa6, 0x27, 0x9a, 0x34, 0xa3, 0x68, 0x31, 0x71, 0x38,
-		0x33, 0x62, 0xe4, 0xf3, 0x71, 0x66, 0x79, 0xb1, 0xa9, 0x65, 0xa3, 0xa5, 0x8b, 0xd5, 0x8f, 0x60,
-		0x2d, 0x3f, 0x42, 0xcc, 0xaa, 0x6b, 0x32, 0xc0, 0x23, 0xcb, 0x2c, 0x41, 0xdd, 0xe4, 0xdf, 0xfc,
-		0x61, 0x9c, 0xe2, 0x73, 0xb2, 0x22, 0x95, 0x11, 0x43, 0x18, 0x5f, 0xc4, 0xb6, 0x1f, 0x57, 0x6c,
-		0x0a, 0x05, 0x58, 0x22, 0xc8, 0x36, 0x4c, 0x3a, 0x7c, 0xa5, 0xd1, 0xcf, 0x86, 0xaf, 0x88, 0xa7,
-		0x44, 0x02, 0x13, 0x74, 0x71, 0x73, 0x0a, 0x42, 0x59, 0x02, 0xf8, 0x1b, 0x14, 0x6b, 0x42, 0xdf,
-		0x6f, 0x5f, 0xba, 0x6b, 0x82, 0xa2, 0x9d, 0x5b, 0xe7, 0x4a, 0xbd, 0x1e, 0x01, 0x72, 0xdb, 0x4b,
-		0x74, 0xe8, 0x3b, 0x7f, 0x7f, 0x7d, 0x1f, 0x04, 0xb4, 0x26, 0x9b, 0xe0, 0xb4, 0x5a, 0xac, 0x47,
-		0x3d, 0x55, 0xb8, 0xd7, 0xb0, 0x26, 0x52, 0x28, 0x01, 0x31, 0x40, 0x66, 0xd8, 0xd9, 0x24, 0xbd,
-		0xf6, 0x2a, 0xd8, 0xec, 0x21, 0x49, 0x5c, 0x9b, 0xf6, 0x7a, 0xe9, 0x7f, 0x55, 0x35, 0x7e, 0x96,
-		0x6b, 0x8d, 0x93, 0x93, 0x27, 0xcb, 0x92, 0xbb, 0xea, 0xac, 0x40, 0xc0, 0x9f, 0xc2, 0xf8, 0x80,
-		0xcf, 0x5d, 0xf4, 0x5a, 0xdc, 0xce, 0x74, 0x86, 0xa6, 0x3e, 0x6c, 0x0b, 0x53, 0xca, 0xbd, 0x92,
-		0xce, 0x19, 0x06, 0x72, 0xe6, 0x0c, 0x5c, 0x38, 0x69, 0xc7, 0x04, 0xd6, 0xbc, 0x6c, 0xce, 0x5b,
-		0xf6, 0xf7, 0x68, 0x9c, 0xdc, 0x25, 0x15, 0x48, 0x88, 0xa1, 0xe9, 0xa9, 0xf8, 0x98, 0x9c, 0xe0,
-		0xf3, 0xd5, 0x31, 0x28, 0x61, 0x11, 0x6c, 0x67, 0x96, 0x8d, 0x39, 0x99, 0xcb, 0xc2, 0x45, 0x24,
-		0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d,
-		0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55,
-		0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55,
-		0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa,
-		0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-		0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1a, 0x40,
-		0xd8, 0x95, 0x65, 0xac, 0x09, 0x92, 0x89, 0xc6, 0x39, 0xf4, 0x10, 0xe5, 0xa9, 0x0e, 0x66, 0x53,
-		0x5d, 0x78, 0xde, 0xfa, 0x24, 0x91, 0xbb, 0xe7, 0x44, 0x51, 0xdf, 0xc6, 0x16, 0x34, 0x0a, 0xef,
-		0x6a, 0x44, 0x51, 0xea, 0x2b, 0x07, 0x8a, 0x03, 0x7a, 0xc3, 0xeb, 0x3f, 0x0a, 0x2c, 0x52, 0x16,
-		0xa0, 0x2b, 0x43, 0xb9, 0x25, 0x90, 0x3f, 0x70, 0xa9, 0x33, 0x25, 0x6d, 0x45, 0x1a, 0x28, 0x3b,
-		0x27, 0xcf, 0xaa, 0xc3, 0x29, 0x42, 0x1b, 0xdf, 0x3b, 0x4c, 0xc0, 0x33, 0x34, 0x5b, 0x41, 0x88,
-		0xbf, 0x6b, 0x2b, 0x65, 0xaf, 0x28, 0xef, 0xb2, 0xf5, 0xc3, 0xaa, 0x66, 0xce, 0x7b, 0x56, 0xee,
-		0xb7, 0xc8, 0xcb, 0x67, 0xc1, 0xc9, 0x9c, 0x1a, 0x18, 0xb8, 0xc4, 0xc3, 0x49, 0x03, 0xf1, 0x60,
-		0x0e, 0x50, 0xcd, 0x46, 0xc5, 0xf3, 0x77, 0x79, 0xf7, 0xb6, 0x15, 0xe0, 0x38, 0xdb, 0xc7, 0x2f,
-		0x28, 0xa0, 0x0c, 0x3f, 0x77, 0x26, 0x74, 0xd9, 0x25, 0x12, 0xda, 0x31, 0xda, 0x1a, 0x1e, 0xdc,
-		0x29, 0x41, 0x91, 0x22, 0x3c, 0x69, 0xa7, 0xbb, 0x02, 0xf2, 0xb6, 0x5c, 0x27, 0x03, 0x89, 0xf4,
-		0x06, 0xea, 0x9b, 0xe4, 0x72, 0x82, 0xe3, 0xa1, 0x09, 0xc1, 0xe9, 0x00, 0x19, 0xd3, 0x3e, 0xd4,
-		0x70, 0x6b, 0xba, 0x71, 0xa6, 0xaa, 0x58, 0xae, 0xf4, 0xbb, 0xe9, 0x6c, 0xb6, 0xef, 0x87, 0xcc,
-		0x9b, 0xbb, 0xff, 0x39, 0xe6, 0x56, 0x61, 0xd3, 0x0a, 0xa7, 0xc4, 0x5c, 0x4c, 0x60, 0x7b, 0x05,
-		0x77, 0x26, 0x7a, 0xbf, 0xd8, 0x07, 0x52, 0x2c, 0x62, 0xf7, 0x70, 0x63, 0xd9, 0x39, 0xbc, 0x6f,
-		0x1c, 0xc2, 0x79, 0xdc, 0x76, 0x29, 0xaf, 0xce, 0xc5, 0x2c, 0x64, 0x04, 0x5e, 0x88, 0x36, 0x6e,
-		0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0,
-	};
-
-	check_decode_success (input, -1, output, sizeof (output));
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_test (test_decode_simple, "/base64/decode-simple");
-	p11_test (test_decode_thawte, "/base64/decode-thawte");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c
deleted file mode 100644
index 29bac07..0000000
--- a/trust/tests/test-builder.c
+++ /dev/null
@@ -1,2236 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "builder.h"
-#include "debug.h"
-#include "digest.h"
-#include "index.h"
-#include "message.h"
-#include "oid.h"
-#include "pkcs11x.h"
-
-struct {
-	p11_builder *builder;
-	p11_index *index;
-} test;
-
-static CK_TRUST trusted = CKT_NSS_TRUSTED;
-static CK_TRUST trusted_delegator = CKT_NSS_TRUSTED_DELEGATOR;
-static CK_TRUST not_trusted = CKT_NSS_NOT_TRUSTED;
-static CK_TRUST trust_unknown = CKT_NSS_TRUST_UNKNOWN;
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
-static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-static CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
-static CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE;
-static CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-static CK_ULONG certificate_authority = 2;
-static CK_ULONG other_entity = 3;
-static CK_BBOOL truev = CK_TRUE;
-static CK_BBOOL falsev = CK_FALSE;
-
-static void
-setup (void *unused)
-{
-	test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
-	assert_ptr_not_null (test.builder);
-
-	test.index = p11_index_new (p11_builder_build, NULL, NULL, p11_builder_changed, test.builder);
-	assert_ptr_not_null (test.index);
-}
-
-static void
-teardown (void *unused)
-{
-	p11_builder_free (test.builder);
-	p11_index_free (test.index);
-	memset (&test, 0, sizeof (test));
-}
-
-static void
-test_get_cache (void)
-{
-	p11_asn1_cache *cache;
-
-	cache = p11_builder_get_cache (test.builder);
-	assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4));
-}
-
-static void
-test_build_data (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE check[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_TOKEN, &truev, sizeof (truev) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_PRIVATE, &falsev, sizeof (falsev) },
-		{ CKA_LABEL, "", 0 },
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_APPLICATION, "", 0 },
-		{ CKA_OBJECT_ID, "", 0 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, merge, true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (check, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_LABEL, "the label", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 },
-		{ CKA_START_DATE, "20110523", 8 },
-		{ CKA_END_DATE, "20210520", 8, },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_LABEL, "the label", 9 },
-		{ CKA_ID, "\xf0""a\xd8?\x95\x8fMx\xb1G\xb3\x13""9\x97\x8e\xa9\xc2Q\xba\x9b", 20},
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, merge, true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_empty (void)
-{
-	unsigned char checksum[P11_DIGEST_SHA1_LEN];
-	CK_ULONG domain = 0;
-	CK_ULONG category = 0;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_URL, "http://blah", 11 },
-		{ CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) },
-		{ CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_LABEL, "the label", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
-		{ CKA_VALUE, "", 0 },
-		{ CKA_START_DATE, "", 0 },
-		{ CKA_END_DATE, "", 0, },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_ISSUER, "", 0 },
-		{ CKA_SERIAL_NUMBER, "", 0 },
-		{ CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) },
-		{ CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) },
-		{ CKA_LABEL, "the label", 9 },
-		{ CKA_JAVA_MIDP_SECURITY_DOMAIN, &domain, sizeof (domain) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_digest_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, merge, true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static const unsigned char entrust_pretend_ca[] = {
-	0x30, 0x82, 0x04, 0x5c, 0x30, 0x82, 0x03, 0x44, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x38,
-	0x63, 0xb9, 0x66, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
-	0x05, 0x00, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b,
-	0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06,
-	0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73,
-	0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69,
-	0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28,
-	0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30,
-	0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39,
-	0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d,
-	0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45,
-	0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x39, 0x31,
-	0x32, 0x32, 0x34, 0x31, 0x37, 0x35, 0x30, 0x35, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32,
-	0x32, 0x34, 0x31, 0x38, 0x32, 0x30, 0x35, 0x31, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12,
-	0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e,
-	0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77,
-	0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53,
-	0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79,
-	0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69,
-	0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28,
-	0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
-	0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06,
-	0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65,
-	0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29,
-	0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-	0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
-	0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a,
-	0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40,
-	0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93,
-	0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e,
-	0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5,
-	0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77,
-	0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97,
-	0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89,
-	0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60,
-	0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53,
-	0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce,
-	0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf,
-	0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f,
-	0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90,
-	0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e,
-	0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07,
-	0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x74, 0x30, 0x72, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86,
-	0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x00, 0x07, 0x30, 0x1f, 0x06,
-	0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80,
-	0xbe, 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d,
-	0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, 0xbe,
-	0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, 0x06,
-	0x09, 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x41, 0x00, 0x04, 0x10, 0x30, 0x0e, 0x1b, 0x08,
-	0x56, 0x35, 0x2e, 0x30, 0x3a, 0x34, 0x2e, 0x30, 0x03, 0x02, 0x04, 0x90, 0x30, 0x0d, 0x06, 0x09,
-	0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
-	0x59, 0x47, 0xac, 0x21, 0x84, 0x8a, 0x17, 0xc9, 0x9c, 0x89, 0x53, 0x1e, 0xba, 0x80, 0x85, 0x1a,
-	0xc6, 0x3c, 0x4e, 0x3e, 0xb1, 0x9c, 0xb6, 0x7c, 0xc6, 0x92, 0x5d, 0x18, 0x64, 0x02, 0xe3, 0xd3,
-	0x06, 0x08, 0x11, 0x61, 0x7c, 0x63, 0xe3, 0x2b, 0x9d, 0x31, 0x03, 0x70, 0x76, 0xd2, 0xa3, 0x28,
-	0xa0, 0xf4, 0xbb, 0x9a, 0x63, 0x73, 0xed, 0x6d, 0xe5, 0x2a, 0xdb, 0xed, 0x14, 0xa9, 0x2b, 0xc6,
-	0x36, 0x11, 0xd0, 0x2b, 0xeb, 0x07, 0x8b, 0xa5, 0xda, 0x9e, 0x5c, 0x19, 0x9d, 0x56, 0x12, 0xf5,
-	0x54, 0x29, 0xc8, 0x05, 0xed, 0xb2, 0x12, 0x2a, 0x8d, 0xf4, 0x03, 0x1b, 0xff, 0xe7, 0x92, 0x10,
-	0x87, 0xb0, 0x3a, 0xb5, 0xc3, 0x9d, 0x05, 0x37, 0x12, 0xa3, 0xc7, 0xf4, 0x15, 0xb9, 0xd5, 0xa4,
-	0x39, 0x16, 0x9b, 0x53, 0x3a, 0x23, 0x91, 0xf1, 0xa8, 0x82, 0xa2, 0x6a, 0x88, 0x68, 0xc1, 0x79,
-	0x02, 0x22, 0xbc, 0xaa, 0xa6, 0xd6, 0xae, 0xdf, 0xb0, 0x14, 0x5f, 0xb8, 0x87, 0xd0, 0xdd, 0x7c,
-	0x7f, 0x7b, 0xff, 0xaf, 0x1c, 0xcf, 0xe6, 0xdb, 0x07, 0xad, 0x5e, 0xdb, 0x85, 0x9d, 0xd0, 0x2b,
-	0x0d, 0x33, 0xdb, 0x04, 0xd1, 0xe6, 0x49, 0x40, 0x13, 0x2b, 0x76, 0xfb, 0x3e, 0xe9, 0x9c, 0x89,
-	0x0f, 0x15, 0xce, 0x18, 0xb0, 0x85, 0x78, 0x21, 0x4f, 0x6b, 0x4f, 0x0e, 0xfa, 0x36, 0x67, 0xcd,
-	0x07, 0xf2, 0xff, 0x08, 0xd0, 0xe2, 0xde, 0xd9, 0xbf, 0x2a, 0xaf, 0xb8, 0x87, 0x86, 0x21, 0x3c,
-	0x04, 0xca, 0xb7, 0x94, 0x68, 0x7f, 0xcf, 0x3c, 0xe9, 0x98, 0xd7, 0x38, 0xff, 0xec, 0xc0, 0xd9,
-	0x50, 0xf0, 0x2e, 0x4b, 0x58, 0xae, 0x46, 0x6f, 0xd0, 0x2e, 0xc3, 0x60, 0xda, 0x72, 0x55, 0x72,
-	0xbd, 0x4c, 0x45, 0x9e, 0x61, 0xba, 0xbf, 0x84, 0x81, 0x92, 0x03, 0xd1, 0xd2, 0x69, 0x7c, 0xc5,
-};
-
-static const unsigned char entrust_public_key[] = {
-	0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-	0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
-	0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a,
-	0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40,
-	0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93,
-	0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e,
-	0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5,
-	0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77,
-	0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97,
-	0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89,
-	0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60,
-	0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53,
-	0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce,
-	0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf,
-	0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f,
-	0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90,
-	0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e,
-	0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07,
-	0xe1, 0x02, 0x03, 0x01, 0x00, 0x01,
-};
-
-static void
-test_build_certificate_non_ca (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_CATEGORY, &other_entity, sizeof (other_entity) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_v1_ca (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_staple_ca (void)
-{
-	CK_ULONG category = 2; /* CA */
-
-	CK_ATTRIBUTE stapled[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
-		{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
-		{ CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	/* Adding the stapled extension *first*, and then the certificate */
-
-	/* Add a stapled certificate */
-	rv = p11_index_add (test.index, stapled, 4, NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = NULL;
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	/*
-	 * Even though the certificate is not a valid CA, the presence of the
-	 * stapled certificate extension transforms it into a CA.
-	 */
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_staple_ca_backwards (void)
-{
-	CK_ULONG category = 2; /* CA */
-
-	CK_ATTRIBUTE stapled[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
-		{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
-		{ CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
-		{ CKA_INVALID },
-	};
-
-	CK_RV rv;
-	CK_ATTRIBUTE *attrs;
-	CK_OBJECT_HANDLE handle;
-
-	/* Adding the certificate *first*, and then the stapled extension */
-
-	rv = p11_index_add (test.index, input, 4, &handle);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Add a stapled certificate */
-	rv = p11_index_add (test.index, stapled, 4, NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	/*
-	 * Even though the certificate is not a valid CA, the presence of the
-	 * stapled certificate extension transforms it into a CA.
-	 */
-	attrs = p11_index_lookup (test.index, handle);
-	test_check_attrs (expected, attrs);
-}
-
-static void
-test_build_certificate_no_type (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_build_certificate_bad_type (void)
-{
-	CK_CERTIFICATE_TYPE type = CKC_WTLS;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &type, sizeof (type) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_build_extension (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE check[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
-		{ CKA_TOKEN, &truev, sizeof (truev) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_PRIVATE, &falsev, sizeof (falsev) },
-		{ CKA_OBJECT_ID, "\x06\x03\x55\x1d\x50", 5 },
-		{ CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_LABEL, "", 0 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (check, attrs);
-	p11_attrs_free (attrs);
-}
-
-/* This certificate has and end date in 2067 */
-static const unsigned char cert_distant_end_date[] = {
-	0x30, 0x82, 0x01, 0x6a, 0x30, 0x82, 0x01, 0x14, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03,
-	0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
-	0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72,
-	0x2d, 0x69, 0x6e, 0x2d, 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65,
-	0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x33,
-	0x30, 0x33, 0x32, 0x37, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x36,
-	0x37, 0x31, 0x32, 0x32, 0x39, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x28, 0x31, 0x26,
-	0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, 0x2d, 0x69, 0x6e, 0x2d,
-	0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70,
-	0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-	0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xe2,
-	0x2d, 0x35, 0x70, 0x75, 0xc0, 0x07, 0x56, 0x40, 0x7d, 0x63, 0xbc, 0xd2, 0x60, 0xb3, 0xcf, 0xb8,
-	0x3d, 0x27, 0x6e, 0x10, 0xcd, 0x42, 0x50, 0x51, 0x9d, 0x79, 0x30, 0x79, 0x5a, 0xe3, 0xc3, 0x51,
-	0x38, 0x85, 0x4c, 0xb4, 0x91, 0xd9, 0xe6, 0x8d, 0x69, 0x6a, 0xd4, 0x9c, 0x1c, 0x49, 0xc2, 0x25,
-	0x2a, 0xc9, 0x2b, 0xf2, 0xf4, 0x8e, 0x8a, 0x3f, 0x8b, 0x4c, 0x97, 0xc3, 0x16, 0x96, 0x99, 0x02,
-	0x03, 0x01, 0x00, 0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04,
-	0x1b, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b,
-	0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x03, 0x2a, 0x03, 0x04, 0x30, 0x0d, 0x06, 0x09,
-	0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0xc2, 0x83,
-	0x27, 0x32, 0x80, 0x74, 0x73, 0xe2, 0xa3, 0x92, 0xaa, 0x7c, 0xd8, 0x50, 0xf4, 0x61, 0x50, 0xb1,
-	0x63, 0x9e, 0x29, 0xef, 0x38, 0x1d, 0xc0, 0x55, 0x20, 0x0f, 0x7e, 0xe9, 0x1f, 0xa1, 0x54, 0x1a,
-	0x5f, 0x8c, 0x26, 0x1b, 0x66, 0x96, 0x0e, 0x64, 0x52, 0x1c, 0x00, 0x96, 0xfb, 0x81, 0x77, 0xa2,
-	0x3a, 0x1d, 0x49, 0x0c, 0x03, 0xd5, 0x19, 0xf2, 0x6a, 0x01, 0x29, 0x31, 0xfb, 0xf5,
-};
-
-static void
-test_build_distant_end_date (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)cert_distant_end_date, sizeof (cert_distant_end_date) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_END_DATE, "20671229", 8 },
-		{ CKA_START_DATE, "20130327", 8 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_valid_bool (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_BBOOL value = CK_TRUE;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_PRIVATE, &value, sizeof (value) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-}
-
-static void
-test_invalid_bool (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_PRIVATE, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	input[0].pValue = "123";
-	input[0].ulValueLen = 3;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = sizeof (CK_BBOOL);
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_valid_ulong (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_ULONG value = 2;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CERTIFICATE_CATEGORY, &value, sizeof (value) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-}
-
-static void
-test_invalid_ulong (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CERTIFICATE_CATEGORY, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	input[0].pValue = "123";
-	input[0].ulValueLen = 3;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = sizeof (CK_ULONG);
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_valid_utf8 (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_LABEL, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 0;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-}
-
-static void
-test_invalid_utf8 (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_LABEL, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	input[0].pValue = "\xfex23";
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_valid_dates (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_DATE date;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_START_DATE, &date, sizeof (CK_DATE) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	memcpy (date.year, "2000", sizeof (date.year));
-	memcpy (date.month, "10", sizeof (date.month));
-	memcpy (date.day, "10", sizeof (date.day));
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-	p11_attrs_free (attrs);
-	attrs = NULL;
-
-	input[0].ulValueLen = 0;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_invalid_dates (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_DATE date;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_START_DATE, &date, sizeof (CK_DATE) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	memcpy (date.year, "AAAA", sizeof (date.year));
-	memcpy (date.month, "BB", sizeof (date.month));
-	memcpy (date.day, "CC", sizeof (date.day));
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	memcpy (date.year, "2000", sizeof (date.year));
-	memcpy (date.month, "15", sizeof (date.month));
-	memcpy (date.day, "80", sizeof (date.day));
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	input[0].pValue = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_valid_name (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_SUBJECT, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 0;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-	p11_attrs_free (attrs);
-	attrs = NULL;
-
-	input[0].pValue = (void *)test_cacert3_ca_issuer;
-	input[0].ulValueLen = sizeof (test_cacert3_ca_issuer);
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_invalid_name (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_SUBJECT, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	input[0].pValue = "blah";
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_valid_serial (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_SERIAL_NUMBER, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 0;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-	attrs = NULL;
-
-	input[0].pValue = (void *)test_cacert3_ca_serial;
-	input[0].ulValueLen = sizeof (test_cacert3_ca_serial);
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-}
-
-static void
-test_invalid_serial (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_SERIAL_NUMBER, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	input[0].pValue = "blah";
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	input[0].pValue = (void *)test_cacert3_ca_subject;
-	input[0].ulValueLen = sizeof (test_cacert3_ca_subject);
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_valid_cert (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_VALUE, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 0;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-	attrs = NULL;
-
-	input[0].pValue = (void *)test_cacert3_ca_der;
-	input[0].ulValueLen = sizeof (test_cacert3_ca_der);
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_attrs_free (extra);
-}
-
-static void
-test_invalid_cert (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_VALUE, NULL, 0 },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	input[0].pValue = "blah";
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	input[0].pValue = (void *)test_cacert3_ca_subject;
-	input[0].ulValueLen = sizeof (test_cacert3_ca_subject);
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	input[0].pValue = NULL;
-	input[0].ulValueLen = 4;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_invalid_schema (void)
-{
-	CK_ATTRIBUTE *attrs = NULL;
-	CK_ATTRIBUTE *extra = NULL;
-	CK_RV rv;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_URL, "http://blah", 11 },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	/* Missing CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY */
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_create_not_settable (void)
-{
-	/*
-	 * CKA_X_PUBLIC_KEY_INFO cannot be created/modified
-	 */
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-
-	p11_attrs_free (attrs);
-}
-
-static void
-test_create_but_loadable (void)
-{
-	/*
-	 * CKA_X_PUBLIC_KEY_INFO cannot be set on creation, but can be set if we're
-	 * loading from our store. This is signified by batching.
-	 */
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_index_load (test.index);
-
-	attrs = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_index_finish (test.index);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (input, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_create_unsupported (void)
-{
-	CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &klass, sizeof (klass) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_create_generated (void)
-{
-	CK_OBJECT_CLASS klass = CKO_NSS_TRUST;
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &klass, sizeof (klass) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_create_bad_attribute (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_COLOR, "blue", 4 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_create_missing_attribute (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_create_no_class (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_create_token_mismatch (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_TOKEN, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	p11_message_quiet ();
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-}
-
-static void
-test_modify_success (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_MODIFIABLE, &truev, sizeof (truev) },
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE modify[] = {
-		{ CKA_VALUE, "new value long", 14 },
-		{ CKA_LABEL, "new label", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_MODIFIABLE, &truev, sizeof (truev) },
-		{ CKA_VALUE, "new value long", 14 },
-		{ CKA_LABEL, "new label", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_modify_read_only (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_MODIFIABLE, &truev, sizeof (truev) },
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE modify[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	merge = p11_attrs_dup (input);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, merge, true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	p11_message_quiet ();
-
-	extra = NULL;
-	merge = p11_attrs_dup (modify);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-
-	p11_attrs_free (attrs);
-}
-
-static void
-test_modify_unchanged (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_MODIFIABLE, &truev, sizeof (truev) },
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_INVALID },
-	};
-
-	/*
-	 * Although CKA_CLASS is read-only, changing to same value
-	 * shouldn't fail
-	 */
-
-	CK_ATTRIBUTE modify[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_VALUE, "the other", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_VALUE, "the other", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	test_check_attrs (expected, attrs);
-	p11_attrs_free (attrs);
-}
-
-static void
-test_modify_not_modifiable (void)
-{
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE modify[] = {
-		{ CKA_VALUE, "the value", 9 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *merge;
-	CK_ATTRIBUTE *extra;
-	CK_RV rv;
-
-	attrs = NULL;
-	extra = NULL;
-	rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
-	assert_num_eq (CKR_OK, rv);
-
-	attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
-	attrs = p11_attrs_merge (attrs, extra, false);
-
-	p11_message_quiet ();
-
-	extra = NULL;
-	merge = p11_attrs_dup (modify);
-	rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
-	assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
-	p11_attrs_free (merge);
-
-	p11_message_loud ();
-
-	p11_attrs_free (attrs);
-}
-
-static CK_ATTRIBUTE cacert3_assert_distrust_server[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_client[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1},
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_code[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_CODE_SIGNING_STR, sizeof (P11_OID_CODE_SIGNING_STR) - 1},
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_email[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_EMAIL_PROTECTION_STR, sizeof (P11_OID_EMAIL_PROTECTION_STR) - 1},
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_system[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_IPSEC_END_SYSTEM_STR, sizeof (P11_OID_IPSEC_END_SYSTEM_STR) - 1},
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_tunnel[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_IPSEC_TUNNEL_STR, sizeof (P11_OID_IPSEC_TUNNEL_STR) - 1},
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_user[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_IPSEC_USER_STR, sizeof (P11_OID_IPSEC_USER_STR) - 1},
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_time[] = {
-	{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-	{ CKA_X_PURPOSE, (void *)P11_OID_TIME_STAMPING_STR, sizeof (P11_OID_TIME_STAMPING_STR) - 1},
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-	{ CKA_ID, "cacert3", 7 },
-	{ CKA_INVALID },
-};
-
-static void
-test_changed_trusted_certificate (void)
-{
-	static CK_ATTRIBUTE cacert3_trusted_certificate[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 },
-		{ CKA_START_DATE, "20110523", 8 },
-		{ CKA_END_DATE, "20210520", 8, },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_LABEL, "Custom Label", 12 },
-		{ CKA_INVALID },
-	};
-
-	static unsigned char eku_server_and_client[] = {
-		0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
-		0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-		0x03, 0x02,
-	};
-
-	CK_ATTRIBUTE eku_extension_server_and_client[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_LABEL, "Custom Label", 12 },
-		{ CKA_VALUE, eku_server_and_client, sizeof (eku_server_and_client) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	static char eku_client_email[] = {
-		0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01, 0x04, 0x0c,
-		0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04,
-	};
-
-	static CK_ATTRIBUTE reject_extension_email[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_LABEL, "Custom Label", 12 },
-		{ CKA_VALUE, eku_client_email, sizeof (eku_client_email) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE nss_trust_server_and_client_distrust_email[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
-		{ CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 },
-		{ CKA_LABEL, "Custom Label", 12 },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_CLIENT_AUTH, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_EMAIL_PROTECTION, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_CODE_SIGNING, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_IPSEC_END_SYSTEM, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_IPSEC_TUNNEL, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_IPSEC_USER, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_TIME_STAMPING, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_DIGITAL_SIGNATURE, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_NON_REPUDIATION, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_KEY_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_DATA_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_KEY_AGREEMENT, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_KEY_CERT_SIGN, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_TRUST_CRL_SIGN, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_INVALID, }
-	};
-
-	static CK_ATTRIBUTE server_anchor_assertion[] = {
-		{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-		{ CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
-		{ CKA_LABEL, "Custom Label", 12 },
-		{ CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE client_anchor_assertion[] = {
-		{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-		{ CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 },
-		{ CKA_LABEL, "Custom Label", 12 },
-		{ CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	/*
-	 * We should get an NSS trust object and various assertions here.
-	 * The first two attributes of each object are enough to look it up,
-	 * and then we check the rest of the attributes match.
-	 */
-
-	CK_ATTRIBUTE *expected[] = {
-		nss_trust_server_and_client_distrust_email,
-		cacert3_assert_distrust_email,
-		server_anchor_assertion,
-		client_anchor_assertion,
-		NULL,
-	};
-
-	CK_OBJECT_HANDLE handle;
-	CK_ATTRIBUTE *attrs;
-	CK_RV rv;
-	int i;
-
-	/*
-	 * A trusted cetrificate, trusted for server and client purposes,
-	 * and explicitly rejects the email and timestamping purposes.
-	 */
-	p11_index_load (test.index);
-	rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL);
-	assert_num_eq (CKR_OK, rv);
-	rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL);
-	assert_num_eq (CKR_OK, rv);
-	rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL);
-	assert_num_eq (CKR_OK, rv);
-	p11_index_finish (test.index);
-
-
-	/* The other objects */
-	for (i = 0; expected[i]; i++) {
-		handle = p11_index_find (test.index, expected[i], 2);
-		assert (handle != 0);
-
-		attrs = p11_index_lookup (test.index, handle);
-		assert_ptr_not_null (attrs);
-
-		test_check_attrs (expected[i], attrs);
-	}
-}
-
-static void
-test_changed_distrust_value (void)
-{
-	CK_ATTRIBUTE distrust_cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate), },
-		{ CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
-		{ CKA_PRIVATE, &falsev, sizeof (falsev) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE eku_extension[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
-		{ CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE reject_extension[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
-		{ CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE nss_trust_nothing[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
-		{ CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_TRUST_SERVER_AUTH, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_CLIENT_AUTH, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_EMAIL_PROTECTION, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_CODE_SIGNING, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_IPSEC_END_SYSTEM, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_IPSEC_TUNNEL, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_IPSEC_USER, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_TIME_STAMPING, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_DIGITAL_SIGNATURE, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_NON_REPUDIATION, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_KEY_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_DATA_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_KEY_AGREEMENT, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_KEY_CERT_SIGN, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_CRL_SIGN, &not_trusted, sizeof (not_trusted) },
-		{ CKA_INVALID, }
-	};
-
-	/*
-	 * We should get an NSS trust object and various assertions here.
-	 * The first two attributes of each object are enough to look it up,
-	 * and then we check the rest of the attributes match.
-	 */
-
-	CK_ATTRIBUTE *expected[] = {
-		nss_trust_nothing,
-		cacert3_assert_distrust_server,
-		cacert3_assert_distrust_client,
-		cacert3_assert_distrust_code,
-		cacert3_assert_distrust_email,
-		cacert3_assert_distrust_system,
-		cacert3_assert_distrust_tunnel,
-		cacert3_assert_distrust_user,
-		cacert3_assert_distrust_time,
-		NULL
-	};
-
-	CK_OBJECT_HANDLE handle;
-	CK_ATTRIBUTE *attrs;
-	CK_RV rv;
-	int i;
-
-	/*
-	 * A distrusted certificate with a value, plus some extra
-	 * extensions (which should be ignored).
-	 */
-	p11_index_load (test.index);
-	rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL);
-	assert_num_eq (CKR_OK, rv);
-	rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL);
-	assert_num_eq (CKR_OK, rv);
-	rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL);
-	assert_num_eq (CKR_OK, rv);
-	p11_index_finish (test.index);
-
-	/* The other objects */
-	for (i = 0; expected[i]; i++) {
-		handle = p11_index_find (test.index, expected[i], 2);
-		assert (handle != 0);
-
-		attrs = p11_index_lookup (test.index, handle);
-		assert_ptr_not_null (attrs);
-
-		test_check_attrs (expected[i], attrs);
-	}
-}
-
-static void
-test_changed_distrust_serial (void)
-{
-	CK_ATTRIBUTE distrust_cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate), },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE nss_trust_distrust[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_TRUST_SERVER_AUTH, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_CLIENT_AUTH, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_EMAIL_PROTECTION, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_CODE_SIGNING, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_IPSEC_END_SYSTEM, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_IPSEC_TUNNEL, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_IPSEC_USER, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_TIME_STAMPING, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_DIGITAL_SIGNATURE, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_NON_REPUDIATION, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_KEY_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_DATA_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_KEY_AGREEMENT, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_KEY_CERT_SIGN, &not_trusted, sizeof (not_trusted) },
-		{ CKA_TRUST_CRL_SIGN, &not_trusted, sizeof (not_trusted) },
-		{ CKA_INVALID, }
-	};
-
-	/*
-	 * We should get an NSS trust object and various assertions here.
-	 * The first two attributes of each object are enough to look it up,
-	 * and then we check the rest of the attributes match.
-	 */
-
-	CK_ATTRIBUTE *expected[] = {
-		nss_trust_distrust,
-		cacert3_assert_distrust_server,
-		cacert3_assert_distrust_client,
-		cacert3_assert_distrust_code,
-		cacert3_assert_distrust_email,
-		cacert3_assert_distrust_system,
-		cacert3_assert_distrust_tunnel,
-		cacert3_assert_distrust_user,
-		cacert3_assert_distrust_time,
-		NULL
-	};
-
-	CK_OBJECT_HANDLE handle;
-	CK_ATTRIBUTE *attrs;
-	CK_RV rv;
-	int i;
-
-	/*
-	 * A distrusted certificate without a value.
-	 */
-	p11_index_load (test.index);
-	rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL);
-	assert_num_eq (CKR_OK, rv);
-	p11_index_finish (test.index);
-
-	for (i = 0; expected[i]; i++) {
-		handle = p11_index_find (test.index, expected[i], 2);
-		assert (handle != 0);
-		attrs = p11_index_lookup (test.index, handle);
-		assert_ptr_not_null (attrs);
-		test_check_attrs (expected[i], attrs);
-	}
-}
-
-static void
-test_changed_dup_certificates (void)
-{
-	static CK_ATTRIBUTE trusted_cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE distrust_cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE trusted_nss[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
-		{ CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID, }
-	};
-
-	static CK_ATTRIBUTE distrust_nss[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
-		{ CKA_TRUST_SERVER_AUTH, &not_trusted, sizeof (not_trusted) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID, }
-	};
-
-	static CK_ATTRIBUTE unknown_nss[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
-		{ CKA_TRUST_SERVER_AUTH, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID, }
-	};
-
-	static CK_ATTRIBUTE match_nss[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID, }
-	};
-
-	static CK_ATTRIBUTE anchor_assertion[] = {
-		{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-		{ CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
-		{ CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE distrust_assertion[] = {
-		{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-		{ CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE match_assertion[] = {
-		{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
-		{ CKA_ID, "cacert3", 7 },
-		{ CKA_INVALID, }
-	};
-
-	CK_OBJECT_HANDLE handle1;
-	CK_OBJECT_HANDLE handle2;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	/*
-	 * A trusted certificate, should create trutsed nss trust
-	 * and anchor assertions
-	 */
-	p11_index_load (test.index);
-	rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1);
-	assert_num_eq (CKR_OK, rv);
-	p11_index_finish (test.index);
-
-	handle = p11_index_find (test.index, match_nss, -1);
-	assert (handle != 0);
-	handle = p11_index_find (test.index, match_assertion, -1);
-	assert (handle != 0);
-	handle = p11_index_find (test.index, trusted_nss, -1);
-	assert (handle != 0);
-	handle = p11_index_find (test.index, anchor_assertion, -1);
-	assert (handle != 0);
-
-	/* Now we add a distrusted certificate, should update the objects */
-	p11_index_load (test.index);
-	rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2);
-	assert_num_eq (CKR_OK, rv);
-	p11_index_finish (test.index);
-
-	handle = p11_index_find (test.index, trusted_nss, -1);
-	assert (handle == 0);
-	handle = p11_index_find (test.index, distrust_nss, -1);
-	assert (handle != 0);
-	handle = p11_index_find (test.index, anchor_assertion, -1);
-	assert (handle == 0);
-	handle = p11_index_find (test.index, distrust_assertion, -1);
-	assert (handle != 0);
-
-	/* Now remove the trusted cetrificate, should update again */
-	rv = p11_index_remove (test.index, handle2);
-	assert_num_eq (CKR_OK, rv);
-
-	handle = p11_index_find (test.index, trusted_nss, -1);
-	assert (handle != 0);
-	handle = p11_index_find (test.index, distrust_nss, -1);
-	assert (handle == 0);
-	handle = p11_index_find (test.index, anchor_assertion, -1);
-	assert (handle != 0);
-	handle = p11_index_find (test.index, distrust_assertion, -1);
-	assert (handle == 0);
-
-	/* Now remove the original certificate, unknown nss and no assertions */
-	rv = p11_index_remove (test.index, handle1);
-	assert_num_eq (CKR_OK, rv);
-
-	handle = p11_index_find (test.index, unknown_nss, -1);
-	assert (handle != 0);
-	handle = p11_index_find (test.index, match_assertion, -1);
-	assert (handle == 0);
-}
-
-static void
-test_changed_without_id (void)
-{
-	static CK_ATTRIBUTE trusted_without_id[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_ID, NULL, 0, },
-		{ CKA_INVALID },
-	};
-
-	CK_OBJECT_CLASS klass = 0;
-	CK_ATTRIBUTE match[] = {
-		{ CKA_CLASS, &klass, sizeof (klass) },
-		{ CKA_INVALID },
-	};
-
-	/*
-	 * A cetrificate without a CKA_ID that's created should still
-	 * automatically create compat objects.
-	 */
-
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	p11_index_load (test.index);
-	rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL);
-	assert_num_eq (CKR_OK, rv);
-	p11_index_finish (test.index);
-
-	klass = CKO_NSS_TRUST;
-	handle = p11_index_find (test.index, match, -1);
-	assert (handle != 0);
-
-	klass = CKO_X_TRUST_ASSERTION;
-	handle = p11_index_find (test.index, match, -1);
-	assert (handle != 0);
-}
-
-static void
-test_changed_staple_ca (void)
-{
-	CK_ULONG category = 0;
-
-	CK_ATTRIBUTE stapled[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
-		{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
-		{ CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
-		{ CKA_ID, "the id", 6 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
-		{ CKA_ID, "the id", 6 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
-		{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_RV rv;
-
-	attrs = NULL;
-	rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Not a CA at this point, until we staple */
-	category = 0;
-	assert (p11_index_find (test.index, match, -1) == 0);
-
-	/* Add a stapled basic constraint */
-	rv = p11_index_add (test.index, stapled, 4, NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Now should be a CA */
-	category = 2;
-	assert (p11_index_find (test.index, match, -1) != 0);
-
-	p11_attrs_free (attrs);
-}
-
-static void
-test_changed_staple_ku (void)
-{
-	CK_ATTRIBUTE stapled_ds_and_np[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
-		{ CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) },
-		{ CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
-		{ CKA_ID, "the id", 6 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE input[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_ID, "the id", 6 },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE nss_trust_ds_and_np[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust), },
-		{ CKA_ID, "the id", 6 },
-		{ CKA_TRUST_SERVER_AUTH, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_CODE_SIGNING, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_IPSEC_END_SYSTEM, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_IPSEC_TUNNEL, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_IPSEC_USER, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_TIME_STAMPING, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_DIGITAL_SIGNATURE, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_NON_REPUDIATION, &trusted, sizeof (trusted) },
-		{ CKA_TRUST_KEY_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_DATA_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_KEY_AGREEMENT, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_KEY_CERT_SIGN, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_TRUST_CRL_SIGN, &trust_unknown, sizeof (trust_unknown) },
-		{ CKA_INVALID, }
-	};
-
-	CK_OBJECT_HANDLE handle;
-	CK_ATTRIBUTE *attrs;
-	CK_RV rv;
-
-	p11_index_load (test.index);
-	rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
-	assert_num_eq (CKR_OK, rv);
-	rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL);
-	assert_num_eq (CKR_OK, rv);
-	p11_index_finish (test.index);
-
-	handle = p11_index_find (test.index, nss_trust_ds_and_np, 2);
-	assert (handle != 0);
-
-	attrs = p11_index_lookup (test.index, handle);
-	test_check_attrs (nss_trust_ds_and_np, attrs);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_fixture (setup, teardown);
-	p11_test (test_get_cache, "/builder/get_cache");
-	p11_test (test_build_data, "/builder/build_data");
-	p11_test (test_build_certificate, "/builder/build_certificate");
-	p11_test (test_build_certificate_empty, "/builder/build_certificate_empty");
-	p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca");
-	p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca");
-	p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca");
-	p11_test (test_build_certificate_staple_ca_backwards, "/builder/build-certificate-staple-ca-backwards");
-	p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type");
-	p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type");
-	p11_test (test_build_extension, "/builder/build_extension");
-	p11_test (test_build_distant_end_date, "/builder/build_distant_end_date");
-
-	p11_test (test_valid_bool, "/builder/valid-bool");
-	p11_test (test_valid_ulong, "/builder/valid-ulong");
-	p11_test (test_valid_utf8, "/builder/valid-utf8");
-	p11_test (test_valid_dates, "/builder/valid-date");
-	p11_test (test_valid_name, "/builder/valid-name");
-	p11_test (test_valid_serial, "/builder/valid-serial");
-	p11_test (test_valid_cert, "/builder/valid-cert");
-	p11_test (test_invalid_bool, "/builder/invalid-bool");
-	p11_test (test_invalid_ulong, "/builder/invalid-ulong");
-	p11_test (test_invalid_utf8, "/builder/invalid-utf8");
-	p11_test (test_invalid_dates, "/builder/invalid-date");
-	p11_test (test_invalid_name, "/builder/invalid-name");
-	p11_test (test_invalid_serial, "/builder/invalid-serial");
-	p11_test (test_invalid_cert, "/builder/invalid-cert");
-	p11_test (test_invalid_schema, "/builder/invalid-schema");
-
-	p11_test (test_create_not_settable, "/builder/create_not_settable");
-	p11_test (test_create_but_loadable, "/builder/create_but_loadable");
-	p11_test (test_create_unsupported, "/builder/create_unsupported");
-	p11_test (test_create_generated, "/builder/create_generated");
-	p11_test (test_create_bad_attribute, "/builder/create_bad_attribute");
-	p11_test (test_create_missing_attribute, "/builder/create_missing_attribute");
-	p11_test (test_create_no_class, "/builder/create_no_class");
-	p11_test (test_create_token_mismatch, "/builder/create_token_mismatch");
-	p11_test (test_modify_success, "/builder/modify_success");
-	p11_test (test_modify_read_only, "/builder/modify_read_only");
-	p11_test (test_modify_unchanged, "/builder/modify_unchanged");
-	p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable");
-
-	p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate");
-	p11_test (test_changed_distrust_value, "/builder/changed_distrust_value");
-	p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial");
-	p11_test (test_changed_without_id, "/builder/changed_without_id");
-	p11_test (test_changed_staple_ca, "/builder/changed_staple_ca");
-	p11_test (test_changed_staple_ku, "/builder/changed_staple_ku");
-	p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-bundle.c b/trust/tests/test-bundle.c
deleted file mode 100644
index 85c0b5f..0000000
--- a/trust/tests/test-bundle.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-struct {
-	CK_FUNCTION_LIST module;
-	p11_enumerate ex;
-	char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
-	CK_RV rv;
-
-	mock_module_reset ();
-	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-	rv = test.module.C_Initialize (NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_enumerate_init (&test.ex);
-
-	test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
-	CK_RV rv;
-
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-	free (test.directory);
-
-	p11_enumerate_cleanup (&test.ex);
-
-	rv = test.module.C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-
-static CK_ATTRIBUTE cacert3_authority_attrs[] = {
-	{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-	{ CKA_LABEL, "Cacert3 Here", 12 },
-	{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-	{ CKA_ID, "ID1", 3 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_INVALID },
-};
-
-static void
-test_file (void)
-{
-	char *destination;
-	bool ret;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_pem_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3.pem");
-
-	free (destination);
-}
-
-static void
-test_file_multiple (void)
-{
-	char *destination;
-	bool ret;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_pem_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3-twice.pem");
-
-	free (destination);
-}
-
-static void
-test_file_without (void)
-{
-	char *destination;
-	bool ret;
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_pem_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_data (test.directory, "extract.pem", "", 0);
-
-	free (destination);
-}
-
-static void
-test_directory (void)
-{
-	bool ret;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	/* Yes, this is a race, and why you shouldn't build software as root */
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_pem_directory (&test.ex, test.directory);
-	assert_num_eq (true, ret);
-
-	test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL));
-	test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/files/cacert3.pem");
-	test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/files/cacert3.pem");
-}
-
-static void
-test_directory_empty (void)
-{
-	bool ret;
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	/* Yes, this is a race, and why you shouldn't build software as root */
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_pem_directory (&test.ex, test.directory);
-	assert_num_eq (true, ret);
-
-	test_check_directory (test.directory, (NULL, NULL));
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	mock_module_init ();
-
-	p11_fixture (setup, teardown);
-	p11_test (test_file, "/pem/test_file");
-	p11_test (test_file_multiple, "/pem/test_file_multiple");
-	p11_test (test_file_without, "/pem/test_file_without");
-	p11_test (test_directory, "/pem/test_directory");
-	p11_test (test_directory_empty, "/pem/test_directory_empty");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-cer.c b/trust/tests/test-cer.c
deleted file mode 100644
index ba0b9ca..0000000
--- a/trust/tests/test-cer.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-struct {
-	CK_FUNCTION_LIST module;
-	p11_enumerate ex;
-	char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
-	CK_RV rv;
-
-	mock_module_reset ();
-	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-	rv = test.module.C_Initialize (NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_enumerate_init (&test.ex);
-
-	test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
-	CK_RV rv;
-
-	if (rmdir (test.directory) < 0)
-		assert_fail ("rmdir() failed", test.directory);
-	free (test.directory);
-
-	p11_enumerate_cleanup (&test.ex);
-
-	rv = test.module.C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-
-static CK_ATTRIBUTE cacert3_authority_attrs[] = {
-	{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-	{ CKA_LABEL, "Cacert3 Here", 12 },
-	{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-	{ CKA_ID, "ID1", 3 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_INVALID },
-};
-
-static void
-test_file (void)
-{
-	char *destination;
-	bool ret;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_x509_file (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
-
-	free (destination);
-}
-
-static void
-test_file_multiple (void)
-{
-	char *destination;
-	bool ret;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
-		assert_not_reached ();
-
-	p11_message_quiet ();
-
-	ret = p11_extract_x509_file (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	assert (strstr (p11_message_last (), "multiple certificates") != NULL);
-
-	p11_message_loud ();
-
-	test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
-
-	free (destination);
-}
-
-static void
-test_file_without (void)
-{
-	char *destination;
-	bool ret;
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
-		assert_not_reached ();
-
-	p11_message_quiet ();
-
-	ret = p11_extract_x509_file (&test.ex, destination);
-	assert_num_eq (false, ret);
-
-	assert (strstr (p11_message_last (), "no certificate") != NULL);
-
-	p11_message_loud ();
-
-	free (destination);
-}
-
-static void
-test_directory (void)
-{
-	bool ret;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	/* Yes, this is a race, and why you shouldn't build software as root */
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_x509_directory (&test.ex, test.directory);
-	assert_num_eq (true, ret);
-
-	test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL));
-	test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/files/cacert3.der");
-	test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/files/cacert3.der");
-}
-
-static void
-test_directory_empty (void)
-{
-	bool ret;
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	/* Yes, this is a race, and why you shouldn't build software as root */
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_x509_directory (&test.ex, test.directory);
-	assert_num_eq (true, ret);
-
-	test_check_directory (test.directory, (NULL, NULL));
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	mock_module_init ();
-
-	p11_fixture (setup, teardown);
-	p11_test (test_file, "/x509/test_file");
-	p11_test (test_file_multiple, "/x509/test_file_multiple");
-	p11_test (test_file_without, "/x509/test_file_without");
-	p11_test (test_directory, "/x509/test_directory");
-	p11_test (test_directory_empty, "/x509/test_directory_empty");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-digest.c b/trust/tests/test-digest.c
deleted file mode 100644
index f2cb669..0000000
--- a/trust/tests/test-digest.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "digest.h"
-
-const char *sha1_input[] = {
-	"abc",
-	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-	NULL
-};
-
-const char *sha1_checksum[] = {
-	"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D",
-	"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1",
-	NULL
-};
-
-static void
-test_sha1 (void)
-{
-	unsigned char checksum[P11_DIGEST_SHA1_LEN];
-	size_t len;
-	int i;
-
-	for (i = 0; sha1_input[i] != NULL; i++) {
-		memset (checksum, 0, sizeof (checksum));
-		len = strlen (sha1_input[i]);
-
-		p11_digest_sha1 (checksum, sha1_input[i], len, NULL);
-		assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0);
-
-		if (len > 6) {
-			p11_digest_sha1 (checksum, sha1_input[i], 6, sha1_input[i] + 6, len - 6, NULL);
-			assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0);
-		}
-	}
-}
-
-static void
-test_sha1_long (void)
-{
-	unsigned char checksum[P11_DIGEST_SHA1_LEN];
-	char *expected = "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F";
-	char *input;
-
-	input = malloc (1000000);
-	assert (input != NULL);
-	memset (input, 'a', 1000000);
-
-	p11_digest_sha1 (checksum, input, 1000000, NULL);
-	assert (memcmp (expected, checksum, P11_DIGEST_SHA1_LEN) == 0);
-
-	free (input);
-}
-
-const char *md5_input[] = {
-	"",
-	"a",
-	"abc",
-	"message digest",
-	"abcdefghijklmnopqrstuvwxyz",
-	NULL
-};
-
-const char *md5_checksum[] = {
-	"\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e",
-	"\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61",
-	"\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72",
-	"\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0",
-	"\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b",
-	NULL
-};
-
-static void
-test_md5 (void)
-{
-	unsigned char checksum[P11_DIGEST_MD5_LEN];
-	size_t len;
-	int i;
-
-	for (i = 0; md5_input[i] != NULL; i++) {
-		memset (checksum, 0, sizeof (checksum));
-		len = strlen (md5_input[i]);
-
-		p11_digest_md5 (checksum, md5_input[i], len, NULL);
-		assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0);
-
-		if (len > 5) {
-			p11_digest_md5 (checksum, md5_input[i], 5, md5_input[i] + 5, len - 5, NULL);
-			assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0);
-		}
-	}
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_test (test_sha1, "/digest/sha1");
-	p11_test (test_sha1_long, "/digest/sha1-long");
-	p11_test (test_md5, "/digest/md5");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-enumerate.c b/trust/tests/test-enumerate.c
deleted file mode 100644
index 75d3f16..0000000
--- a/trust/tests/test-enumerate.c
+++ /dev/null
@@ -1,536 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-
-static void
-test_file_name_for_label (void)
-{
-	CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
-	p11_enumerate ex;
-	char *name;
-
-	p11_enumerate_init (&ex);
-
-	ex.attrs = p11_attrs_build (NULL, &label, NULL);
-
-	name = p11_enumerate_filename (&ex);
-	assert_str_eq ("The_Label_", name);
-	free (name);
-
-	p11_enumerate_cleanup (&ex);
-}
-
-static void
-test_file_name_for_class (void)
-{
-	p11_enumerate ex;
-	char *name;
-
-	p11_enumerate_init (&ex);
-
-	ex.klass = CKO_CERTIFICATE;
-
-	name = p11_enumerate_filename (&ex);
-	assert_str_eq ("certificate", name);
-	free (name);
-
-	ex.klass = CKO_DATA;
-
-	name = p11_enumerate_filename (&ex);
-	assert_str_eq ("unknown", name);
-	free (name);
-
-	p11_enumerate_cleanup (&ex);
-}
-
-static void
-test_comment_for_label (void)
-{
-	CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
-	p11_enumerate ex;
-	char *comment;
-
-	p11_enumerate_init (&ex);
-
-	ex.flags = P11_EXTRACT_COMMENT;
-	ex.attrs = p11_attrs_build (NULL, &label, NULL);
-
-	comment = p11_enumerate_comment (&ex, true);
-	assert_str_eq ("# The Label!\n", comment);
-	free (comment);
-
-	comment = p11_enumerate_comment (&ex, false);
-	assert_str_eq ("\n# The Label!\n", comment);
-	free (comment);
-
-	p11_enumerate_cleanup (&ex);
-}
-
-static void
-test_comment_not_enabled (void)
-{
-	CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
-	p11_enumerate ex;
-	char *comment;
-
-	p11_enumerate_init (&ex);
-
-	ex.attrs = p11_attrs_build (NULL, &label, NULL);
-
-	comment = p11_enumerate_comment (&ex, true);
-	assert_ptr_eq (NULL, comment);
-
-	comment = p11_enumerate_comment (&ex, false);
-	assert_ptr_eq (NULL, comment);
-
-	p11_enumerate_cleanup (&ex);
-}
-
-struct {
-	CK_FUNCTION_LIST module;
-	CK_FUNCTION_LIST_PTR modules[2];
-	p11_enumerate ex;
-} test;
-
-static void
-setup (void *unused)
-{
-	CK_RV rv;
-
-	mock_module_reset ();
-	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-
-	rv = test.module.C_Initialize (NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_enumerate_init (&test.ex);
-
-	/* Prefill the modules */
-	test.modules[0] = &test.module;
-	test.modules[1] = NULL;
-	test.ex.modules = test.modules;
-}
-
-static void
-teardown (void *unused)
-{
-	CK_RV rv;
-
-	/* Don't free the modules */
-	test.ex.modules = NULL;
-
-	p11_enumerate_cleanup (&test.ex);
-
-	rv = test.module.C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS public_key_class = CKO_PUBLIC_KEY;
-static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-static CK_BBOOL truev = CK_TRUE;
-
-static CK_ATTRIBUTE cacert3_trusted[] = {
-	{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-	{ CKA_LABEL, "Cacert3 Here", 11 },
-	{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-	{ CKA_TRUSTED, &truev, sizeof (truev) },
-	{ CKA_ID, "ID1", 3 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_distrusted[] = {
-	{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-	{ CKA_LABEL, "Another CaCert", 11 },
-	{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-	{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-	{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-	{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_distrusted_by_key[] = {
-	{ CKA_CLASS, &public_key_class, sizeof (public_key_class) },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-	{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_eku_server_client[] = {
-	{ CKA_CLASS, &extension_class, sizeof (extension_class) },
-	{ CKA_ID, "ID1", 3 },
-	{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
-	{ CKA_VALUE, "\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 31 },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_eku_invalid[] = {
-	{ CKA_CLASS, &extension_class, sizeof (extension_class) },
-	{ CKA_ID, "ID1", 3 },
-	{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-	{ CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x25\x04\x07\x69\x6e\x76\x61\x6c\x69\x64", 16 },
-	{ CKA_INVALID },
-};
-
-static void
-test_info_simple_certificate (void)
-{
-	void *value;
-	size_t length;
-	CK_RV rv;
-
-	assert_ptr_not_null (test.ex.asn1_defs);
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
-	assert_ptr_not_null (test.ex.attrs);
-	value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length);
-	assert_ptr_not_null (value);
-	assert (memcmp (value, test_cacert3_ca_der, length) == 0);
-	assert_ptr_not_null (test.ex.cert_der);
-	assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0);
-	assert_ptr_not_null (test.ex.cert_asn);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_info_limit_purposes (void)
-{
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
-	/* This should not match the above, with the stapled certificat ext */
-	assert_ptr_eq (NULL, test.ex.limit_to_purposes);
-	p11_enumerate_opt_purpose (&test.ex, "1.1.1");
-	assert_ptr_not_null (test.ex.limit_to_purposes);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_info_invalid_purposes (void)
-{
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	p11_kit_be_quiet ();
-
-	/* No results due to invalid purpose on certificate */
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-
-	p11_kit_be_loud ();
-}
-
-static void
-test_info_skip_non_certificate (void)
-{
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-
-	p11_enumerate_ready (&test.ex, NULL);
-
-	p11_message_quiet ();
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_limit_to_purpose_match (void)
-{
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
-	p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	p11_message_quiet ();
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_limit_to_purpose_no_match (void)
-{
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
-	p11_enumerate_opt_purpose (&test.ex, "3.3.3.3");
-	p11_enumerate_ready (&test.ex, NULL);
-
-	p11_message_quiet ();
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-
-	p11_message_loud ();
-}
-
-static void
-test_duplicate_extract (void)
-{
-	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
-	p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_duplicate_distrusted (void)
-{
-	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_X_DISTRUSTED, NULL, 0 },
-	};
-
-	CK_BBOOL val;
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-
-	test.ex.flags = P11_ENUMERATE_COLLAPSE;
-	p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = p11_kit_iter_load_attributes (test.ex.iter, attrs, 1);
-	assert_num_eq (CKR_OK, rv);
-	assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val));
-	assert_num_eq (val, CK_TRUE);
-	free (attrs[0].pValue);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_trusted_match (void)
-{
-	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
-	test.ex.flags = P11_ENUMERATE_ANCHORS;
-	p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_distrust_match (void)
-{
-	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
-	CK_BBOOL boolv;
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
-	test.ex.flags = P11_ENUMERATE_BLACKLIST;
-	p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv))
-		boolv = CK_FALSE;
-	assert_num_eq (CK_TRUE, boolv);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_override_by_issuer_serial (void)
-{
-	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
-	CK_BBOOL distrusted = CK_FALSE;
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
-	test.ex.flags =  P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
-	p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_OK, rv);
-
-	assert (p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &distrusted));
-	assert_num_eq (CK_TRUE, distrusted);
-
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_override_by_public_key (void)
-{
-	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
-	CK_RV rv;
-
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key);
-
-	test.ex.flags =  P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
-	p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
-	p11_enumerate_ready (&test.ex, NULL);
-
-	/* No results returned, because distrust is not a cert */
-	rv = p11_kit_iter_next (test.ex.iter);
-	assert_num_eq (CKR_CANCEL, rv);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	mock_module_init ();
-
-	p11_test (test_file_name_for_label, "/extract/test_file_name_for_label");
-	p11_test (test_file_name_for_class, "/extract/test_file_name_for_class");
-	p11_test (test_comment_for_label, "/extract/test_comment_for_label");
-	p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled");
-
-	p11_fixture (setup, teardown);
-	p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate");
-	p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes");
-	p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes");
-	p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate");
-	p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match");
-	p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match");
-	p11_test (test_duplicate_extract, "/extract/test_duplicate_extract");
-	p11_test (test_duplicate_distrusted, "/extract/test-duplicate-distrusted");
-	p11_test (test_trusted_match, "/extract/test_trusted_match");
-	p11_test (test_distrust_match, "/extract/test_distrust_match");
-	p11_test (test_override_by_issuer_serial, "/extract/override-by-issuer-and-serial");
-	p11_test (test_override_by_public_key, "/extract/override-by-public-key");
-
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-extract.in b/trust/tests/test-extract.in
deleted file mode 100644
index 59f6cd6..0000000
--- a/trust/tests/test-extract.in
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/bin/sh
-
-set -euf
-
-# -----------------------------------------------------------------------------
-# Basic fundamentals
-
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-datarootdir=@datarootdir@
-datadir=@datadir@
-sysconfdir=@sysconfdir@
-libdir=@libdir@
-privatedir=@privatedir@
-with_trust_paths=@with_trust_paths@
-script=$(basename $0)
-
-# -----------------------------------------------------------------------------
-# Testing
-
-warning()
-{
-	echo "$script: $@" >&2
-}
-
-assert_fail()
-{
-	warning $@
-	exit 1
-}
-
-assert_contains()
-{
-	if ! grep -qF $2 $1; then
-		assert_fail "$1 does not contain $2"
-	fi
-}
-
-assert_not_contains()
-{
-	if grep -qF $2 $1; then
-		assert_fail "$1 contains $2"
-	fi
-}
-
-teardown()
-{
-	for x in $TD; do
-		if [ -d $x ]; then
-			rmdir $x
-		elif [ -f $x ]; then
-			rm $x
-		fi
-	done
-	TD=""
-}
-
-teardown_dirty()
-{
-	echo "not ok $TEST_NUMBER $TEST_NAME"
-	teardown
-}
-
-openssl_quiet()
-(
-	command='/Generating a|-----|^[.+]+$|writing new private key/d'
-	exec 3>&1
-	openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&-
-)
-
-skip()
-{
-	TEST_SKIP=yes
-	echo "ok $TEST_NUMBER # skip $TEST_NAME: $@"
-}
-
-setup()
-{
-	# Parse the trust paths
-	oldifs="$IFS"
-	IFS=:
-	set $with_trust_paths
-	IFS="$oldifs"
-
-	if [ ! -d $1 ]; then
-		skip "$1 is not a directory"
-		return
-	fi
-
-	SOURCE_1=$1
-	if [ $# -lt 2 ]; then
-		warning "certain tests neutered if only 1 trust path: $with_trust_paths"
-		SOURCE_2=$1
-	else
-		SOURCE_2=$2
-	fi
-
-	# Make a temporary directory
-	dir=$(mktemp -d)
-	cd $dir
-	CLEANUP="$dir $TD"
-
-	# Generate a unique identifier
-	CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
-	CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
-	CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
-
-	# Generate relevant certificates
-	openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
-		-out cert_1.pem -subj /CN=$CERT_1_CN
-	openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
-		-out cert_2.pem -subj /CN=$CERT_2_CN
-	openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
-		-out cert_3.pem -subj /CN=$CERT_3_CN
-
-	TD="cert_1.pem cert_2.pem cert_3.pem $TD"
-
-	mkdir -p $SOURCE_1/anchors
-	cp cert_1.pem $SOURCE_1/anchors/
-
-	mkdir -p $SOURCE_2/anchors
-	cp cert_2.pem $SOURCE_2/anchors/
-	cp cert_3.pem $SOURCE_2/anchors/
-
-	TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD"
-}
-
-run()
-{
-	TOTAL=0
-	for TEST_NAME in $@; do
-		TOTAL=$(expr $TOTAL + 1)
-	done
-
-	echo "1..$TOTAL"
-
-	TEST_NUMBER=0
-	for TEST_NAME in $@; do
-		TEST_NUMBER=$(expr $TEST_NUMBER + 1)
-		(
-			trap teardown_dirty EXIT
-			trap "teardown_dirty; exit 127" INT TERM
-			TD=""
-
-			TEST_SKIP=no
-			setup
-
-			if [ $TEST_SKIP != "yes" ]; then
-				$TEST_NAME
-			fi
-			if [ $TEST_SKIP != "yes" ]; then
-				echo "ok $TEST_NUMBER $TEST_NAME"
-			fi
-
-			trap - EXIT
-			teardown
-		)
-	done
-}
-
-# -----------------------------------------------------------------------------
-# Main tests
-
-test_extract()
-{
-	trust extract --filter=ca-anchors --format=pem-bundle \
-		--purpose=server-auth --comment \
-		extract-test.pem
-
-	assert_contains extract-test.pem $CERT_1_CN
-	assert_contains extract-test.pem $CERT_2_CN
-	assert_contains extract-test.pem $CERT_3_CN
-}
-
-test_blacklist()
-{
-	mkdir -p $SOURCE_1/blacklist
-	cp cert_3.pem $SOURCE_1/blacklist
-	TD="$SOURCE_1/blacklist/cert_3.pem $TD"
-
-	trust extract --filter=ca-anchors --format=pem-bundle \
-		--purpose=server-auth --comment \
-		blacklist-test.pem
-
-	assert_contains blacklist-test.pem $CERT_1_CN
-	assert_not_contains blacklist-test.pem $CERT_3_CN
-}
-
-run test_extract test_blacklist
diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c
deleted file mode 100644
index fc861b2..0000000
--- a/trust/tests/test-index.c
+++ /dev/null
@@ -1,1144 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "debug.h"
-#include "index.h"
-#include "message.h"
-
-struct {
-	p11_index *index;
-} test;
-
-static void
-setup (void *unused)
-{
-	test.index = p11_index_new (NULL, NULL, NULL, NULL, NULL);
-	assert_ptr_not_null (test.index);
-}
-
-static void
-teardown (void *unused)
-{
-	p11_index_free (test.index);
-	memset (&test, 0, sizeof (test));
-}
-
-static void
-test_take_lookup (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *check;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	attrs = p11_attrs_dup (original);
-	rv = p11_index_take (test.index, attrs, &handle);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (original, check);
-
-	check = p11_index_lookup (test.index, 1UL);
-	assert_ptr_eq (NULL, check);
-
-	check = p11_index_lookup (test.index, 0UL);
-	assert_ptr_eq (NULL, check);
-}
-
-static void
-test_add_lookup (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE *check;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	rv = p11_index_add (test.index, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (original, check);
-}
-
-static void
-test_size (void)
-{
-	static CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_RV rv;
-
-	rv = p11_index_add (test.index, original, 2, NULL);
-	assert (rv == CKR_OK);
-
-	rv = p11_index_add (test.index, original, 2, NULL);
-	assert (rv == CKR_OK);
-
-	rv = p11_index_add (test.index, original, 2, NULL);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (3, p11_index_size (test.index));
-}
-
-static int
-compar_ulong (const void *one,
-              const void *two)
-{
-	const CK_ULONG *u1 = one;
-	const CK_ULONG *u2 = two;
-
-	if (*u1 == *u2)
-		return 0;
-	if (*u1 < *u2)
-		return -1;
-	return 1;
-}
-
-static void
-test_snapshot (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	static const int NUM = 16;
-	CK_OBJECT_HANDLE expected[NUM];
-	CK_OBJECT_HANDLE *snapshot;
-	int i;
-
-	for (i = 0; i < NUM; i++)
-		p11_index_add (test.index, original, 2, expected + i);
-
-	snapshot = p11_index_snapshot (test.index, NULL, NULL, 0);
-	assert_ptr_not_null (snapshot);
-
-	for (i = 0; i < NUM; i++)
-		assert (snapshot[i] != 0);
-	assert (snapshot[NUM] == 0);
-
-	qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong);
-
-	for (i = 0; i < NUM; i++)
-		assert_num_eq (expected[i], snapshot[i]);
-
-	free (snapshot);
-}
-
-static void
-test_snapshot_base (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	static const int NUM = 16;
-	CK_OBJECT_HANDLE expected[NUM];
-	CK_OBJECT_HANDLE *snapshot;
-	CK_RV rv;
-	int i;
-
-	for (i = 0; i < NUM; i++) {
-		rv = p11_index_add (test.index, original, 2, expected + i);
-		assert (rv == CKR_OK);
-	}
-
-	snapshot = p11_index_snapshot (test.index, test.index, NULL, 0);
-	assert_ptr_not_null (snapshot);
-
-	for (i = 0; i < NUM * 2; i++)
-		assert (snapshot[i] != 0);
-	assert (snapshot[NUM * 2] == 0);
-
-	qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong);
-
-	for (i = 0; i < NUM * 2; i++)
-		assert_num_eq (expected[i / 2], snapshot[i]);
-
-	free (snapshot);
-}
-
-static void
-test_remove (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *check;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	attrs = p11_attrs_dup (original);
-	rv = p11_index_take (test.index, attrs, &handle);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	assert_ptr_eq (attrs, check);
-
-	rv = p11_index_remove (test.index, 1UL);
-	assert (rv == CKR_OBJECT_HANDLE_INVALID);
-
-	rv = p11_index_remove (test.index, handle);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	assert_ptr_eq (NULL, check);
-}
-
-static void
-test_set (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 };
-
-	CK_ATTRIBUTE changed[] = {
-		{ CKA_LABEL, "naay", 4 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *check;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	attrs = p11_attrs_dup (original);
-	rv = p11_index_take (test.index, attrs, &handle);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (original, check);
-
-	rv = p11_index_set (test.index, handle, &change, 1);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (changed, check);
-
-	rv = p11_index_set (test.index, 1UL, &change, 1);
-	assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_update (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 };
-
-	CK_ATTRIBUTE changed[] = {
-		{ CKA_LABEL, "naay", 4 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_ATTRIBUTE *check;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	attrs = p11_attrs_dup (original);
-	rv = p11_index_take (test.index, attrs, &handle);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (original, check);
-
-	attrs = p11_attrs_build (NULL, &change, NULL);
-	rv = p11_index_update (test.index, handle, attrs);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (changed, check);
-
-	attrs = p11_attrs_build (NULL, &change, NULL);
-	rv = p11_index_update (test.index, 1L, attrs);
-	assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_find (void)
-{
-	CK_ATTRIBUTE first[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "one", 3 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE second[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "two", 3 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE third[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "three", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match3[] = {
-		{ CKA_VALUE, "three", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match_any[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match_none[] = {
-		{ CKA_VALUE, "blonononon", 10 },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE check;
-	CK_OBJECT_HANDLE one;
-	CK_OBJECT_HANDLE two;
-	CK_OBJECT_HANDLE three;
-
-	p11_index_add (test.index, first, 2, &one);
-	p11_index_add (test.index, second, 2, &two);
-	p11_index_add (test.index, third, 2, &three);
-
-	check = p11_index_find (test.index, match3, -1);
-	assert_num_eq (three, check);
-
-	check = p11_index_find (test.index, match3, 1);
-	assert_num_eq (three, check);
-
-	check = p11_index_find (test.index, match_any, -1);
-	assert (check == one || check == two || check == three);
-
-	check = p11_index_find (test.index, match_any, 1);
-	assert (check == one || check == two || check == three);
-
-	check = p11_index_find (test.index, match_none, -1);
-	assert_num_eq (0, check);
-
-	check = p11_index_find (test.index, match_none, 2);
-	assert_num_eq (0, check);
-}
-
-static bool
-handles_are (CK_OBJECT_HANDLE *handles,
-             ...)
-{
-	CK_OBJECT_HANDLE handle;
-	bool matched = true;
-	int count;
-	int num;
-	va_list va;
-	int i;
-
-	if (!handles)
-		return false;
-
-	/* Count number of handles */
-	for (num = 0; handles[num]; num++);
-
-	va_start (va, handles);
-
-	for (count = 0; matched; count++) {
-		handle = va_arg (va, CK_OBJECT_HANDLE);
-		if (handle == 0)
-			break;
-
-		for (i = 0; handles[i]; i++) {
-			if (handle == handles[i])
-				break;
-		}
-
-		if (handles[i] != handle)
-			matched = false;
-	}
-
-	va_end (va);
-
-	return matched && (count == num);
-}
-
-static void
-test_find_all (void)
-{
-	CK_ATTRIBUTE first[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "one", 3 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE second[] = {
-		{ CKA_LABEL, "even", 4 },
-		{ CKA_VALUE, "two", 3 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE third[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "three", 5 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match_odd[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match_3[] = {
-		{ CKA_VALUE, "three", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match_any[] = {
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match_none[] = {
-		{ CKA_VALUE, "blonononon", 10 },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE *check;
-	CK_OBJECT_HANDLE one;
-	CK_OBJECT_HANDLE two;
-	CK_OBJECT_HANDLE three;
-
-	p11_index_add (test.index, first, 3, &one);
-	p11_index_add (test.index, second, 3, &two);
-	p11_index_add (test.index, third, 3, &three);
-
-	check = p11_index_find_all (test.index, match_3, -1);
-	assert (handles_are (check, three, 0UL));
-	free (check);
-
-	check = p11_index_find_all (test.index, match_none, -1);
-	assert (handles_are (check, 0UL));
-	free (check);
-
-	check = p11_index_find_all (test.index, match_odd, -1);
-	assert (handles_are (check, one, three, 0UL));
-	free (check);
-
-	check = p11_index_find_all (test.index, match_any, -1);
-	assert (handles_are (check, one, two, three, 0UL));
-	free (check);
-
-	check = p11_index_find_all (test.index, match_none, -1);
-	assert_ptr_not_null (check);
-	assert_num_eq (0, check[0]);
-	free (check);
-
-	/* A double check of this method */
-	one = 0UL;
-	check = &one;
-	assert (!handles_are (check, 29292929, 0UL));
-	assert (!handles_are (NULL, 0UL));
-}
-
-static void
-test_find_realloc (void)
-{
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "one", 3 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE *check;
-	int i;
-
-	for (i = 0; i < 1000; i++)
-		p11_index_add (test.index, attrs, 3, NULL);
-
-	check = p11_index_find_all (test.index, match, -1);
-	assert_ptr_not_null (check);
-
-	for (i = 0; i < 1000; i++)
-		assert (check[i] != 0);
-	assert_num_eq (0, check[1000]);
-
-	free (check);
-}
-
-static void
-test_replace_all (void)
-{
-	CK_ATTRIBUTE first[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "one", 3 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE second[] = {
-		{ CKA_LABEL, "even", 4 },
-		{ CKA_VALUE, "two", 3 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE third[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "three", 5 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE fifth[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "five", 4 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE eins[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "one", 3 },
-		{ CKA_APPLICATION, "replace", 7 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE sieben[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "seven", 5 },
-		{ CKA_APPLICATION, "replace", 7 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE neun[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "nine", 4 },
-		{ CKA_APPLICATION, "replace", 7 },
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE check;
-	CK_OBJECT_HANDLE one;
-	CK_OBJECT_HANDLE two;
-	CK_OBJECT_HANDLE three;
-	CK_OBJECT_HANDLE five;
-	p11_array *array;
-	CK_RV rv;
-
-	p11_index_add (test.index, first, 3, &one);
-	assert (one != 0);
-	p11_index_add (test.index, second, 3, &two);
-	assert (two != 0);
-	p11_index_add (test.index, third, 3, &three);
-	assert (three != 0);
-	p11_index_add (test.index, fifth, 3, &five);
-	assert (five != 0);
-
-	array = p11_array_new (p11_attrs_free);
-	p11_array_push (array, p11_attrs_buildn (NULL, eins, 3));
-	p11_array_push (array, p11_attrs_buildn (NULL, sieben, 3));
-	p11_array_push (array, p11_attrs_buildn (NULL, neun, 3));
-
-	rv = p11_index_replace_all (test.index, match, CKA_VALUE, array);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (0, array->num);
-	p11_array_free (array);
-
-	/* eins should have replaced one */
-	check = p11_index_find (test.index, eins, -1);
-	assert_num_eq (one, check);
-
-	/* two should still be around */
-	check = p11_index_find (test.index, second, -1);
-	assert_num_eq (two, check);
-
-	/* three should have been removed */
-	check = p11_index_find (test.index, third, -1);
-	assert_num_eq (0, check);
-
-	/* five should have been removed */
-	check = p11_index_find (test.index, fifth, -1);
-	assert_num_eq (0, check);
-
-	/* sieben should have been added */
-	check = p11_index_find (test.index, sieben, -1);
-	assert (check != one && check != two && check != three && check != five);
-
-	/* neun should have been added */
-	check = p11_index_find (test.index, neun, -1);
-	assert (check != one && check != two && check != three && check != five);
-
-	assert_num_eq (4, p11_index_size (test.index));
-}
-
-static CK_RV
-on_index_build_fail (void *data,
-                     p11_index *index,
-                     CK_ATTRIBUTE *attrs,
-                     CK_ATTRIBUTE *merge,
-                     CK_ATTRIBUTE **populate)
-{
-	CK_ATTRIBUTE *match = data;
-
-	if (p11_attrs_match (merge, match))
-		return CKR_FUNCTION_FAILED;
-
-	return CKR_OK;
-}
-
-static void
-test_replace_all_build_fails (void)
-{
-	CK_ATTRIBUTE replace[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_VALUE, "one", 3 },
-		{ CKA_APPLICATION, "test", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_LABEL, "odd", 3 },
-		{ CKA_INVALID }
-	};
-
-	p11_array *array;
-	p11_index *index;
-	CK_RV rv;
-
-	index = p11_index_new (on_index_build_fail, NULL, NULL, NULL, &match);
-	assert_ptr_not_null (index);
-
-	array = p11_array_new (p11_attrs_free);
-	if (!p11_array_push (array, p11_attrs_dup (replace)))
-		assert_not_reached ();
-
-	rv = p11_index_replace_all (index, NULL, CKA_INVALID, array);
-	assert_num_eq (rv, CKR_FUNCTION_FAILED);
-
-	p11_array_free (array);
-	p11_index_free (index);
-}
-
-
-static CK_RV
-on_build_populate (void *data,
-                   p11_index *index,
-                   CK_ATTRIBUTE *attrs,
-                   CK_ATTRIBUTE *merge,
-                   CK_ATTRIBUTE **populate)
-{
-	CK_ATTRIBUTE more[] = {
-		{ CKA_APPLICATION, "vigorous", 8 },
-		{ CKA_LABEL, "naay", 4 },
-	};
-
-	assert_str_eq (data, "blah");
-	assert_ptr_not_null (index);
-	assert_ptr_not_null (merge);
-
-	*populate = p11_attrs_buildn (*populate, more, 2);
-	return CKR_OK;
-}
-
-static void
-test_build_populate (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	CK_ATTRIBUTE after[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_APPLICATION, "vigorous", 8 },
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE handle;
-	CK_ATTRIBUTE *check;
-	p11_index *index;
-	CK_RV rv;
-
-	index = p11_index_new (on_build_populate, NULL, NULL, NULL, "blah");
-	assert_ptr_not_null (index);
-
-	rv = p11_index_add (index, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (index, handle);
-	assert_ptr_not_null (check);
-
-	test_check_attrs (after, check);
-
-	rv = p11_index_set (index, handle, original, 2);
-	assert (rv == CKR_OK);
-
-	check = p11_index_lookup (index, handle);
-	assert_ptr_not_null (check);
-
-	test_check_attrs (after, check);
-
-	p11_index_free (index);
-}
-
-static CK_RV
-on_build_fail (void *data,
-               p11_index *index,
-               CK_ATTRIBUTE *attrs,
-               CK_ATTRIBUTE *merge,
-               CK_ATTRIBUTE **populate)
-{
-	CK_ATTRIBUTE check[] = {
-		{ CKA_LABEL, "nay", 3 },
-		{ CKA_INVALID }
-	};
-
-	assert_str_eq (data, "testo");
-	assert_ptr_not_null (merge);
-
-	if (p11_attrs_match (merge, check))
-		return CKR_DEVICE_ERROR;
-
-	return CKR_OK;
-}
-
-
-static void
-test_build_fail (void)
-{
-	CK_ATTRIBUTE okay[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE fails[] = {
-		{ CKA_LABEL, "nay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE handle;
-	p11_index *index;
-	CK_RV rv;
-
-	index = p11_index_new (on_build_fail, NULL, NULL, NULL, "testo");
-	assert_ptr_not_null (index);
-
-	rv = p11_index_add (index, okay, 2, &handle);
-	assert (rv == CKR_OK);
-
-	rv = p11_index_add (index, fails, 2, NULL);
-	assert (rv == CKR_DEVICE_ERROR);
-
-	rv = p11_index_set (index, handle, fails, 2);
-	assert (rv == CKR_DEVICE_ERROR);
-
-	rv = p11_index_set (index, handle, okay, 2);
-	assert (rv == CKR_OK);
-
-	p11_index_free (index);
-}
-
-static int on_change_called = 0;
-static bool on_change_removing = false;
-static bool on_change_batching = false;
-
-static void
-on_change_check (void *data,
-                 p11_index *index,
-                 CK_OBJECT_HANDLE handle,
-                 CK_ATTRIBUTE *attrs)
-{
-	CK_ATTRIBUTE check[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	assert_str_eq (data, "change-check");
-	assert_ptr_not_null (index);
-	assert_ptr_not_null (attrs);
-
-	if (!on_change_batching) {
-		if (on_change_removing)
-			assert_num_eq (0, handle);
-		else
-			assert (handle != 0);
-	}
-
-	test_check_attrs (check, attrs);
-	on_change_called++;
-}
-
-static void
-test_change_called (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	CK_OBJECT_HANDLE handle;
-	p11_index *index;
-	CK_RV rv;
-
-	index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check");
-	assert_ptr_not_null (index);
-
-	on_change_removing = false;
-	on_change_called = 0;
-
-	rv = p11_index_add (index, original, 2, NULL);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (1, on_change_called);
-
-	rv = p11_index_add (index, original, 2, NULL);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (2, on_change_called);
-
-	rv = p11_index_add (index, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (3, on_change_called);
-
-	on_change_removing = true;
-
-	rv = p11_index_remove (index, handle);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (4, on_change_called);
-
-	p11_index_free (index);
-}
-
-static void
-test_change_batch (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	CK_OBJECT_HANDLE handle;
-	p11_index *index;
-	CK_RV rv;
-
-	index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check");
-	assert_ptr_not_null (index);
-
-	on_change_batching = true;
-	on_change_called = 0;
-
-	p11_index_load (index);
-
-	assert (p11_index_loading (index));
-
-	rv = p11_index_add (index, original, 2, NULL);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (0, on_change_called);
-
-	rv = p11_index_add (index, original, 2, NULL);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (0, on_change_called);
-
-	rv = p11_index_add (index, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (0, on_change_called);
-
-	/* Nested batch is a noop */
-	p11_index_load (index);
-
-	rv = p11_index_remove (index, handle);
-	assert (rv == CKR_OK);
-
-	assert_num_eq (0, on_change_called);
-
-	/*
-	 * Batch finishes when first finish call is called,
-	 * even when batches are nested
-	 */
-	p11_index_finish (index);
-
-	assert (!p11_index_loading (index));
-
-	/*
-	 * Only three calls, because later operations on the
-	 * same handle override the earlier one.
-	 */
-	assert_num_eq (3, on_change_called);
-
-	/* This is a noop */
-	p11_index_finish (index);
-
-	assert (!p11_index_loading (index));
-
-	p11_index_free (index);
-}
-
-static void
-on_change_nested (void *data,
-                  p11_index *index,
-                  CK_OBJECT_HANDLE handle,
-                  CK_ATTRIBUTE *attrs)
-{
-	CK_RV rv;
-
-	CK_ATTRIBUTE second[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	assert_str_eq (data, "change-nested");
-	on_change_called++;
-
-	/* A nested call */
-	rv = p11_index_add (index, second, 2, NULL);
-	assert (rv == CKR_OK);
-}
-
-static void
-test_change_nested (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	p11_index *index;
-	CK_RV rv;
-
-	index = p11_index_new (NULL, NULL, NULL, on_change_nested, "change-nested");
-	assert_ptr_not_null (index);
-
-	on_change_called = 0;
-	rv = p11_index_add (index, original, 2, NULL);
-	assert (rv == CKR_OK);
-	assert_num_eq (1, on_change_called);
-
-
-	on_change_called = 0;
-	p11_index_load (index);
-	rv = p11_index_add (index, original, 2, NULL);
-	assert (rv == CKR_OK);
-	p11_index_finish (index);
-	assert_num_eq (1, on_change_called);
-
-	p11_index_free (index);
-}
-
-static CK_RV
-on_remove_callback (void *data,
-                    p11_index *index,
-                    CK_ATTRIBUTE *attrs)
-{
-	int *removed = data;
-	assert_ptr_not_null (removed);
-	assert_num_eq (*removed, 0);
-	*removed = 1;
-	return CKR_OK;
-}
-
-static void
-test_remove_callback (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	CK_OBJECT_HANDLE handle;
-	p11_index *index;
-	int removed = 0;
-	CK_RV rv;
-
-	index = p11_index_new (NULL, NULL, on_remove_callback, NULL, &removed);
-	assert_ptr_not_null (index);
-
-	rv = p11_index_add (index, original, 2, &handle);
-	assert_num_eq (rv, CKR_OK);
-
-	assert_ptr_not_null (p11_index_lookup (index, handle));
-
-	rv = p11_index_remove (index, handle);
-	assert_num_eq (rv, CKR_OK);
-
-	assert_num_eq (removed, 1);
-	assert_ptr_eq (p11_index_lookup (index, handle), NULL);
-
-	p11_index_free (index);
-}
-
-static CK_RV
-on_remove_fail (void *data,
-                p11_index *index,
-                CK_ATTRIBUTE *attrs)
-{
-	assert_str_eq (data, "remove-fail");
-	return CKR_DEVICE_REMOVED;
-}
-
-static void
-test_remove_fail (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-
-	};
-
-	CK_OBJECT_HANDLE handle;
-	p11_index *index;
-	CK_RV rv;
-
-	index = p11_index_new (NULL, NULL, on_remove_fail, NULL, "remove-fail");
-	assert_ptr_not_null (index);
-
-	rv = p11_index_add (index, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	assert_ptr_not_null (p11_index_lookup (index, handle));
-
-	rv = p11_index_remove (index, handle);
-	assert_num_eq (rv, CKR_DEVICE_REMOVED);
-
-	assert_ptr_not_null (p11_index_lookup (index, handle));
-
-	p11_index_free (index);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_message_quiet ();
-
-	p11_fixture (setup, teardown);
-	p11_test (test_add_lookup, "/index/add_lookup");
-	p11_test (test_take_lookup, "/index/take_lookup");
-	p11_test (test_size, "/index/size");
-	p11_test (test_remove, "/index/remove");
-	p11_test (test_snapshot, "/index/snapshot");
-	p11_test (test_snapshot_base, "/index/snapshot_base");
-	p11_test (test_set, "/index/set");
-	p11_test (test_update, "/index/update");
-	p11_test (test_find, "/index/find");
-	p11_test (test_find_all, "/index/find_all");
-	p11_test (test_find_realloc, "/index/find_realloc");
-	p11_test (test_replace_all, "/index/replace_all");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_build_populate, "/index/build_populate");
-	p11_test (test_build_fail, "/index/build_fail");
-	p11_test (test_change_called, "/index/change_called");
-	p11_test (test_change_batch, "/index/change_batch");
-	p11_test (test_change_nested, "/index/change_nested");
-	p11_test (test_replace_all_build_fails, "/index/replace-all-build-fails");
-	p11_test (test_remove_callback, "/index/remove-callback");
-	p11_test (test_remove_fail, "/index/remove-fail");
-
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c
deleted file mode 100644
index c272a88..0000000
--- a/trust/tests/test-module.c
+++ /dev/null
@@ -1,1217 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#define CRYPTOKI_EXPORTS
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "digest.h"
-#include "library.h"
-#include "path.h"
-#include "parser.h"
-#include "pkcs11x.h"
-#include "token.h"
-
-#include <assert.h>
-
-/*
- * This is the number of input paths. Should match the
- * paths below near :
- *
- * paths='%s'
- */
-#define NUM_SLOTS 3
-
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_BBOOL vtrue = CK_TRUE;
-static CK_BBOOL vfalse = CK_FALSE;
-
-struct {
-	CK_FUNCTION_LIST *module;
-	CK_SLOT_ID slots[NUM_SLOTS];
-	char *directory;
-	p11_asn1_cache *cache;
-	p11_parser *parser;
-} test;
-
-static void
-setup (void *unused)
-{
-	CK_C_INITIALIZE_ARGS args;
-	const char *paths;
-	char *arguments;
-	CK_ULONG count;
-	CK_RV rv;
-
-	memset (&test, 0, sizeof (test));
-
-	/* This is the entry point of the trust module, linked to this test */
-	rv = C_GetFunctionList (&test.module);
-	assert (rv == CKR_OK);
-
-	memset (&args, 0, sizeof (args));
-	paths = SRCDIR "/input" P11_PATH_SEP \
-		SRCDIR "/files/self-signed-with-ku.der" P11_PATH_SEP \
-		SRCDIR "/files/thawte.pem";
-	if (asprintf (&arguments, "paths='%s'", paths) < 0)
-		assert (false && "not reached");
-	args.pReserved = arguments;
-	args.flags = CKF_OS_LOCKING_OK;
-
-	rv = test.module->C_Initialize (&args);
-	assert (rv == CKR_OK);
-
-	free (arguments);
-
-	count = NUM_SLOTS;
-	rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
-	assert (rv == CKR_OK);
-	assert (count == NUM_SLOTS);
-}
-
-static void
-teardown (void *unused)
-{
-	CK_RV rv;
-
-	if (test.parser)
-		p11_parser_free (test.parser);
-	p11_asn1_cache_free (test.cache);
-
-	rv = test.module->C_Finalize (NULL);
-	assert (rv == CKR_OK);
-
-	free (test.directory);
-
-	memset (&test, 0, sizeof (test));
-}
-
-static void
-setup_writable (void *unused)
-{
-	CK_C_INITIALIZE_ARGS args;
-	char *arguments;
-	CK_ULONG count;
-	CK_RV rv;
-
-	memset (&test, 0, sizeof (test));
-
-	/* This is the entry point of the trust module, linked to this test */
-	rv = C_GetFunctionList (&test.module);
-	assert (rv == CKR_OK);
-
-	test.directory = p11_test_directory ("test-module");
-
-	memset (&args, 0, sizeof (args));
-	if (asprintf (&arguments, "paths='%s'", test.directory) < 0)
-		assert (false && "not reached");
-	args.pReserved = arguments;
-	args.flags = CKF_OS_LOCKING_OK;
-
-	rv = test.module->C_Initialize (&args);
-	assert (rv == CKR_OK);
-
-	free (arguments);
-
-	count = 1;
-	rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
-	assert_num_eq (rv, CKR_OK);
-	assert_num_eq (count, 1);
-
-	test.cache = p11_asn1_cache_new ();
-	test.parser = p11_parser_new (test.cache);
-	p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
-}
-
-static void
-test_get_slot_list (void)
-{
-	CK_SLOT_ID slots[NUM_SLOTS];
-	CK_ULONG count;
-	CK_RV rv;
-	int i;
-
-	rv = test.module->C_GetSlotList (TRUE, NULL, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (NUM_SLOTS, count);
-
-	count = 1;
-	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	assert_num_eq (CKR_BUFFER_TOO_SMALL, rv);
-	assert_num_eq (NUM_SLOTS, count);
-
-	count = NUM_SLOTS;
-	memset (slots, 0, sizeof (slots));
-	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (NUM_SLOTS, count);
-
-	for (i = 0; i < NUM_SLOTS; i++)
-		assert (slots[i] != 0);
-}
-
-static void
-test_null_initialize (void)
-{
-	CK_FUNCTION_LIST *module;
-	CK_RV rv;
-
-	/* This is the entry point of the trust module, linked to this test */
-	rv = C_GetFunctionList (&module);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = module->C_Initialize (NULL);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = module->C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_multi_initialize (void)
-{
-	static CK_C_INITIALIZE_ARGS args =
-		{ NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, };
-	CK_FUNCTION_LIST *module;
-	CK_SESSION_HANDLE session;
-	CK_SLOT_ID slots[8];
-	CK_SESSION_INFO info;
-	CK_ULONG count;
-	CK_RV rv;
-
-	/* This is the entry point of the trust module, linked to this test */
-	rv = C_GetFunctionList (&module);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = module->C_Initialize (&args);
-	assert_num_eq (rv, CKR_OK);
-
-	count = 8;
-	rv = module->C_GetSlotList (CK_TRUE, slots, &count);
-	assert_num_eq (rv, CKR_OK);
-	assert_num_cmp (count, >, 0);
-
-	rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = module->C_GetSessionInfo (session, &info);
-	assert_num_eq (rv, CKR_OK);
-	assert_num_eq (info.slotID, slots[0]);
-
-	rv = module->C_Initialize (&args);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = module->C_GetSessionInfo (session, &info);
-	assert_num_eq (rv, CKR_OK);
-	assert_num_eq (info.slotID, slots[0]);
-
-	rv = module->C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = module->C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = module->C_Finalize (NULL);
-	assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv);
-}
-
-static void
-test_get_slot_info (void)
-{
-	CK_SLOT_ID slots[NUM_SLOTS];
-	CK_SLOT_INFO info;
-	char description[64];
-	CK_ULONG count;
-	size_t length;
-	CK_RV rv;
-	int i;
-
-	/* These are the paths passed in in setup() */
-	const char *paths[] = {
-		SRCDIR "/input",
-		SRCDIR "/files/self-signed-with-ku.der",
-		SRCDIR "/files/thawte.pem"
-	};
-
-	count = NUM_SLOTS;
-	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (NUM_SLOTS, count);
-
-	for (i = 0; i < NUM_SLOTS; i++) {
-		rv = test.module->C_GetSlotInfo (slots[i], &info);
-		assert_num_eq (CKR_OK, rv);
-
-		memset (description, ' ', sizeof (description));
-		length = strlen(paths[i]);
-		if (length > sizeof (description))
-			length = sizeof (description);
-		memcpy (description, paths[i], length);
-		assert (memcmp (info.slotDescription, description, sizeof (description)) == 0);
-	}
-}
-
-static void
-test_get_token_info (void)
-{
-	CK_C_INITIALIZE_ARGS args;
-	CK_FUNCTION_LIST *module;
-	CK_SLOT_ID slots[NUM_SLOTS];
-	CK_TOKEN_INFO info;
-	char label[32];
-	CK_ULONG count;
-	CK_RV rv;
-	int i;
-
-	/* These are the paths passed in in setup() */
-	const char *labels[] = {
-		"System Trust",
-		"Default Trust",
-		"the-basename",
-	};
-
-	/* This is the entry point of the trust module, linked to this test */
-	rv = C_GetFunctionList (&module);
-	assert (rv == CKR_OK);
-
-	memset (&args, 0, sizeof (args));
-	args.pReserved = "paths='" \
-		SYSCONFDIR "/input" P11_PATH_SEP \
-		DATADIR "/files/blah" P11_PATH_SEP \
-		"/some/other/path/the-basename'";
-	args.flags = CKF_OS_LOCKING_OK;
-
-	rv = module->C_Initialize (&args);
-	assert (rv == CKR_OK);
-
-	count = NUM_SLOTS;
-	rv = module->C_GetSlotList (CK_TRUE, slots, &count);
-	assert (rv == CKR_OK);
-	assert (count == NUM_SLOTS);
-
-	for (i = 0; i < NUM_SLOTS; i++) {
-		rv = module->C_GetTokenInfo (slots[i], &info);
-		assert_num_eq (CKR_OK, rv);
-
-		memset (label, ' ', sizeof (label));
-		memcpy (label, labels[i], strlen (labels[i]));
-		assert (memcmp (info.label, label, sizeof (label)) == 0);
-	}
-
-	rv = module->C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_get_session_info (void)
-{
-	CK_SLOT_ID slots[NUM_SLOTS];
-	CK_SESSION_HANDLE sessions[NUM_SLOTS];
-	CK_SESSION_INFO info;
-	CK_ULONG count;
-	CK_RV rv;
-	int i;
-
-	count = NUM_SLOTS;
-	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (NUM_SLOTS, count);
-
-	/* Open two sessions with each token */
-	for (i = 0; i < NUM_SLOTS; i++) {
-		rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]);
-		assert_num_eq (CKR_OK, rv);
-
-		rv = test.module->C_GetSessionInfo (sessions[i], &info);
-		assert_num_eq (CKR_OK, rv);
-
-		assert_num_eq (slots[i], info.slotID);
-		assert_num_eq (CKF_SERIAL_SESSION, info.flags);
-	}
-}
-
-static void
-test_close_all_sessions (void)
-{
-	CK_SLOT_ID slots[NUM_SLOTS];
-	CK_SESSION_HANDLE sessions[NUM_SLOTS][2];
-	CK_SESSION_INFO info;
-	CK_ULONG count;
-	CK_RV rv;
-	int i;
-
-	count = NUM_SLOTS;
-	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (NUM_SLOTS, count);
-
-	/* Open two sessions with each token */
-	for (i = 0; i < NUM_SLOTS; i++) {
-		rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]);
-		assert_num_eq (CKR_OK, rv);
-
-		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		assert_num_eq (CKR_OK, rv);
-
-		rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]);
-		assert_num_eq (CKR_OK, rv);
-
-		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		assert_num_eq (CKR_OK, rv);
-	}
-
-	/* Close all the sessions on the first token */
-	rv = test.module->C_CloseAllSessions (slots[0]);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Those sessions should be closed */
-	rv = test.module->C_GetSessionInfo (sessions[0][0], &info);
-	assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv);
-	rv = test.module->C_GetSessionInfo (sessions[0][1], &info);
-	assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv);
-
-	/* Other sessions should still be open */
-	for (i = 1; i < NUM_SLOTS; i++) {
-		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		assert_num_eq (CKR_OK, rv);
-		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		assert_num_eq (CKR_OK, rv);
-	}
-}
-
-static CK_ULONG
-find_objects (CK_ATTRIBUTE *match,
-              CK_OBJECT_HANDLE *sessions,
-              CK_OBJECT_HANDLE *objects,
-              CK_ULONG max_objects)
-{
-	CK_SESSION_HANDLE session;
-	CK_RV rv;
-	CK_ULONG found;
-	CK_ULONG count;
-	int i, j;
-
-	found = 0;
-	for (i = 0; i < NUM_SLOTS; i++) {
-		rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session);
-		assert (rv == CKR_OK);
-
-		rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match));
-		assert (rv == CKR_OK);
-		rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count);
-		assert (rv == CKR_OK);
-		rv = test.module->C_FindObjectsFinal (session);
-		assert (rv == CKR_OK);
-
-		for (j = found ; j < found + count; j++)
-			sessions[j] = session;
-		found += count;
-	}
-
-	assert (found < max_objects);
-	return found;
-}
-
-static void
-check_trust_object_equiv (CK_SESSION_HANDLE session,
-                          CK_OBJECT_HANDLE trust,
-                          CK_ATTRIBUTE *cert)
-{
-	unsigned char subject[1024];
-	unsigned char issuer[1024];
-	unsigned char serial[128];
-	CK_BBOOL private;
-	CK_BBOOL token;
-	CK_RV rv;
-
-	/* The following attributes should be equivalent to the certificate */
-	CK_ATTRIBUTE equiv[] = {
-		{ CKA_TOKEN, &token, sizeof (token) },
-		{ CKA_PRIVATE, &private, sizeof (private) },
-		{ CKA_ISSUER, issuer, sizeof (issuer) },
-		{ CKA_SUBJECT, subject, sizeof (subject) },
-		{ CKA_SERIAL_NUMBER, serial, sizeof (serial) },
-		{ CKA_INVALID, },
-	};
-
-	rv = test.module->C_GetAttributeValue (session, trust, equiv, 5);
-	assert_num_eq (CKR_OK, rv);
-
-	test_check_attrs (equiv, cert);
-}
-
-static void
-check_trust_object_hashes (CK_SESSION_HANDLE session,
-                           CK_OBJECT_HANDLE trust,
-                           CK_ATTRIBUTE *cert)
-{
-	unsigned char sha1[P11_DIGEST_SHA1_LEN];
-	unsigned char md5[P11_DIGEST_MD5_LEN];
-	unsigned char check[128];
-	CK_ATTRIBUTE *value;
-	CK_RV rv;
-
-	CK_ATTRIBUTE hashes[] = {
-		{ CKA_CERT_SHA1_HASH, sha1, sizeof (sha1) },
-		{ CKA_CERT_MD5_HASH, md5, sizeof (md5) },
-		{ CKA_INVALID, },
-	};
-
-	rv = test.module->C_GetAttributeValue (session, trust, hashes, 2);
-	assert (rv == CKR_OK);
-
-	value = p11_attrs_find_valid (cert, CKA_VALUE);
-	assert_ptr_not_null (value);
-
-	p11_digest_md5 (check, value->pValue, value->ulValueLen, NULL);
-	assert (memcmp (md5, check, sizeof (md5)) == 0);
-
-	p11_digest_sha1 (check, value->pValue, value->ulValueLen, NULL);
-	assert (memcmp (sha1, check, sizeof (sha1)) == 0);
-}
-
-static void
-check_has_trust_object (CK_ATTRIBUTE *cert)
-{
-	CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
-	CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) };
-	CK_OBJECT_HANDLE objects[2];
-	CK_SESSION_HANDLE sessions[2];
-	CK_ATTRIBUTE *match;
-	CK_ATTRIBUTE *attr;
-	CK_ULONG count;
-
-	attr = p11_attrs_find_valid (cert, CKA_ID);
-	assert_ptr_not_null (attr);
-
-	match = p11_attrs_build (NULL, &klass, attr, NULL);
-	count = find_objects (match, sessions, objects, 2);
-	assert_num_eq (1, count);
-
-	check_trust_object_equiv (sessions[0], objects[0], cert);
-	check_trust_object_hashes (sessions[0], objects[0], cert);
-
-	p11_attrs_free (match);
-}
-
-static void
-check_certificate (CK_SESSION_HANDLE session,
-                   CK_OBJECT_HANDLE handle)
-{
-	unsigned char label[4096]= { 0, };
-	CK_OBJECT_CLASS klass;
-	unsigned char value[4096];
-	unsigned char subject[1024];
-	unsigned char issuer[1024];
-	unsigned char serial[128];
-	unsigned char id[128];
-	CK_CERTIFICATE_TYPE type;
-	CK_BYTE check[3];
-	CK_DATE start;
-	CK_DATE end;
-	CK_ULONG category;
-	CK_BBOOL private;
-	CK_BBOOL token;
-	CK_RV rv;
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &klass, sizeof (klass) },
-		{ CKA_TOKEN, &token, sizeof (token) },
-		{ CKA_PRIVATE, &private, sizeof (private) },
-		{ CKA_VALUE, value, sizeof (value) },
-		{ CKA_ISSUER, issuer, sizeof (issuer) },
-		{ CKA_SUBJECT, subject, sizeof (subject) },
-		{ CKA_CERTIFICATE_TYPE, &type, sizeof (type) },
-		{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
-		{ CKA_START_DATE, &start, sizeof (start) },
-		{ CKA_END_DATE, &end, sizeof (end) },
-		{ CKA_SERIAL_NUMBER, serial, sizeof (serial) },
-		{ CKA_CHECK_VALUE, check, sizeof (check) },
-		{ CKA_ID, id, sizeof (id) },
-		{ CKA_LABEL, label, sizeof (label) },
-		{ CKA_INVALID, },
-	};
-
-	/* Note that we don't pass the CKA_INVALID attribute in */
-	rv = test.module->C_GetAttributeValue (session, handle, attrs, 14);
-	assert_num_eq (rv, CKR_OK);
-
-	/* If this is the cacert3 certificate, check its values */
-	if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) {
-		CK_BBOOL trusted;
-		CK_BBOOL vtrue = CK_TRUE;
-
-		CK_ATTRIBUTE anchor[] = {
-			{ CKA_TRUSTED, &trusted, sizeof (trusted) },
-			{ CKA_INVALID, },
-		};
-
-		CK_ATTRIBUTE check[] = {
-			{ CKA_TRUSTED, &vtrue, sizeof (vtrue) },
-			{ CKA_INVALID, },
-		};
-
-		test_check_cacert3_ca (attrs, NULL);
-
-		/* Get anchor specific attributes */
-		rv = test.module->C_GetAttributeValue (session, handle, anchor, 1);
-		assert (rv == CKR_OK);
-
-		/* It lives in the trusted directory */
-		test_check_attrs (check, anchor);
-
-	/* Other certificates, we can't check the values */
-	} else {
-		test_check_object (attrs, CKO_CERTIFICATE, NULL);
-	}
-
-	check_has_trust_object (attrs);
-}
-
-static void
-test_find_certificates (void)
-{
-	CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_CLASS, &klass, sizeof (klass) },
-		{ CKA_INVALID, }
-	};
-
-	CK_OBJECT_HANDLE objects[16];
-	CK_SESSION_HANDLE sessions[16];
-	CK_ULONG count;
-	CK_ULONG i;
-
-	count = find_objects (match, sessions, objects, 16);
-	assert_num_eq (8, count);
-
-	for (i = 0; i < count; i++)
-		check_certificate (sessions[i], objects[i]);
-}
-
-static void
-test_find_builtin (void)
-{
-	CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST;
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_CLASS, &klass, sizeof (klass) },
-		{ CKA_TOKEN, &vtrue, sizeof (vtrue) },
-		{ CKA_PRIVATE, &vfalse, sizeof (vfalse) },
-		{ CKA_MODIFIABLE, &vfalse, sizeof (vfalse) },
-		{ CKA_INVALID, }
-	};
-
-	CK_OBJECT_HANDLE objects[16];
-	CK_SESSION_HANDLE sessions[16];
-	CK_ULONG count;
-
-	/* One per token */
-	count = find_objects (match, sessions, objects, 16);
-	assert_num_eq (NUM_SLOTS, count);
-}
-
-static void
-test_session_object (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_ULONG size;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_GetObjectSize (session, handle, &size);
-	assert (rv == CKR_OK);
-}
-
-static void
-test_session_find (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_OBJECT_HANDLE check;
-	CK_ULONG count;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_FindObjectsInit (session, original, 2);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (1, count);
-	assert_num_eq (handle, check);
-
-	rv = test.module->C_FindObjectsFinal (session);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_session_find_no_attr (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_COLOR, "blah", 4 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_OBJECT_HANDLE check;
-	CK_ULONG count;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_CreateObject (session, original, 3, &handle);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_FindObjectsInit (session, match, 1);
-	assert_num_eq (CKR_OK, rv);
-	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (0, count);
-	rv = test.module->C_FindObjectsFinal (session);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_lookup_invalid (void)
-{
-	CK_SESSION_HANDLE session;
-	CK_ULONG size;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_GetObjectSize (session, 88888, &size);
-	assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_remove_token (void)
-{
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_ULONG count;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = test.module->C_FindObjectsInit (session, NULL, 0);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = test.module->C_FindObjects (session, &handle, 1, &count);
-	assert_num_eq (rv, CKR_OK);
-	assert_num_eq (1, count);
-
-	rv = test.module->C_DestroyObject (session, handle);
-	if (rv != CKR_TOKEN_WRITE_PROTECTED)
-		assert_num_eq (rv, CKR_SESSION_READ_ONLY);
-}
-
-static void
-test_setattr_token (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_ULONG count;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = test.module->C_FindObjectsInit (session, NULL, 0);
-	assert_num_eq (rv, CKR_OK);
-
-	rv = test.module->C_FindObjects (session, &handle, 1, &count);
-	assert_num_eq (rv, CKR_OK);
-	assert_num_eq (1, count);
-
-	rv = test.module->C_SetAttributeValue (session, handle, original, 2);
-	if (rv != CKR_TOKEN_WRITE_PROTECTED)
-		assert_num_eq (rv, CKR_ATTRIBUTE_READ_ONLY);
-}
-
-static void
-test_session_copy (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_OBJECT_HANDLE copy;
-	CK_ULONG size;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_CopyObject (session, handle, original, 2, &copy);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_GetObjectSize (session, copy, &size);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_session_setattr (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_SetAttributeValue (session, handle, original, 2);
-	assert (rv == CKR_OK);
-}
-
-static void
-test_session_remove (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_DestroyObject (session, handle);
-	assert (rv == CKR_OK);
-
-	rv = test.module->C_DestroyObject (session, handle);
-	assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_find_serial_der_decoded (void)
-{
-	CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-
-	CK_ATTRIBUTE object[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
-		{ CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match_decoded[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
-		{ CKA_SERIAL_NUMBER, "\x01\x02\x03", 3 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_OBJECT_HANDLE check;
-	CK_ULONG count;
-	CK_RV rv;
-
-	/*
-	 * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are
-	 * not DER encoded. It shouldn't be doing this. We never return any certificate
-	 * serial numbers that are not DER encoded.
-	 *
-	 * So work around the issue here while the NSS guys fix this issue.
-	 * This code should be removed in future versions.
-	 *
-	 * See work_around_broken_nss_serial_number_lookups().
-	 */
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_CreateObject (session, object, 2, &handle);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Do a standard find for the same object */
-	rv = test.module->C_FindObjectsInit (session, object, 2);
-	assert_num_eq (CKR_OK, rv);
-	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (1, count);
-	assert_num_eq (handle, check);
-	rv = test.module->C_FindObjectsFinal (session);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Do a find for the serial number decoded */
-	rv = test.module->C_FindObjectsInit (session, match_decoded, 2);
-	assert_num_eq (CKR_OK, rv);
-	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (1, count);
-	assert_num_eq (handle, check);
-	rv = test.module->C_FindObjectsFinal (session);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_find_serial_der_mismatch (void)
-{
-	CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-
-	CK_ATTRIBUTE object[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
-		{ CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE match[] = {
-		{ CKA_SERIAL_NUMBER, NULL, 0 },
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_OBJECT_HANDLE check;
-	CK_ULONG count;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert_num_eq (CKR_OK, rv);
-
-	rv = test.module->C_CreateObject (session, object, 2, &handle);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Do a find with a null serial number, no match */
-	rv = test.module->C_FindObjectsInit (session, match, 2);
-	assert_num_eq (CKR_OK, rv);
-	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (0, count);
-	rv = test.module->C_FindObjectsFinal (session);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Do a find with a wrong length, no match */
-	match[0].pValue = "at";
-	match[0].ulValueLen = 2;
-	rv = test.module->C_FindObjectsInit (session, match, 2);
-	assert_num_eq (CKR_OK, rv);
-	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (0, count);
-	rv = test.module->C_FindObjectsFinal (session);
-	assert_num_eq (CKR_OK, rv);
-
-	/* Do a find with a right length, wrong value, no match */
-	match[0].pValue = "one";
-	match[0].ulValueLen = 3;
-	rv = test.module->C_FindObjectsInit (session, match, 2);
-	assert_num_eq (CKR_OK, rv);
-	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	assert_num_eq (CKR_OK, rv);
-	assert_num_eq (0, count);
-	rv = test.module->C_FindObjectsFinal (session);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_login_logout (void)
-{
-	CK_SESSION_HANDLE session;
-	CK_RV rv;
-
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	assert (rv == CKR_OK);
-
-	/* Just testing our stubs for now */
-
-	rv = test.module->C_Login (session, CKU_USER, NULL, 0);
-	assert (rv == CKR_USER_TYPE_INVALID);
-
-	rv = test.module->C_Logout (session);
-	assert (rv == CKR_USER_NOT_LOGGED_IN);
-}
-
-static void
-test_token_writable (void)
-{
-	CK_TOKEN_INFO info;
-	CK_RV rv;
-
-	rv = test.module->C_GetTokenInfo (test.slots[0], &info);
-
-	assert_num_eq (rv, CKR_OK);
-	assert_num_eq (info.flags & CKF_WRITE_PROTECTED, 0);
-}
-
-static void
-test_session_read_only_create (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_TOKEN, &vtrue, sizeof (vtrue) },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	/* Read-only session */
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION,
-	                                 NULL, NULL, &session);
-	assert (rv == CKR_OK);
-
-	/* Create a token object */
-	rv = test.module->C_CreateObject (session, original, 4, &handle);
-	assert_num_eq (rv, CKR_SESSION_READ_ONLY);
-}
-
-static void
-test_create_and_write (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_TOKEN, &vtrue, sizeof (vtrue) },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_APPLICATION, "", 0 },
-		{ CKA_OBJECT_ID, "", 0 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	p11_array *parsed;
-	char *path;
-	CK_RV rv;
-	int ret;
-
-	/* Read-only session */
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION,
-	                                 NULL, NULL, &session);
-	assert_num_eq (rv, CKR_OK);
-
-	/* Create a token object */
-	rv = test.module->C_CreateObject (session, original, 4, &handle);
-	assert_num_eq (rv, CKR_OK);
-
-	/* The expected file name */
-	path = p11_path_build (test.directory, "yay.p11-kit", NULL);
-	p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
-	ret = p11_parse_file (test.parser, path, NULL, 0);
-	assert_num_eq (ret, P11_PARSE_SUCCESS);
-	free (path);
-
-	parsed = p11_parser_parsed (test.parser);
-	assert_num_eq (parsed->num, 1);
-
-	test_check_attrs (expected, parsed->elem[0]);
-}
-
-static void
-test_modify_and_write (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_TOKEN, &vtrue, sizeof (vtrue) },
-		{ CKA_MODIFIABLE, &vtrue, sizeof (vtrue) },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "yay", 3 },
-		{ CKA_VALUE, "nine", 4 },
-		{ CKA_APPLICATION, "", 0 },
-		{ CKA_OBJECT_ID, "", 0 },
-		{ CKA_INVALID }
-	};
-
-	CK_SESSION_HANDLE session;
-	CK_OBJECT_HANDLE handle;
-	p11_array *parsed;
-	char *path;
-	CK_RV rv;
-	int ret;
-
-	/* Read-only session */
-	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION,
-	                                 NULL, NULL, &session);
-	assert_num_eq (rv, CKR_OK);
-
-	/* Create a token object */
-	rv = test.module->C_CreateObject (session, original, 5, &handle);
-	assert_num_eq (rv, CKR_OK);
-
-	/* Now modify the object */
-	original[0].pValue = "nine";
-	original[0].ulValueLen = 4;
-
-	rv = test.module->C_SetAttributeValue (session, handle, original, 5);
-	assert_num_eq (rv, CKR_OK);
-
-	/* The expected file name */
-	path = p11_path_build (test.directory, "yay.p11-kit", NULL);
-	ret = p11_parse_file (test.parser, path, NULL, 0);
-	assert_num_eq (ret, P11_PARSE_SUCCESS);
-	free (path);
-
-	parsed = p11_parser_parsed (test.parser);
-	assert_num_eq (parsed->num, 1);
-
-	test_check_attrs (expected, parsed->elem[0]);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_library_init ();
-
-	p11_fixture (setup, teardown);
-	p11_test (test_get_slot_list, "/module/get_slot_list");
-	p11_test (test_get_slot_info, "/module/get_slot_info");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_null_initialize, "/module/initialize-null");
-	p11_test (test_multi_initialize, "/module/initialize-multi");
-	p11_test (test_get_token_info, "/module/get_token_info");
-
-	p11_fixture (setup, teardown);
-	p11_test (test_get_session_info, "/module/get_session_info");
-	p11_test (test_close_all_sessions, "/module/close_all_sessions");
-	p11_test (test_find_certificates, "/module/find_certificates");
-	p11_test (test_find_builtin, "/module/find_builtin");
-	p11_test (test_lookup_invalid, "/module/lookup_invalid");
-	p11_test (test_remove_token, "/module/remove_token");
-	p11_test (test_setattr_token, "/module/setattr_token");
-	p11_test (test_session_object, "/module/session_object");
-	p11_test (test_session_find, "/module/session_find");
-	p11_test (test_session_find_no_attr, "/module/session_find_no_attr");
-	p11_test (test_session_copy, "/module/session_copy");
-	p11_test (test_session_remove, "/module/session_remove");
-	p11_test (test_session_setattr, "/module/session_setattr");
-	p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded");
-	p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch");
-	p11_test (test_login_logout, "/module/login_logout");
-
-	p11_fixture (setup_writable, teardown);
-	p11_test (test_token_writable, "/module/token-writable");
-	p11_test (test_session_read_only_create, "/module/session-read-only-create");
-	p11_test (test_create_and_write, "/module/create-and-write");
-	p11_test (test_modify_and_write, "/module/modify-and-write");
-
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-oid.c b/trust/tests/test-oid.c
deleted file mode 100644
index 0635d0a..0000000
--- a/trust/tests/test-oid.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "debug.h"
-#include "oid.h"
-
-#include <libtasn1.h>
-
-#include "pkix.asn.h"
-
-static void
-test_known_oids (void)
-{
-	char buffer[128];
-	node_asn *definitions = NULL;
-	node_asn *node;
-	int ret;
-	int len;
-	int i;
-
-	struct {
-		const unsigned char *oid;
-		size_t length;
-		const char *string;
-	} known_oids[] = {
-		{ P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), P11_OID_SUBJECT_KEY_IDENTIFIER_STR, },
-		{ P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), P11_OID_KEY_USAGE_STR, },
-		{ P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), P11_OID_BASIC_CONSTRAINTS_STR },
-		{ P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), P11_OID_EXTENDED_KEY_USAGE_STR },
-		{ P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), P11_OID_OPENSSL_REJECT_STR },
-		{ P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), P11_OID_SERVER_AUTH_STR },
-		{ P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), P11_OID_CLIENT_AUTH_STR },
-		{ P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), P11_OID_CODE_SIGNING_STR },
-		{ P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), P11_OID_EMAIL_PROTECTION_STR },
-		{ P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), P11_OID_IPSEC_END_SYSTEM_STR },
-		{ P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), P11_OID_IPSEC_TUNNEL_STR },
-		{ P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), P11_OID_IPSEC_USER_STR },
-		{ P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), P11_OID_TIME_STAMPING_STR },
-		{ P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), P11_OID_RESERVED_PURPOSE_STR },
-		{ NULL },
-	};
-
-	ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL);
-	assert (ret == ASN1_SUCCESS);
-
-	for (i = 0; known_oids[i].oid != NULL; i++) {
-
-		assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length));
-		assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid));
-		assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid));
-
-		if (i > 0)
-			assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid));
-
-		/* AttributeType is a OBJECT IDENTIFIER */
-		ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node);
-		assert (ret == ASN1_SUCCESS);
-
-		ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL);
-		assert (ret == ASN1_SUCCESS);
-
-		len = sizeof (buffer);
-		ret = asn1_read_value (node, "", buffer, &len);
-		assert (ret == ASN1_SUCCESS);
-
-		assert_str_eq (known_oids[i].string, buffer);
-
-		asn1_delete_structure (&node);
-	}
-
-	asn1_delete_structure (&definitions);
-}
-
-static void
-test_hash (void)
-{
-	assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, 0);
-	assert_num_cmp (p11_oid_hash (P11_OID_CN), ==, p11_oid_hash (P11_OID_CN));
-	assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, p11_oid_hash (P11_OID_BASIC_CONSTRAINTS));
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_test (test_known_oids, "/oids/known");
-	p11_test (test_hash, "/oids/hash");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-openssl.c b/trust/tests/test-openssl.c
deleted file mode 100644
index 583ce24..0000000
--- a/trust/tests/test-openssl.c
+++ /dev/null
@@ -1,658 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "buffer.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-struct {
-	CK_FUNCTION_LIST module;
-	p11_enumerate ex;
-	char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
-	CK_RV rv;
-
-	mock_module_reset ();
-	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-	rv = test.module.C_Initialize (NULL);
-	assert_num_eq (CKR_OK, rv);
-
-	p11_enumerate_init (&test.ex);
-
-	test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
-	CK_RV rv;
-
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-	free (test.directory);
-
-	p11_enumerate_cleanup (&test.ex);
-	p11_kit_iter_free (test.ex.iter);
-
-	rv = test.module.C_Finalize (NULL);
-	assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-static CK_BBOOL vtrue = CK_TRUE;
-
-static CK_ATTRIBUTE cacert3_authority_attrs[] = {
-	{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-	{ CKA_LABEL, "Custom Label", 12 },
-	{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-	{ CKA_TRUSTED, &vtrue, sizeof (vtrue) },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE verisign_v1_attrs[] = {
-	{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-	{ CKA_LABEL, "Custom Label", 12 },
-	{ CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
-	{ CKA_TRUSTED, &vtrue, sizeof (vtrue) },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_eku_server[] = {
-	{ CKA_CLASS, &extension_class, sizeof (extension_class) },
-	{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-	{ CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_reject_email[] = {
-	{ CKA_CLASS, &extension_class, sizeof (extension_class) },
-	{ CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
-	{ CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 },
-	{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-	{ CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
-	{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-	{ CKA_INVALID },
-};
-
-static void
-setup_objects (const CK_ATTRIBUTE *attrs,
-               ...) GNUC_NULL_TERMINATED;
-
-static void
-setup_objects (const CK_ATTRIBUTE *attrs,
-               ...)
-{
-	static CK_ULONG id_value = 8888;
-
-	CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) };
-	CK_ATTRIBUTE *copy;
-	va_list va;
-
-	va_start (va, attrs);
-	while (attrs != NULL) {
-		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
-		assert (copy != NULL);
-		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
-		attrs = va_arg (va, const CK_ATTRIBUTE *);
-	}
-	va_end (va);
-
-	id_value++;
-}
-
-static void
-test_file (void)
-{
-	char *destination;
-	bool ret;
-
-	setup_objects (cacert3_authority_attrs,
-	               extension_eku_server,
-	               extension_reject_email,
-	               NULL);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem",
-	                 SRCDIR "/files/cacert3-trusted-server-alias.pem");
-
-	free (destination);
-}
-
-static void
-test_plain (void)
-{
-	char *destination;
-	bool ret;
-
-	setup_objects (cacert3_authority_attrs, NULL);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem",
-	                 SRCDIR "/files/cacert3-trusted-alias.pem");
-
-	free (destination);
-}
-
-static void
-test_keyid (void)
-{
-	char *destination;
-	bool ret;
-
-	static CK_ATTRIBUTE cacert3_plain[] = {
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-		{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_TRUSTED, &vtrue, sizeof (vtrue) },
-		{ CKA_INVALID },
-	};
-
-	static CK_ATTRIBUTE extension_subject_key_identifier[] = {
-		{ CKA_CLASS, &extension_class, sizeof (extension_class) },
-		{ CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x0e\x04\x07\x00\x01\x02\x03\x04\x05\x06", 16 },
-		{ CKA_INVALID },
-	};
-
-	setup_objects (cacert3_plain, extension_subject_key_identifier, NULL);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem",
-	                 SRCDIR "/files/cacert3-trusted-keyid.pem");
-
-	free (destination);
-}
-
-static void
-test_not_authority (void)
-{
-	char *destination;
-	bool ret;
-
-	static CK_ATTRIBUTE cacert3_not_trusted[] = {
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-		{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_INVALID },
-	};
-
-	setup_objects (cacert3_not_trusted, NULL);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem",
-	                 SRCDIR "/files/cacert3-not-trusted.pem");
-
-	free (destination);
-}
-
-static void
-test_distrust_all (void)
-{
-	char *destination;
-	bool ret;
-
-	static CK_ATTRIBUTE cacert3_blacklist[] = {
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_CLASS, &certificate_class, sizeof (certificate_class) },
-		{ CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_X_DISTRUSTED, &vtrue, sizeof (vtrue) },
-		{ CKA_INVALID },
-	};
-
-	setup_objects (cacert3_blacklist, NULL);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem",
-	                 SRCDIR "/files/cacert3-distrust-all.pem");
-
-	free (destination);
-}
-
-static void
-test_file_multiple (void)
-{
-	char *destination;
-	bool ret;
-
-	setup_objects (cacert3_authority_attrs,
-	               extension_eku_server,
-	               extension_reject_email,
-	               NULL);
-
-	setup_objects (verisign_v1_attrs,
-	               NULL);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_file (test.directory, "extract.pem", SRCDIR "/files/multiple.pem");
-	free (destination);
-}
-
-static void
-test_file_without (void)
-{
-	char *destination;
-	bool ret;
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_bundle (&test.ex, destination);
-	assert_num_eq (true, ret);
-
-	test_check_data (test.directory, "extract.pem", "", 0);
-
-	free (destination);
-}
-
-/* From extract-openssl.c */
-void p11_openssl_canon_string (char *str, size_t *len);
-
-static void
-test_canon_string (void)
-{
-	struct {
-		char *input;
-		int input_len;
-		char *output;
-		int output_len;
-	} fixtures[] = {
-		{ "A test", -1, "a test", -1 },
-		{ "   Strip spaces   ", -1, "strip spaces", -1 },
-		{ " Collapse \n\t spaces", -1, "collapse spaces", -1 },
-		{ "Ignore non-ASCII \303\204", -1, "ignore non-ascii \303\204", -1 },
-		{ "no-space", -1, "no-space", -1 },
-	};
-
-	char *str;
-	size_t len;
-	size_t out;
-	int i;
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		if (fixtures[i].input_len < 0)
-			len = strlen (fixtures[i].input);
-		else
-			len = fixtures[i].input_len;
-		str = strndup (fixtures[i].input, len);
-
-		p11_openssl_canon_string (str, &len);
-
-		if (fixtures[i].output_len < 0)
-			out = strlen (fixtures[i].output);
-		else
-			out = fixtures[i].output_len;
-		assert_num_eq (out, len);
-		assert_str_eq (fixtures[i].output, str);
-
-		free (str);
-	}
-}
-
-bool   p11_openssl_canon_string_der  (p11_buffer *der);
-
-static void
-test_canon_string_der (void)
-{
-	struct {
-		unsigned char input[100];
-		int input_len;
-		unsigned char output[100];
-		int output_len;
-	} fixtures[] = {
-		/* UTF8String */
-		{ { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17,
-		  { 0x0c, 0x0e, 0xc3, 0x84, ' ', 'u', 't', 'f', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', }, 16,
-		},
-
-		/* NumericString */
-		{ { 0x12, 0x04, '0', '1', '2', '3', }, 6,
-		  { 0x0c, 0x04, '0', '1', '2', '3' }, 6,
-		},
-
-		/* IA5String */
-		{ { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6,
-		  { 0x0c, 0x02, 'a', 'b',  }, 4,
-		},
-
-		/* TeletexString */
-		{ { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
-		  { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8,
-		},
-
-		/* PrintableString */
-		{ { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
-		  { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8,
-		},
-
-		/* No change, not a known string type */
-		{ { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
-		  { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9
-		},
-
-		/* UniversalString */
-		{ { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u',
-		    0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22,
-		  { 0x0c, 0x08, 'f', 'u', 'n', ' ', 0xf0, 0x90, 0x8c, 0x99 }, 10,
-		},
-
-		/* BMPString */
-		{ { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12,
-		  { 0x0c, 0x06, 'v', 0xc3, 0xb6, 'g', 'e', 'l' }, 8,
-		},
-	};
-
-	p11_buffer buf;
-	bool ret;
-	int i;
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len),
-		                      fixtures[i].input_len, 0, realloc, free);
-
-		ret = p11_openssl_canon_string_der (&buf);
-		assert_num_eq (true, ret);
-
-		assert_num_eq (fixtures[i].output_len, buf.len);
-		assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0);
-
-		p11_buffer_uninit (&buf);
-	}
-}
-
-bool   p11_openssl_canon_name_der     (p11_dict *asn1_defs,
-                                       p11_buffer *der);
-
-static void
-test_canon_name_der (void)
-{
-	struct {
-		unsigned char input[100];
-		int input_len;
-		unsigned char output[100];
-		int output_len;
-	} fixtures[] = {
-		{ { '0', 'T', '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a,
-		    0x13, 0x0b, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'I', 'n',
-		    'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04,
-		    0x0b, 0x13, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w',
-		    'w', 'w', '.', 'C', 'A', 'c', 'e', 'r', 't', '.', 'o', 'r',
-		    'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x13,
-		    0x13, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'C', 'l', 'a', 's',
-		    's', 0x20, '3', 0x20, 'R', 'o', 'o', 't', }, 86,
-		  { '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a,
-		    0x0c, 0x0b, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'i', 'n',
-		    'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04,
-		    0x0b, 0x0c, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w',
-		    'w', 'w', '.', 'c', 'a', 'c', 'e', 'r', 't', '.', 'o', 'r',
-		    'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x0c,
-		    0x13, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'c', 'l', 'a', 's',
-		    's', 0x20, '3', 0x20, 'r', 'o', 'o', 't', }, 84,
-		},
-		{ { '0', 0x00, }, 2,
-		  { }, 0,
-		},
-	};
-
-	p11_buffer buf;
-	p11_dict *asn1_defs;
-	bool ret;
-	int i;
-
-	asn1_defs = p11_asn1_defs_load ();
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len),
-		                      fixtures[i].input_len, 0, realloc, free);
-
-		ret = p11_openssl_canon_name_der (asn1_defs, &buf);
-		assert_num_eq (true, ret);
-
-		assert_num_eq (fixtures[i].output_len, buf.len);
-		assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0);
-
-		p11_buffer_uninit (&buf);
-	}
-
-	p11_dict_free (asn1_defs);
-}
-
-static void
-test_canon_string_der_fail (void)
-{
-	struct {
-		unsigned char input[100];
-		int input_len;
-	} fixtures[] = {
-		{ { 0x0c, 0x02, 0xc3, 0xc4 /* Invalid UTF-8 */ }, 4 },
-		{ { 0x1e, 0x01, 0x00 /* Invalid UCS2 */ }, 3 },
-		{ { 0x1c, 0x02, 0x00, 0x01 /* Invalid UCS4 */ }, 4 },
-	};
-
-	p11_buffer buf;
-	bool ret;
-	int i;
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len),
-		                      fixtures[i].input_len, 0, realloc, free);
-
-		ret = p11_openssl_canon_string_der (&buf);
-		assert_num_eq (false, ret);
-
-		p11_buffer_uninit (&buf);
-	}
-}
-
-static void
-test_directory (void)
-{
-	bool ret;
-
-	setup_objects (cacert3_authority_attrs,
-	               extension_eku_server,
-	               extension_reject_email,
-	               NULL);
-
-	/* Accesses the above objects */
-	setup_objects (cacert3_authority_attrs,
-	               NULL);
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	/* Yes, this is a race, and why you shouldn't build software as root */
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_directory (&test.ex, test.directory);
-	assert_num_eq (true, ret);
-
-	test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem",
-#ifdef OS_UNIX
-	                                           "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0",
-#endif
-	                                           NULL));
-	test_check_file (test.directory, "Custom_Label.pem",
-	                 SRCDIR "/files/cacert3-trusted-server-alias.pem");
-	test_check_file (test.directory, "Custom_Label.1.pem",
-	                 SRCDIR "/files/cacert3-trusted-server-alias.pem");
-#ifdef OS_UNIX
-	test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem");
-	test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem");
-	test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem");
-	test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem");
-#endif
-}
-
-static void
-test_directory_empty (void)
-{
-	bool ret;
-
-	p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
-	p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
-	/* Yes, this is a race, and why you shouldn't build software as root */
-	if (rmdir (test.directory) < 0)
-		assert_not_reached ();
-
-	ret = p11_extract_openssl_directory (&test.ex, test.directory);
-	assert_num_eq (true, ret);
-
-	test_check_directory (test.directory, (NULL, NULL));
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	mock_module_init ();
-
-	p11_fixture (setup, teardown);
-	p11_test (test_file, "/openssl/test_file");
-	p11_test (test_plain, "/openssl/test_plain");
-	p11_test (test_keyid, "/openssl/test_keyid");
-	p11_test (test_not_authority, "/openssl/test_not_authority");
-	p11_test (test_distrust_all, "/openssl/test_distrust_all");
-	p11_test (test_file_multiple, "/openssl/test_file_multiple");
-	p11_test (test_file_without, "/openssl/test_file_without");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_canon_string, "/openssl/test_canon_string");
-	p11_test (test_canon_string_der, "/openssl/test_canon_string_der");
-	p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail");
-	p11_test (test_canon_name_der, "/openssl/test_canon_name_der");
-
-	p11_fixture (setup, teardown);
-	p11_test (test_directory, "/openssl/test_directory");
-	p11_test (test_directory_empty, "/openssl/test_directory_empty");
-
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
deleted file mode 100644
index c6cfe9a..0000000
--- a/trust/tests/test-parser.c
+++ /dev/null
@@ -1,569 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "array.h"
-#include "attrs.h"
-#include "builder.h"
-#include "debug.h"
-#include "message.h"
-#include "oid.h"
-#include "parser.h"
-#include "pkcs11x.h"
-
-struct {
-	p11_parser *parser;
-	p11_array *parsed;
-	p11_asn1_cache *cache;
-} test;
-
-static void
-setup (void *unused)
-{
-	test.cache = p11_asn1_cache_new ();
-	test.parser = p11_parser_new (test.cache);
-	assert_ptr_not_null (test.parser);
-
-	test.parsed = p11_parser_parsed (test.parser);
-	assert_ptr_not_null (test.parsed);
-}
-
-static void
-teardown (void *unused)
-{
-	p11_parser_free (test.parser);
-	p11_asn1_cache_free (test.cache);
-	memset (&test, 0, sizeof (test));
-}
-
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
-static CK_BBOOL falsev = CK_FALSE;
-static CK_BBOOL truev = CK_TRUE;
-static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-
-static CK_ATTRIBUTE certificate_match[] = {
-	{ CKA_CLASS, &certificate, sizeof (certificate) },
-	{ CKA_INVALID, },
-};
-
-static CK_ATTRIBUTE *
-parsed_attrs (CK_ATTRIBUTE *match,
-              int length)
-{
-	int i;
-
-	if (length < 0)
-		length = p11_attrs_count (match);
-	for (i = 0; i < test.parsed->num; i++) {
-		if (p11_attrs_matchn (test.parsed->elem[i], match, length))
-			return test.parsed->elem[i];
-	}
-
-	return NULL;
-}
-
-static void
-test_parse_der_certificate (void)
-{
-	CK_ATTRIBUTE *cert;
-	int ret;
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", NULL,
-	                      P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/* Should have gotten certificate */
-	assert_num_eq (1, test.parsed->num);
-
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_pem_certificate (void)
-{
-	CK_ATTRIBUTE *cert;
-	int ret;
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.pem", NULL,
-	                      P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/* Should have gotten certificate  */
-	assert_num_eq (1, test.parsed->num);
-
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_p11_kit_persist (void)
-{
-	CK_ATTRIBUTE *cert;
-	int ret;
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/input/verisign-v1.p11-kit", NULL,
-	                      P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/* Should have gotten certificate  */
-	assert_num_eq (1, test.parsed->num);
-
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_openssl_trusted (void)
-{
-	CK_ATTRIBUTE cacert3[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE eku_extension[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE reject_extension[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
-		{ CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *expected[] = {
-		cacert3,
-		eku_extension,
-		reject_extension,
-		NULL
-	};
-
-	CK_ATTRIBUTE *cert;
-	CK_ATTRIBUTE *object;
-	int ret;
-	int i;
-
-	p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3-trusted.pem", NULL,
-	                      P11_PARSE_FLAG_ANCHOR);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/*
-	 * Should have gotten:
-	 * - 1 certificate
-	 * - 2 stapled extensions
-	 */
-	assert_num_eq (3, test.parsed->num);
-
-	/* The certificate */
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (expected[0], cert);
-
-	/* The other objects */
-	for (i = 1; expected[i]; i++) {
-		object = parsed_attrs (expected[i], 2);
-		assert_ptr_not_null (object);
-
-		test_check_attrs (expected[i], object);
-		test_check_id (cert, object);
-	}
-}
-
-static void
-test_parse_openssl_distrusted (void)
-{
-	static const char distrust_public_key[] = {
-		0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
-		0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, 0xc7, 0x0d,
-		0x61, 0xa2, 0x2f, 0xc0, 0x5a, 0xad, 0x45, 0x83, 0x22, 0x33, 0x42, 0xea, 0xec, 0x42, 0x5e, 0xa6,
-		0x0d, 0x42, 0x4c, 0x1c, 0x9a, 0x12, 0x0b, 0x5f, 0xe7, 0x25, 0xf9, 0x8b, 0x83, 0x0c, 0x0a, 0xc5,
-		0x2f, 0x5a, 0x58, 0x56, 0xb8, 0xad, 0x87, 0x6d, 0xbc, 0x80, 0x5d, 0xdd, 0x49, 0x45, 0x39, 0x5f,
-		0xb9, 0x08, 0x3a, 0x63, 0xe4, 0x92, 0x33, 0x61, 0x79, 0x19, 0x1b, 0x9d, 0xab, 0x3a, 0xd5, 0x7f,
-		0xa7, 0x8b, 0x7f, 0x8a, 0x5a, 0xf6, 0xd7, 0xde, 0xaf, 0xa1, 0xe5, 0x53, 0x31, 0x29, 0x7d, 0x9c,
-		0x03, 0x55, 0x3e, 0x47, 0x78, 0xcb, 0xb9, 0x7a, 0x98, 0x8c, 0x5f, 0x8d, 0xda, 0x09, 0x0f, 0xc8,
-		0xfb, 0xf1, 0x7a, 0x80, 0xee, 0x12, 0x77, 0x0a, 0x00, 0x8b, 0x70, 0xfa, 0x62, 0xbf, 0xaf, 0xee,
-		0x0b, 0x58, 0x16, 0xf9, 0x9c, 0x5c, 0xde, 0x93, 0xb8, 0x4f, 0xdf, 0x4d, 0x7b, 0x02, 0x03, 0x01,
-		0x00, 0x01,
-	};
-
-	CK_ATTRIBUTE distrust_cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate), },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE eku_extension[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) },
-		{ CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE reject_extension[] = {
-		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
-		{ CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
-		{ CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) },
-		{ CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *expected[] = {
-		distrust_cert,
-		eku_extension,
-		reject_extension,
-		NULL
-	};
-
-	CK_ATTRIBUTE *cert;
-	CK_ATTRIBUTE *object;
-	int ret;
-	int i;
-
-	/*
-	 * OpenSSL style is to litter the blacklist in with the anchors,
-	 * so we parse this as an anchor, but expect it to be blacklisted
-	 */
-	p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/distrusted.pem", NULL,
-	                      P11_PARSE_FLAG_ANCHOR);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/*
-	 * Should have gotten:
-	 * - 1 certificate
-	 * - 2 stapled extensions
-	 */
-	assert_num_eq (3, test.parsed->num);
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (expected[0], cert);
-
-	/* The other objects */
-	for (i = 1; expected[i]; i++) {
-		object = parsed_attrs (expected[i], 2);
-		assert_ptr_not_null (object);
-
-		test_check_attrs (expected[i], object);
-		test_check_id (cert, object);
-	}
-}
-
-static void
-test_openssl_trusted_no_trust (void)
-{
-	CK_ATTRIBUTE *cert;
-	int ret;
-
-	char expected_value[] = {
-		0x30, 0x82, 0x04, 0x99, 0x30, 0x82, 0x03, 0x81, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5d,
-		0x20, 0x61, 0x8e, 0x8c, 0x0e, 0xb9, 0x34, 0x40, 0x93, 0xb9, 0xb1, 0xd8, 0x63, 0x95, 0xb6, 0x30,
-		0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f,
-		0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30,
-		0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
-		0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64,
-		0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20,
-		0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06,
-		0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45,
-		0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30,
-		0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x30, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
-		0x17, 0x0d, 0x31, 0x35, 0x31, 0x31, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30,
-		0x7f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b,
-		0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06,
-		0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20,
-		0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54,
-		0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74,
-		0x77, 0x6f, 0x72, 0x6b, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x55,
-		0x53, 0x45, 0x52, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20,
-		0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41,
-		0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-		0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
-		0x00, 0xd9, 0x4d, 0x20, 0x3a, 0xe6, 0x29, 0x30, 0x86, 0xf2, 0xe9, 0x86, 0x89, 0x76, 0x34, 0x4e,
-		0x68, 0x1f, 0x96, 0x44, 0xf7, 0xd1, 0xf9, 0xd6, 0x82, 0x4e, 0xa6, 0x38, 0x9e, 0xee, 0xcb, 0x5b,
-		0xe1, 0x8e, 0x2e, 0xbd, 0xf2, 0x57, 0x80, 0xfd, 0xc9, 0x3f, 0xfc, 0x90, 0x73, 0x44, 0xbc, 0x8f,
-		0xbb, 0x57, 0x5b, 0xe5, 0x2d, 0x1f, 0x14, 0x30, 0x75, 0x36, 0xf5, 0x7f, 0xbc, 0xcf, 0x56, 0xf4,
-		0x7f, 0x81, 0xff, 0xae, 0x91, 0xcd, 0xd8, 0xd2, 0x6a, 0xcb, 0x97, 0xf9, 0xf7, 0xcd, 0x90, 0x6a,
-		0x45, 0x2d, 0xc4, 0xbb, 0xa4, 0x85, 0x13, 0x68, 0x57, 0x5f, 0xef, 0x29, 0xba, 0x2a, 0xca, 0xea,
-		0xf5, 0xcc, 0xa4, 0x04, 0x9b, 0x63, 0xcd, 0x00, 0xeb, 0xfd, 0xed, 0x8d, 0xdd, 0x23, 0xc6, 0x7b,
-		0x1e, 0x57, 0x1d, 0x36, 0x7f, 0x1f, 0x08, 0x9a, 0x0d, 0x61, 0xdb, 0x5a, 0x6c, 0x71, 0x02, 0x53,
-		0x28, 0xc2, 0xfa, 0x8d, 0xfd, 0xab, 0xbb, 0xb3, 0xf1, 0x8d, 0x74, 0x4b, 0xdf, 0xbd, 0xbd, 0xcc,
-		0x06, 0x93, 0x63, 0x09, 0x95, 0xc2, 0x10, 0x7a, 0x9d, 0x25, 0x90, 0x32, 0x9d, 0x01, 0xc2, 0x39,
-		0x53, 0xb0, 0xe0, 0x15, 0x6b, 0xc7, 0xd7, 0x74, 0xe5, 0xa4, 0x22, 0x9b, 0xe4, 0x94, 0xff, 0x84,
-		0x91, 0xfb, 0x2d, 0xb3, 0x19, 0x43, 0x2d, 0x93, 0x0f, 0x9c, 0x12, 0x09, 0xe4, 0x67, 0xb9, 0x27,
-		0x7a, 0x32, 0xad, 0x7a, 0x2a, 0xcc, 0x41, 0x58, 0xc0, 0x6e, 0x59, 0x5f, 0xee, 0x38, 0x2b, 0x17,
-		0x22, 0x9c, 0x89, 0xfa, 0x6e, 0xe7, 0xe5, 0x57, 0x35, 0xf4, 0x5a, 0xed, 0x92, 0x95, 0x93, 0x2d,
-		0xf9, 0xcc, 0x24, 0x3f, 0xa5, 0x1c, 0x3d, 0x27, 0xbd, 0x22, 0x03, 0x73, 0xcc, 0xf5, 0xca, 0xf3,
-		0xa9, 0xf4, 0xdc, 0xfe, 0xcf, 0xe9, 0xd0, 0x5c, 0xd0, 0x0f, 0xab, 0x87, 0xfc, 0x83, 0xfd, 0xc8,
-		0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x1f,
-		0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34,
-		0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30,
-		0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xaf, 0xa4, 0x40, 0xaf, 0x9f, 0x16,
-		0xfe, 0xab, 0x31, 0xfd, 0xfb, 0xd5, 0x97, 0x8b, 0xf5, 0x91, 0xa3, 0x24, 0x86, 0x16, 0x30, 0x0e,
-		0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12,
-		0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
-		0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b,
-		0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
-		0x02, 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c,
-		0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x01, 0x03, 0x04, 0x30, 0x44, 0x06, 0x03,
-		0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, 0x35, 0x86, 0x33, 0x68,
-		0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72,
-		0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
-		0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x2e, 0x63,
-		0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29,
-		0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19,
-		0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72,
-		0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-		0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x84, 0xae, 0x2d,
-		0x68, 0x38, 0x11, 0x6c, 0x83, 0x51, 0x62, 0xc0, 0x91, 0xc2, 0x98, 0xbc, 0xc6, 0x3b, 0xfa, 0xa5,
-		0xc5, 0xbd, 0x3b, 0x09, 0xe6, 0x6e, 0x60, 0x6f, 0x30, 0x03, 0x86, 0x22, 0x1a, 0xb2, 0x8b, 0xf3,
-		0xc6, 0xce, 0x1e, 0xbb, 0x1b, 0x79, 0xe0, 0x16, 0x14, 0x4d, 0xd2, 0x9a, 0x05, 0x4b, 0xff, 0x8f,
-		0xec, 0xf0, 0x28, 0x29, 0xea, 0x2a, 0x04, 0x1d, 0x3d, 0xaf, 0x11, 0x12, 0xd5, 0x49, 0x98, 0x50,
-		0x42, 0x9f, 0x61, 0x66, 0x3a, 0xb6, 0x40, 0x99, 0x04, 0x0c, 0x6b, 0x10, 0x32, 0xe9, 0xf7, 0xcf,
-		0x86, 0x58, 0x4f, 0x2d, 0xcd, 0xd3, 0xac, 0x7e, 0xe8, 0x5b, 0x6a, 0x83, 0x7c, 0x0d, 0xa0, 0x9c,
-		0x5c, 0x50, 0x36, 0x75, 0x0d, 0x6d, 0x7e, 0x42, 0xb7, 0xdf, 0xa6, 0xdc, 0x90, 0x5c, 0x6f, 0x23,
-		0x4e, 0x97, 0x1d, 0xf3, 0x22, 0x75, 0xbf, 0x03, 0x35, 0xe6, 0x5d, 0x7f, 0xc7, 0xf9, 0x9b, 0x2c,
-		0x87, 0xf6, 0x8e, 0xd6, 0x25, 0x96, 0x59, 0x9d, 0xcf, 0xea, 0x10, 0x1e, 0xef, 0x6e, 0xea, 0x5a,
-		0x9b, 0x77, 0x18, 0x34, 0xcc, 0x81, 0x77, 0xaf, 0x9a, 0x87, 0xc2, 0x0a, 0xe5, 0xe5, 0x9e, 0x13,
-		0x95, 0x53, 0xbd, 0xbd, 0x49, 0x1a, 0xa5, 0x76, 0x12, 0xf6, 0xdc, 0xf2, 0x91, 0xb7, 0xe9, 0x1a,
-		0xe1, 0xbc, 0x4d, 0x3d, 0x95, 0x71, 0x7d, 0xf8, 0x8d, 0x7c, 0x3e, 0x03, 0x4f, 0x53, 0xed, 0xfe,
-		0x52, 0xfd, 0xca, 0x5f, 0x93, 0xe1, 0x1a, 0x01, 0x1b, 0x02, 0xb7, 0x73, 0x4e, 0xba, 0x66, 0xe9,
-		0x78, 0x8b, 0x50, 0xfe, 0x11, 0xcb, 0xd1, 0x67, 0xd0, 0x22, 0x4f, 0x77, 0xea, 0xcd, 0x14, 0x15,
-		0x40, 0xae, 0x66, 0x5d, 0xe8, 0x2e, 0x7f, 0x1e, 0x88, 0x6f, 0x55, 0x79, 0xd6, 0xb9, 0x7e, 0xe3,
-		0xb5, 0xfd, 0x91, 0xa0, 0xc0, 0xf2, 0x26, 0x87, 0x4b, 0x2f, 0x9d, 0xf5, 0xa0,
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_VALUE, expected_value, sizeof (expected_value) },
-		{ CKA_INVALID },
-	};
-
-	p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/openssl-trust-no-trust.pem", NULL,
-	                      P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/* Should have gotten certificate  */
-	assert_num_eq (1, test.parsed->num);
-
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_anchor (void)
-{
-	CK_ATTRIBUTE cacert3[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *cert;
-	int ret;
-
-	p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", NULL,
-	                      P11_PARSE_FLAG_ANCHOR);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/*
-	 * Should have gotten:
-	 * - 1 certificate
-	 */
-	assert_num_eq (1, test.parsed->num);
-
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (cacert3, cert);
-}
-
-static void
-test_parse_thawte (void)
-{
-	CK_ATTRIBUTE *cert;
-	int ret;
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/thawte.pem", NULL,
-	                      P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/* Should have gotten certificate  */
-	assert_num_eq (1, test.parsed->num);
-
-	cert = parsed_attrs (certificate_match, -1);
-	test_check_attrs (expected, cert);
-}
-
-/* TODO: A certificate that uses generalTime needs testing */
-
-static void
-test_parse_invalid_file (void)
-{
-	int ret;
-
-	p11_message_quiet ();
-
-	p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
-	ret = p11_parse_file (test.parser, "/nonexistant", NULL,
-	                      P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_FAILURE, ret);
-
-	p11_message_loud ();
-}
-
-static void
-test_parse_unrecognized (void)
-{
-	int ret;
-
-	p11_message_quiet ();
-
-	p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
-	ret = p11_parse_file (test.parser, SRCDIR "/files/unrecognized-file.txt", NULL,
-	                      P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_UNRECOGNIZED, ret);
-
-	p11_message_loud ();
-}
-
-static void
-test_parse_no_asn1_cache (void)
-{
-	p11_parser *parser;
-	int ret;
-
-	parser = p11_parser_new (NULL);
-	assert_ptr_not_null (parser);
-
-	p11_parser_formats (parser, p11_parser_format_x509, NULL);
-	ret = p11_parse_file (parser, SRCDIR "/files/cacert3.der", NULL, P11_PARSE_FLAG_NONE);
-	assert_num_eq (P11_PARSE_SUCCESS, ret);
-
-	/* Should have gotten certificate  */
-	assert_num_eq (1, p11_parser_parsed (parser)->num);
-
-	p11_parser_free (parser);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_fixture (setup, teardown);
-	p11_test (test_parse_der_certificate, "/parser/parse_der_certificate");
-	p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate");
-	p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist");
-	p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted");
-	p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted");
-	p11_test (test_openssl_trusted_no_trust, "/parser/openssl-trusted-no-trust");
-	p11_test (test_parse_anchor, "/parser/parse_anchor");
-	p11_test (test_parse_thawte, "/parser/parse_thawte");
-	p11_test (test_parse_invalid_file, "/parser/parse_invalid_file");
-	p11_test (test_parse_unrecognized, "/parser/parse_unrecognized");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_parse_no_asn1_cache, "/parser/null-asn1-cache");
-
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-pem.c b/trust/tests/test-pem.c
deleted file mode 100644
index 0c7d60a..0000000
--- a/trust/tests/test-pem.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "compat.h"
-#include "pem.h"
-
-struct {
-	const char *input;
-	struct {
-		const char *type;
-		const char *data;
-		unsigned int length;
-	} output[8];
-} success_fixtures[] = {
-	{
-	  /* one block */
-	  "-----BEGIN BLOCK1-----\n"
-	  "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	  "-----END BLOCK1-----",
-	  {
-	    {
-	      "BLOCK1",
-	      "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
-	      "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
-	      30,
-	    },
-	    {
-	      NULL,
-	    }
-	  }
-	},
-
-	{
-	  /* one block, with header */
-	  "-----BEGIN BLOCK1-----\n"
-	  "Header1: value1 \n"
-	  " Header2: value2\n"
-	  "\n"
-	  "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	  "-----END BLOCK1-----",
-	  {
-	    {
-	      "BLOCK1",
-	      "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
-	      "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
-	      30,
-	    },
-	    {
-	      NULL,
-	    }
-	  }
-	},
-
-	{
-	  /* two blocks, junk data */
-	  "-----BEGIN BLOCK1-----\n"
-	  "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	  "-----END BLOCK1-----\n"
-	  "blah blah\n"
-	  "-----BEGIN TWO-----\n"
-	  "oy5L157C671HyJMCf9FiK9prvPZfSch6V4EoUfylFoI1Bq6SbL53kg==\n"
-	  "-----END TWO-----\n"
-	  "trailing data",
-	  {
-	    {
-	      "BLOCK1",
-	      "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
-	      "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
-	      30,
-	    },
-	    {
-	      "TWO",
-	      "\xa3\x2e\x4b\xd7\x9e\xc2\xeb\xbd\x47\xc8\x93\x02\x7f\xd1\x62\x2b"
-	      "\xda\x6b\xbc\xf6\x5f\x49\xc8\x7a\x57\x81\x28\x51\xfc\xa5\x16\x82"
-	      "\x35\x06\xae\x92\x6c\xbe\x77\x92",
-	      40
-	    },
-	    {
-	      NULL,
-	    }
-	  }
-	},
-
-	{
-	  NULL,
-	}
-};
-
-typedef struct {
-	int input_index;
-	int output_index;
-	int parsed;
-} Closure;
-
-static void
-on_parse_pem_success (const char *type,
-                      const unsigned char *contents,
-                      size_t length,
-                      void *user_data)
-{
-	Closure *cl = user_data;
-
-	assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length);
-	assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents,
-	                              success_fixtures[cl->input_index].output[cl->output_index].length) == 0);
-
-	cl->output_index++;
-	cl->parsed++;
-}
-
-static void
-test_pem_success (void)
-{
-	Closure cl;
-	int ret;
-	int i;
-	int j;
-
-	for (i = 0; success_fixtures[i].input != NULL; i++) {
-		cl.input_index = i;
-		cl.output_index = 0;
-		cl.parsed = 0;
-
-		ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input),
-		                     on_parse_pem_success, &cl);
-
-		assert (success_fixtures[i].output[cl.output_index].type == NULL);
-
-		/* Count number of outputs, return from p11_pem_parse() should match */
-		for (j = 0; success_fixtures[i].output[j].type != NULL; j++);
-		assert_num_eq (j, ret);
-		assert_num_eq (ret, cl.parsed);
-	}
-}
-
-const char *failure_fixtures[] = {
-	/* too short at end of opening line */
-	"-----BEGIN BLOCK1---\n"
-	"aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	"-----END BLOCK1-----",
-
-	/* truncated */
-	"-----BEGIN BLOCK1---",
-
-	/* no ending */
-	"-----BEGIN BLOCK1-----\n"
-	"aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n",
-
-	/* wrong ending */
-	"-----BEGIN BLOCK1-----\n"
-	"aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	"-----END BLOCK2-----",
-
-	/* wrong ending */
-	"-----BEGIN BLOCK1-----\n"
-	"aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	"-----END INVALID-----",
-
-	/* too short at end of ending line */
-	"-----BEGIN BLOCK1-----\n"
-	"aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	"-----END BLOCK1---",
-
-	/* invalid base64 data */
-	"-----BEGIN BLOCK1-----\n"
-	"!!!!NNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	"-----END BLOCK1-----",
-
-	NULL,
-};
-
-static void
-on_parse_pem_failure (const char *type,
-                      const unsigned char *contents,
-                      size_t length,
-                      void *user_data)
-{
-	assert (false && "not reached");
-}
-
-static void
-test_pem_failure (void)
-{
-	int ret;
-	int i;
-
-	for (i = 0; failure_fixtures[i] != NULL; i++) {
-		ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]),
-		                     on_parse_pem_failure, NULL);
-		assert_num_eq (0, ret);
-	}
-}
-
-typedef struct {
-	const char *input;
-	size_t length;
-	const char *type;
-	const char *output;
-} WriteFixture;
-
-static WriteFixture write_fixtures[] = {
-	{
-	  "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
-	  "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
-	  30, "BLOCK1",
-	  "-----BEGIN BLOCK1-----\n"
-	  "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	  "-----END BLOCK1-----\n",
-	},
-	{
-	  "\x50\x31\x31\x2d\x4b\x49\x54\x0a\x0a\x50\x72\x6f\x76\x69\x64\x65"
-	  "\x73\x20\x61\x20\x77\x61\x79\x20\x74\x6f\x20\x6c\x6f\x61\x64\x20"
-	  "\x61\x6e\x64\x20\x65\x6e\x75\x6d\x65\x72\x61\x74\x65\x20\x50\x4b"
-	  "\x43\x53\x23\x31\x31\x20\x6d\x6f\x64\x75\x6c\x65\x73\x2e\x20\x50"
-	  "\x72\x6f\x76\x69\x64\x65\x73\x20\x61\x20\x73\x74\x61\x6e\x64\x61"
-	  "\x72\x64\x0a\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e"
-	  "\x20\x73\x65\x74\x75\x70\x20\x66\x6f\x72\x20\x69\x6e\x73\x74\x61"
-	  "\x6c\x6c\x69\x6e\x67\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x6d\x6f"
-	  "\x64\x75\x6c\x65\x73\x20\x69\x6e\x20\x73\x75\x63\x68\x20\x61\x20"
-	  "\x77\x61\x79\x20\x74\x68\x61\x74\x20\x74\x68\x65\x79\x27\x72\x65"
-	  "\x0a\x64\x69\x73\x63\x6f\x76\x65\x72\x61\x62\x6c\x65\x2e\x0a\x0a"
-	  "\x41\x6c\x73\x6f\x20\x73\x6f\x6c\x76\x65\x73\x20\x70\x72\x6f\x62"
-	  "\x6c\x65\x6d\x73\x20\x77\x69\x74\x68\x20\x63\x6f\x6f\x72\x64\x69"
-	  "\x6e\x61\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f"
-	  "\x66\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x62\x79\x20\x64\x69\x66"
-	  "\x66\x65\x72\x65\x6e\x74\x0a\x63\x6f\x6d\x70\x6f\x6e\x65\x6e\x74"
-	  "\x73\x20\x6f\x72\x20\x6c\x69\x62\x72\x61\x72\x69\x65\x73\x20\x6c"
-	  "\x69\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x73\x61\x6d"
-	  "\x65\x20\x70\x72\x6f\x63\x65\x73\x73\x2e\x0a",
-	  299, "LONG TYPE WITH SPACES",
-	  "-----BEGIN LONG TYPE WITH SPACES-----\n"
-	  "UDExLUtJVAoKUHJvdmlkZXMgYSB3YXkgdG8gbG9hZCBhbmQgZW51bWVyYXRlIFBL\n"
-	  "Q1MjMTEgbW9kdWxlcy4gUHJvdmlkZXMgYSBzdGFuZGFyZApjb25maWd1cmF0aW9u\n"
-	  "IHNldHVwIGZvciBpbnN0YWxsaW5nIFBLQ1MjMTEgbW9kdWxlcyBpbiBzdWNoIGEg\n"
-	  "d2F5IHRoYXQgdGhleSdyZQpkaXNjb3ZlcmFibGUuCgpBbHNvIHNvbHZlcyBwcm9i\n"
-	  "bGVtcyB3aXRoIGNvb3JkaW5hdGluZyB0aGUgdXNlIG9mIFBLQ1MjMTEgYnkgZGlm\n"
-	  "ZmVyZW50CmNvbXBvbmVudHMgb3IgbGlicmFyaWVzIGxpdmluZyBpbiB0aGUgc2Ft\n"
-	  "ZSBwcm9jZXNzLgo=\n"
-	  "-----END LONG TYPE WITH SPACES-----\n"
-	},
-	{
-	  "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
-	  "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf",
-	  28, "BLOCK1",
-	  "-----BEGIN BLOCK1-----\n"
-	  "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrw==\n"
-	  "-----END BLOCK1-----\n",
-	},
-	{
-	  NULL,
-	}
-};
-
-static void
-on_parse_written (const char *type,
-                  const unsigned char *contents,
-                  size_t length,
-                  void *user_data)
-{
-	WriteFixture *fixture = user_data;
-
-	assert_str_eq (fixture->type, type);
-	assert_num_eq (fixture->length, length);
-	assert (memcmp (contents, fixture->input, length) == 0);
-}
-
-static void
-test_pem_write (void)
-{
-	WriteFixture *fixture;
-	p11_buffer buf;
-	unsigned int count;
-	int i;
-
-	for (i = 0; write_fixtures[i].input != NULL; i++) {
-		fixture = write_fixtures + i;
-
-		if (!p11_buffer_init_null (&buf, 0))
-			assert_not_reached ();
-
-		if (!p11_pem_write ((unsigned char *)fixture->input,
-		                    fixture->length,
-		                    fixture->type, &buf))
-			assert_not_reached ();
-		assert_str_eq (fixture->output, buf.data);
-		assert_num_eq (strlen (fixture->output), buf.len);
-
-		count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture);
-		assert_num_eq (1, count);
-
-		p11_buffer_uninit (&buf);
-	}
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_test (test_pem_success, "/pem/success");
-	p11_test (test_pem_failure, "/pem/failure");
-	p11_test (test_pem_write, "/pem/write");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-persist.c b/trust/tests/test-persist.c
deleted file mode 100644
index 107f131..0000000
--- a/trust/tests/test-persist.c
+++ /dev/null
@@ -1,607 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "array.h"
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "message.h"
-#include "persist.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-
-static void
-test_magic (void)
-{
-	const char *input = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "value: \"blah\"\n"
-	                    "application: \"test-persist\"\n";
-
-	const char *other = "            "
-			"\n\n[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "value: \"blah\"\n"
-	                    "application: \"test-persist\"\n";
-
-	assert (p11_persist_magic ((unsigned char *)input, strlen (input)));
-	assert (!p11_persist_magic ((unsigned char *)input, 5));
-	assert (p11_persist_magic ((unsigned char *)other, strlen (other)));
-	assert (!p11_persist_magic ((unsigned char *)"blah", 4));
-}
-
-static p11_array *
-args_to_array (void *arg,
-               ...) GNUC_NULL_TERMINATED;
-
-static p11_array *
-args_to_array (void *arg,
-               ...)
-{
-	p11_array *array = p11_array_new (NULL);
-
-	va_list (va);
-	va_start (va, arg);
-
-	while (arg != NULL) {
-		p11_array_push (array, arg);
-		arg = va_arg (va, void *);
-	}
-
-	va_end (va);
-
-	return array;
-}
-
-static void
-check_read_msg (const char *file,
-                int line,
-                const char *function,
-                const char *input,
-                p11_array *expected)
-{
-	p11_array *objects;
-	p11_persist *persist;
-	int i;
-
-	persist = p11_persist_new ();
-	objects = p11_array_new (p11_attrs_free);
-
-	if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) {
-		if (expected == NULL)
-			p11_test_fail (file, line, function, "decoding should have failed");
-		for (i = 0; i < expected->num; i++) {
-			if (i >= objects->num)
-				p11_test_fail (file, line, function, "too few objects read");
-			test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]);
-		}
-		if (i != objects->num)
-			p11_test_fail (file, line, function, "too many objects read");
-	} else {
-		if (expected != NULL)
-			p11_test_fail (file, line, function, "decoding failed");
-	}
-
-	p11_array_free (objects);
-	p11_persist_free (persist);
-	p11_array_free (expected);
-}
-
-static void
-check_write_msg (const char *file,
-                 int line,
-                 const char *function,
-                 const char *expected,
-                 p11_array *input)
-{
-	p11_persist *persist;
-	p11_buffer buf;
-	int i;
-
-	persist = p11_persist_new ();
-	p11_buffer_init_null (&buf, 0);
-
-	for (i = 0; i < input->num; i++) {
-		if (!p11_persist_write (persist, input->elem[i], &buf))
-			p11_test_fail (file, line, function, "persist write failed");
-	}
-
-	if (strcmp (buf.data, expected) != 0) {
-	         p11_test_fail (file, line, function, "persist doesn't match: (\n%s----\n%s\n)", \
-	                        expected, (char *)buf.data);
-	}
-
-	p11_buffer_uninit (&buf);
-	p11_array_free (input);
-	p11_persist_free (persist);
-}
-
-#define check_read_success(input, objs) \
-	check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs)
-
-#define check_read_failure(input) \
-	check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL)
-
-#define check_write_success(expected, inputs) \
-	check_write_msg (__FILE__, __LINE__, __FUNCTION__, expected, args_to_array inputs)
-
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_BBOOL truev = CK_TRUE;
-static CK_BBOOL falsev = CK_FALSE;
-
-static void
-test_simple (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "value: \"blah\"\n"
-	                    "application: \"test-persist\"\n\n";
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_VALUE, "blah", 4 },
-		{ CKA_APPLICATION, "test-persist", 12 },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs, NULL));
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_number (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "value-len: 29202390\n"
-	                    "application: \"test-persist\"\n\n";
-
-	CK_ULONG value = 29202390;
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_VALUE_LEN, &value, sizeof (value) },
-		{ CKA_APPLICATION, "test-persist", 12 },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs, NULL));
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_bool (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "private: true\n"
-	                    "modifiable: false\n"
-	                    "application: \"test-persist\"\n\n";
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_PRIVATE, &truev, sizeof (truev) },
-		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
-		{ CKA_APPLICATION, "test-persist", 12 },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs, NULL));
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_oid (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "object-id: 1.2.3.4\n\n";
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs, NULL));
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_constant (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "certificate-type: x-509-attr-cert\n"
-	                    "key-type: rsa\n"
-	                    "x-assertion-type: x-pinned-certificate\n"
-	                    "certificate-category: authority\n"
-	                    "mechanism-type: rsa-pkcs-key-pair-gen\n"
-	                    "trust-server-auth: nss-trust-unknown\n\n";
-
-	CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
-	CK_CERTIFICATE_TYPE type = CKC_X_509_ATTR_CERT;
-	CK_X_ASSERTION_TYPE ass = CKT_X_PINNED_CERTIFICATE;
-	CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_KEY_PAIR_GEN;
-	CK_ULONG category = 2;
-	CK_KEY_TYPE key = CKK_RSA;
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_CERTIFICATE_TYPE, &type, sizeof (type) },
-		{ CKA_KEY_TYPE, &key, sizeof (key) },
-		{ CKA_X_ASSERTION_TYPE, &ass, sizeof (ass) },
-		{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
-		{ CKA_MECHANISM_TYPE, &mech, sizeof (mech) },
-		{ CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs, NULL));
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_unknown (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "38383838: \"the-value-here\"\n\n";
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ 38383838, "the-value-here", 14 },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs, NULL));
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_multiple (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "object-id: 1.2.3.4\n\n"
-	                    "[p11-kit-object-v1]\n"
-	                    "class: nss-trust\n"
-	                    "trust-server-auth: nss-trust-unknown\n\n";
-
-	CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
-
-	CK_ATTRIBUTE attrs1[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE attrs2[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
-		{ CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs1, attrs2, NULL));
-	check_write_success (output, (attrs1, attrs2, NULL));
-}
-
-static void
-test_pem_block (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "id: \"292c92\"\n"
-	                    "trusted: true\n"
-	    "-----BEGIN CERTIFICATE-----\n"
-	    "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
-	    "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
-	    "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
-	    "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
-	    "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
-	    "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
-	    "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
-	    "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
-	    "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
-	    "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
-	    "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
-	    "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
-	    "-----END CERTIFICATE-----\n"
-	                    "\n";
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_ID, "292c92", 6, },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (output, (attrs, NULL));
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_pem_middle (void)
-{
-	const char *input = "[p11-kit-object-v1]\n"
-	                    "class: certificate\n"
-	                    "id: \"292c92\"\n"
-	    "-----BEGIN CERTIFICATE-----\n"
-	    "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
-	    "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
-	    "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
-	    "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
-	    "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
-	    "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
-	    "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
-	    "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
-	    "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
-	    "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
-	    "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
-	    "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
-	    "-----END CERTIFICATE-----\n"
-	                    "\n"
-	                    "trusted: true";
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) },
-		{ CKA_INVALID },
-	};
-
-	check_read_success (input, (expected, NULL));
-}
-
-static void
-test_pem_invalid (void)
-{
-	const char *input = "[p11-kit-object-v1]\n"
-	                    "class: certificate\n"
-	    "-----BEGIN CERT-----\n"
-	    "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
-	    "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
-	    "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
-	    "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
-	    "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
-	    "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
-	    "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
-	    "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
-	    "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
-	    "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
-	    "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
-	    "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
-	    "-----END CERTIFICATEXXX-----\n";
-
-	p11_message_quiet ();
-
-	check_read_failure (input);
-
-	p11_message_loud ();
-}
-
-static void
-test_pem_unsupported (void)
-{
-	const char *input = "[p11-kit-object-v1]\n"
-	                    "class: certificate\n"
-	                    "-----BEGIN BLOCK1-----\n"
-	                    "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	                    "-----END BLOCK1-----\n";
-
-	p11_message_quiet ();
-
-	check_read_failure (input);
-
-	p11_message_loud ();
-}
-
-static void
-test_pem_first (void)
-{
-	const char *input = "-----BEGIN BLOCK1-----\n"
-	                    "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	                    "-----END BLOCK1-----\n"
-	                    "[p11-kit-object-v1]\n"
-	                    "class: certificate\n";
-
-	p11_message_quiet ();
-
-	check_read_failure (input);
-
-	p11_message_loud ();
-}
-
-static void
-test_skip_unknown (void)
-{
-	const char *input = "[version-2]\n"
-	                    "class: data\n"
-	                    "object-id: 1.2.3.4\n"
-	                    "-----BEGIN BLOCK1-----\n"
-	                    "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
-	                    "-----END BLOCK1-----\n"
-	                    "[p11-kit-object-v1]\n"
-	                    "class: nss-trust\n"
-	                    "trust-server-auth: nss-trust-unknown";
-
-	CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
-
-	CK_ATTRIBUTE expected2[] = {
-		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
-		{ CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
-		{ CKA_INVALID },
-	};
-
-	p11_message_quiet ();
-
-	check_read_success (input, (expected2, NULL));
-
-	p11_message_loud ();
-}
-
-static void
-test_bad_value (void)
-{
-	const char *input = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "value: \"%38%\"\n";
-
-	p11_message_quiet ();
-
-	check_read_failure (input);
-
-	p11_message_loud ();
-}
-
-static void
-test_bad_oid (void)
-{
-	const char *input = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "object-id: 1.2";
-
-	p11_message_quiet ();
-
-	check_read_failure (input);
-
-	p11_message_loud ();
-}
-
-static void
-test_bad_field (void)
-{
-	const char *input = "[p11-kit-object-v1]\n"
-	                    "class: data\n"
-	                    "invalid-field: true";
-
-	p11_message_quiet ();
-
-	check_read_failure (input);
-
-	p11_message_loud ();
-}
-
-static void
-test_attribute_first (void)
-{
-	const char *input = "class: data\n"
-	                    "[p11-kit-object-v1]\n"
-	                    "invalid-field: true";
-
-	p11_message_quiet ();
-
-	check_read_failure (input);
-
-	p11_message_loud ();
-}
-
-static void
-test_not_boolean (void)
-{
-	const char *output = "[p11-kit-object-v1]\n"
-	                    "private: \"x\"\n\n";
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_PRIVATE, "x", 1 },
-		{ CKA_INVALID },
-	};
-
-	check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_not_ulong (void)
-{
-	char buffer[sizeof (CK_ULONG) + 1];
-	char *output;
-
-	CK_ATTRIBUTE attrs[] = {
-		{ CKA_BITS_PER_PIXEL, "xx", 2 },
-		{ CKA_VALUE, buffer, sizeof (CK_ULONG) },
-		{ CKA_INVALID },
-	};
-
-	memset (buffer, 'x', sizeof (buffer));
-	buffer[sizeof (CK_ULONG)] = 0;
-
-	if (asprintf (&output, "[p11-kit-object-v1]\n"
-	                       "bits-per-pixel: \"xx\"\n"
-	                       "value: \"%s\"\n\n", buffer) < 0)
-		assert_not_reached ();
-
-	check_write_success (output, (attrs, NULL));
-	free (output);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_test (test_magic, "/persist/magic");
-	p11_test (test_simple, "/persist/simple");
-	p11_test (test_number, "/persist/number");
-	p11_test (test_bool, "/persist/bool");
-	p11_test (test_oid, "/persist/oid");
-	p11_test (test_constant, "/persist/constant");
-	p11_test (test_unknown, "/persist/unknown");
-	p11_test (test_multiple, "/persist/multiple");
-	p11_test (test_pem_block, "/persist/pem_block");
-	p11_test (test_pem_middle, "/persist/pem-middle");
-	p11_test (test_pem_invalid, "/persist/pem_invalid");
-	p11_test (test_pem_unsupported, "/persist/pem_unsupported");
-	p11_test (test_pem_first, "/persist/pem_first");
-	p11_test (test_bad_value, "/persist/bad_value");
-	p11_test (test_bad_oid, "/persist/bad_oid");
-	p11_test (test_bad_field, "/persist/bad_field");
-	p11_test (test_skip_unknown, "/persist/skip_unknown");
-	p11_test (test_attribute_first, "/persist/attribute_first");
-	p11_test (test_not_boolean, "/persist/not-boolean");
-	p11_test (test_not_ulong, "/persist/not-ulong");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-save.c b/trust/tests/test-save.c
deleted file mode 100644
index be16141..0000000
--- a/trust/tests/test-save.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "message.h"
-#include "path.h"
-#include "save.h"
-#include "test.h"
-
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-struct {
-	char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
-	test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
-	if (rmdir (test.directory) < 0)
-		assert_fail ("rmdir() failed", strerror (errno));
-	free (test.directory);
-}
-
-static void
-write_zero_file (const char *directory,
-                 const char *name)
-{
-	char *filename;
-	int res;
-	int fd;
-
-	if (asprintf (&filename, "%s/%s", directory, name) < 0)
-		assert_not_reached ();
-
-	fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
-	assert (fd != -1);
-	res = close (fd);
-	assert (res >= 0);
-
-	free (filename);
-}
-
-static void
-test_file_write (void)
-{
-	p11_save_file *file;
-	char *filename;
-	bool ret;
-
-	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	file = p11_save_open_file (filename, NULL, 0);
-	assert_ptr_not_null (file);
-
-	ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	assert_num_eq (true, ret);
-	free (filename);
-
-	test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der");
-}
-
-static void
-test_file_exists (void)
-{
-	p11_save_file *file;
-	char *filename;
-
-	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	write_zero_file (test.directory, "extract-file");
-
-	p11_message_quiet ();
-
-	file = p11_save_open_file (filename, NULL, 0);
-	assert (file != NULL);
-
-	if (p11_save_finish_file (file, NULL, true))
-		assert_not_reached ();
-
-	p11_message_loud ();
-
-	unlink (filename);
-	free (filename);
-}
-
-static void
-test_file_bad_directory (void)
-{
-	p11_save_file *file;
-	char *filename;
-
-	if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	p11_message_quiet ();
-
-	file = p11_save_open_file (filename, NULL, 0);
-	assert (file == NULL);
-
-	p11_message_loud ();
-
-	free (filename);
-}
-
-static void
-test_file_overwrite (void)
-{
-	p11_save_file *file;
-	char *filename;
-	bool ret;
-
-	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	write_zero_file (test.directory, "extract-file");
-
-	file = p11_save_open_file (filename, NULL, P11_SAVE_OVERWRITE);
-	assert_ptr_not_null (file);
-
-	ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	assert_num_eq (true, ret);
-	free (filename);
-
-	test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der");
-}
-
-static void
-test_file_unique (void)
-{
-	p11_save_file *file;
-	char *filename;
-	bool ret;
-
-	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	write_zero_file (test.directory, "extract-file");
-
-	file = p11_save_open_file (filename, NULL, P11_SAVE_UNIQUE);
-	assert_ptr_not_null (file);
-
-	ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	assert_num_eq (true, ret);
-	free (filename);
-
-	test_check_file (test.directory, "extract-file", SRCDIR "/files/empty-file");
-	test_check_file (test.directory, "extract-file.1", SRCDIR "/files/cacert3.der");
-}
-
-static void
-test_file_auto_empty (void)
-{
-	p11_save_file *file;
-	char *filename;
-	bool ret;
-
-	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	file = p11_save_open_file (filename, NULL, 0);
-	assert_ptr_not_null (file);
-
-	ret = p11_save_write_and_finish (file, NULL, -1);
-	assert_num_eq (true, ret);
-	free (filename);
-
-	test_check_file (test.directory, "extract-file", SRCDIR "/files/empty-file");
-}
-
-static void
-test_file_auto_length (void)
-{
-	p11_save_file *file;
-	char *filename;
-	bool ret;
-
-	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	file = p11_save_open_file (filename, NULL, 0);
-	assert_ptr_not_null (file);
-
-	ret = p11_save_write_and_finish (file, "The simple string is hairy", -1);
-	assert_num_eq (true, ret);
-	free (filename);
-
-	test_check_file (test.directory, "extract-file", SRCDIR "/files/simple-string");
-}
-
-static void
-test_write_with_null (void)
-{
-	bool ret;
-
-	ret = p11_save_write (NULL, "test", 4);
-	assert_num_eq (false, ret);
-}
-
-static void
-test_write_and_finish_with_null (void)
-{
-	bool ret;
-
-	ret = p11_save_write_and_finish (NULL, "test", 4);
-	assert_num_eq (false, ret);
-}
-
-static void
-test_file_abort (void)
-{
-	struct stat st;
-	p11_save_file *file;
-	char *filename;
-	char *path;
-	bool ret;
-
-	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		assert_not_reached ();
-
-	file = p11_save_open_file (filename, NULL, 0);
-	assert_ptr_not_null (file);
-
-	path = NULL;
-	ret = p11_save_finish_file (file, &path, false);
-	assert_num_eq (true, ret);
-	assert (path == NULL);
-
-	if (stat (filename, &st) >= 0 || errno != ENOENT)
-		assert_fail ("file should not exist", filename);
-
-	free (filename);
-}
-
-
-static void
-test_directory_empty (void)
-{
-	p11_save_dir *dir;
-	char *subdir;
-	bool ret;
-
-	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		assert_not_reached ();
-
-	dir = p11_save_open_directory (subdir, 0);
-	assert_ptr_not_null (dir);
-
-	ret = p11_save_finish_directory (dir, true);
-	assert_num_eq (true, ret);
-
-	test_check_directory (subdir, (NULL, NULL));
-
-	assert (rmdir (subdir) >= 0);
-	free (subdir);
-}
-
-static void
-test_directory_files (void)
-{
-	char *path;
-	char *check;
-	p11_save_file *file;
-	p11_save_dir *dir;
-	char *subdir;
-	bool ret;
-
-	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		assert_not_reached ();
-
-	dir = p11_save_open_directory (subdir, 0);
-	assert_ptr_not_null (dir);
-
-	file = p11_save_open_file_in (dir, "blah", ".cer");
-	assert_ptr_not_null (file);
-	ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	assert_num_eq (true, ret);
-	ret = p11_save_finish_file (file, &path, true);
-	assert_num_eq (true, ret);
-	if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0)
-		assert_not_reached ();
-	assert_str_eq (check, path);
-	free (check);
-	free (path);
-
-	file = p11_save_open_file_in (dir, "file", ".txt");
-	assert_ptr_not_null (file);
-	ret = p11_save_write (file, test_text, strlen (test_text));
-	assert_num_eq (true, ret);
-	ret = p11_save_finish_file (file, &path, true);
-	assert_num_eq (true, ret);
-	if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0)
-		assert_not_reached ();
-	assert_str_eq (check, path);
-	free (check);
-	free (path);
-
-#ifdef OS_UNIX
-	ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination");
-	assert_num_eq (true, ret);
-#endif
-
-	ret = p11_save_finish_directory (dir, true);
-	assert_num_eq (true, ret);
-
-	test_check_directory (subdir, ("blah.cer", "file.txt",
-#ifdef OS_UNIX
-	                      "link.ext",
-#endif
-	                      NULL));
-	test_check_file (subdir, "blah.cer", SRCDIR "/files/cacert3.der");
-	test_check_data (subdir, "file.txt", test_text, strlen (test_text));
-#ifdef OS_UNIX
-	test_check_symlink (subdir, "link.ext", "/the/destination");
-#endif
-
-	assert (rmdir (subdir) >= 0);
-	free (subdir);
-}
-
-static void
-test_directory_dups (void)
-{
-	char *path;
-	char *check;
-	p11_save_file *file;
-	p11_save_dir *dir;
-	char *subdir;
-	bool ret;
-
-	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		assert_not_reached ();
-
-	dir = p11_save_open_directory (subdir, 0);
-	assert_ptr_not_null (dir);
-
-	file = p11_save_open_file_in (dir, "file", ".txt");
-	assert_ptr_not_null (file);
-	ret = p11_save_write (file, test_text, 5);
-	assert_num_eq (true, ret);
-	ret = p11_save_finish_file (file, &path, true);
-	assert_num_eq (true, ret);
-	if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0)
-		assert_not_reached ();
-	assert_str_eq (check, path);
-	free (check);
-	free (path);
-
-	file = p11_save_open_file_in (dir, "file", ".txt");
-	assert_ptr_not_null (file);
-	ret = p11_save_write (file, test_text, 10);
-	assert_num_eq (true, ret);
-	ret = p11_save_finish_file (file, &path, true);
-	assert_num_eq (true, ret);
-	if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0)
-		assert_not_reached ();
-	assert_str_eq (check, path);
-	free (check);
-	free (path);
-
-	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"),
-	                                 test_text, 15);
-	assert_num_eq (true, ret);
-
-	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL),
-	                                 test_text, 8);
-	assert_num_eq (true, ret);
-
-	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL),
-	                                 test_text, 16);
-	assert_num_eq (true, ret);
-
-	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"),
-	                                 test_text, 14);
-	assert_num_eq (true, ret);
-
-	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"),
-	                                 test_text, 15);
-	assert_num_eq (true, ret);
-
-#ifdef OS_UNIX
-	ret = p11_save_symlink_in (dir, "link", ".0", "/destination1");
-	assert_num_eq (true, ret);
-
-	ret = p11_save_symlink_in (dir, "link", ".0", "/destination2");
-	assert_num_eq (true, ret);
-#endif
-
-	ret = p11_save_finish_directory (dir, true);
-	assert_num_eq (true, ret);
-
-	test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt",
-	                                   "no-ext", "no-ext.1",
-	                                   "with-num.0", "with-num.1",
-#ifdef OS_UNIX
-	                                   "link.0", "link.1",
-#endif
-	                                   NULL));
-	test_check_data (subdir, "file.txt", test_text, 5);
-	test_check_data (subdir, "file.1.txt", test_text, 10);
-	test_check_data (subdir, "file.2.txt", test_text, 15);
-	test_check_data (subdir, "no-ext", test_text, 8);
-	test_check_data (subdir, "no-ext.1", test_text, 16);
-	test_check_data (subdir, "with-num.0", test_text, 14);
-	test_check_data (subdir, "with-num.1", test_text, 15);
-#ifdef OS_UNIX
-	test_check_symlink (subdir, "link.0", "/destination1");
-	test_check_symlink (subdir, "link.1", "/destination2");
-#endif
-
-	assert (rmdir (subdir) >= 0);
-	free (subdir);
-}
-
-static void
-test_directory_exists (void)
-{
-	p11_save_dir *dir;
-	char *subdir;
-
-	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		assert_not_reached ();
-
-#ifdef OS_UNIX
-	if (mkdir (subdir, S_IRWXU) < 0)
-#else
-	if (mkdir (subdir) < 0)
-#endif
-		assert_fail ("mkdir() failed", subdir);
-
-	p11_message_quiet ();
-
-	dir = p11_save_open_directory (subdir, 0);
-	assert_ptr_eq (NULL, dir);
-
-	p11_message_loud ();
-
-	rmdir (subdir);
-	free (subdir);
-}
-
-static void
-test_directory_overwrite (void)
-{
-	char *path;
-	char *check;
-	p11_save_file *file;
-	p11_save_dir *dir;
-	char *subdir;
-	bool ret;
-
-	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		assert_not_reached ();
-
-	/* Some initial files into this directory, which get overwritten */
-	dir = p11_save_open_directory (subdir, 0);
-	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), "", 0) &&
-	      p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL), "", 0) &&
-	      p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL), "", 0) &&
-	      p11_save_finish_directory (dir, true);
-	assert (ret && dir);
-
-	/* Now the actual test, using the same directory */
-	dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE);
-	assert_ptr_not_null (dir);
-
-	file = p11_save_open_file_in (dir, "blah", ".cer");
-	assert_ptr_not_null (file);
-	ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	assert_num_eq (true, ret);
-	ret = p11_save_finish_file (file, &path, true);
-	assert_num_eq (true, ret);
-	if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0)
-		assert_not_reached ();
-	assert_str_eq (check, path);
-	free (check);
-	free (path);
-
-	file = p11_save_open_file_in (dir, "file", ".txt");
-	assert_ptr_not_null (file);
-	ret = p11_save_write (file, test_text, strlen (test_text));
-	assert_num_eq (true, ret);
-	ret = p11_save_finish_file (file, &path, true);
-	assert_num_eq (true, ret);
-	if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0)
-		assert_not_reached ();
-	assert_str_eq (check, path);
-	free (check);
-	free (path);
-
-	file = p11_save_open_file_in (dir, "file", ".txt");
-	assert_ptr_not_null (file);
-	ret = p11_save_write (file, test_text, 10);
-	assert_num_eq (true, ret);
-	ret = p11_save_finish_file (file, &path, true);
-	assert_num_eq (true, ret);
-	if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0)
-		assert_not_reached ();
-	assert_str_eq (check, path);
-	free (check);
-	free (path);
-
-	ret = p11_save_finish_directory (dir, true);
-	assert_num_eq (true, ret);
-
-	test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL));
-	test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	test_check_data (subdir, "file.txt", test_text, strlen (test_text));
-	test_check_data (subdir, "file.1.txt", test_text, 10);
-
-	assert (rmdir (subdir) >= 0);
-	free (subdir);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_fixture (setup, teardown);
-	p11_test (test_file_write, "/save/test_file_write");
-	p11_test (test_file_exists, "/save/test_file_exists");
-	p11_test (test_file_bad_directory, "/save/test_file_bad_directory");
-	p11_test (test_file_overwrite, "/save/test_file_overwrite");
-	p11_test (test_file_unique, "/save/file-unique");
-	p11_test (test_file_auto_empty, "/save/test_file_auto_empty");
-	p11_test (test_file_auto_length, "/save/test_file_auto_length");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_write_with_null, "/save/test_write_with_null");
-	p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null");
-
-	p11_fixture (setup, teardown);
-	p11_test (test_file_abort, "/save/test_file_abort");
-
-	p11_test (test_directory_empty, "/save/test_directory_empty");
-	p11_test (test_directory_files, "/save/test_directory_files");
-	p11_test (test_directory_dups, "/save/test_directory_dups");
-	p11_test (test_directory_exists, "/save/test_directory_exists");
-	p11_test (test_directory_overwrite, "/save/test_directory_overwrite");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c
deleted file mode 100644
index a24539e..0000000
--- a/trust/tests/test-token.c
+++ /dev/null
@@ -1,789 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "debug.h"
-#include "parser.h"
-#include "path.h"
-#include "pkcs11x.h"
-#include "message.h"
-#include "token.h"
-
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_BBOOL falsev = CK_FALSE;
-static CK_BBOOL truev = CK_TRUE;
-
-struct {
-	p11_token *token;
-	p11_index *index;
-	p11_parser *parser;
-	char *directory;
-} test;
-
-static void
-setup (void *path)
-{
-	test.token = p11_token_new (333, path, "Label");
-	assert_ptr_not_null (test.token);
-
-	test.index = p11_token_index (test.token);
-	assert_ptr_not_null (test.token);
-
-	test.parser = p11_token_parser (test.token);
-	assert_ptr_not_null (test.parser);
-}
-
-static void
-setup_temp (void *unused)
-{
-	test.directory = p11_test_directory ("test-module");
-	setup (test.directory);
-}
-
-static void
-teardown (void *path)
-{
-	p11_token_free (test.token);
-	memset (&test, 0, sizeof (test));
-}
-
-static void
-teardown_temp (void *unused)
-{
-	p11_test_directory_delete (test.directory);
-	teardown (test.directory);
-	free (test.directory);
-}
-
-static void
-test_token_load (void *path)
-{
-	p11_index *index;
-	int count;
-
-	count = p11_token_load (test.token);
-	assert_num_eq (6, count);
-
-	/* A certificate and trust object for each parsed object */
-	index = p11_token_index (test.token);
-	assert (((count - 1) * 2) + 1 <= p11_index_size (index));
-}
-
-static void
-test_token_flags (void *path)
-{
-	/*
-	 * blacklist comes from the input/distrust.pem file. It is not in the blacklist
-	 * directory, but is an OpenSSL trusted certificate file, and is marked
-	 * in the blacklist style for OpenSSL.
-	 */
-
-	CK_ATTRIBUTE blacklist[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_LABEL, "Red Hat Is the CA", 17 },
-		{ CKA_SERIAL_NUMBER, "\x02\x01\x01", 3 },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-		{ CKA_INVALID },
-	};
-
-	/*
-	 * blacklist2 comes from the input/blacklist/self-server.der file. It is
-	 * explicitly put on the blacklist, even though it containts no trust
-	 * policy information.
-	 */
-
-	const unsigned char self_server_subject[] = {
-		0x30, 0x4b, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64,
-		0x01, 0x19, 0x16, 0x03, 0x43, 0x4f, 0x4d, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26,
-		0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x45, 0x58, 0x41, 0x4d, 0x50, 0x4c, 0x45,
-		0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65,
-		0x72, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
-	};
-
-	CK_ATTRIBUTE blacklist2[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)self_server_subject, sizeof (self_server_subject) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &truev, sizeof (truev) },
-		{ CKA_INVALID },
-	};
-
-	/*
-	 * anchor comes from the input/anchors/cacert3.der file. It is
-	 * explicitly marked as an anchor, even though it containts no trust
-	 * policy information.
-	 */
-
-	CK_ATTRIBUTE anchor[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_TRUSTED, &truev, sizeof (truev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	const unsigned char cacert_root_subject[] = {
-		0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f,
-		0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
-		0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74,
-		0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43,
-		0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41,
-		0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86,
-		0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74,
-		0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67,
-	};
-
-	/*
-	 * notrust comes from the input/cacert-ca.der file. It contains no
-	 * trust information, and is not explicitly marked as an anchor, so
-	 * it's neither trusted or distrusted.
-	 */
-
-	CK_ATTRIBUTE notrust[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)cacert_root_subject, sizeof (cacert_root_subject) },
-		{ CKA_TRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *expected[] = {
-		anchor,
-		blacklist,
-		blacklist2,
-		notrust,
-		NULL,
-	};
-
-	CK_OBJECT_HANDLE handle;
-	CK_ATTRIBUTE *object;
-	int i;
-
-	if (p11_token_load (test.token) < 0)
-		assert_not_reached ();
-
-	/* The other objects */
-	for (i = 0; expected[i]; i++) {
-		handle = p11_index_find (p11_token_index (test.token), expected[i], 2);
-		assert (handle != 0);
-
-		object = p11_index_lookup (p11_token_index (test.token), handle);
-		assert_ptr_not_null (object);
-
-		test_check_attrs (expected[i], object);
-	}
-}
-
-static void
-test_token_path (void *path)
-{
-	assert_str_eq (path, p11_token_get_path (test.token));
-}
-
-static void
-test_token_label (void *path)
-{
-	assert_str_eq ("Label", p11_token_get_label (test.token));
-}
-
-static void
-test_token_slot (void *path)
-{
-	assert_num_eq (333, p11_token_get_slot (test.token));
-}
-
-static void
-test_not_writable (void)
-{
-	p11_token *token;
-
-	if (getuid () != 0) {
-		token = p11_token_new (333, "/", "Label");
-		assert (!p11_token_is_writable (token));
-		p11_token_free (token);
-	}
-
-	token = p11_token_new (333, "", "Label");
-	assert (!p11_token_is_writable (token));
-	p11_token_free (token);
-
-	token = p11_token_new (333, "/non-existant", "Label");
-	assert (!p11_token_is_writable (token));
-	p11_token_free (token);
-}
-
-static void
-test_writable_exists (void)
-{
-	/* A writable directory since we created it */
-	assert (p11_token_is_writable (test.token));
-}
-
-static void
-test_writable_no_exist (void)
-{
-	char *directory;
-	p11_token *token;
-	char *path;
-
-	directory = p11_test_directory ("test-module");
-
-	path = p11_path_build (directory, "subdir", NULL);
-	assert (path != NULL);
-
-	token = p11_token_new (333, path, "Label");
-	free (path);
-
-	/* A writable directory since parent is writable */
-	assert (p11_token_is_writable (token));
-
-	p11_token_free (token);
-
-	if (rmdir (directory) < 0)
-		assert_not_reached ();
-
-	free (directory);
-}
-
-static void
-test_load_already (void)
-{
-	CK_ATTRIBUTE cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_INVALID },
-	};
-
-	CK_OBJECT_HANDLE handle;
-	int ret;
-
-	p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
-	                     sizeof (test_cacert3_ca_der));
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 1);
-	handle = p11_index_find (test.index, cert, -1);
-	assert (handle != 0);
-
-	/* Have to wait to make sure changes are detected */
-	p11_sleep_ms (1100);
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 0);
-	assert_num_eq (p11_index_find (test.index, cert, -1), handle);
-}
-
-static void
-test_load_unreadable (void)
-{
-	CK_ATTRIBUTE cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_INVALID },
-	};
-
-	int ret;
-
-	p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
-	                     sizeof (test_cacert3_ca_der));
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 1);
-	assert (p11_index_find (test.index, cert, -1) != 0);
-
-	p11_test_file_write (test.directory, "test.cer", "", 0);
-
-	/* Have to wait to make sure changes are detected */
-	p11_sleep_ms (1100);
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 0);
-	assert (p11_index_find (test.index, cert, -1) == 0);
-}
-
-static void
-test_load_gone (void)
-{
-	CK_ATTRIBUTE cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_INVALID },
-	};
-
-	int ret;
-
-	p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
-	                     sizeof (test_cacert3_ca_der));
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 1);
-	assert (p11_index_find (test.index, cert, -1) != 0);
-
-	p11_test_file_delete (test.directory, "test.cer");
-
-	/* Have to wait to make sure changes are detected */
-	p11_sleep_ms (1100);
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 0);
-	assert (p11_index_find (test.index, cert, -1) == 0);
-}
-
-static void
-test_load_found (void)
-{
-	CK_ATTRIBUTE cert[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_INVALID },
-	};
-
-	int ret;
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 0);
-	assert (p11_index_find (test.index, cert, -1) == 0);
-
-	/* Have to wait to make sure changes are detected */
-	p11_sleep_ms (1100);
-
-	p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
-	                     sizeof (test_cacert3_ca_der));
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 1);
-	assert (p11_index_find (test.index, cert, -1) != 0);
-}
-
-static void
-test_reload_changed (void)
-{
-	CK_ATTRIBUTE cacert3[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE verisign[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_OBJECT_HANDLE handle;
-	int ret;
-
-	/* Just one file */
-	p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
-	                     sizeof (test_cacert3_ca_der));
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 1);
-	handle = p11_index_find (test.index, cacert3, -1);
-	assert (handle != 0);
-
-	/* Replace the file with verisign */
-	p11_test_file_write (test.directory, "test.cer", verisign_v1_ca,
-	                     sizeof (verisign_v1_ca));
-
-	/* Add another file with cacert3, but not reloaded */
-	p11_test_file_write (test.directory, "another.cer", test_cacert3_ca_der,
-	                     sizeof (test_cacert3_ca_der));
-
-	attrs = p11_index_lookup (test.index, handle);
-	assert_ptr_not_null (attrs);
-	if (!p11_token_reload (test.token, attrs))
-		assert_not_reached ();
-
-	assert (p11_index_find (test.index, cacert3, -1) == 0);
-	assert (p11_index_find (test.index, verisign, -1) != 0);
-}
-
-static void
-test_reload_gone (void)
-{
-	CK_ATTRIBUTE cacert3[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE verisign[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE *attrs;
-	CK_OBJECT_HANDLE handle;
-	int ret;
-
-	/* Just one file */
-	p11_test_file_write (test.directory, "cacert3.cer", test_cacert3_ca_der,
-	                     sizeof (test_cacert3_ca_der));
-	p11_test_file_write (test.directory, "verisign.cer", verisign_v1_ca,
-	                     sizeof (verisign_v1_ca));
-
-	ret = p11_token_load (test.token);
-	assert_num_eq (ret, 2);
-	handle = p11_index_find (test.index, cacert3, -1);
-	assert (handle != 0);
-	assert (p11_index_find (test.index, verisign, -1) != 0);
-
-	p11_test_file_delete (test.directory, "cacert3.cer");
-	p11_test_file_delete (test.directory, "verisign.cer");
-
-	attrs = p11_index_lookup (test.index, handle);
-	assert_ptr_not_null (attrs);
-	if (p11_token_reload (test.token, attrs))
-		assert_not_reached ();
-
-	assert (p11_index_find (test.index, cacert3, -1) == 0);
-	assert (p11_index_find (test.index, verisign, -1) != 0);
-}
-
-static void
-test_reload_no_origin (void)
-{
-	CK_ATTRIBUTE cacert3[] = {
-		{ CKA_CLASS, &certificate, sizeof (certificate) },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_INVALID },
-	};
-
-	if (p11_token_reload (test.token, cacert3))
-		assert_not_reached ();
-}
-
-static void
-test_write_new (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "Yay!", 4 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_TOKEN, &truev, sizeof (truev) },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "Yay!", 4 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_APPLICATION, "", 0 },
-		{ CKA_OBJECT_ID, "", 0 },
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE handle;
-	p11_array *parsed;
-	char *path;
-	CK_RV rv;
-	int ret;
-
-	rv = p11_index_add (test.index, original, 4, &handle);
-	assert_num_eq (rv, CKR_OK);
-
-	/* The expected file name */
-	path = p11_path_build (test.directory, "Yay_.p11-kit", NULL);
-	ret = p11_parse_file (test.parser, path, NULL, 0);
-	assert_num_eq (ret, P11_PARSE_SUCCESS);
-	free (path);
-
-	parsed = p11_parser_parsed (test.parser);
-	assert_num_eq (parsed->num, 1);
-
-	test_check_attrs (expected, parsed->elem[0]);
-}
-
-static void
-test_write_no_label (void)
-{
-	CK_ATTRIBUTE original[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_TOKEN, &truev, sizeof (truev) },
-		{ CKA_INVALID }
-	};
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "", 0 },
-		{ CKA_VALUE, "eight", 5 },
-		{ CKA_APPLICATION, "", 0 },
-		{ CKA_OBJECT_ID, "", 0 },
-		{ CKA_INVALID }
-	};
-
-	CK_OBJECT_HANDLE handle;
-	p11_array *parsed;
-	char *path;
-	CK_RV rv;
-	int ret;
-
-	rv = p11_index_add (test.index, original, 4, &handle);
-	assert_num_eq (rv, CKR_OK);
-
-	/* The expected file name */
-	path = p11_path_build (test.directory, "data.p11-kit", NULL);
-	ret = p11_parse_file (test.parser, path, NULL, 0);
-	assert_num_eq (ret, P11_PARSE_SUCCESS);
-	free (path);
-
-	parsed = p11_parser_parsed (test.parser);
-	assert_num_eq (parsed->num, 1);
-
-	test_check_attrs (expected, parsed->elem[0]);
-}
-
-static void
-test_modify_multiple (void)
-{
-	const char *test_data =
-		"[p11-kit-object-v1]\n"
-		"class: data\n"
-		"label: \"first\"\n"
-		"value: \"1\"\n"
-		"\n"
-		"[p11-kit-object-v1]\n"
-		"class: data\n"
-		"label: \"second\"\n"
-		"value: \"2\"\n"
-		"\n"
-		"[p11-kit-object-v1]\n"
-		"class: data\n"
-		"label: \"third\"\n"
-		"value: \"3\"\n";
-
-	CK_ATTRIBUTE first[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "first", 5 },
-		{ CKA_VALUE, "1", 1 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE second[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "zwei", 4 },
-		{ CKA_VALUE, "2", 2 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE third[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "third", 5 },
-		{ CKA_VALUE, "3", 1 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 };
-
-	CK_OBJECT_HANDLE handle;
-	p11_array *parsed;
-	char *path;
-	int ret;
-	CK_RV rv;
-
-	p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data));
-
-	/* Reload now that we have this new file */
-	p11_token_load (test.token);
-
-	handle = p11_index_find (test.index, &match, 1);
-
-	rv = p11_index_update (test.index, handle, p11_attrs_dup (second));
-	assert_num_eq (rv, CKR_OK);
-
-	/* Now read in the file and make sure it has all the objects */
-	path = p11_path_build (test.directory, "Test.p11-kit", NULL);
-	ret = p11_parse_file (test.parser, path, NULL, 0);
-	assert_num_eq (ret, P11_PARSE_SUCCESS);
-	free (path);
-
-	parsed = p11_parser_parsed (test.parser);
-	assert_num_eq (parsed->num, 3);
-
-	/* The modified one will be first */
-	test_check_attrs (second, parsed->elem[0]);
-	test_check_attrs (first, parsed->elem[1]);
-	test_check_attrs (third, parsed->elem[2]);
-}
-
-static void
-test_remove_one (void)
-{
-	const char *test_data =
-		"[p11-kit-object-v1]\n"
-		"class: data\n"
-		"label: \"first\"\n"
-		"value: \"1\"\n"
-		"\n";
-
-	CK_ATTRIBUTE match = { CKA_LABEL, "first", 5 };
-
-	CK_OBJECT_HANDLE handle;
-	CK_RV rv;
-
-	p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data));
-	test_check_directory (test.directory, ("Test.p11-kit", NULL));
-
-	/* Reload now that we have this new file */
-	p11_token_load (test.token);
-
-	handle = p11_index_find (test.index, &match, 1);
-	assert_num_cmp (handle, !=, 0);
-
-	rv = p11_index_remove (test.index, handle);
-	assert_num_eq (rv, CKR_OK);
-
-	/* No other files in the test directory, all files gone */
-	test_check_directory (test.directory, (NULL, NULL));
-}
-
-static void
-test_remove_multiple (void)
-{
-	const char *test_data =
-		"[p11-kit-object-v1]\n"
-		"class: data\n"
-		"label: \"first\"\n"
-		"value: \"1\"\n"
-		"\n"
-		"[p11-kit-object-v1]\n"
-		"class: data\n"
-		"label: \"second\"\n"
-		"value: \"2\"\n"
-		"\n"
-		"[p11-kit-object-v1]\n"
-		"class: data\n"
-		"label: \"third\"\n"
-		"value: \"3\"\n";
-
-	CK_ATTRIBUTE first[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "first", 5 },
-		{ CKA_VALUE, "1", 1 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE third[] = {
-		{ CKA_CLASS, &data, sizeof (data) },
-		{ CKA_LABEL, "third", 5 },
-		{ CKA_VALUE, "3", 1 },
-		{ CKA_INVALID },
-	};
-
-	CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 };
-
-	CK_OBJECT_HANDLE handle;
-	p11_array *parsed;
-	char *path;
-	int ret;
-	CK_RV rv;
-
-	p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data));
-
-	/* Reload now that we have this new file */
-	p11_token_load (test.token);
-
-	handle = p11_index_find (test.index, &match, 1);
-	assert_num_cmp (handle, !=, 0);
-
-	rv = p11_index_remove (test.index, handle);
-	assert_num_eq (rv, CKR_OK);
-
-	/* Now read in the file and make sure it has all the objects */
-	path = p11_path_build (test.directory, "Test.p11-kit", NULL);
-	ret = p11_parse_file (test.parser, path, NULL, 0);
-	assert_num_eq (ret, P11_PARSE_SUCCESS);
-	free (path);
-
-	parsed = p11_parser_parsed (test.parser);
-	assert_num_eq (parsed->num, 2);
-
-	/* The modified one will be first */
-	test_check_attrs (first, parsed->elem[0]);
-	test_check_attrs (third, parsed->elem[1]);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_fixture (setup, teardown);
-	p11_testx (test_token_load, SRCDIR "/input", "/token/load");
-	p11_testx (test_token_flags, SRCDIR "/input", "/token/flags");
-	p11_testx (test_token_path, "/wheee", "/token/path");
-	p11_testx (test_token_label, "/wheee", "/token/label");
-	p11_testx (test_token_slot, "/unneeded", "/token/slot");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_not_writable, "/token/not-writable");
-	p11_test (test_writable_no_exist, "/token/writable-no-exist");
-
-	p11_fixture (setup_temp, teardown_temp);
-	p11_test (test_writable_exists, "/token/writable-exists");
-	p11_test (test_load_found, "/token/load-found");
-	p11_test (test_load_already, "/token/load-already");
-	p11_test (test_load_unreadable, "/token/load-unreadable");
-	p11_test (test_load_gone, "/token/load-gone");
-	p11_test (test_reload_changed, "/token/reload-changed");
-	p11_test (test_reload_gone, "/token/reload-gone");
-	p11_test (test_reload_no_origin, "/token/reload-no-origin");
-	p11_test (test_write_new, "/token/write-new");
-	p11_test (test_write_no_label, "/token/write-no-label");
-	p11_test (test_modify_multiple, "/token/modify-multiple");
-	p11_test (test_remove_one, "/token/remove-one");
-	p11_test (test_remove_multiple, "/token/remove-multiple");
-
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-trust.c b/trust/tests/test-trust.c
deleted file mode 100644
index 20306e0..0000000
--- a/trust/tests/test-trust.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "debug.h"
-#include "message.h"
-#include "path.h"
-#include "test.h"
-
-#include "test-trust.h"
-
-#include <sys/stat.h>
-
-#include <assert.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#ifdef OS_UNIX
-#include <paths.h>
-#endif
-
-void
-test_check_object_msg (const char *file,
-                       int line,
-                       const char *function,
-                       CK_ATTRIBUTE *attrs,
-                       CK_OBJECT_CLASS klass,
-                       const char *label)
-{
-	CK_BBOOL vfalse = CK_FALSE;
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_PRIVATE, &vfalse, sizeof (vfalse) },
-		{ CKA_CLASS, &klass, sizeof (klass) },
-		{ label ? CKA_LABEL : CKA_INVALID, (void *)label, label ? strlen (label) : 0 },
-		{ CKA_INVALID },
-	};
-
-	test_check_attrs_msg (file, line, function, expected, attrs);
-}
-
-void
-test_check_cacert3_ca_msg (const char *file,
-                           int line,
-                           const char *function,
-                           CK_ATTRIBUTE *attrs,
-                           const char *label)
-{
-	CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-	CK_ULONG category = 2; /* authority */
-
-	CK_ATTRIBUTE expected[] = {
-		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
-		{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
-		{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
-		{ CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 },
-		{ CKA_START_DATE, "20110523", 8 },
-		{ CKA_END_DATE, "20210520", 8, },
-		{ CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
-		{ CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
-		{ CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
-		{ CKA_INVALID },
-	};
-
-	test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label);
-	test_check_attrs_msg (file, line, function, expected, attrs);
-}
-
-void
-test_check_id_msg (const char *file,
-                   int line,
-                   const char *function,
-                   CK_ATTRIBUTE *expected,
-                   CK_ATTRIBUTE *attr)
-{
-	CK_ATTRIBUTE *one;
-	CK_ATTRIBUTE *two;
-
-	one = p11_attrs_find (expected, CKA_ID);
-	two = p11_attrs_find (attr, CKA_ID);
-
-	test_check_attr_msg (file, line, function, CKA_INVALID, one, two);
-}
-
-void
-test_check_attrs_msg (const char *file,
-                      int line,
-                      const char *function,
-                      CK_ATTRIBUTE *expected,
-                      CK_ATTRIBUTE *attrs)
-{
-	CK_OBJECT_CLASS klass;
-	CK_ATTRIBUTE *attr;
-
-	if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass))
-		klass = CKA_INVALID;
-
-	while (!p11_attrs_terminator (expected)) {
-		attr = p11_attrs_find (attrs, expected->type);
-		test_check_attr_msg (file, line, function, klass, expected, attr);
-		expected++;
-	}
-}
-
-void
-test_check_attr_msg (const char *file,
-                     int line,
-                     const char *function,
-                     CK_OBJECT_CLASS klass,
-                     CK_ATTRIBUTE *expected,
-                     CK_ATTRIBUTE *attr)
-{
-	assert (expected != NULL);
-
-	if (attr == NULL) {
-		p11_test_fail (file, line, function,
-		               "attribute does not match: (expected %s but found NULL)",
-		               p11_attr_to_string (expected, klass));
-	}
-
-	if (!p11_attr_equal (attr, expected)) {
-		p11_test_fail (file, line, function,
-		               "attribute does not match: (expected %s but found %s)",
-		               p11_attr_to_string (expected, klass),
-		               attr ? p11_attr_to_string (attr, klass) : "(null)");
-	}
-}
-
-static char *
-read_file (const char *file,
-           int line,
-           const char *function,
-           const char *filename,
-           long *len)
-{
-	struct stat sb;
-	FILE *f = NULL;
-	char *data;
-
-	f = fopen (filename, "rb");
-	if (f == NULL)
-		p11_test_fail (file, line, function, "Couldn't open file: %s", filename);
-
-	/* Figure out size */
-	if (stat (filename, &sb) < 0)
-		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
-
-	*len = sb.st_size;
-	data = malloc (*len ? *len : 1);
-	assert (data != NULL);
-
-	/* And read in one block */
-	if (fread (data, 1, *len, f) != *len)
-		p11_test_fail (file, line, function, "Couldn't read file: %s", filename);
-
-	fclose (f);
-
-	return data;
-}
-
-void
-test_check_file_msg (const char *file,
-                     int line,
-                     const char *function,
-                     const char *directory,
-                     const char *name,
-                     const char *reference)
-{
-	char *refdata;
-	long reflen;
-
-	refdata = read_file (file, line, function, reference, &reflen);
-	test_check_data_msg (file, line, function, directory, name, refdata, reflen);
-	free (refdata);
-}
-
-void
-test_check_data_msg (const char *file,
-                     int line,
-                     const char *function,
-                     const char *directory,
-                     const char *name,
-                     const void *refdata,
-                     long reflen)
-{
-	char *filedata;
-	char *filename;
-	long filelen;
-
-	if (asprintf (&filename, "%s/%s", directory, name) < 0)
-		assert_not_reached ();
-
-	filedata = read_file (file, line, function, filename, &filelen);
-
-	if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0)
-		p11_test_fail (file, line, function, "File contents not as expected: %s", filename);
-
-	if (unlink (filename) < 0)
-		p11_test_fail (file, line, function, "Couldn't remove file: %s", filename);
-	free (filename);
-	free (filedata);
-}
-
-#ifdef OS_UNIX
-
-void
-test_check_symlink_msg (const char *file,
-                        int line,
-                        const char *function,
-                        const char *directory,
-                        const char *name,
-                        const char *destination)
-{
-	char buf[1024] = { 0, };
-	char *filename;
-
-	if (asprintf (&filename, "%s/%s", directory, name) < 0)
-		assert_not_reached ();
-
-	if (readlink (filename, buf, sizeof (buf)) < 0)
-		p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename);
-
-	if (strcmp (destination, buf) != 0)
-		p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf);
-
-	if (unlink (filename) < 0)
-		p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename);
-	free (filename);
-}
-
-#endif /* OS_UNIX */
-
-p11_dict *
-test_check_directory_files (const char *file,
-                            ...)
-{
-	p11_dict *files;
-	va_list va;
-
-	files = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
-
-	va_start (va, file);
-
-	while (file != NULL) {
-		if (!p11_dict_set (files, (void *)file, (void *)file))
-			return_val_if_reached (NULL);
-		file = va_arg (va, const char *);
-	}
-
-	va_end (va);
-
-	return files;
-}
-
-void
-test_check_directory_msg (const char *file,
-                          int line,
-                          const char *function,
-                          const char *directory,
-                          p11_dict *files)
-{
-	p11_dictiter iter;
-	struct dirent *dp;
-	const char *name;
-	DIR *dir;
-
-	dir = opendir (directory);
-	if (dir == NULL)
-		p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory);
-
-	while ((dp = readdir (dir)) != NULL) {
-		if (strcmp (dp->d_name, ".") == 0 ||
-		    strcmp (dp->d_name, "..") == 0)
-			continue;
-
-		if (!p11_dict_remove (files, dp->d_name))
-			p11_test_fail  (file, line, function, "Unexpected file in directory: %s", dp->d_name);
-	}
-
-	closedir (dir);
-
-#ifdef OS_UNIX
-	if (chmod (directory, S_IRWXU) < 0)
-		p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno));
-#endif
-
-	p11_dict_iterate (files, &iter);
-	while (p11_dict_next (&iter, (void **)&name, NULL))
-		p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name);
-
-	p11_dict_free (files);
-}
diff --git a/trust/tests/test-trust.h b/trust/tests/test-trust.h
deleted file mode 100644
index b70bbdb..0000000
--- a/trust/tests/test-trust.h
+++ /dev/null
@@ -1,409 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "dict.h"
-#include "pkcs11.h"
-#include "test.h"
-
-#include <sys/types.h>
-#include <stdlib.h>
-
-#ifndef TEST_DATA_H_
-#define TEST_DATA_H_
-
-#define   test_check_object(attrs, klass, label) \
-	test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label)
-
-void      test_check_object_msg        (const char *file,
-                                        int line,
-                                        const char *function,
-                                        CK_ATTRIBUTE *attrs,
-                                        CK_OBJECT_CLASS klass,
-                                        const char *label);
-
-#define   test_check_cacert3_ca(attrs, label) \
-	test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label)
-
-void      test_check_cacert3_ca_msg    (const char *file,
-                                        int line,
-                                        const char *function,
-                                        CK_ATTRIBUTE *attrs,
-                                        const char *label);
-
-#define   test_check_attrs(expected, attrs) \
-	test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs)
-
-void      test_check_attrs_msg         (const char *file,
-                                        int line,
-                                        const char *function,
-                                        CK_ATTRIBUTE *expected,
-                                        CK_ATTRIBUTE *attrs);
-
-#define   test_check_attr(expected, attr) \
-	test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr)
-
-void      test_check_attr_msg          (const char *file,
-                                        int line,
-                                        const char *function,
-                                        CK_OBJECT_CLASS klass,
-                                        CK_ATTRIBUTE *expected,
-                                        CK_ATTRIBUTE *attr);
-
-#define   test_check_id(expected, attrs) \
-	test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs)
-
-void      test_check_id_msg           (const char *file,
-                                       int line,
-                                       const char *function,
-                                       CK_ATTRIBUTE *expected,
-                                       CK_ATTRIBUTE *attr);
-
-static const unsigned char test_cacert3_ca_der[] = {
-	0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a,
-	0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-	0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f,
-	0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15,
-	0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72,
-	0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19,
-	0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a,
-	0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72,
-	0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d,
-	0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32,
-	0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14,
-	0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20,
-	0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
-	0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74,
-	0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43,
-	0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f,
-	0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-	0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82,
-	0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43,
-	0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda,
-	0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24,
-	0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe,
-	0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5,
-	0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8,
-	0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c,
-	0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82,
-	0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2,
-	0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60,
-	0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a,
-	0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21,
-	0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a,
-	0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74,
-	0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f,
-	0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3,
-	0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed,
-	0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc,
-	0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54,
-	0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b,
-	0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29,
-	0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8,
-	0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba,
-	0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41,
-	0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70,
-	0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9,
-	0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c,
-	0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9,
-	0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f,
-	0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac,
-	0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66,
-	0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40,
-	0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09,
-	0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c,
-	0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30,
-	0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16,
-	0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2,
-	0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
-	0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06,
-	0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
-	0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06,
-	0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69,
-	0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31,
-	0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12,
-	0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f,
-	0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
-	0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-	0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-	0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e,
-	0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b,
-	0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-	0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63,
-	0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41,
-	0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31,
-	0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70,
-	0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72,
-	0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31,
-	0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27,
-	0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63,
-	0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68,
-	0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86,
-	0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79,
-	0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f,
-	0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43,
-	0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-	0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85,
-	0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c,
-	0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04,
-	0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72,
-	0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47,
-	0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe,
-	0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c,
-	0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8,
-	0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33,
-	0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7,
-	0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7,
-	0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac,
-	0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e,
-	0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a,
-	0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39,
-	0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18,
-	0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56,
-	0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0,
-	0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00,
-	0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed,
-	0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58,
-	0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06,
-	0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3,
-	0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b,
-	0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7,
-	0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7,
-	0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9,
-	0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38,
-	0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3,
-	0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d,
-	0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f,
-	0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4,
-	0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a,
-};
-
-static const char test_cacert3_ca_subject[] = {
-	0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63,
-	0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04,
-	0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41,
-	0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,
-	0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20,
-	0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74,
-};
-
-static const char test_cacert3_ca_issuer[] = {
-	0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f,
-	0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
-	0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74,
-	0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43,
-	0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86,
-	0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74,
-	0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67,
-};
-
-static const char test_cacert3_ca_serial[] = {
-	0x02, 0x03, 0x0a, 0x41, 0x8a,
-};
-
-static const char test_cacert3_ca_public_key[] = {
-	0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-	0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01,
-	0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, 0xa9, 0xdd,
-	0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, 0x89, 0x7d,
-	0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, 0x99, 0x73,
-	0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, 0x7f, 0x64,
-	0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, 0x69, 0x01,
-	0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, 0xc5, 0x79,
-	0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, 0x9f, 0xcb,
-	0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, 0x8d, 0x09,
-	0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, 0xe3, 0xeb,
-	0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, 0x33, 0xbf,
-	0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, 0xa4, 0xd9,
-	0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, 0xec, 0x85,
-	0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, 0xd5, 0x3b,
-	0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, 0x15, 0x71,
-	0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, 0x8c, 0xf9,
-	0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, 0x64, 0x27,
-	0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, 0x5d, 0xaa,
-	0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, 0x0e, 0x42,
-	0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, 0x62, 0x34,
-	0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, 0xa0, 0x5b,
-	0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, 0xb7, 0xa2,
-	0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, 0x6c, 0x5f,
-	0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, 0x47, 0xd5,
-	0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, 0x03, 0x68,
-	0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, 0x3a, 0x98,
-	0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, 0xae, 0x60,
-	0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, 0x56, 0xe7,
-	0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, 0xa1, 0xd1,
-	0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, 0x2c, 0x86,
-	0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, 0x9d, 0xaf,
-	0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, 0x42, 0x74,
-	0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, 0x05, 0xfb,
-	0xe9, 0x02, 0x03, 0x01, 0x00, 0x01,
-};
-
-static const unsigned char verisign_v1_ca[] = {
-	0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0,
-	0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-	0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06,
-	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
-	0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63,
-	0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73,
-	0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61,
-	0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36,
-	0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30,
-	0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09,
-	0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
-	0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e,
-	0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61,
-	0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d,
-	0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d,
-	0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
-	0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d,
-	0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e,
-	0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f,
-	0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73,
-	0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06,
-	0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2,
-	0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9,
-	0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a,
-	0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06,
-	0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
-	0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09,
-	0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96,
-	0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d,
-	0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe,
-	0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15,
-	0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36,
-	0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa,
-	0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b,
-};
-
-static const unsigned char verisign_v1_ca_subject[] = {
-	0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
-	0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69,
-	0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04,
-	0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69,
-	0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
-	0x79,
-};
-
-static const unsigned char verisign_v1_ca_public_key[] = {
-	0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
-	0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf,
-	0x6d, 0xa3, 0x56, 0x61, 0x2d, 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e,
-	0x86, 0x80, 0x0a, 0x91, 0x0e, 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0,
-	0x9b, 0x24, 0x5d, 0x0d, 0x1f, 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a,
-	0x06, 0x9b, 0x10, 0xa1, 0x73, 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8,
-	0xa8, 0x3f, 0xaa, 0x12, 0x06, 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88,
-	0x09, 0xcd, 0x14, 0x11, 0xe2, 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47,
-	0x91, 0x29, 0xbb, 0x36, 0xc9, 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32,
-	0xb0, 0x7b, 0x30, 0xba, 0x2a, 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01,
-	0x00, 0x01,
-};
-
-static const char test_text[] = "This is the file text";
-
-static const char test_eku_server_and_client[] = {
-	0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
-	0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
-};
-
-static const char test_eku_server[] = {
-	0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
-};
-
-static const char test_eku_email[] = {
-	0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04
-};
-
-static const char test_eku_none[] = {
-	0x30, 0x00,
-};
-
-void       test_check_file_msg          (const char *file,
-                                         int line,
-                                         const char *function,
-                                         const char *directory,
-                                         const char *filename,
-                                         const char *reference);
-
-void       test_check_data_msg          (const char *file,
-                                         int line,
-                                         const char *function,
-                                         const char *directory,
-                                         const char *filename,
-                                         const void *refdata,
-                                         long reflen);
-
-#ifdef OS_UNIX
-
-void       test_check_symlink_msg       (const char *file,
-                                         int line,
-                                         const char *function,
-                                         const char *directory,
-                                         const char *name,
-                                         const char *destination);
-
-#endif /* OS_UNIX */
-
-p11_dict * test_check_directory_files   (const char *file,
-                                         ...) GNUC_NULL_TERMINATED;
-
-void       test_check_directory_msg     (const char *file,
-                                         int line,
-                                         const char *function,
-                                         const char *directory,
-                                         p11_dict *files);
-
-#define test_check_file(directory, name, reference) \
-	(test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference))
-
-#define test_check_data(directory, name, data, length) \
-	(test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length))
-
-#ifdef OS_UNIX
-
-#define test_check_symlink(directory, name, destination) \
-	(test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination))
-
-#endif /* OS_UNIX */
-
-#define test_check_directory(directory, files) \
-	(test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \
-	                           test_check_directory_files files))
-
-#endif /* TEST_DATA_H_ */
diff --git a/trust/tests/test-utf8.c b/trust/tests/test-utf8.c
deleted file mode 100644
index 9b2c3d5..0000000
--- a/trust/tests/test-utf8.c
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "utf8.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-static void
-test_ucs2be (void)
-{
-	char *output;
-	size_t length;
-	int i;
-
-	struct {
-		const char *output;
-		size_t output_len;
-		const unsigned char input[100];
-		size_t input_len;
-	} fixtures[] = {
-		{ "This is a test", 14,
-		  { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, 's', 0x00, ' ', 0x00, 'i', 0x00, 's', 0x00, ' ',
-		    0x00, 'a', 0x00, ' ', 0x00, 't', 0x00, 'e', 0x00, 's', 0x00, 't' }, 28,
-		},
-		{ "V\303\266gel", 6,
-		  { 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 10,
-		},
-		{ "M\303\244nwich \340\264\205", 12,
-		  { 0x00, 'M', 0x00, 0xE4, 0x00, 'n', 0x00, 'w', 0x00, 'i', 0x00, 'c', 0x00, 'h',
-		    0x00, ' ', 0x0D, 0x05 }, 18,
-		}
-	};
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		output = p11_utf8_for_ucs2be (fixtures[i].input,
-		                              fixtures[i].input_len,
-		                              &length);
-
-		assert_num_eq (fixtures[i].output_len, length);
-		assert_str_eq (fixtures[i].output, output);
-		free (output);
-	}
-}
-
-static void
-test_ucs2be_fail (void)
-{
-	char *output;
-	size_t length;
-	int i;
-
-	struct {
-		const unsigned char input[100];
-		size_t input_len;
-	} fixtures[] = {
-		{ { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, }, 7 /* truncated */ }
-	};
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		output = p11_utf8_for_ucs2be (fixtures[i].input,
-		                              fixtures[i].input_len,
-		                              &length);
-		assert_ptr_eq (NULL, output);
-	}
-}
-
-static void
-test_ucs4be (void)
-{
-	char *output;
-	size_t length;
-	int i;
-
-	struct {
-		const char *output;
-		size_t output_len;
-		const unsigned char input[100];
-		size_t input_len;
-	} fixtures[] = {
-		{ "This is a test", 14,
-		  { 0x00, 0x00, 0x00, 'T',
-		    0x00, 0x00, 0x00, 'h',
-		    0x00, 0x00, 0x00, 'i',
-		    0x00, 0x00, 0x00, 's',
-		    0x00, 0x00, 0x00, ' ',
-		    0x00, 0x00, 0x00, 'i',
-		    0x00, 0x00, 0x00, 's',
-		    0x00, 0x00, 0x00, ' ',
-		    0x00, 0x00, 0x00, 'a',
-		    0x00, 0x00, 0x00, ' ',
-		    0x00, 0x00, 0x00, 't',
-		    0x00, 0x00, 0x00, 'e',
-		    0x00, 0x00, 0x00, 's',
-		    0x00, 0x00, 0x00, 't',
-		  }, 56,
-		},
-		{ "Fun \360\220\214\231", 8,
-		  { 0x00, 0x00, 0x00, 'F',
-		    0x00, 0x00, 0x00, 'u',
-		    0x00, 0x00, 0x00, 'n',
-		    0x00, 0x00, 0x00, ' ',
-		    0x00, 0x01, 0x03, 0x19, /* U+10319: looks like an antenna */
-		  }, 20,
-		}
-	};
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		output = p11_utf8_for_ucs4be (fixtures[i].input,
-		                              fixtures[i].input_len,
-		                              &length);
-
-		assert_num_eq (fixtures[i].output_len, length);
-		assert_str_eq (fixtures[i].output, output);
-
-		free (output);
-	}
-}
-
-static void
-test_ucs4be_fail (void)
-{
-	char *output;
-	size_t length;
-	int i;
-
-	struct {
-		const unsigned char input[100];
-		size_t input_len;
-	} fixtures[] = {
-		{ { 0x00, 0x00, 'T',
-		  }, 7 /* truncated */ },
-		{ { 0x00, 0x00, 0x00, 'F',
-		    0x00, 0x00, 0x00, 'u',
-		    0x00, 0x00, 0x00, 'n',
-		    0x00, 0x00, 0x00, ' ',
-		    0xD8, 0x00, 0xDF, 0x19,
-		  }, 20,
-		}
-	};
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		output = p11_utf8_for_ucs4be (fixtures[i].input,
-		                              fixtures[i].input_len,
-		                              &length);
-		assert_ptr_eq (NULL, output);
-	}
-}
-
-static void
-test_utf8 (void)
-{
-	bool ret;
-	int i;
-
-	struct {
-		const char *input;
-		size_t input_len;
-	} fixtures[] = {
-		{ "This is a test", 14 },
-		{ "Good news everyone", -1 },
-		{ "Fun \360\220\214\231", -1 },
-		{ "Fun invalid here: \xfe", 4 }, /* but limited length */
-		{ "V\303\266gel", 6, },
-	};
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		ret = p11_utf8_validate (fixtures[i].input,
-		                         fixtures[i].input_len);
-		assert_num_eq (true, ret);
-	}
-}
-
-static void
-test_utf8_fail (void)
-{
-	bool ret;
-	int i;
-
-	struct {
-		const char *input;
-		size_t input_len;
-	} fixtures[] = {
-		{ "This is a test\x80", 15 },
-		{ "Good news everyone\x88", -1 },
-		{ "Bad \xe0v following chars should be |0x80", -1 },
-		{ "Truncated \xe0", -1 },
-	};
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		ret = p11_utf8_validate (fixtures[i].input,
-		                         fixtures[i].input_len);
-		assert_num_eq (false, ret);
-	}
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_test (test_ucs2be, "/utf8/ucs2be");
-	p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail");
-	p11_test (test_ucs4be, "/utf8/ucs4be");
-	p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail");
-	p11_test (test_utf8, "/utf8/utf8");
-	p11_test (test_utf8_fail, "/utf8/utf8_fail");
-	return p11_test_run (argc, argv);
-}
diff --git a/trust/tests/test-x509.c b/trust/tests/test-x509.c
deleted file mode 100644
index 9f7d258..0000000
--- a/trust/tests/test-x509.c
+++ /dev/null
@@ -1,416 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *     * Redistributions of source code must retain the above
- *       copyright notice, this list of conditions and the
- *       following disclaimer.
- *     * Redistributions in binary form must reproduce the
- *       above copyright notice, this list of conditions and
- *       the following disclaimer in the documentation and/or
- *       other materials provided with the distribution.
- *     * The names of contributors to this software may not be
- *       used to endorse or promote products derived from this
- *       software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "asn1.h"
-#include "debug.h"
-#include "oid.h"
-#include "x509.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-struct {
-	p11_dict *asn1_defs;
-} test;
-
-static void
-setup (void *unused)
-{
-	test.asn1_defs = p11_asn1_defs_load ();
-	assert_ptr_not_null (test.asn1_defs);
-}
-
-static void
-teardown (void *unused)
-{
-	p11_dict_free (test.asn1_defs);
-	memset (&test, 0, sizeof (test));
-}
-
-static const char test_ku_ds_and_np[] = {
-	0x03, 0x03, 0x07, 0xc0, 0x00,
-};
-
-static const char test_ku_none[] = {
-	0x03, 0x03, 0x07, 0x00, 0x00,
-};
-
-static const char test_ku_cert_crl_sign[] = {
-	0x03, 0x03, 0x07, 0x06, 0x00,
-};
-
-static const char test_eku_server_and_client[] = {
-	0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
-	0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
-};
-
-static const char test_eku_none[] = {
-	0x30, 0x00,
-};
-
-static const char test_eku_client_email_and_timestamp[] = {
-	0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06,
-	0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08,
-};
-
-static const unsigned char test_cacert3_ca_der[] = {
-	0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a,
-	0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-	0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f,
-	0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15,
-	0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72,
-	0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19,
-	0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a,
-	0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72,
-	0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d,
-	0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32,
-	0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14,
-	0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20,
-	0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
-	0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74,
-	0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43,
-	0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f,
-	0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-	0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82,
-	0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43,
-	0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda,
-	0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24,
-	0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe,
-	0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5,
-	0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8,
-	0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c,
-	0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82,
-	0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2,
-	0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60,
-	0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a,
-	0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21,
-	0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a,
-	0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74,
-	0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f,
-	0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3,
-	0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed,
-	0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc,
-	0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54,
-	0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b,
-	0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29,
-	0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8,
-	0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba,
-	0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41,
-	0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70,
-	0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9,
-	0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c,
-	0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9,
-	0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f,
-	0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac,
-	0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66,
-	0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40,
-	0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09,
-	0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c,
-	0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30,
-	0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16,
-	0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2,
-	0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
-	0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06,
-	0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
-	0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06,
-	0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69,
-	0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31,
-	0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12,
-	0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f,
-	0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
-	0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-	0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-	0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e,
-	0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b,
-	0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-	0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63,
-	0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41,
-	0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31,
-	0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70,
-	0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72,
-	0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31,
-	0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27,
-	0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63,
-	0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68,
-	0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86,
-	0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79,
-	0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f,
-	0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43,
-	0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-	0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85,
-	0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c,
-	0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04,
-	0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72,
-	0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47,
-	0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe,
-	0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c,
-	0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8,
-	0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33,
-	0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7,
-	0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7,
-	0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac,
-	0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e,
-	0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a,
-	0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39,
-	0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18,
-	0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56,
-	0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0,
-	0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00,
-	0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed,
-	0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58,
-	0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06,
-	0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3,
-	0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b,
-	0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7,
-	0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7,
-	0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9,
-	0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38,
-	0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3,
-	0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d,
-	0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f,
-	0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4,
-	0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a,
-};
-
-struct {
-	const char *eku;
-	size_t length;
-	const char *expected[16];
-} extended_key_usage_fixtures[] = {
-	{ test_eku_server_and_client, sizeof (test_eku_server_and_client),
-	  { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, },
-	{ test_eku_none, sizeof (test_eku_none),
-	  { NULL, }, },
-	{ test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp),
-	  { P11_OID_CLIENT_AUTH_STR, P11_OID_EMAIL_PROTECTION_STR, P11_OID_TIME_STAMPING_STR }, },
-	{ NULL },
-};
-
-static void
-test_parse_extended_key_usage (void)
-{
-	p11_array *ekus;
-	int i, j, count;
-
-	for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) {
-		ekus = p11_x509_parse_extended_key_usage (test.asn1_defs,
-		                                          (const unsigned char *)extended_key_usage_fixtures[i].eku,
-		                                          extended_key_usage_fixtures[i].length);
-		assert_ptr_not_null (ekus);
-
-		for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++);
-
-		assert_num_eq (count, ekus->num);
-		for (j = 0; j < count; j++)
-			assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]);
-
-		p11_array_free (ekus);
-	}
-}
-
-struct {
-	const char *ku;
-	size_t length;
-	unsigned int expected;
-} key_usage_fixtures[] = {
-	{ test_ku_ds_and_np, sizeof (test_ku_ds_and_np), P11_KU_DIGITAL_SIGNATURE | P11_KU_NON_REPUDIATION },
-	{ test_ku_none, sizeof (test_ku_none), 0 },
-	{ test_ku_cert_crl_sign, sizeof (test_ku_cert_crl_sign), P11_KU_KEY_CERT_SIGN | P11_KU_CRL_SIGN },
-	{ NULL },
-};
-
-static void
-test_parse_key_usage (void)
-{
-	unsigned int ku;
-	int i;
-	bool ret;
-
-	for (i = 0; key_usage_fixtures[i].ku != NULL; i++) {
-		ku = 0;
-
-		ret = p11_x509_parse_key_usage (test.asn1_defs,
-		                                (const unsigned char *)key_usage_fixtures[i].ku,
-		                                key_usage_fixtures[i].length, &ku);
-		assert_num_eq (true, ret);
-
-		assert_num_eq (key_usage_fixtures[i].expected, ku);
-	}
-}
-
-static void
-test_parse_extension (void)
-{
-	node_asn *cert;
-	unsigned char *ext;
-	size_t length;
-	bool is_ca;
-
-	cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate",
-	                        test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
-	assert_ptr_not_null (cert);
-
-	ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS,
-	                               test_cacert3_ca_der, sizeof (test_cacert3_ca_der),
-	                               &length);
-	assert_ptr_not_null (ext);
-	assert (length > 0);
-
-	asn1_delete_structure (&cert);
-
-	if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca))
-		assert_fail ("failed to parse message", "basic constraints");
-
-	free (ext);
-}
-static void
-test_parse_extension_not_found (void)
-{
-	node_asn *cert;
-	unsigned char *ext;
-	size_t length;
-
-	cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate",
-	                        test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
-	assert_ptr_not_null (cert);
-
-	ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT,
-	                               test_cacert3_ca_der, sizeof (test_cacert3_ca_der),
-	                               &length);
-	assert_ptr_eq (NULL, ext);
-
-	asn1_delete_structure (&cert);
-}
-
-static void
-test_directory_string (void)
-{
-	struct {
-		unsigned char input[100];
-		int input_len;
-		char *output;
-		int output_len;
-	} fixtures[] = {
-		/* UTF8String */
-		{ { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17,
-		  "\xc3\x84 UTF8 string ", 15,
-		},
-
-		/* NumericString */
-		{ { 0x12, 0x04, '0', '1', '2', '3', }, 6,
-		  "0123", 4,
-		},
-
-		/* IA5String */
-		{ { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6,
-		  " AB ", 4
-		},
-
-		/* TeletexString */
-		{ { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
-		  "A  nice", 7
-		},
-
-		/* PrintableString */
-		{ { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
-		  "A  nice", 7,
-		},
-
-		/* UniversalString */
-		{ { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u',
-		    0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22,
-		  "Fun \xf0\x90\x8c\x99", 8
-		},
-
-		/* BMPString */
-		{ { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12,
-		  "V\xc3\xb6gel", 6
-		},
-	};
-
-	char *string;
-	bool unknown;
-	size_t length;
-	int i;
-
-	for (i = 0; i < ELEMS (fixtures); i++) {
-		string = p11_x509_parse_directory_string (fixtures[i].input,
-		                                          fixtures[i].input_len,
-		                                          &unknown, &length);
-		assert_ptr_not_null (string);
-		assert_num_eq (false, unknown);
-
-		assert_num_eq (fixtures[i].output_len, length);
-		assert_str_eq (fixtures[i].output, string);
-		free (string);
-	}
-}
-
-static void
-test_directory_string_unknown (void)
-{
-	/* Not a valid choice in DirectoryString */
-	unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' };
-	char *string;
-	bool unknown = false;
-	size_t length;
-
-	string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length);
-	assert_ptr_eq (NULL, string);
-	assert_num_eq (true, unknown);
-}
-
-int
-main (int argc,
-      char *argv[])
-{
-	p11_fixture (setup, teardown);
-	p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage");
-	p11_test (test_parse_key_usage, "/x509/parse-key-usage");
-	p11_test (test_parse_extension, "/x509/parse-extension");
-	p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found");
-
-	p11_fixture (NULL, NULL);
-	p11_test (test_directory_string, "/x509/directory-string");
-	p11_test (test_directory_string_unknown, "/x509/directory-string-unknown");
-	return p11_test_run (argc, argv);
-}