First attempt at adding support for attribute certificates (#117)

Platform certificates are defined as RFC5755 attribute certificates with various additional attributes and extensions defined in the TCG Platform Certificate Profile. Add support for parsing them, derived from crypto/x509. Include some test certificates and verify we parse them.
2024-12-18 20:47:57 +00:00 · 2019-10-27 23:12:15 -07:00 · 2019-10-27 23:12:15 -07:00 · f5fa92f739
commit f5fa92f739
parent 43f6c42dc3
26 changed files with 2883 additions and 0 deletions
--- a/attributecert/attributecert.go
+++ b/attributecert/attributecert.go
@ -0,0 +1,713 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Copyright 2019 Google, LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package attributecert parses X.509-encoded attribute certificates.
+package attributecert
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"errors"
+	"fmt"
+	"math/big"
+	"time"
+)
+
+var (
+	oidExtensionSubjectDirectoryAttributes = []int{2, 5, 29, 9}
+	oidExtensionSubjectAltName             = []int{2, 5, 29, 17}
+	oidExtensionCertificatePolicies        = []int{2, 5, 29, 32}
+	oidExtensionAuthorityKeyIdentifier     = []int{2, 5, 29, 35}
+	oidAuthorityInfoAccess                 = []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
+	oidCpsCertificatePolicy                = []int{1, 3, 6, 1, 5, 5, 7, 2, 1}
+	oidAttributeUserNotice                 = []int{1, 3, 6, 1, 5, 5, 7, 2, 2}
+	oidAuthorityInfoAccessOcsp             = []int{1, 3, 6, 1, 5, 5, 7, 48, 1}
+	oidAuthorityInfoAccessIssuers          = []int{1, 3, 6, 1, 5, 5, 7, 48, 2}
+	oidTcgCertificatePolicy                = []int{1, 2, 840, 113741, 1, 5, 2, 4}
+	oidTcgAttribute                        = []int{2, 23, 133, 2}
+	oidTpmManufacturer                     = []int{2, 23, 133, 2, 1}
+	oidTpmModel                            = []int{2, 23, 133, 2, 2}
+	oidTpmVersion                          = []int{2, 23, 133, 2, 3}
+	oidTcgPlatformManufacturerStrV1        = []int{2, 23, 133, 2, 4}
+	oidTcgPlatformModelV1                  = []int{2, 23, 133, 2, 5}
+	oidTcgPlatformVersionV1                = []int{2, 23, 133, 2, 6}
+	oidSecurityQualities                   = []int{2, 23, 133, 2, 10}
+	oidTpmProtectionProfile                = []int{2, 23, 133, 2, 11}
+	oidTpmSecurityTarget                   = []int{2, 23, 133, 2, 12}
+	oidTbbProtectionProfile                = []int{2, 23, 133, 2, 13}
+	oidTbbSecurityTarget                   = []int{2, 23, 133, 2, 14}
+	oidTpmIdLabel                          = []int{2, 23, 133, 2, 15}
+	oidTpmSpecification                    = []int{2, 23, 133, 2, 16}
+	oidTcgPlatformSpecification            = []int{2, 23, 133, 2, 17}
+	oidTpmSecurityAssertions               = []int{2, 23, 133, 2, 18}
+	oidTbbSecurityAssertions               = []int{2, 23, 133, 2, 19}
+	oidTcgCredentialSpecification          = []int{2, 23, 133, 2, 23}
+	oidTcgCredentialType                   = []int{2, 23, 133, 2, 25}
+	oidTcgPlatformClass                    = []int{2, 23, 133, 5}
+	oidTcgCommon                           = []int{2, 23, 133, 5, 1}
+	oidTcgPlatformManufacturerStrV2        = []int{2, 23, 133, 5, 1, 1}
+	oidTcgPlatformManufacturerIdV2         = []int{2, 23, 133, 5, 1, 2}
+	oidTcgPlatformConfigUri                = []int{2, 23, 133, 5, 1, 3}
+	oidTcgPlatformModelV2                  = []int{2, 23, 133, 5, 1, 4}
+	oidTcgPlatformVersionV2                = []int{2, 23, 133, 5, 1, 5}
+	oidTcgPlatformSerialV2                 = []int{2, 23, 133, 5, 1, 6}
+	oidTcgPlatformConfiguration            = []int{2, 23, 133, 5, 1, 7}
+	oidTcgPlatformConfigurationV1          = []int{2, 23, 133, 5, 1, 7, 1}
+	oidTcgPlatformConfigurationV2          = []int{2, 23, 133, 5, 1, 7, 2}
+)
+
+var (
+	oidSignatureRSAPSS  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
+	oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
+
+	oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
+	oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
+	oidSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}
+
+	oidMGF1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8}
+)
+
+var signatureAlgorithmDetails = []struct {
+	algo       x509.SignatureAlgorithm
+	name       string
+	oid        asn1.ObjectIdentifier
+	pubKeyAlgo x509.PublicKeyAlgorithm
+	hash       crypto.Hash
+}{
+	{x509.SHA256WithRSAPSS, "SHA256-RSAPSS", oidSignatureRSAPSS, x509.RSA, crypto.SHA256},
+	{x509.SHA384WithRSAPSS, "SHA384-RSAPSS", oidSignatureRSAPSS, x509.RSA, crypto.SHA384},
+	{x509.SHA512WithRSAPSS, "SHA512-RSAPSS", oidSignatureRSAPSS, x509.RSA, crypto.SHA512},
+	{x509.PureEd25519, "Ed25519", oidSignatureEd25519, x509.Ed25519, crypto.Hash(0) /* no pre-hashing */},
+}
+
+// pssParameters reflects the parameters in an AlgorithmIdentifier that
+// specifies RSA PSS. See RFC 3447, Appendix A.2.3.
+type pssParameters struct {
+	// The following three fields are not marked as
+	// optional because the default values specify SHA-1,
+	// which is no longer suitable for use in signatures.
+	Hash         pkix.AlgorithmIdentifier `asn1:"explicit,tag:0"`
+	MGF          pkix.AlgorithmIdentifier `asn1:"explicit,tag:1"`
+	SaltLength   int                      `asn1:"explicit,tag:2"`
+	TrailerField int                      `asn1:"optional,explicit,tag:3,default:1"`
+}
+
+func getSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) x509.SignatureAlgorithm {
+	if ai.Algorithm.Equal(oidSignatureEd25519) {
+		// RFC 8410, Section 3
+		// > For all of the OIDs, the parameters MUST be absent.
+		if len(ai.Parameters.FullBytes) != 0 {
+			return x509.UnknownSignatureAlgorithm
+		}
+	}
+
+	if !ai.Algorithm.Equal(oidSignatureRSAPSS) {
+		for _, details := range signatureAlgorithmDetails {
+			if ai.Algorithm.Equal(details.oid) {
+				return details.algo
+			}
+		}
+		return x509.UnknownSignatureAlgorithm
+	}
+
+	// RSA PSS is special because it encodes important parameters
+	// in the Parameters.
+
+	var params pssParameters
+	if _, err := asn1.Unmarshal(ai.Parameters.FullBytes, &params); err != nil {
+		return x509.UnknownSignatureAlgorithm
+	}
+
+	var mgf1HashFunc pkix.AlgorithmIdentifier
+	if _, err := asn1.Unmarshal(params.MGF.Parameters.FullBytes, &mgf1HashFunc); err != nil {
+		return x509.UnknownSignatureAlgorithm
+	}
+
+	// PSS is greatly overburdened with options. This code forces them into
+	// three buckets by requiring that the MGF1 hash function always match the
+	// message hash function (as recommended in RFC 3447, Section 8.1), that the
+	// salt length matches the hash length, and that the trailer field has the
+	// default value.
+	if (len(params.Hash.Parameters.FullBytes) != 0 && !bytes.Equal(params.Hash.Parameters.FullBytes, asn1.NullBytes)) ||
+		!params.MGF.Algorithm.Equal(oidMGF1) ||
+		!mgf1HashFunc.Algorithm.Equal(params.Hash.Algorithm) ||
+		(len(mgf1HashFunc.Parameters.FullBytes) != 0 && !bytes.Equal(mgf1HashFunc.Parameters.FullBytes, asn1.NullBytes)) ||
+		params.TrailerField != 1 {
+		return x509.UnknownSignatureAlgorithm
+	}
+
+	switch {
+	case params.Hash.Algorithm.Equal(oidSHA256) && params.SaltLength == 32:
+		return x509.SHA256WithRSAPSS
+	case params.Hash.Algorithm.Equal(oidSHA384) && params.SaltLength == 48:
+		return x509.SHA384WithRSAPSS
+	case params.Hash.Algorithm.Equal(oidSHA512) && params.SaltLength == 64:
+		return x509.SHA512WithRSAPSS
+	}
+
+	return x509.UnknownSignatureAlgorithm
+}
+
+//RFC 5280 4.2.2.1
+type authorityInfoAccess struct {
+	Method   asn1.ObjectIdentifier
+	Location asn1.RawValue
+}
+
+//RFC 5280 4.2.1.1
+type authKeyId struct {
+	Id           []byte        `asn1:"optional,tag:0"`
+	IssuerName   asn1.RawValue `asn1:"set,optional,tag:1"`
+	SerialNumber *big.Int      `asn1:"optional,tag:2"`
+}
+
+//RFC 5280 4.2.1.4
+type cpsPolicy struct {
+	Id    asn1.ObjectIdentifier
+	Value string
+}
+
+//RFC 5280 4.2.1.4
+type policyInformation struct {
+	Raw    asn1.RawContent
+	Id     asn1.ObjectIdentifier
+	Policy asn1.RawValue
+}
+
+//RFC 5280 4.1.2.5
+type validity struct {
+	NotBefore, NotAfter time.Time
+}
+
+//RFC 5280 4.2.1.4
+type NoticeReference struct {
+	Organization  string
+	NoticeNumbers []int
+}
+
+//RFC 5280 4.2.1.4
+type userNotice struct {
+	NoticeRef    NoticeReference `asn1:"optional"`
+	ExplicitText string          `asn1:"optional"`
+}
+
+//RFC 5755 4.1
+type objectDigestInfo struct {
+	DigestedObjectType asn1.Enumerated
+	OtherObjectTypeID  asn1.ObjectIdentifier
+	DigestAlgorithm    pkix.AlgorithmIdentifier
+	ObjectDigest       asn1.BitString
+}
+
+//RFC 5755 4.1
+type attCertIssuer struct {
+	IssuerName        asn1.RawValue    `asn1:"set,optional"`
+	BaseCertificateId issuerSerial     `asn1:"optional,tag:0"`
+	ObjectDigestInfo  objectDigestInfo `asn1:"optional,tag:1"`
+}
+
+//RFC 5755 4.1
+type issuerSerial struct {
+	Raw       asn1.RawContent
+	Issuer    asn1.RawValue
+	Serial    *big.Int
+	IssuerUID asn1.BitString `asn1:"optional"`
+}
+
+//RFC 5755 4.1
+type holder struct {
+	Raw               asn1.RawContent
+	BaseCertificateID issuerSerial     `asn1:"optional,tag:0"`
+	EntityName        pkix.Extension   `asn1:"optional,tag:1"`
+	ObjectDigestInfo  objectDigestInfo `asn1:"optional,tag:2"`
+}
+
+//RFC 5755 4.1
+type attribute struct {
+	Id        asn1.ObjectIdentifier
+	RawValues []asn1.RawValue `asn1:"set"`
+}
+
+//RFC 5755 4.1
+type tbsAttributeCertificate struct {
+	Raw                asn1.RawContent
+	Version            int
+	Holder             holder
+	Issuer             attCertIssuer `asn1:"tag:0"`
+	SignatureAlgorithm pkix.AlgorithmIdentifier
+	SerialNumber       *big.Int
+	Validity           validity
+	Attributes         []attribute
+	IssuerUniqueID     asn1.BitString   `asn1:"optional"`
+	Extensions         []pkix.Extension `asn1:"optional"`
+}
+
+type attributeCertificate struct {
+	Raw                     asn1.RawContent
+	TBSAttributeCertificate tbsAttributeCertificate
+	SignatureAlgorithm      pkix.AlgorithmIdentifier
+	SignatureValue          asn1.BitString
+}
+
+type Certholder struct {
+	Issuer pkix.Name
+	Serial *big.Int
+}
+
+type AttributeCertificate struct {
+	Raw                        []byte // Complete ASN.1 DER content (certificate, signature algorithm and signature).
+	RawTBSAttributeCertificate []byte // Certificate part of raw ASN.1 DER content.
+
+	Signature          []byte
+	SignatureAlgorithm x509.SignatureAlgorithm
+
+	Version                  int
+	SerialNumber             *big.Int
+	Holder                   Certholder
+	Issuer                   pkix.Name
+	Subject                  pkix.Name
+	NotBefore, NotAfter      time.Time // Validity bounds.
+	TCGPlatformSpecification TCGPlatformSpecification
+	TBBSecurityAssertions    TBBSecurityAssertions
+	PlatformManufacturer     string
+	PlatformModel            string
+	PlatformVersion          string
+	PlatformSerial           string
+	CredentialSpecification  string
+	UserNotice               userNotice
+}
+
+// ParseAttributeCertificate parses a single attribute certificate from the
+// given ASN.1 DER data.
+func ParseAttributeCertificate(asn1Data []byte) (*AttributeCertificate, error) {
+	var cert attributeCertificate
+
+	rest, err := asn1.Unmarshal(asn1Data, &cert)
+	if err != nil {
+		return nil, err
+	} else if len(rest) != 0 {
+		return nil, asn1.SyntaxError{Msg: "attributecert: trailing data"}
+	}
+
+	return parseAttributeCertificate(&cert)
+}
+
+type PlatformDataSequence []PlatformDataSET
+type PlatformDataSET []pkix.AttributeTypeAndValue
+
+type TCGData struct {
+	Id   asn1.ObjectIdentifier
+	Data string
+}
+
+type TCGDirectoryEntry struct {
+	Id   asn1.ObjectIdentifier
+	Data asn1.RawValue
+}
+
+type TCGSpecificationVersion struct {
+	MajorVersion int
+	MinorVersion int
+	Revision     int
+}
+
+type TCGPlatformSpecification struct {
+	Version TCGSpecificationVersion
+}
+
+type TCGCredentialSpecification struct {
+	Version TCGSpecificationVersion
+}
+
+type TCGCredentialType struct {
+	CertificateType asn1.ObjectIdentifier
+}
+
+type FipsLevel struct {
+	Version string
+	Level   asn1.Enumerated
+	Plus    bool
+}
+
+type CommonCriteriaMeasures struct {
+	Version            string
+	AssuranceLevel     asn1.Enumerated
+	EvaluationStatus   asn1.Enumerated
+	Plus               bool
+	StrengthOfFunction asn1.Enumerated       `asn1:"optional,tag=0"`
+	ProfileOid         asn1.ObjectIdentifier `asn1:"optional,tag=1"`
+	ProfileUri         string                `asn1:"optional,tag=2"`
+	TargetOid          asn1.ObjectIdentifier `asn1:"optional,tag=3"`
+	TargetUri          asn1.ObjectIdentifier `asn1:"optional,tag=4"`
+}
+
+type TBBSecurityAssertions struct {
+	Version          int
+	CcInfo           CommonCriteriaMeasures `asn1:"optional,tag=0"`
+	FipsLevel        FipsLevel              `asn1:"optional,tag=1"`
+	RtmType          asn1.Enumerated        `asn1:"optional,tag=2"`
+	Iso9000Certified bool                   `asn1:"optional"`
+	Iso9000Uri       string                 `asn1:"optional"`
+}
+
+type Property struct {
+	PropertyName  string
+	PropertyValue string
+	Status        asn1.Enumerated `asn1:"optional,tag=0"`
+}
+
+type AttributeCertificateIdentifier struct {
+	HashAlgorithm          pkix.AlgorithmIdentifier
+	HashOverSignatureValue string
+}
+
+type CertificateIdentifier struct {
+	AttributeCertIdentifier AttributeCertificateIdentifier `asn1:"optional,tag=0"`
+	GenericCertIdientifier  issuerSerial                   `asn1:"optional,tag=1"`
+}
+
+type ComponentAddress struct {
+	AddressType  asn1.ObjectIdentifier
+	AddressValue string
+}
+
+type ComponentClass struct {
+	ComponentClassRegistry asn1.ObjectIdentifier
+	ComponentClassValue    string
+}
+
+type ComponentIdentifierV2 struct {
+	ComponentClass           ComponentClass
+	ComponentManufacturer    string
+	ComponentModel           string
+	ComponentSerial          string                `asn1:"optional,tag=0"`
+	ComponentRevision        string                `asn1:"optional,tag=1"`
+	ComponentManufacturerId  int                   `asn1:"optional,tag=2"`
+	FieldReplaceable         bool                  `asn1:"optional,tag=3"`
+	ComponentAddresses       []ComponentAddress    `asn1:"optional,tag=4"`
+	ComponentPlatformCert    CertificateIdentifier `asn1:"optional,tag=5"`
+	ComponentPlatformCertUri string                `asn1:"optional,tag=6"`
+	Status                   asn1.Enumerated       `asn1:"optional,tag=7"`
+}
+
+type UriReference struct {
+	UniformResourceIdentifier string
+	HashAlgorithm             pkix.AlgorithmIdentifier `asn1:"optional"`
+	HashValue                 string                   `asn1:"optional"`
+}
+
+type PlatformConfigurationV2 struct {
+	ComponentIdentifiers    []ComponentIdentifierV2 `asn1:"optional,tag=0"`
+	ComponentIdentifiersUri UriReference            `asn1:"optional,tag=1"`
+	PlatformProperties      []Property              `asn1:"optional,tag=2"`
+	PlatformPropertiesUri   UriReference            `asn1:"optional,tag=3"`
+}
+
+type ComponentIdentifierV1 struct {
+	ComponentManufacturer   string
+	ComponentModel          string
+	ComponentSerial         string             `asn1:"optional,tag=0"`
+	ComponentRevision       string             `asn1:"optional,tag=1"`
+	ComponentManufacturerId int                `asn1:"optional,tag=2"`
+	FieldReplaceable        bool               `asn1:"optional,tag=3"`
+	ComponentAddresses      []ComponentAddress `asn1:"optional,tag=4"`
+}
+
+type PlatformConfigurationV1 struct {
+	ComponentIdentifiers  []ComponentIdentifierV1 `asn1:"optional,tag=0"`
+	PlatformProperties    []Property              `asn1:"optional,tag=1"`
+	PlatformPropertiesUri []UriReference          `asn1:"optional,tag=2"`
+}
+
+func unmarshalSAN(v asn1.RawValue) ([]pkix.AttributeTypeAndValue, error) {
+	if v.Tag == asn1.TagSet {
+		var e pkix.AttributeTypeAndValue
+		if _, err := asn1.Unmarshal(v.Bytes, &e); err != nil {
+			return nil, err
+		}
+		return []pkix.AttributeTypeAndValue{e}, nil
+	} else if v.Tag == asn1.TagOctetString {
+		var attributes []pkix.AttributeTypeAndValue
+		var platformData PlatformDataSequence
+		rest, err := asn1.Unmarshal(v.Bytes, &platformData)
+		if err != nil {
+			return nil, err
+		} else if len(rest) != 0 {
+			return nil, errors.New("attributecert: trailing data after X.509 subject")
+		}
+		for _, e := range platformData {
+			for _, e2 := range e {
+				attributes = append(attributes, e2)
+			}
+		}
+		return attributes, nil
+	}
+	return nil, fmt.Errorf("attributecert: unexpected SAN type %v", v.Tag)
+}
+
+func parseAttributeCertificate(in *attributeCertificate) (*AttributeCertificate, error) {
+	out := &AttributeCertificate{
+		Raw:                        in.Raw,
+		RawTBSAttributeCertificate: in.TBSAttributeCertificate.Raw,
+		Signature:                  in.SignatureValue.RightAlign(),
+		SignatureAlgorithm:         getSignatureAlgorithmFromAI(in.TBSAttributeCertificate.SignatureAlgorithm),
+		Version:                    in.TBSAttributeCertificate.Version + 1,
+		SerialNumber:               in.TBSAttributeCertificate.SerialNumber,
+	}
+
+	var v asn1.RawValue
+	if _, err := asn1.Unmarshal(in.TBSAttributeCertificate.Issuer.IssuerName.Bytes, &v); err != nil {
+		return nil, err
+	}
+
+	var issuer pkix.RDNSequence
+	if rest, err := asn1.Unmarshal(v.Bytes, &issuer); err != nil {
+		return nil, err
+	} else if len(rest) != 0 {
+		return nil, errors.New("attributecert: trailing data after X.509 subject")
+	}
+
+	out.Issuer.FillFromRDNSequence(&issuer)
+	if _, err := asn1.Unmarshal(in.TBSAttributeCertificate.Holder.BaseCertificateID.Issuer.Bytes, &v); err != nil {
+		return nil, err
+	}
+
+	var holder pkix.RDNSequence
+	if rest, err := asn1.Unmarshal(v.Bytes, &holder); err != nil {
+		return nil, err
+	} else if len(rest) != 0 {
+		return nil, errors.New("attributecert: trailing data after X.509 subject")
+	}
+
+	out.Holder.Issuer.FillFromRDNSequence(&holder)
+	out.Holder.Serial = in.TBSAttributeCertificate.Holder.BaseCertificateID.Serial
+
+	out.NotBefore = in.TBSAttributeCertificate.Validity.NotBefore
+	out.NotAfter = in.TBSAttributeCertificate.Validity.NotAfter
+
+	for _, attribute := range in.TBSAttributeCertificate.Attributes {
+		switch {
+		case attribute.Id.Equal(oidAttributeUserNotice):
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &out.UserNotice); err != nil {
+				return nil, err
+			}
+		case attribute.Id.Equal(oidTcgPlatformSpecification):
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &out.TCGPlatformSpecification); err != nil {
+				return nil, err
+			}
+		case attribute.Id.Equal(oidTbbSecurityAssertions):
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &out.TBBSecurityAssertions); err != nil {
+				return nil, err
+			}
+		case attribute.Id.Equal(oidTcgCredentialSpecification):
+			var credentialSpecification TCGCredentialSpecification
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &credentialSpecification); err != nil {
+				var credentialSpecification TCGSpecificationVersion
+				if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &credentialSpecification); err != nil {
+					return nil, err
+				}
+			}
+		case attribute.Id.Equal(oidTcgCredentialType):
+			var credentialType TCGCredentialType
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &credentialType); err != nil {
+				return nil, err
+			}
+		case attribute.Id.Equal(oidTcgPlatformConfigurationV1):
+			var platformConfiguration PlatformConfigurationV1
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &platformConfiguration); err != nil {
+				return nil, err
+			}
+		case attribute.Id.Equal(oidTcgPlatformConfigurationV2):
+			var platformConfiguration PlatformConfigurationV2
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &platformConfiguration); err != nil {
+				return nil, err
+			}
+		case attribute.Id.Equal(oidTcgPlatformConfigUri):
+			var platformConfigurationUri UriReference
+			if _, err := asn1.Unmarshal(attribute.RawValues[0].FullBytes, &platformConfigurationUri); err != nil {
+				return nil, err
+			}
+		default:
+			return nil, fmt.Errorf("attributecert: unknown attribute %v", attribute.Id)
+		}
+	}
+
+	for _, extension := range in.TBSAttributeCertificate.Extensions {
+		switch {
+		case extension.Id.Equal(oidExtensionSubjectAltName):
+			var seq asn1.RawValue
+			rest, err := asn1.Unmarshal(extension.Value, &seq)
+			if err != nil {
+				return nil, err
+			} else if len(rest) != 0 {
+				return nil, errors.New("attributecert: trailing data after X.509 extension")
+			}
+			rest = seq.Bytes
+			for len(rest) > 0 {
+				var v asn1.RawValue
+				rest, err = asn1.Unmarshal(rest, &v)
+				if err != nil {
+					return nil, err
+				}
+				tcgdata, err := unmarshalSAN(v)
+				if err != nil {
+					return nil, fmt.Errorf("attributecert: failed to unmarshal SAN: %v", err)
+				}
+				for _, e := range tcgdata {
+					switch {
+					case e.Type.Equal(oidTcgPlatformManufacturerStrV1):
+						out.PlatformManufacturer = e.Value.(string)
+					case e.Type.Equal(oidTcgPlatformModelV1):
+						out.PlatformModel = e.Value.(string)
+					case e.Type.Equal(oidTcgPlatformVersionV1):
+						out.PlatformVersion = e.Value.(string)
+					case e.Type.Equal(oidTcgCredentialSpecification):
+						// This OID appears to be misused in this context
+						out.PlatformSerial = e.Value.(string)
+					case e.Type.Equal(oidTcgPlatformManufacturerStrV2):
+						out.PlatformManufacturer = e.Value.(string)
+					case e.Type.Equal(oidTcgPlatformManufacturerIdV2):
+						// We can't parse these out at present
+						break
+					case e.Type.Equal(oidTcgPlatformModelV2):
+						out.PlatformModel = e.Value.(string)
+					case e.Type.Equal(oidTcgPlatformVersionV2):
+						out.PlatformVersion = e.Value.(string)
+					case e.Type.Equal(oidTcgPlatformSerialV2):
+						out.PlatformSerial = e.Value.(string)
+					default:
+						return nil, fmt.Errorf("attributecert: unhandled attribute: %v", e.Type)
+					}
+				}
+			}
+
+		case extension.Id.Equal(oidExtensionSubjectDirectoryAttributes):
+			var seq asn1.RawValue
+			rest, err := asn1.Unmarshal(extension.Value, &seq)
+			if err != nil {
+				return nil, err
+			} else if len(rest) != 0 {
+				return nil, errors.New("attributecert: trailing data after X.509 extension")
+			}
+			rest = seq.Bytes
+			for len(rest) > 0 {
+				var e TCGDirectoryEntry
+				rest, err = asn1.Unmarshal(rest, &e)
+				if err != nil {
+					return nil, err
+				}
+				switch {
+				case e.Id.Equal(oidTcgPlatformSpecification):
+					var platformSpecification TCGPlatformSpecification
+					_, err := asn1.Unmarshal(e.Data.Bytes, &platformSpecification)
+					if err != nil {
+						return nil, err
+					}
+					out.TCGPlatformSpecification = platformSpecification
+				case e.Id.Equal(oidTbbSecurityAssertions):
+					var securityAssertions TBBSecurityAssertions
+					_, err := asn1.Unmarshal(e.Data.Bytes, &securityAssertions)
+					if err != nil {
+						return nil, err
+					}
+					out.TBBSecurityAssertions = securityAssertions
+				default:
+					return nil, fmt.Errorf("attributecert: unhandled TCG directory attribute: %v", e.Id)
+				}
+			}
+
+		case extension.Id.Equal(oidExtensionCertificatePolicies):
+			var policies []policyInformation
+			_, err := asn1.Unmarshal(extension.Value, &policies)
+			if err != nil {
+				return nil, err
+			}
+			for _, policy := range policies {
+				if policy.Id.Equal(oidTcgCertificatePolicy) {
+					var subpolicies []policyInformation
+					_, err := asn1.Unmarshal(policy.Policy.FullBytes, &subpolicies)
+					if err != nil {
+						return nil, err
+					}
+					for _, subpolicy := range subpolicies {
+						switch {
+						case subpolicy.Id.Equal(oidCpsCertificatePolicy):
+							var cpsPolicy cpsPolicy
+							_, err := asn1.Unmarshal(subpolicy.Raw, &cpsPolicy)
+							if err != nil {
+								return nil, err
+							}
+						case subpolicy.Id.Equal(oidAttributeUserNotice):
+							var userNotice string
+							_, err := asn1.Unmarshal(subpolicy.Policy.Bytes, &userNotice)
+							if err != nil {
+								return nil, err
+							}
+						default:
+							return nil, fmt.Errorf("attributecert: unhandled certificate policy: %v", subpolicy.Id)
+						}
+					}
+				}
+			}
+
+		case extension.Id.Equal(oidExtensionAuthorityKeyIdentifier):
+			var a authKeyId
+			_, err := asn1.Unmarshal(extension.Value, &a)
+			if err != nil {
+				return nil, err
+			}
+
+		case extension.Id.Equal(oidAuthorityInfoAccess):
+			var aia []authorityInfoAccess
+			_, err := asn1.Unmarshal(extension.Value, &aia)
+			if err != nil {
+				return nil, err
+			}
+			for _, v := range aia {
+				if v.Method.Equal(oidAuthorityInfoAccessOcsp) {
+					//TODO
+				} else if v.Method.Equal(oidAuthorityInfoAccessIssuers) {
+					//TODO
+				} else {
+					return nil, fmt.Errorf("attributecert: unhandled Authority Info Access type %v", v.Method)
+				}
+			}
+
+		default:
+			return nil, fmt.Errorf("attributecert: unknown extension ID %v", extension.Id)
+		}
+	}
+
+	return out, nil
+}
+
+// CheckSignatureFrom verifies that the signature on c is a valid signature
+// from parent.
+func (c *AttributeCertificate) CheckSignatureFrom(parent *x509.Certificate) error {
+	// RFC 5280, 4.2.1.9:
+	// "If the basic constraints extension is not present in a version 3
+	// certificate, or the extension is present but the cA boolean is not
+	// asserted, then the certified public key MUST NOT be used to verify
+	// certificate signatures."
+	if parent.Version == 3 && !parent.BasicConstraintsValid ||
+		parent.BasicConstraintsValid && !parent.IsCA {
+		return x509.ConstraintViolationError{}
+	}
+
+	if parent.KeyUsage != 0 && parent.KeyUsage&x509.KeyUsageCertSign == 0 {
+		return x509.ConstraintViolationError{}
+	}
+
+	if parent.PublicKeyAlgorithm == x509.UnknownPublicKeyAlgorithm {
+		return x509.ErrUnsupportedAlgorithm
+	}
+
+	// TODO(agl): don't ignore the path length constraint.
+
+	return parent.CheckSignature(c.SignatureAlgorithm, c.RawTBSAttributeCertificate, c.Signature)
+}
--- a/attributecert/attributecert_test.go
+++ b/attributecert/attributecert_test.go
@ -0,0 +1,55 @@
+// Copyright 2019 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+package attributecert
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"strings"
+	"testing"
+)
+
+func TestParseAttributeCerts(t *testing.T) {
+	files, err := ioutil.ReadDir("testdata")
+	if err != nil {
+		t.Fatalf("failed to read test dir: %v", err)
+	}
+	for _, file := range files {
+		if strings.HasSuffix(file.Name(), ".json") {
+			continue
+		}
+		filename := "testdata/" + file.Name()
+		jsonfile := filename + ".json"
+		data, err := ioutil.ReadFile(filename)
+		if err != nil {
+			t.Fatalf("failed to read test data %s: %v", filename, err)
+		}
+		cert, err := ParseAttributeCertificate(data)
+		if err != nil {
+			t.Fatalf("failed to parse test data %s: %v", filename, err)
+		}
+		jsondata, err := ioutil.ReadFile(jsonfile)
+		if err != nil {
+			t.Fatalf("failed to read json test data %s: %v", jsonfile, err)
+		}
+		jsoncert, err := json.MarshalIndent(cert, "", "    ")
+		if err != nil {
+			t.Fatalf("failed to marshal %s to json: %v", filename, err)
+		}
+		if string(jsondata) != string(jsoncert) {
+			t.Fatalf("%s fails to match test data", filename)
+		}
+	}
+}
--- a/attributecert/testdata/Intel_nuc1.cer
+++ b/attributecert/testdata/Intel_nuc1.cer
--- a/attributecert/testdata/Intel_nuc1.cer.json
+++ b/attributecert/testdata/Intel_nuc1.cer.json
@ -0,0 +1,201 @@
+{
+    "Raw": "MIIHZzCCBc8CAQEwgZWggZIwgYmkgYYwgYMxCzAJBgNVBAYTAkRFMSEwHwYDVQQKDBhJbmZpbmVvbiBUZWNobm9sb2dpZXMgQUcxGjAYBgNVBAsMEU9QVElHQShUTSkgVFBNMi4wMTUwMwYDVQQDDCxJbmZpbmVvbiBPUFRJR0EoVE0pIFJTQSBNYW51ZmFjdHVyaW5nIENBIDAyMgIEewdr5KCBpTCBoqSBnzCBnDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xNjA0BgNVBAsMLVRyYW5zcGFyZW50IFN1cHBseSBDaGFpbiBJc3N1aW5nIENBIElLR0ZfVEVTVDEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQsFAAIURWDgSMFKL0n0S+ktvxmwCYC4Sf8wIhgPMjAxODEwMDYyMTA5MzNaGA8yMDMyMDUzMTEwMjMwMlowggJ5MBwGBWeBBQIRMRMwETAJAgECAgEAAgEBBAQAAAABMBIGBWeBBQIZMQkwBwYFZ4EFCAIwFgYFZ4EFAhcxDTALMAkCAQECAQECAQkwFAYFZ4EFAhMxCzAJAgEAggEDAQEAMIIBzQYHZ4EFBQEHATGCAcAwggG8oIIBOTA8BAQBAAAADBRJbnRlbChSKSBDb3Jwb3JhdGlvbgwHQ29yZSBpNYAIWDIzOTgzOTKBAzIuNoIDMzQzgwH/MDgEBAMAAAAMB1NhbXN1bmcMEE00NzFBNTE0M0VCMC1DUEKACEFCQzQ1OTg5gQMzLjGCAzE5NoMBADBIBAQDAAAADA1Ob3QgU3BlY2lmaWVkDBBLSU5HU1RPTiBTQTQwMFMzgBA1MDAyNkI3Nzc4MDUyNzBCgQU2MDkuMIIDMTk2gwEAMHUEBAQAAAAMEUludGVsIENvcnBvcmF0aW9uDBtFdGhlcm5ldCBDb25uZWN0aW9uIEkyMTktTE2AEThjOjBmOjZmOjcyOmM2OmM1gQQyMS4wggMzNDODAf+kHDAaBgVngQURAQwROGM6MGY6NmY6NzI6YzY6YzWhPjALDANBTVQMBHRydWUwFAwMdlBybyBFbmFibGVkDAR0cnVlMBkMEERyb3BTaGlwIEVuYWJsZWQMBWZhbHNloj0WO2h0dHBzOi8vd3d3LnBsYXRmb3JtbWZnLmNvbS9wbGF0Zm9ycHJvcGVydGllcy80OTM4OTQzODQuaHRtMEYGBmeBBQUBAzE8MDoWOGh0dHBzOi8vd3d3LnBsYXRmb3JtbWZnLmNvbS9wbGF0Zm9ybWNvbmZpZy80Nzg3NDg3MzgueG1sMIIBwjCBqQYDVR0gBIGhMIGeMIGbBgoqhkiG+E0BBQIEMIGMMFoGCCsGAQUFBwIBFk5odHRwczovL3RydXN0ZWRzZXJ2aWNlcy5pbnRlbC5jb20vY29udGVudC9UU0MvY2VydHMvVFNDY2VydFBvbGljeVN0YXRlbWVudC5wZGYwLgYIKwYBBQUHAgIwIgwgVENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwgYYGA1UdEQR/MH2kezB5MR0wGwYGZ4EFBQEBDBFJbnRlbCBDb3Jwb3JhdGlvbjEWMBQGBmeBBQUBBAwKTlVDN2k1RE5IRTEWMBQGBmeBBQUBBQwKSjcxNzM5LTQwMTEoMCYGBmeBBQUBBgwcRFcxNjAwNDIwMzAwMTEwX0JURE43MzIwMDBRTTAfBgNVHSMEGDAWgBQ8Brn7Y6U8pXxrh0MzOfHcqAf7pDBqBggrBgEFBQcBAQReMFwwWgYIKwYBBQUHMAKGTmh0dHBzOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50L1RTQy9jZXJ0cy9UU0NfSXNzdWluZ0NBSUtHRl9URVNULmNlcjANBgkqhkiG9w0BAQsFAAOCAYEAfKB6Wvu7wOGQ7xTVZt1HIu8wOQIF1eOlndepo0VKrg6tlNZ3TNHMSgLaoWH7P42nu43Q5DbCK5IA5tMI4LcjCjgugOM6Gu2N1bwvsnjX9YDq3DLiFEXZGq/r47cYiZujInncQ4h0xkvNFml6Q2yNNbqjxnWXAeGoHO1s9Qtv0P+UPtUnsHzix8ZATPfIbJURZ0Oi6djojT4LlqSxptFO6UWoxdTl5WCgFbf+xKjGPmu5DEDekflGQvUU4nyqMSJOTGBWslatAOVkKCU1mtyz8935fdD7Z3zA/kP4ZRw6whWATUQa1mzHQ8fRI1eiXjOXYs6rpNfixftX7S4rbz+ZURLrvwxFY5CtTRl2eZjr7tgXm64ywz1/22JXAYDOe/BIt807dmPoyhamm000z6Ww0HSDU9TavTyakCVrRDjO+kdpfwZGZDaOvP525qhMVKPO9G1m9lO9e1khjJAxP57h2rOKhhSprUsfU9lZriYGygJBr6VseJOAvqiOgHrq0xd4",
+    "RawTBSAttributeCertificate": "MIIFzwIBATCBlaCBkjCBiaSBhjCBgzELMAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDIyAgR7B2vkoIGlMIGipIGfMIGcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjE2MDQGA1UECwwtVHJhbnNwYXJlbnQgU3VwcGx5IENoYWluIElzc3VpbmcgQ0EgSUtHRl9URVNUMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBCwUAAhRFYOBIwUovSfRL6S2/GbAJgLhJ/zAiGA8yMDE4MTAwNjIxMDkzM1oYDzIwMzIwNTMxMTAyMzAyWjCCAnkwHAYFZ4EFAhExEzARMAkCAQICAQACAQEEBAAAAAEwEgYFZ4EFAhkxCTAHBgVngQUIAjAWBgVngQUCFzENMAswCQIBAQIBAQIBCTAUBgVngQUCEzELMAkCAQCCAQMBAQAwggHNBgdngQUFAQcBMYIBwDCCAbygggE5MDwEBAEAAAAMFEludGVsKFIpIENvcnBvcmF0aW9uDAdDb3JlIGk1gAhYMjM5ODM5MoEDMi42ggMzNDODAf8wOAQEAwAAAAwHU2Ftc3VuZwwQTTQ3MUE1MTQzRUIwLUNQQoAIQUJDNDU5ODmBAzMuMYIDMTk2gwEAMEgEBAMAAAAMDU5vdCBTcGVjaWZpZWQMEEtJTkdTVE9OIFNBNDAwUzOAEDUwMDI2Qjc3NzgwNTI3MEKBBTYwOS4wggMxOTaDAQAwdQQEBAAAAAwRSW50ZWwgQ29ycG9yYXRpb24MG0V0aGVybmV0IENvbm5lY3Rpb24gSTIxOS1MTYAROGM6MGY6NmY6NzI6YzY6YzWBBDIxLjCCAzM0M4MB/6QcMBoGBWeBBREBDBE4YzowZjo2Zjo3MjpjNjpjNaE+MAsMA0FNVAwEdHJ1ZTAUDAx2UHJvIEVuYWJsZWQMBHRydWUwGQwQRHJvcFNoaXAgRW5hYmxlZAwFZmFsc2WiPRY7aHR0cHM6Ly93d3cucGxhdGZvcm1tZmcuY29tL3BsYXRmb3Jwcm9wZXJ0aWVzLzQ5Mzg5NDM4NC5odG0wRgYGZ4EFBQEDMTwwOhY4aHR0cHM6Ly93d3cucGxhdGZvcm1tZmcuY29tL3BsYXRmb3JtY29uZmlnLzQ3ODc0ODczOC54bWwwggHCMIGpBgNVHSAEgaEwgZ4wgZsGCiqGSIb4TQEFAgQwgYwwWgYIKwYBBQUHAgEWTmh0dHBzOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50L1RTQy9jZXJ0cy9UU0NjZXJ0UG9saWN5U3RhdGVtZW50LnBkZjAuBggrBgEFBQcCAjAiDCBUQ0cgVHJ1c3RlZCBQbGF0Zm9ybSBFbmRvcnNlbWVudDCBhgYDVR0RBH8wfaR7MHkxHTAbBgZngQUFAQEMEUludGVsIENvcnBvcmF0aW9uMRYwFAYGZ4EFBQEEDApOVUM3aTVETkhFMRYwFAYGZ4EFBQEFDApKNzE3MzktNDAxMSgwJgYGZ4EFBQEGDBxEVzE2MDA0MjAzMDAxMTBfQlRETjczMjAwMFFNMB8GA1UdIwQYMBaAFDwGuftjpTylfGuHQzM58dyoB/ukMGoGCCsGAQUFBwEBBF4wXDBaBggrBgEFBQcwAoZOaHR0cHM6Ly90cnVzdGVkc2VydmljZXMuaW50ZWwuY29tL2NvbnRlbnQvVFNDL2NlcnRzL1RTQ19Jc3N1aW5nQ0FJS0dGX1RFU1QuY2Vy",
+    "Signature": "fKB6Wvu7wOGQ7xTVZt1HIu8wOQIF1eOlndepo0VKrg6tlNZ3TNHMSgLaoWH7P42nu43Q5DbCK5IA5tMI4LcjCjgugOM6Gu2N1bwvsnjX9YDq3DLiFEXZGq/r47cYiZujInncQ4h0xkvNFml6Q2yNNbqjxnWXAeGoHO1s9Qtv0P+UPtUnsHzix8ZATPfIbJURZ0Oi6djojT4LlqSxptFO6UWoxdTl5WCgFbf+xKjGPmu5DEDekflGQvUU4nyqMSJOTGBWslatAOVkKCU1mtyz8935fdD7Z3zA/kP4ZRw6whWATUQa1mzHQ8fRI1eiXjOXYs6rpNfixftX7S4rbz+ZURLrvwxFY5CtTRl2eZjr7tgXm64ywz1/22JXAYDOe/BIt807dmPoyhamm000z6Ww0HSDU9TavTyakCVrRDjO+kdpfwZGZDaOvP525qhMVKPO9G1m9lO9e1khjJAxP57h2rOKhhSprUsfU9lZriYGygJBr6VseJOAvqiOgHrq0xd4",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 396080772635209191883026258511591308753565665791,
+    "Holder": {
+        "Issuer": {
+            "Country": [
+                "DE"
+            ],
+            "Organization": [
+                "Infineon Technologies AG"
+            ],
+            "OrganizationalUnit": [
+                "OPTIGA(TM) TPM2.0"
+            ],
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "Infineon OPTIGA(TM) RSA Manufacturing CA 022",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        6
+                    ],
+                    "Value": "DE"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        10
+                    ],
+                    "Value": "Infineon Technologies AG"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        11
+                    ],
+                    "Value": "OPTIGA(TM) TPM2.0"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "Infineon OPTIGA(TM) RSA Manufacturing CA 022"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 2064083940
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain Issuing CA IKGF_TEST"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain Issuing CA IKGF_TEST"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2018-10-06T21:09:33Z",
+    "NotAfter": "2032-05-31T10:23:02Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 2,
+            "MinorVersion": 0,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel Corporation",
+    "PlatformModel": "NUC7i5DNHE",
+    "PlatformVersion": "J71739-401",
+    "PlatformSerial": "DW1600420300110_BTDN732000QM",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/Intel_nuc_pc.cer
+++ b/attributecert/testdata/Intel_nuc_pc.cer
--- a/attributecert/testdata/Intel_nuc_pc.cer.json
+++ b/attributecert/testdata/Intel_nuc_pc.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIDADCCAegCAQEwMKAuMBakFDASMRAwDgYDVQQDDAdTVE1pY3JvAhQrz0/5+zLfie1TVQpsz57kyGtq3aCBkDCBjaSBijCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xITAfBgNVBAsMGFRyYW5zcGFyZW50IFN1cHBseSBDaGFpbjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQUFAAIUQtCeCYR41o33Qv3So+KiQIZviFAwIhgPMjAxNzAzMTUyMTA4MzBaGA8yMDMwMTIzMTIzNTk1OVowMTAZBgVngQUCETEQMA4wCQIBAQIBAgIBAQwBMTAUBgVngQUCEzELMAkCAQCCAQMBAQAwgaEwTQYDVR0gAQH/BEMwQTA/BgoqhkiG+E0BBQIEMDEwLwYIKwYBBQUHAgIwIwwhVENQQSBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MFAGA1UdEQEB/wRGMESkQjBAMRAwDgYFZ4EFAgQMBUludGVsMRUwEwYFZ4EFAgUMCkRFMzgxNVRZS0gxFTATBgVngQUCBgwKSDI2OTk4LTQwMjANBgkqhkiG9w0BAQUFAAOCAQEAXPD46MxZy0vQlSQ7EOMRgBSDWUS9561Gc2IKM0FqXcYWi6YT4NAk1rx/j/ycA87fNiJzOjSCD1qv5MAaI3IOuqE911Hk/lsZ9Xq25a5c6BeQjyCpwI/qNno0rnTINjOXYllurVzU6Dn109f1NQS/m9ZkJ1gicMWkna2mEO842kH5CfqaskRqUGOO5nViO6Y094pzwT/Zp+W2CRqAo1BwDIV8OM6u4AZnEagFlbpPqnU8IfFO2n4zeILADiJ9TkXJovvfemJnoZlzcUPO6+8wjjsbtojEiu4bQF9QwIc/VtDSYUYstwwuACuSxE6jvhROuZHiTBE85623uE0eMQl5vA==",
+    "RawTBSAttributeCertificate": "MIIB6AIBATAwoC4wFqQUMBIxEDAOBgNVBAMMB1NUTWljcm8CFCvPT/n7Mt+J7VNVCmzPnuTIa2rdoIGQMIGNpIGKMIGHMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEhMB8GA1UECwwYVHJhbnNwYXJlbnQgU3VwcGx5IENoYWluMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBBQUAAhRC0J4JhHjWjfdC/dKj4qJAhm+IUDAiGA8yMDE3MDMxNTIxMDgzMFoYDzIwMzAxMjMxMjM1OTU5WjAxMBkGBWeBBQIRMRAwDjAJAgEBAgECAgEBDAExMBQGBWeBBQITMQswCQIBAIIBAwEBADCBoTBNBgNVHSABAf8EQzBBMD8GCiqGSIb4TQEFAgQwMTAvBggrBgEFBQcCAjAjDCFUQ1BBIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwUAYDVR0RAQH/BEYwRKRCMEAxEDAOBgVngQUCBAwFSW50ZWwxFTATBgVngQUCBQwKREUzODE1VFlLSDEVMBMGBWeBBQIGDApIMjY5OTgtNDAy",
+    "Signature": "XPD46MxZy0vQlSQ7EOMRgBSDWUS9561Gc2IKM0FqXcYWi6YT4NAk1rx/j/ycA87fNiJzOjSCD1qv5MAaI3IOuqE911Hk/lsZ9Xq25a5c6BeQjyCpwI/qNno0rnTINjOXYllurVzU6Dn109f1NQS/m9ZkJ1gicMWkna2mEO842kH5CfqaskRqUGOO5nViO6Y094pzwT/Zp+W2CRqAo1BwDIV8OM6u4AZnEagFlbpPqnU8IfFO2n4zeILADiJ9TkXJovvfemJnoZlzcUPO6+8wjjsbtojEiu4bQF9QwIc/VtDSYUYstwwuACuSxE6jvhROuZHiTBE85623uE0eMQl5vA==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 381445712855471821370226218763651357733536368720,
+    "Holder": {
+        "Issuer": {
+            "Country": null,
+            "Organization": null,
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STMicro",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STMicro"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 250109824336319286595474760117236152727488916189
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-03-15T21:08:30Z",
+    "NotAfter": "2030-12-31T23:59:59Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 1,
+            "MinorVersion": 2,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "DE3815TYKH",
+    "PlatformVersion": "H26998-402",
+    "PlatformSerial": "",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/Intel_nuc_pc2.cer
+++ b/attributecert/testdata/Intel_nuc_pc2.cer
--- a/attributecert/testdata/Intel_nuc_pc2.cer.json
+++ b/attributecert/testdata/Intel_nuc_pc2.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIDADCCAegCAQEwMKAuMBakFDASMRAwDgYDVQQDDAdTVE1pY3JvAhRrZ4VfPG34FALdQNaVQ0q4szdWuKCBkDCBjaSBijCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xITAfBgNVBAsMGFRyYW5zcGFyZW50IFN1cHBseSBDaGFpbjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQUFAAIUM1NqX1KDMb4erHbXmwv9sBEi9E8wIhgPMjAxNzAzMTQyMzUyMTBaGA8yMDMwMTIzMTIzNTk1OVowMTAZBgVngQUCETEQMA4wCQIBAQIBAgIBAQwBMTAUBgVngQUCEzELMAkCAQCCAQMBAQAwgaEwTQYDVR0gAQH/BEMwQTA/BgoqhkiG+E0BBQIEMDEwLwYIKwYBBQUHAgIwIwwhVENQQSBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MFAGA1UdEQEB/wRGMESkQjBAMRAwDgYFZ4EFAgQMBUludGVsMRUwEwYFZ4EFAgUMCkRFMzgxNVRZS0gxFTATBgVngQUCBgwKSDI2OTk4LTQwMjANBgkqhkiG9w0BAQUFAAOCAQEALBdTOKTd4wyKOBvKUGsDwfjiKVir93XmTa1SW/B176ZAhfxasEnqD1idi051DHKyF9Sw4VDCvQfc7XE5QqBsqIrt1Fqq88dDbrcCauinzG6KBApG+cIbKT6K/wYeBwbvhpuDEeytQmv4noYG1FnAU+eSdVvwha/4f2QeMNlnNxDMvyvi11oeTeIG3LO5Bp0UYmPNuozsOyY8eztFmHJ27xq0QbYKh6dVI5kwuIPZz4VK9E7AuhDZcYpp2JgyUBFdJUA2a156NGC1JnYmxJ+WBxd+oQ41SLSbMUpymsQyFwvQWxuOaLnGLiHwrxXgvhsisH8MO/WkOo+iBDxQrTpkAw==",
+    "RawTBSAttributeCertificate": "MIIB6AIBATAwoC4wFqQUMBIxEDAOBgNVBAMMB1NUTWljcm8CFGtnhV88bfgUAt1A1pVDSrizN1a4oIGQMIGNpIGKMIGHMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEhMB8GA1UECwwYVHJhbnNwYXJlbnQgU3VwcGx5IENoYWluMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBBQUAAhQzU2pfUoMxvh6sdtebC/2wESL0TzAiGA8yMDE3MDMxNDIzNTIxMFoYDzIwMzAxMjMxMjM1OTU5WjAxMBkGBWeBBQIRMRAwDjAJAgEBAgECAgEBDAExMBQGBWeBBQITMQswCQIBAIIBAwEBADCBoTBNBgNVHSABAf8EQzBBMD8GCiqGSIb4TQEFAgQwMTAvBggrBgEFBQcCAjAjDCFUQ1BBIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwUAYDVR0RAQH/BEYwRKRCMEAxEDAOBgVngQUCBAwFSW50ZWwxFTATBgVngQUCBQwKREUzODE1VFlLSDEVMBMGBWeBBQIGDApIMjY5OTgtNDAy",
+    "Signature": "LBdTOKTd4wyKOBvKUGsDwfjiKVir93XmTa1SW/B176ZAhfxasEnqD1idi051DHKyF9Sw4VDCvQfc7XE5QqBsqIrt1Fqq88dDbrcCauinzG6KBApG+cIbKT6K/wYeBwbvhpuDEeytQmv4noYG1FnAU+eSdVvwha/4f2QeMNlnNxDMvyvi11oeTeIG3LO5Bp0UYmPNuozsOyY8eztFmHJ27xq0QbYKh6dVI5kwuIPZz4VK9E7AuhDZcYpp2JgyUBFdJUA2a156NGC1JnYmxJ+WBxd+oQ41SLSbMUpymsQyFwvQWxuOaLnGLiHwrxXgvhsisH8MO/WkOo+iBDxQrTpkAw==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 293018757502305376975682040929867711436770440271,
+    "Holder": {
+        "Issuer": {
+            "Country": null,
+            "Organization": null,
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STMicro",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STMicro"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 613170607574777936606189257206569562083308295864
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-03-14T23:52:10Z",
+    "NotAfter": "2030-12-31T23:59:59Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 1,
+            "MinorVersion": 2,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "DE3815TYKH",
+    "PlatformVersion": "H26998-402",
+    "PlatformSerial": "",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/Intel_pc1.cer
+++ b/attributecert/testdata/Intel_pc1.cer
--- a/attributecert/testdata/Intel_pc1.cer.json
+++ b/attributecert/testdata/Intel_pc1.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIDPjCCAiYCAQEwMKAuMBakFDASMRAwDgYDVQQDDAdTVE1pY3JvAhROwMMWy99/A56XoUFFRosDIGM956CBkjCBj6SBjDCBiTEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTEbMBkGA1UECwwSVHJ1c3RlZFN1cHBseUNoYWluMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMA0GCSqGSIb3DQEBBQUAAgEBMCIYDzIwMTYwMTIyMjEwMjAwWhgPMjAxNzAxMjIyMTAyMDBaME4wTAYIKwYBBQUHAgIxQDA+MBkMFUNyZWRlbnRpYWwgVHlwZSBMYWJlbDAADCFUQ1BBIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwgdMwXwYDVR0RBFgwVjEQMA4GBWeBBQIEDAVJbnRlbDESMBAGBWeBBQIFDAdTMjYwMEtQMRUwEwYFZ4EFAgYMCkg3Njk2Mi0zNTAxFzAVBgVngQUCFwwMQlFLUDUyODQwNjc4MHAGA1UdCQRpMGcwGQYFZ4EFAhExEDAOMAkCAQECAQICAQEMATEwSgYFZ4EFAhMxQTA/AgEBMBgWCkNDIFZlcnNpb24KAQcKAQIBAQAKAQEKAQIBAf8WGlVSTCB0byBpc285MDAwIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4IBAQBCX2siA+xsZR89o4QWo525tNlUpF+x0TltB5q+cp5imSl8+1epcVWbsp4T4aq79emcEZaP7XtTzj9McaiJ6JMWipDAXw8Nk2uNfodTHGFnSdtkdoTdLkMLb7O2LyhkB+mbfsLSCGBSjE5Ns8dhe8Mh3x4OX432Acsle96UHkPLCo7Sue8elYcsP65acZXhadFMBb1gUboa7tSC5TIspY0JzZl574wWYZjIO6ckOix5uTRrkqu4wU466VDV6y4jy+8fEkmBlJpBN+vlLbD0wejdUV6f8KIs6FL6hcdkjRYPOfOR6Gh0Zgt/qp7RUKNvAhCyirb4QPzGHYHNT2//EbKo",
+    "RawTBSAttributeCertificate": "MIICJgIBATAwoC4wFqQUMBIxEDAOBgNVBAMMB1NUTWljcm8CFE7AwxbL338DnpehQUVGiwMgYz3noIGSMIGPpIGMMIGJMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMRswGQYDVQQLDBJUcnVzdGVkU3VwcGx5Q2hhaW4xGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMwDQYJKoZIhvcNAQEFBQACAQEwIhgPMjAxNjAxMjIyMTAyMDBaGA8yMDE3MDEyMjIxMDIwMFowTjBMBggrBgEFBQcCAjFAMD4wGQwVQ3JlZGVudGlhbCBUeXBlIExhYmVsMAAMIVRDUEEgVHJ1c3RlZCBQbGF0Zm9ybSBFbmRvcnNlbWVudDCB0zBfBgNVHREEWDBWMRAwDgYFZ4EFAgQMBUludGVsMRIwEAYFZ4EFAgUMB1MyNjAwS1AxFTATBgVngQUCBgwKSDc2OTYyLTM1MDEXMBUGBWeBBQIXDAxCUUtQNTI4NDA2NzgwcAYDVR0JBGkwZzAZBgVngQUCETEQMA4wCQIBAQIBAgIBAQwBMTBKBgVngQUCEzFBMD8CAQEwGBYKQ0MgVmVyc2lvbgoBBwoBAgEBAAoBAQoBAgEB/xYaVVJMIHRvIGlzbzkwMDAgY2VydGlmaWNhdGU=",
+    "Signature": "Ql9rIgPsbGUfPaOEFqOdubTZVKRfsdE5bQeavnKeYpkpfPtXqXFVm7KeE+Gqu/XpnBGWj+17U84/THGoieiTFoqQwF8PDZNrjX6HUxxhZ0nbZHaE3S5DC2+zti8oZAfpm37C0ghgUoxOTbPHYXvDId8eDl+N9gHLJXvelB5DywqO0rnvHpWHLD+uWnGV4WnRTAW9YFG6Gu7UguUyLKWNCc2Zee+MFmGYyDunJDosebk0a5KruMFOOulQ1esuI8vvHxJJgZSaQTfr5S2w9MHo3VFen/CiLOhS+oXHZI0WDznzkehodGYLf6qe0VCjbwIQsoq2+ED8xh2BzU9v/xGyqA==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 1,
+    "Holder": {
+        "Issuer": {
+            "Country": null,
+            "Organization": null,
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STMicro",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STMicro"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 449600017855339869538679649152375580078880538087
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "TrustedSupplyChain"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "California"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "TrustedSupplyChain"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "California"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2016-01-22T21:02:00Z",
+    "NotAfter": "2017-01-22T21:02:00Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 1,
+            "MinorVersion": 2,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 1,
+        "CcInfo": {
+            "Version": "CC Version",
+            "AssuranceLevel": 7,
+            "EvaluationStatus": 2,
+            "Plus": false,
+            "StrengthOfFunction": 1,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 2,
+        "Iso9000Certified": true,
+        "Iso9000Uri": "URL to iso9000 certificate"
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "S2600KP",
+    "PlatformVersion": "H76962-350",
+    "PlatformSerial": "BQKP52840678",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "Credential Type Label",
+            "NoticeNumbers": []
+        },
+        "ExplicitText": "TCPA Trusted Platform Endorsement"
+    }
+}
--- a/attributecert/testdata/Intel_pc2.cer
+++ b/attributecert/testdata/Intel_pc2.cer
--- a/attributecert/testdata/Intel_pc2.cer.json
+++ b/attributecert/testdata/Intel_pc2.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIDADCCAegCAQEwMKAuMBakFDASMRAwDgYDVQQDDAdTVE1pY3JvAhQHAIGFZ/81eRaQ0tQElF31aw5tx6CBkDCBjaSBijCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xITAfBgNVBAsMGFRyYW5zcGFyZW50IFN1cHBseSBDaGFpbjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQUFAAIUVN7ryhYi819dSl1Zt999CapH6e8wIhgPMjAxNzAzMjMyMjM0MzNaGA8yMDMwMTIzMTIzNTk1OVowMTAZBgVngQUCETEQMA4wCQIBAQIBAgIBAQwBMTAUBgVngQUCEzELMAkCAQCCAQMBAQAwgaEwTQYDVR0gAQH/BEMwQTA/BgoqhkiG+E0BBQIEMDEwLwYIKwYBBQUHAgIwIwwhVENQQSBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MFAGA1UdEQEB/wRGMESkQjBAMRAwDgYFZ4EFAgQMBUludGVsMRUwEwYFZ4EFAgUMCkRFMzgxNVRZS0gxFTATBgVngQUCBgwKSDI2OTk4LTQwMjANBgkqhkiG9w0BAQUFAAOCAQEAZ6v7uR4PBhyozOXapFEEl40QIN4R2mX9ff0OfFG4QhiwM8MtgqygwUpIw57hYDpZOfhHEbGVCSrLM/ujWxmAGQAsIyaJTtD30X+pBFDnq97v0JjBKDi+tFlbims+INEWTU7z1YCswWuGVLbnQ7Kh0Dl1I4cNASXqkMMZjByYH/1Wh++DQ+vAgziOxZMBZlZ3sFhIzF+rseZcMPEY3zkXV9KXvqAZekiJp1lptLPBpS1K19sRXYbVhROlEqK3cejsYG0EhaOmszSI/IXOhLQL6ntz57Vrpzk0T8tuet1gFmI/FoDy4CGm9YiBl1cr4iZiMmKgc2rubmcku9M6+KBo9g==",
+    "RawTBSAttributeCertificate": "MIIB6AIBATAwoC4wFqQUMBIxEDAOBgNVBAMMB1NUTWljcm8CFAcAgYVn/zV5FpDS1ASUXfVrDm3HoIGQMIGNpIGKMIGHMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEhMB8GA1UECwwYVHJhbnNwYXJlbnQgU3VwcGx5IENoYWluMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBBQUAAhRU3uvKFiLzX11KXVm3330Jqkfp7zAiGA8yMDE3MDMyMzIyMzQzM1oYDzIwMzAxMjMxMjM1OTU5WjAxMBkGBWeBBQIRMRAwDjAJAgEBAgECAgEBDAExMBQGBWeBBQITMQswCQIBAIIBAwEBADCBoTBNBgNVHSABAf8EQzBBMD8GCiqGSIb4TQEFAgQwMTAvBggrBgEFBQcCAjAjDCFUQ1BBIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwUAYDVR0RAQH/BEYwRKRCMEAxEDAOBgVngQUCBAwFSW50ZWwxFTATBgVngQUCBQwKREUzODE1VFlLSDEVMBMGBWeBBQIGDApIMjY5OTgtNDAy",
+    "Signature": "Z6v7uR4PBhyozOXapFEEl40QIN4R2mX9ff0OfFG4QhiwM8MtgqygwUpIw57hYDpZOfhHEbGVCSrLM/ujWxmAGQAsIyaJTtD30X+pBFDnq97v0JjBKDi+tFlbims+INEWTU7z1YCswWuGVLbnQ7Kh0Dl1I4cNASXqkMMZjByYH/1Wh++DQ+vAgziOxZMBZlZ3sFhIzF+rseZcMPEY3zkXV9KXvqAZekiJp1lptLPBpS1K19sRXYbVhROlEqK3cejsYG0EhaOmszSI/IXOhLQL6ntz57Vrpzk0T8tuet1gFmI/FoDy4CGm9YiBl1cr4iZiMmKgc2rubmcku9M6+KBo9g==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 484526530336932890242076058223020130738509441519,
+    "Holder": {
+        "Issuer": {
+            "Country": null,
+            "Organization": null,
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STMicro",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STMicro"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 39974218276442478052338187117424437099638975943
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-03-23T22:34:33Z",
+    "NotAfter": "2030-12-31T23:59:59Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 1,
+            "MinorVersion": 2,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "DE3815TYKH",
+    "PlatformVersion": "H26998-402",
+    "PlatformSerial": "",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/Intel_pc3.cer
+++ b/attributecert/testdata/Intel_pc3.cer
--- a/attributecert/testdata/Intel_pc3.cer.json
+++ b/attributecert/testdata/Intel_pc3.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIDADCCAegCAQEwMKAuMBakFDASMRAwDgYDVQQDDAdTVE1pY3JvAhRLmC6N5bmRi9h0wlmUhRPqzcXRzKCBkDCBjaSBijCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xITAfBgNVBAsMGFRyYW5zcGFyZW50IFN1cHBseSBDaGFpbjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQUFAAIUDCtzGf10Y+JmwoyomFBw5oZ3SkkwIhgPMjAxNzAzMjMyMjM0MzNaGA8yMDMwMTIzMTIzNTk1OVowMTAZBgVngQUCETEQMA4wCQIBAQIBAgIBAQwBMTAUBgVngQUCEzELMAkCAQCCAQMBAQAwgaEwTQYDVR0gAQH/BEMwQTA/BgoqhkiG+E0BBQIEMDEwLwYIKwYBBQUHAgIwIwwhVENQQSBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MFAGA1UdEQEB/wRGMESkQjBAMRAwDgYFZ4EFAgQMBUludGVsMRUwEwYFZ4EFAgUMCkRFMzgxNVRZS0gxFTATBgVngQUCBgwKSDI2OTk4LTQwMjANBgkqhkiG9w0BAQUFAAOCAQEAFzQvc6srAIcH3gjK1ceXTAA2AE5Kq+aqJmgjBD0LmFKj5ba8tjL2NjoCXQtso4JRLAQoFDLQs3DWgYBEVq3zCzTqSoulVhENOXfQGwWzIn5CDPdIerEz7kPObqDJi+EOYQHfm/pxYaRkkUUwyyovC+s+bLe5ECgWIGtM2xec2bbHC5X1y6vSJXgLf0FkZQ9hOovq5KqW3b/WCqPN/NAHU+n3Cginzcaa9nTEFYNvaoc9XUgYYgKUeapzonXJIk1AARXPHH2mTlecC9OdJ2caHyybJB2wY1PVTPaMNKiTXGzePF2dCEfTz+t+2lHdMfu3dgfO4ZTJszv17PV29+kEhA==",
+    "RawTBSAttributeCertificate": "MIIB6AIBATAwoC4wFqQUMBIxEDAOBgNVBAMMB1NUTWljcm8CFEuYLo3luZGL2HTCWZSFE+rNxdHMoIGQMIGNpIGKMIGHMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEhMB8GA1UECwwYVHJhbnNwYXJlbnQgU3VwcGx5IENoYWluMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBBQUAAhQMK3MZ/XRj4mbCjKiYUHDmhndKSTAiGA8yMDE3MDMyMzIyMzQzM1oYDzIwMzAxMjMxMjM1OTU5WjAxMBkGBWeBBQIRMRAwDjAJAgEBAgECAgEBDAExMBQGBWeBBQITMQswCQIBAIIBAwEBADCBoTBNBgNVHSABAf8EQzBBMD8GCiqGSIb4TQEFAgQwMTAvBggrBgEFBQcCAjAjDCFUQ1BBIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwUAYDVR0RAQH/BEYwRKRCMEAxEDAOBgVngQUCBAwFSW50ZWwxFTATBgVngQUCBQwKREUzODE1VFlLSDEVMBMGBWeBBQIGDApIMjY5OTgtNDAy",
+    "Signature": "FzQvc6srAIcH3gjK1ceXTAA2AE5Kq+aqJmgjBD0LmFKj5ba8tjL2NjoCXQtso4JRLAQoFDLQs3DWgYBEVq3zCzTqSoulVhENOXfQGwWzIn5CDPdIerEz7kPObqDJi+EOYQHfm/pxYaRkkUUwyyovC+s+bLe5ECgWIGtM2xec2bbHC5X1y6vSJXgLf0FkZQ9hOovq5KqW3b/WCqPN/NAHU+n3Cginzcaa9nTEFYNvaoc9XUgYYgKUeapzonXJIk1AARXPHH2mTlecC9OdJ2caHyybJB2wY1PVTPaMNKiTXGzePF2dCEfTz+t+2lHdMfu3dgfO4ZTJszv17PV29+kEhA==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 69476848050263231802801623192911051516064254537,
+    "Holder": {
+        "Issuer": {
+            "Country": null,
+            "Organization": null,
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STMicro",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STMicro"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 431568076532287953841340025336737925813510721996
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-03-23T22:34:33Z",
+    "NotAfter": "2030-12-31T23:59:59Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 1,
+            "MinorVersion": 2,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "DE3815TYKH",
+    "PlatformVersion": "H26998-402",
+    "PlatformSerial": "",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/Intel_pc4.cer
+++ b/attributecert/testdata/Intel_pc4.cer
--- a/attributecert/testdata/Intel_pc4.cer.json
+++ b/attributecert/testdata/Intel_pc4.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIDjjCCAvcCAQEwMKAuMBakFDASMRAwDgYDVQQDDAdTVE1pY3JvAhQHAIGFZ/81eRaQ0tQElF31aw5tx6CBkDCBjaSBijCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xITAfBgNVBAsMGFRyYW5zcGFyZW50IFN1cHBseSBDaGFpbjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQUFAAIUApPA+zckUw886Rk8yaf+cEEZzbYwIhgPMjAxNzA0MjExNzA1MjlaGA8yMDMwMTIzMTIzNTk1OVowMTAZBgVngQUCETEQMA4wCQIBAQIBAgIBAQwBMTAUBgVngQUCEzELMAkCAQCCAQMBAQAwggGvMIGtBgNVHSABAf8EgaIwgZ8wgZwGCiqGSIb4TQEFAgQwgY0wLwYIKwYBBQUHAgIwIwwhVENQQSBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MFoGCCsGAQUFBwIBFk5odHRwczovL3RydXN0ZWRzZXJ2aWNlcy5pbnRlbC5jb20vY29udGVudC9UU0MvY2VydHMvVFNDY2VydFBvbGljeVN0YXRlbWVudC5wZGYwdwYDVR0RAQH/BG0wa6RpMGcxEDAOBgVngQUCBAwFSW50ZWwxFTATBgVngQUCBQwKREUzODE1VFlLSDEVMBMGBWeBBQIGDApIMjY5OTgtNDAyMSUwIwYGZ4EFBQEGDBlHNllLNDIzMDBDODcsR0VUWTQyMTAwMUdWMB8GA1UdIwQYMBaAFCjTsOj/JJ/2jAPii8UMYq4t+meCMGMGCCsGAQUFBwEBBFcwVTBTBggrBgEFBQcwAoZHaHR0cHM6Ly90cnVzdGVkc2VydmljZXMuaW50ZWwuY29tL2NvbnRlbnQvVFNDL2NlcnRzL0ludGVsU2lnbmluZ0tleS5jZXIwDQYJKoZIhvcNAQEFBQADgYEAd6OzjNhd4KfyTOhqO4PDcbjqlDiGPO3bBMexatWTJ3uC5y2Qt3POx2KpbwejbQrA7oGJurh7YHtCiPOKF7gbeLQdCYE0IVeWxh5mIkgIs+OUG9SPswBmwBFz6Ay1McW+hg6v4Xtok6SH9fxRK15cdbyP9m+VdBSAxNs4JsZOQeo=",
+    "RawTBSAttributeCertificate": "MIIC9wIBATAwoC4wFqQUMBIxEDAOBgNVBAMMB1NUTWljcm8CFAcAgYVn/zV5FpDS1ASUXfVrDm3HoIGQMIGNpIGKMIGHMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEhMB8GA1UECwwYVHJhbnNwYXJlbnQgU3VwcGx5IENoYWluMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBBQUAAhQCk8D7NyRTDzzpGTzJp/5wQRnNtjAiGA8yMDE3MDQyMTE3MDUyOVoYDzIwMzAxMjMxMjM1OTU5WjAxMBkGBWeBBQIRMRAwDjAJAgEBAgECAgEBDAExMBQGBWeBBQITMQswCQIBAIIBAwEBADCCAa8wga0GA1UdIAEB/wSBojCBnzCBnAYKKoZIhvhNAQUCBDCBjTAvBggrBgEFBQcCAjAjDCFUQ1BBIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwWgYIKwYBBQUHAgEWTmh0dHBzOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50L1RTQy9jZXJ0cy9UU0NjZXJ0UG9saWN5U3RhdGVtZW50LnBkZjB3BgNVHREBAf8EbTBrpGkwZzEQMA4GBWeBBQIEDAVJbnRlbDEVMBMGBWeBBQIFDApERTM4MTVUWUtIMRUwEwYFZ4EFAgYMCkgyNjk5OC00MDIxJTAjBgZngQUFAQYMGUc2WUs0MjMwMEM4NyxHRVRZNDIxMDAxR1YwHwYDVR0jBBgwFoAUKNOw6P8kn/aMA+KLxQxiri36Z4IwYwYIKwYBBQUHAQEEVzBVMFMGCCsGAQUFBzAChkdodHRwczovL3RydXN0ZWRzZXJ2aWNlcy5pbnRlbC5jb20vY29udGVudC9UU0MvY2VydHMvSW50ZWxTaWduaW5nS2V5LmNlcg==",
+    "Signature": "d6OzjNhd4KfyTOhqO4PDcbjqlDiGPO3bBMexatWTJ3uC5y2Qt3POx2KpbwejbQrA7oGJurh7YHtCiPOKF7gbeLQdCYE0IVeWxh5mIkgIs+OUG9SPswBmwBFz6Ay1McW+hg6v4Xtok6SH9fxRK15cdbyP9m+VdBSAxNs4JsZOQeo=",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 14713002128900822875530586530101450951391563190,
+    "Holder": {
+        "Issuer": {
+            "Country": null,
+            "Organization": null,
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STMicro",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STMicro"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 39974218276442478052338187117424437099638975943
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-04-21T17:05:29Z",
+    "NotAfter": "2030-12-31T23:59:59Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 1,
+            "MinorVersion": 2,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "DE3815TYKH",
+    "PlatformVersion": "H26998-402",
+    "PlatformSerial": "G6YK42300C87,GETY421001GV",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/Intel_pc5.cer
+++ b/attributecert/testdata/Intel_pc5.cer
--- a/attributecert/testdata/Intel_pc5.cer.json
+++ b/attributecert/testdata/Intel_pc5.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIDjjCCAvcCAQEwMKAuMBakFDASMRAwDgYDVQQDDAdTVE1pY3JvAhRLmC6N5bmRi9h0wlmUhRPqzcXRzKCBkDCBjaSBijCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xITAfBgNVBAsMGFRyYW5zcGFyZW50IFN1cHBseSBDaGFpbjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQUFAAIUQfeFZjlZccv6lSRgrTusMce4XS8wIhgPMjAxNzA0MjExNzA1MzBaGA8yMDMwMTIzMTIzNTk1OVowMTAZBgVngQUCETEQMA4wCQIBAQIBAgIBAQwBMTAUBgVngQUCEzELMAkCAQCCAQMBAQAwggGvMIGtBgNVHSABAf8EgaIwgZ8wgZwGCiqGSIb4TQEFAgQwgY0wLwYIKwYBBQUHAgIwIwwhVENQQSBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MFoGCCsGAQUFBwIBFk5odHRwczovL3RydXN0ZWRzZXJ2aWNlcy5pbnRlbC5jb20vY29udGVudC9UU0MvY2VydHMvVFNDY2VydFBvbGljeVN0YXRlbWVudC5wZGYwdwYDVR0RAQH/BG0wa6RpMGcxEDAOBgVngQUCBAwFSW50ZWwxFTATBgVngQUCBQwKREUzODE1VFlLSDEVMBMGBWeBBQIGDApIMjY5OTgtNDAyMSUwIwYGZ4EFBQEGDBlHNllLNDIzMDBDQjYsR0VUWTQyMTAwMTYwMB8GA1UdIwQYMBaAFCjTsOj/JJ/2jAPii8UMYq4t+meCMGMGCCsGAQUFBwEBBFcwVTBTBggrBgEFBQcwAoZHaHR0cHM6Ly90cnVzdGVkc2VydmljZXMuaW50ZWwuY29tL2NvbnRlbnQvVFNDL2NlcnRzL0ludGVsU2lnbmluZ0tleS5jZXIwDQYJKoZIhvcNAQEFBQADgYEABe5pXrkWHLQMz4n42ZJJQwe7x6geLYuBuvdV0zrOQpJ3uhRT6QCvDAO/Hl8JyIb3uGEozNDN+Yj6RpvTl7qWegKPXh7YmbeZn6Q39Pt0i3XFCQF6EoStEJiw64x+dQ0W/Jna2wsy3ye3T3uhVg2lbDY1R+hBJOVgtx1Atykyb8U=",
+    "RawTBSAttributeCertificate": "MIIC9wIBATAwoC4wFqQUMBIxEDAOBgNVBAMMB1NUTWljcm8CFEuYLo3luZGL2HTCWZSFE+rNxdHMoIGQMIGNpIGKMIGHMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEhMB8GA1UECwwYVHJhbnNwYXJlbnQgU3VwcGx5IENoYWluMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBBQUAAhRB94VmOVlxy/qVJGCtO6wxx7hdLzAiGA8yMDE3MDQyMTE3MDUzMFoYDzIwMzAxMjMxMjM1OTU5WjAxMBkGBWeBBQIRMRAwDjAJAgEBAgECAgEBDAExMBQGBWeBBQITMQswCQIBAIIBAwEBADCCAa8wga0GA1UdIAEB/wSBojCBnzCBnAYKKoZIhvhNAQUCBDCBjTAvBggrBgEFBQcCAjAjDCFUQ1BBIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwWgYIKwYBBQUHAgEWTmh0dHBzOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50L1RTQy9jZXJ0cy9UU0NjZXJ0UG9saWN5U3RhdGVtZW50LnBkZjB3BgNVHREBAf8EbTBrpGkwZzEQMA4GBWeBBQIEDAVJbnRlbDEVMBMGBWeBBQIFDApERTM4MTVUWUtIMRUwEwYFZ4EFAgYMCkgyNjk5OC00MDIxJTAjBgZngQUFAQYMGUc2WUs0MjMwMENCNixHRVRZNDIxMDAxNjAwHwYDVR0jBBgwFoAUKNOw6P8kn/aMA+KLxQxiri36Z4IwYwYIKwYBBQUHAQEEVzBVMFMGCCsGAQUFBzAChkdodHRwczovL3RydXN0ZWRzZXJ2aWNlcy5pbnRlbC5jb20vY29udGVudC9UU0MvY2VydHMvSW50ZWxTaWduaW5nS2V5LmNlcg==",
+    "Signature": "Be5pXrkWHLQMz4n42ZJJQwe7x6geLYuBuvdV0zrOQpJ3uhRT6QCvDAO/Hl8JyIb3uGEozNDN+Yj6RpvTl7qWegKPXh7YmbeZn6Q39Pt0i3XFCQF6EoStEJiw64x+dQ0W/Jna2wsy3ye3T3uhVg2lbDY1R+hBJOVgtx1Atykyb8U=",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 376604304886647401292944510352953751207572692271,
+    "Holder": {
+        "Issuer": {
+            "Country": null,
+            "Organization": null,
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STMicro",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STMicro"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 431568076532287953841340025336737925813510721996
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-04-21T17:05:30Z",
+    "NotAfter": "2030-12-31T23:59:59Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 1,
+            "MinorVersion": 2,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "DE3815TYKH",
+    "PlatformVersion": "H26998-402",
+    "PlatformSerial": "G6YK42300CB6,GETY42100160",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/lenovo.cer
+++ b/attributecert/testdata/lenovo.cer
--- a/attributecert/testdata/lenovo.cer.json
+++ b/attributecert/testdata/lenovo.cer.json
@ -0,0 +1,190 @@
+{
+    "Raw": "MIIFNzCCA58CAQEwc6BxMFmkVzBVMQswCQYDVQQGEwJDSDEeMBwGA1UECgwVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYwJAYDVQQDDB1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNQIUHb4WpPwxCXEK0h8rNQ/9F7pgTAyggaUwgaKkgZ8wgZwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTYwNAYDVQQLDC1UcmFuc3BhcmVudCBTdXBwbHkgQ2hhaW4gSXNzdWluZyBDQSBJS0dGX1RFU1QxFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wDQYJKoZIhvcNAQELBQACFGHu9mGGIwgt8Qh/S/a9lCrtnO/pMCIYDzIwMTgwOTE1MDQ0NTA5WhgPMjAyNzA4MDEwNDAwMDBaMH4wHAYFZ4EFAhExEzARMAkCAQICAQACAQEEBAAAAAEwEgYFZ4EFAhkxCTAHBgVngQUIAjAWBgVngQUCFzENMAswCQIBAQIBAQIBCTAUBgVngQUCEzELMAkCAQCCAQMBAQAwHAYHZ4EFBQEHATERMA+hDTALDANBTVQMBHRydWUwggGyMIGpBgNVHSAEgaEwgZ4wgZsGCiqGSIb4TQEFAgQwgYwwWgYIKwYBBQUHAgEWTmh0dHBzOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50L1RTQy9jZXJ0cy9UU0NjZXJ0UG9saWN5U3RhdGVtZW50LnBkZjAuBggrBgEFBQcCAjAiDCBUQ0cgVHJ1c3RlZCBQbGF0Zm9ybSBFbmRvcnNlbWVudDB3BgNVHREEcDBupGwwajESMBAGBmeBBQUBAQwGTEVOT1ZPMRYwFAYGZ4EFBQEEDAoyMEw3MDAyQlVTMRowGAYGZ4EFBQEFDA5UaGlua1BhZCBUNDgwczEgMB4GBmeBBQUBBgwUUEYwWkFRU1dfTDFIRjdDUzAwMUEwHwYDVR0jBBgwFoAUPAa5+2OlPKV8a4dDMznx3KgH+6QwagYIKwYBBQUHAQEEXjBcMFoGCCsGAQUFBzAChk5odHRwczovL3RydXN0ZWRzZXJ2aWNlcy5pbnRlbC5jb20vY29udGVudC9UU0MvY2VydHMvVFNDX0lzc3VpbmdDQUlLR0ZfVEVTVC5jZXIwDQYJKoZIhvcNAQELBQADggGBAB3sTQJ6FoJSYvTsKF9BdKOH1XsCgl09XjnEOkBTXoSHd4faXbDwkc7crdoTftOsbNZrQ1v+b+N6SFBy/vp3fpjKyxQZrmA+JpEhGSlN2jcHDNTwYyfD8E2H0M12TbdeJbo21f+FHVn+Rumxxu1OVbDcOvt9f2U2dirx0gZaW80/K46K77/a1XMaLIVgvaiS8Z0Qh/ph79z4flcUPUO/sNytUhURdW03klXvleqESRYljKeBC6U7q8QhdbdMwkyuByIDmuGVpHsEwso36X3eF6fMRWzQsU/g26Px4jB/8yVbpoX4Zmjcoy16SIwelx0cDmy36wMQwE2F7gdgcH0bmHe/r70NOgs4lPu+zQf+g4VpPeW1w5rtHjQO4zaFrlOzVVAE3WbESjIKYe0k8zuuWNISAmIOG0S/FcbaaFffyV1KWIhc0exQqsfl7Vim9T0fll80VD7T5km1gsAMsY5fUwtSgdM5aYeZguINXtffYUiwJBR9l9s02cvrHV2SmVDNgQ==",
+    "RawTBSAttributeCertificate": "MIIDnwIBATBzoHEwWaRXMFUxCzAJBgNVBAYTAkNIMR4wHAYDVQQKDBVTVE1pY3JvZWxlY3Ryb25pY3MgTlYxJjAkBgNVBAMMHVNUTSBUUE0gRUsgSW50ZXJtZWRpYXRlIENBIDA1AhQdvhak/DEJcQrSHys1D/0XumBMDKCBpTCBoqSBnzCBnDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29ycG9yYXRpb24xNjA0BgNVBAsMLVRyYW5zcGFyZW50IFN1cHBseSBDaGFpbiBJc3N1aW5nIENBIElLR0ZfVEVTVDEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQsFAAIUYe72YYYjCC3xCH9L9r2UKu2c7+kwIhgPMjAxODA5MTUwNDQ1MDlaGA8yMDI3MDgwMTA0MDAwMFowfjAcBgVngQUCETETMBEwCQIBAgIBAAIBAQQEAAAAATASBgVngQUCGTEJMAcGBWeBBQgCMBYGBWeBBQIXMQ0wCzAJAgEBAgEBAgEJMBQGBWeBBQITMQswCQIBAIIBAwEBADAcBgdngQUFAQcBMREwD6ENMAsMA0FNVAwEdHJ1ZTCCAbIwgakGA1UdIASBoTCBnjCBmwYKKoZIhvhNAQUCBDCBjDBaBggrBgEFBQcCARZOaHR0cHM6Ly90cnVzdGVkc2VydmljZXMuaW50ZWwuY29tL2NvbnRlbnQvVFNDL2NlcnRzL1RTQ2NlcnRQb2xpY3lTdGF0ZW1lbnQucGRmMC4GCCsGAQUFBwICMCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MHcGA1UdEQRwMG6kbDBqMRIwEAYGZ4EFBQEBDAZMRU5PVk8xFjAUBgZngQUFAQQMCjIwTDcwMDJCVVMxGjAYBgZngQUFAQUMDlRoaW5rUGFkIFQ0ODBzMSAwHgYGZ4EFBQEGDBRQRjBaQVFTV19MMUhGN0NTMDAxQTAfBgNVHSMEGDAWgBQ8Brn7Y6U8pXxrh0MzOfHcqAf7pDBqBggrBgEFBQcBAQReMFwwWgYIKwYBBQUHMAKGTmh0dHBzOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50L1RTQy9jZXJ0cy9UU0NfSXNzdWluZ0NBSUtHRl9URVNULmNlcg==",
+    "Signature": "HexNAnoWglJi9OwoX0F0o4fVewKCXT1eOcQ6QFNehId3h9pdsPCRztyt2hN+06xs1mtDW/5v43pIUHL++nd+mMrLFBmuYD4mkSEZKU3aNwcM1PBjJ8PwTYfQzXZNt14lujbV/4UdWf5G6bHG7U5VsNw6+31/ZTZ2KvHSBlpbzT8rjorvv9rVcxoshWC9qJLxnRCH+mHv3Ph+VxQ9Q7+w3K1SFRF1bTeSVe+V6oRJFiWMp4ELpTurxCF1t0zCTK4HIgOa4ZWkewTCyjfpfd4Xp8xFbNCxT+Dbo/HiMH/zJVumhfhmaNyjLXpIjB6XHRwObLfrAxDATYXuB2BwfRuYd7+vvQ06CziU+77NB/6DhWk95bXDmu0eNA7jNoWuU7NVUATdZsRKMgph7STzO65Y0hICYg4bRL8VxtpoV9/JXUpYiFzR7FCqx+XtWKb1PR+WXzRUPtPmSbWCwAyxjl9TC1KB0zlph5mC4g1e199hSLAkFH2X2zTZy+sdXZKZUM2B",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 559101144935189974234374230728606001993160126441,
+    "Holder": {
+        "Issuer": {
+            "Country": [
+                "CH"
+            ],
+            "Organization": [
+                "STMicroelectronics NV"
+            ],
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STM TPM EK Intermediate CA 05",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        6
+                    ],
+                    "Value": "CH"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        10
+                    ],
+                    "Value": "STMicroelectronics NV"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STM TPM EK Intermediate CA 05"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 169799846553430907340671867860357675971057306636
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Transparent Supply Chain Issuing CA IKGF_TEST"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Transparent Supply Chain Issuing CA IKGF_TEST"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2018-09-15T04:45:09Z",
+    "NotAfter": "2027-08-01T04:00:00Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 2,
+            "MinorVersion": 0,
+            "Revision": 1
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "LENOVO",
+    "PlatformModel": "20L7002BUS",
+    "PlatformVersion": "ThinkPad T480s",
+    "PlatformSerial": "PF0ZAQSW_L1HF7CS001A",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/plat_cert1.cer
+++ b/attributecert/testdata/plat_cert1.cer
--- a/attributecert/testdata/plat_cert1.cer.json
+++ b/attributecert/testdata/plat_cert1.cer.json
@ -0,0 +1,190 @@
+{
+    "Raw": "MIIFuzCCBKMCAQEwd6B1MFmkVzBVMSYwJAYDVQQDDB1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMjEeMBwGA1UECgwVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMQswCQYDVQQGEwJDSAIYUEYpmIE5STImCFSYGYVSORmEiCQiMCAooIGdMIGapIGXMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEuMCwGA1UECwwlUGxhdGZvcm0gQXR0cmlidXRlIENlcnRpZmljYXRlIElzc3VlcjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQsFAAIUYCln6nkk/e5swVC5HoN3fR9CeZkwIhgPMjAxNzA4MjAxNTUzNDRaGA8yMDIwMDgyMDE1NTM0NFowggHfMBwGBWeBBQIRMRMwETAJAgECAgEAAgErBAQAAAABMBQGBWeBBQIXMQswCQIBAQIBAAIBCzCBxwYFZ4EFAhMxgb0wgboCAQCgdBYDMy4xCgEHCgECAQEAgAEBgQUqAwQFBqItFitodHRwczovL3d3dy5pbnRlbC5jb20vcHJvdGVjdGlvbnByb2ZpbGUucGRmgwUqAwQFB6QkFiJodHRwczovL3d3dy5pbnRlbC5jb20vY2N0YXJnZXQucGRmoQ0WBTE0MC0yCgEEAQEAggEDAQEAFipodHRwczovL3d3dy5pbnRlbC5jb20vaXNvY2VydGlmaWNhdGlvbi5wZGYwLAYGZ4EFBQEDMSIwIBYeaHR0cHM6Ly93d3cuaW50ZWwuY29tL1BDUnMueG1sMIGwBgdngQUFAQcBMYGkMIGhoFIwUAwFSW50ZWwMDHBsYXRmb3JtMjAxOIAMQlFLUDUyODQwNjc4gQMxLjCCBysGAQQBgiyDAf+kGjAYBgZngQUFAQYMDjIuMjMuMTMzLjUuMS42oRswDAwEdlBybwwEdHJ1ZTALDANBTVQMBHRydWWiLhYsaHR0cHM6Ly93d3cuaW50ZWwuY29tL3BsYXRmb3JtcHJvcGVydGllcy54bWwwggFXMHwGA1UdIAR1MHMwcQYKKoZIhvhNAQUCBDBjMDEGCCsGAQUFBwIBFiVodHRwczovL3d3dy5pbnRlbC5jb20vcGxhdGNlcnRjcHMucGRmMC4GCCsGAQUFBwICMCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MB8GA1UdIwQYMBaAFJmT1DnLMuKrlfc3o7d3KRzUpDm2MDYGCCsGAQUFBwEBBCowKDAmBggrBgEFBQcwAYYaaHR0cHM6Ly93d3cuaW50ZWwuY29tL29jc3AwfgYDVR0RBHcwdaRzMHExETAPBgZngQUFAQEMBUludGVsMRUwEwYGZ4EFBQECMAkGBysGAQQBglcxEzARBgZngQUFAQQMB1MyNjAwS1AxFjAUBgZngQUFAQUMCkg3Njk2Mi0zNTAxGDAWBgZngQUFAQYMDEJRS1A1Mjg0MDY3ODANBgkqhkiG9w0BAQsFAAOCAQEAoRr6ut9SqTqceNl96ok/YQ4Xh3TW2jX5sHm7h6K6/mb1X+nLEP5BmAbjHCd5LNolNdiqhTyQyGmEiUu5SUyJyoCPAf6TZTK/nKlFx7Gf0vyuDExw01EX5XKIINBhXZtmLqL3DCWvawuWnetbhkBpH97QuiPs6WDDC837fWvaV6OOrBO/9+o8pDP4hwboX4uTQju2uWl+PujMTQVtfysbL3K7EVIZV1/tT7b494/VQglk58M5h4hh5WttktIdGaT2otaF3V59NtKIugmeLk6Mj0J3y+sgsk8S3InYMuH6ckysO3e6nA68Iah4TRe6mUhLet9c10/Yyl/NFkfobqK4Yw==",
+    "RawTBSAttributeCertificate": "MIIEowIBATB3oHUwWaRXMFUxJjAkBgNVBAMMHVNUTSBUUE0gRUsgSW50ZXJtZWRpYXRlIENBIDAyMR4wHAYDVQQKDBVTVE1pY3JvZWxlY3Ryb25pY3MgTlYxCzAJBgNVBAYTAkNIAhhQRimYgTlJMiYIVJgZhVI5GYSIJCIwICiggZ0wgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMS4wLAYDVQQLDCVQbGF0Zm9ybSBBdHRyaWJ1dGUgQ2VydGlmaWNhdGUgSXNzdWVyMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBCwUAAhRgKWfqeST97mzBULkeg3d9H0J5mTAiGA8yMDE3MDgyMDE1NTM0NFoYDzIwMjAwODIwMTU1MzQ0WjCCAd8wHAYFZ4EFAhExEzARMAkCAQICAQACASsEBAAAAAEwFAYFZ4EFAhcxCzAJAgEBAgEAAgELMIHHBgVngQUCEzGBvTCBugIBAKB0FgMzLjEKAQcKAQIBAQCAAQGBBSoDBAUGoi0WK2h0dHBzOi8vd3d3LmludGVsLmNvbS9wcm90ZWN0aW9ucHJvZmlsZS5wZGaDBSoDBAUHpCQWImh0dHBzOi8vd3d3LmludGVsLmNvbS9jY3RhcmdldC5wZGahDRYFMTQwLTIKAQQBAQCCAQMBAQAWKmh0dHBzOi8vd3d3LmludGVsLmNvbS9pc29jZXJ0aWZpY2F0aW9uLnBkZjAsBgZngQUFAQMxIjAgFh5odHRwczovL3d3dy5pbnRlbC5jb20vUENScy54bWwwgbAGB2eBBQUBBwExgaQwgaGgUjBQDAVJbnRlbAwMcGxhdGZvcm0yMDE4gAxCUUtQNTI4NDA2NziBAzEuMIIHKwYBBAGCLIMB/6QaMBgGBmeBBQUBBgwOMi4yMy4xMzMuNS4xLjahGzAMDAR2UHJvDAR0cnVlMAsMA0FNVAwEdHJ1ZaIuFixodHRwczovL3d3dy5pbnRlbC5jb20vcGxhdGZvcm1wcm9wZXJ0aWVzLnhtbDCCAVcwfAYDVR0gBHUwczBxBgoqhkiG+E0BBQIEMGMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vd3d3LmludGVsLmNvbS9wbGF0Y2VydGNwcy5wZGYwLgYIKwYBBQUHAgIwIgwgVENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwHwYDVR0jBBgwFoAUmZPUOcsy4quV9zejt3cpHNSkObYwNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzABhhpodHRwczovL3d3dy5pbnRlbC5jb20vb2NzcDB+BgNVHREEdzB1pHMwcTERMA8GBmeBBQUBAQwFSW50ZWwxFTATBgZngQUFAQIwCQYHKwYBBAGCVzETMBEGBmeBBQUBBAwHUzI2MDBLUDEWMBQGBmeBBQUBBQwKSDc2OTYyLTM1MDEYMBYGBmeBBQUBBgwMQlFLUDUyODQwNjc4",
+    "Signature": "oRr6ut9SqTqceNl96ok/YQ4Xh3TW2jX5sHm7h6K6/mb1X+nLEP5BmAbjHCd5LNolNdiqhTyQyGmEiUu5SUyJyoCPAf6TZTK/nKlFx7Gf0vyuDExw01EX5XKIINBhXZtmLqL3DCWvawuWnetbhkBpH97QuiPs6WDDC837fWvaV6OOrBO/9+o8pDP4hwboX4uTQju2uWl+PujMTQVtfysbL3K7EVIZV1/tT7b494/VQglk58M5h4hh5WttktIdGaT2otaF3V59NtKIugmeLk6Mj0J3y+sgsk8S3InYMuH6ckysO3e6nA68Iah4TRe6mUhLet9c10/Yyl/NFkfobqK4Yw==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 548986496904781841196662391040664879653735004569,
+    "Holder": {
+        "Issuer": {
+            "Country": [
+                "CH"
+            ],
+            "Organization": [
+                "STMicroelectronics NV"
+            ],
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STM TPM EK Intermediate CA 02",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STM TPM EK Intermediate CA 02"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        10
+                    ],
+                    "Value": "STMicroelectronics NV"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        6
+                    ],
+                    "Value": "CH"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 1968314523106797630082411822510029384949550822072796586024
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Platform Attribute Certificate Issuer"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Platform Attribute Certificate Issuer"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-08-20T15:53:44Z",
+    "NotAfter": "2020-08-20T15:53:44Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 2,
+            "MinorVersion": 0,
+            "Revision": 43
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "S2600KP",
+    "PlatformVersion": "H76962-350",
+    "PlatformSerial": "BQKP52840678",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/plat_cert2.cer
+++ b/attributecert/testdata/plat_cert2.cer
--- a/attributecert/testdata/plat_cert2.cer.json
+++ b/attributecert/testdata/plat_cert2.cer.json
@ -0,0 +1,190 @@
+{
+    "Raw": "MIIFZDCCBEwCAQEwd6B1MFmkVzBVMSYwJAYDVQQDDB1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMjEeMBwGA1UECgwVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMQswCQYDVQQGEwJDSAIYUEYpmIE5STImCFSYGYVSORmEiCQiMCAooIGdMIGapIGXMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEuMCwGA1UECwwlUGxhdGZvcm0gQXR0cmlidXRlIENlcnRpZmljYXRlIElzc3VlcjEWMBQGA1UEAwwNd3d3LmludGVsLmNvbTANBgkqhkiG9w0BAQsFAAIUYCln6nkk/e5swVC5HoN3fR9CeZkwIhgPMjAxNzA4MjAxNTUzNDRaGA8yMDIwMDgyMDE1NTM0NFowggGIMBwGBWeBBQIRMRMwETAJAgECAgEAAgErBAQAAAABMBQGBWeBBQIXMQswCQIBAQIBAAIBCzCBxwYFZ4EFAhMxgb0wgboCAQCgdBYDMy4xCgEHCgECAQEAgAEBgQUqAwQFBqItFitodHRwczovL3d3dy5pbnRlbC5jb20vcHJvdGVjdGlvbnByb2ZpbGUucGRmgwUqAwQFB6QkFiJodHRwczovL3d3dy5pbnRlbC5jb20vY2N0YXJnZXQucGRmoQ0WBTE0MC0yCgEEAQEAggEDAQEAFipodHRwczovL3d3dy5pbnRlbC5jb20vaXNvY2VydGlmaWNhdGlvbi5wZGYwLAYGZ4EFBQEDMSIwIBYeaHR0cHM6Ly93d3cuaW50ZWwuY29tL1BDUnMueG1sMFoGB2eBBQUBBwExTzBNoRswDAwEdlBybwwEdHJ1ZTALDANBTVQMBHRydWWiLhYsaHR0cHM6Ly93d3cuaW50ZWwuY29tL3BsYXRmb3JtcHJvcGVydGllcy54bWwwggFXMHwGA1UdIAR1MHMwcQYKKoZIhvhNAQUCBDBjMDEGCCsGAQUFBwIBFiVodHRwczovL3d3dy5pbnRlbC5jb20vcGxhdGNlcnRjcHMucGRmMC4GCCsGAQUFBwICMCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MB8GA1UdIwQYMBaAFJmT1DnLMuKrlfc3o7d3KRzUpDm2MDYGCCsGAQUFBwEBBCowKDAmBggrBgEFBQcwAYYaaHR0cHM6Ly93d3cuaW50ZWwuY29tL29jc3AwfgYDVR0RBHcwdaRzMHExETAPBgZngQUFAQEMBUludGVsMRUwEwYGZ4EFBQECMAkGBysGAQQBglcxEzARBgZngQUFAQQMB1MyNjAwS1AxFjAUBgZngQUFAQUMCkg3Njk2Mi0zNTAxGDAWBgZngQUFAQYMDEJRS1A1Mjg0MDY3ODANBgkqhkiG9w0BAQsFAAOCAQEAlqxlJPymdcXfQtLSyXaa7eAN68Zb4zhIq1JT/VTbmPiGF4jvT629lNvULBr1plB6OkJoKO0m369pA1D5lrngiMXV64GAWNE/fiRNHPPYx5wIbqu8FApk8BkZQv5POCR+7mKQUg7Z+iv3I7Gd36oGBK9KW0SY3gmD5yACX5l9nXSaAEF9zb/qkIWoTNwnQXLPpcv11ksyTk6nPCZG3tEjNqLwPt1uNGTP4TxlDDU0gLwo9vMHqet7WXDgKothNMIn6oRzjDi5UCeEidRvsngifNrrnwcY0F1tj4qpg/95ZNDoXtYlL0DsWps5S/7/Xg60YOss0iOPPS3YKoE7tJRyrg==",
+    "RawTBSAttributeCertificate": "MIIETAIBATB3oHUwWaRXMFUxJjAkBgNVBAMMHVNUTSBUUE0gRUsgSW50ZXJtZWRpYXRlIENBIDAyMR4wHAYDVQQKDBVTVE1pY3JvZWxlY3Ryb25pY3MgTlYxCzAJBgNVBAYTAkNIAhhQRimYgTlJMiYIVJgZhVI5GYSIJCIwICiggZ0wgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMS4wLAYDVQQLDCVQbGF0Zm9ybSBBdHRyaWJ1dGUgQ2VydGlmaWNhdGUgSXNzdWVyMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEBCwUAAhRgKWfqeST97mzBULkeg3d9H0J5mTAiGA8yMDE3MDgyMDE1NTM0NFoYDzIwMjAwODIwMTU1MzQ0WjCCAYgwHAYFZ4EFAhExEzARMAkCAQICAQACASsEBAAAAAEwFAYFZ4EFAhcxCzAJAgEBAgEAAgELMIHHBgVngQUCEzGBvTCBugIBAKB0FgMzLjEKAQcKAQIBAQCAAQGBBSoDBAUGoi0WK2h0dHBzOi8vd3d3LmludGVsLmNvbS9wcm90ZWN0aW9ucHJvZmlsZS5wZGaDBSoDBAUHpCQWImh0dHBzOi8vd3d3LmludGVsLmNvbS9jY3RhcmdldC5wZGahDRYFMTQwLTIKAQQBAQCCAQMBAQAWKmh0dHBzOi8vd3d3LmludGVsLmNvbS9pc29jZXJ0aWZpY2F0aW9uLnBkZjAsBgZngQUFAQMxIjAgFh5odHRwczovL3d3dy5pbnRlbC5jb20vUENScy54bWwwWgYHZ4EFBQEHATFPME2hGzAMDAR2UHJvDAR0cnVlMAsMA0FNVAwEdHJ1ZaIuFixodHRwczovL3d3dy5pbnRlbC5jb20vcGxhdGZvcm1wcm9wZXJ0aWVzLnhtbDCCAVcwfAYDVR0gBHUwczBxBgoqhkiG+E0BBQIEMGMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vd3d3LmludGVsLmNvbS9wbGF0Y2VydGNwcy5wZGYwLgYIKwYBBQUHAgIwIgwgVENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwHwYDVR0jBBgwFoAUmZPUOcsy4quV9zejt3cpHNSkObYwNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzABhhpodHRwczovL3d3dy5pbnRlbC5jb20vb2NzcDB+BgNVHREEdzB1pHMwcTERMA8GBmeBBQUBAQwFSW50ZWwxFTATBgZngQUFAQIwCQYHKwYBBAGCVzETMBEGBmeBBQUBBAwHUzI2MDBLUDEWMBQGBmeBBQUBBQwKSDc2OTYyLTM1MDEYMBYGBmeBBQUBBgwMQlFLUDUyODQwNjc4",
+    "Signature": "lqxlJPymdcXfQtLSyXaa7eAN68Zb4zhIq1JT/VTbmPiGF4jvT629lNvULBr1plB6OkJoKO0m369pA1D5lrngiMXV64GAWNE/fiRNHPPYx5wIbqu8FApk8BkZQv5POCR+7mKQUg7Z+iv3I7Gd36oGBK9KW0SY3gmD5yACX5l9nXSaAEF9zb/qkIWoTNwnQXLPpcv11ksyTk6nPCZG3tEjNqLwPt1uNGTP4TxlDDU0gLwo9vMHqet7WXDgKothNMIn6oRzjDi5UCeEidRvsngifNrrnwcY0F1tj4qpg/95ZNDoXtYlL0DsWps5S/7/Xg60YOss0iOPPS3YKoE7tJRyrg==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 548986496904781841196662391040664879653735004569,
+    "Holder": {
+        "Issuer": {
+            "Country": [
+                "CH"
+            ],
+            "Organization": [
+                "STMicroelectronics NV"
+            ],
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STM TPM EK Intermediate CA 02",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STM TPM EK Intermediate CA 02"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        10
+                    ],
+                    "Value": "STMicroelectronics NV"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        6
+                    ],
+                    "Value": "CH"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 1968314523106797630082411822510029384949550822072796586024
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel Corporation"
+        ],
+        "OrganizationalUnit": [
+            "Platform Attribute Certificate Issuer"
+        ],
+        "Locality": [
+            "Santa Clara"
+        ],
+        "Province": [
+            "CA"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "www.intel.com",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    7
+                ],
+                "Value": "Santa Clara"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel Corporation"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    11
+                ],
+                "Value": "Platform Attribute Certificate Issuer"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "www.intel.com"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-08-20T15:53:44Z",
+    "NotAfter": "2020-08-20T15:53:44Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 2,
+            "MinorVersion": 0,
+            "Revision": 43
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "S2600KP",
+    "PlatformVersion": "H76962-350",
+    "PlatformSerial": "BQKP52840678",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}
--- a/attributecert/testdata/plat_cert3.cer
+++ b/attributecert/testdata/plat_cert3.cer
--- a/attributecert/testdata/plat_cert3.cer.json
+++ b/attributecert/testdata/plat_cert3.cer.json
@ -0,0 +1,168 @@
+{
+    "Raw": "MIIFHjCCBAYCAQEwd6B1MFmkVzBVMSYwJAYDVQQDDB1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMjEeMBwGA1UECgwVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMQswCQYDVQQGEwJDSAIYUEYpmIE5STImCFSYGYVSORmEiCQiMCAooFgwVqRUMFIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQKDAVJbnRlbDEeMBwGA1UEAwwVSW50ZWwgSW50ZXJtZWRpYXRlIENBMRMwEQYDVQQIDApTb21lLVN0YXRlMA0GCSqGSIb3DQEBCwUAAhRgKWfqeST97mzBULkeg3d9H0J5mTAiGA8yMDE3MDgyMDE1NTM0NFoYDzIwMjAwODIwMTU1MzQ0WjCCAYgwHAYFZ4EFAhExEzARMAkCAQICAQACASsEBAAAAAEwFAYFZ4EFAhcxCzAJAgEBAgEAAgELMIHHBgVngQUCEzGBvTCBugIBAKB0FgMzLjEKAQcKAQIBAQCAAQGBBSoDBAUGoi0WK2h0dHBzOi8vd3d3LmludGVsLmNvbS9wcm90ZWN0aW9ucHJvZmlsZS5wZGaDBSoDBAUHpCQWImh0dHBzOi8vd3d3LmludGVsLmNvbS9jY3RhcmdldC5wZGahDRYFMTQwLTIKAQQBAQCCAQMBAQAWKmh0dHBzOi8vd3d3LmludGVsLmNvbS9pc29jZXJ0aWZpY2F0aW9uLnBkZjAsBgZngQUFAQMxIjAgFh5odHRwczovL3d3dy5pbnRlbC5jb20vUENScy54bWwwWgYHZ4EFBQEHATFPME2hGzAMDAR2UHJvDAR0cnVlMAsMA0FNVAwEdHJ1ZaIuFixodHRwczovL3d3dy5pbnRlbC5jb20vcGxhdGZvcm1wcm9wZXJ0aWVzLnhtbDCCAVcwfAYDVR0gBHUwczBxBgoqhkiG+E0BBQIEMGMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vd3d3LmludGVsLmNvbS9wbGF0Y2VydGNwcy5wZGYwLgYIKwYBBQUHAgIwIgwgVENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwHwYDVR0jBBgwFoAUmZPUOcsy4quV9zejt3cpHNSkObYwNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzABhhpodHRwczovL3d3dy5pbnRlbC5jb20vb2NzcDB+BgNVHREEdzB1pHMwcTERMA8GBmeBBQUBAQwFSW50ZWwxFTATBgZngQUFAQIwCQYHKwYBBAGCVzETMBEGBmeBBQUBBAwHUzI2MDBLUDEWMBQGBmeBBQUBBQwKSDc2OTYyLTM1MDEYMBYGBmeBBQUBBgwMQlFLUDUyODQwNjc4MA0GCSqGSIb3DQEBCwUAA4IBAQCZKjzwWca3acJIj24JH7iLc/z70QGngQeA5ef2xPYlZq2c2e5PBiVSZndTKeX7cCDIF1EGPeuu7avJ6OdJc/OoSGwfHindkvlYWdnpihbnQ1Vevwojd+VZqaJYv25X47GYZahCST1G/fkI+rRzJL8/A7vM5MOGSEO/AW85ZKi+ih4hbECh+9RPn5JB6l4JHU/lCR2OzTfQ8P+/G8BDJpZc0EymMtU6shrpVa1QY8OHHb7vzuzSrdQYutqCywV2WhLML0AkB4PuOVCHC7CMBShJ8bavbJ2ajA+bxWOWdQAX7iYKU3k+JUkJiAayxSh7FumhJCLiXGE6n6uV4td95a7e",
+    "RawTBSAttributeCertificate": "MIIEBgIBATB3oHUwWaRXMFUxJjAkBgNVBAMMHVNUTSBUUE0gRUsgSW50ZXJtZWRpYXRlIENBIDAyMR4wHAYDVQQKDBVTVE1pY3JvZWxlY3Ryb25pY3MgTlYxCzAJBgNVBAYTAkNIAhhQRimYgTlJMiYIVJgZhVI5GYSIJCIwICigWDBWpFQwUjELMAkGA1UEBhMCVVMxDjAMBgNVBAoMBUludGVsMR4wHAYDVQQDDBVJbnRlbCBJbnRlcm1lZGlhdGUgQ0ExEzARBgNVBAgMClNvbWUtU3RhdGUwDQYJKoZIhvcNAQELBQACFGApZ+p5JP3ubMFQuR6Dd30fQnmZMCIYDzIwMTcwODIwMTU1MzQ0WhgPMjAyMDA4MjAxNTUzNDRaMIIBiDAcBgVngQUCETETMBEwCQIBAgIBAAIBKwQEAAAAATAUBgVngQUCFzELMAkCAQECAQACAQswgccGBWeBBQITMYG9MIG6AgEAoHQWAzMuMQoBBwoBAgEBAIABAYEFKgMEBQaiLRYraHR0cHM6Ly93d3cuaW50ZWwuY29tL3Byb3RlY3Rpb25wcm9maWxlLnBkZoMFKgMEBQekJBYiaHR0cHM6Ly93d3cuaW50ZWwuY29tL2NjdGFyZ2V0LnBkZqENFgUxNDAtMgoBBAEBAIIBAwEBABYqaHR0cHM6Ly93d3cuaW50ZWwuY29tL2lzb2NlcnRpZmljYXRpb24ucGRmMCwGBmeBBQUBAzEiMCAWHmh0dHBzOi8vd3d3LmludGVsLmNvbS9QQ1JzLnhtbDBaBgdngQUFAQcBMU8wTaEbMAwMBHZQcm8MBHRydWUwCwwDQU1UDAR0cnVloi4WLGh0dHBzOi8vd3d3LmludGVsLmNvbS9wbGF0Zm9ybXByb3BlcnRpZXMueG1sMIIBVzB8BgNVHSAEdTBzMHEGCiqGSIb4TQEFAgQwYzAxBggrBgEFBQcCARYlaHR0cHM6Ly93d3cuaW50ZWwuY29tL3BsYXRjZXJ0Y3BzLnBkZjAuBggrBgEFBQcCAjAiDCBUQ0cgVHJ1c3RlZCBQbGF0Zm9ybSBFbmRvcnNlbWVudDAfBgNVHSMEGDAWgBSZk9Q5yzLiq5X3N6O3dykc1KQ5tjA2BggrBgEFBQcBAQQqMCgwJgYIKwYBBQUHMAGGGmh0dHBzOi8vd3d3LmludGVsLmNvbS9vY3NwMH4GA1UdEQR3MHWkczBxMREwDwYGZ4EFBQEBDAVJbnRlbDEVMBMGBmeBBQUBAjAJBgcrBgEEAYJXMRMwEQYGZ4EFBQEEDAdTMjYwMEtQMRYwFAYGZ4EFBQEFDApINzY5NjItMzUwMRgwFgYGZ4EFBQEGDAxCUUtQNTI4NDA2Nzg=",
+    "Signature": "mSo88FnGt2nCSI9uCR+4i3P8+9EBp4EHgOXn9sT2JWatnNnuTwYlUmZ3Uynl+3AgyBdRBj3rru2ryejnSXPzqEhsHx4p3ZL5WFnZ6YoW50NVXr8KI3flWamiWL9uV+OxmGWoQkk9Rv35CPq0cyS/PwO7zOTDhkhDvwFvOWSovooeIWxAofvUT5+SQepeCR1P5Qkdjs030PD/vxvAQyaWXNBMpjLVOrIa6VWtUGPDhx2+787s0q3UGLragssFdloSzC9AJAeD7jlQhwuwjAUoSfG2r2ydmowPm8VjlnUAF+4mClN5PiVJCYgGssUoexbpoSQi4lxhOp+rleLXfeWu3g==",
+    "SignatureAlgorithm": 0,
+    "Version": 2,
+    "SerialNumber": 548986496904781841196662391040664879653735004569,
+    "Holder": {
+        "Issuer": {
+            "Country": [
+                "CH"
+            ],
+            "Organization": [
+                "STMicroelectronics NV"
+            ],
+            "OrganizationalUnit": null,
+            "Locality": null,
+            "Province": null,
+            "StreetAddress": null,
+            "PostalCode": null,
+            "SerialNumber": "",
+            "CommonName": "STM TPM EK Intermediate CA 02",
+            "Names": [
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        3
+                    ],
+                    "Value": "STM TPM EK Intermediate CA 02"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        10
+                    ],
+                    "Value": "STMicroelectronics NV"
+                },
+                {
+                    "Type": [
+                        2,
+                        5,
+                        4,
+                        6
+                    ],
+                    "Value": "CH"
+                }
+            ],
+            "ExtraNames": null
+        },
+        "Serial": 1968314523106797630082411822510029384949550822072796586024
+    },
+    "Issuer": {
+        "Country": [
+            "US"
+        ],
+        "Organization": [
+            "Intel"
+        ],
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": [
+            "Some-State"
+        ],
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "Intel Intermediate CA",
+        "Names": [
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    6
+                ],
+                "Value": "US"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    10
+                ],
+                "Value": "Intel"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    3
+                ],
+                "Value": "Intel Intermediate CA"
+            },
+            {
+                "Type": [
+                    2,
+                    5,
+                    4,
+                    8
+                ],
+                "Value": "Some-State"
+            }
+        ],
+        "ExtraNames": null
+    },
+    "Subject": {
+        "Country": null,
+        "Organization": null,
+        "OrganizationalUnit": null,
+        "Locality": null,
+        "Province": null,
+        "StreetAddress": null,
+        "PostalCode": null,
+        "SerialNumber": "",
+        "CommonName": "",
+        "Names": null,
+        "ExtraNames": null
+    },
+    "NotBefore": "2017-08-20T15:53:44Z",
+    "NotAfter": "2020-08-20T15:53:44Z",
+    "TCGPlatformSpecification": {
+        "Version": {
+            "MajorVersion": 2,
+            "MinorVersion": 0,
+            "Revision": 43
+        }
+    },
+    "TBBSecurityAssertions": {
+        "Version": 0,
+        "CcInfo": {
+            "Version": "",
+            "AssuranceLevel": 0,
+            "EvaluationStatus": 0,
+            "Plus": false,
+            "StrengthOfFunction": 0,
+            "ProfileOid": null,
+            "ProfileUri": "",
+            "TargetOid": null,
+            "TargetUri": null
+        },
+        "FipsLevel": {
+            "Version": "",
+            "Level": 0,
+            "Plus": false
+        },
+        "RtmType": 0,
+        "Iso9000Certified": false,
+        "Iso9000Uri": ""
+    },
+    "PlatformManufacturer": "Intel",
+    "PlatformModel": "S2600KP",
+    "PlatformVersion": "H76962-350",
+    "PlatformSerial": "BQKP52840678",
+    "CredentialSpecification": "",
+    "UserNotice": {
+        "NoticeRef": {
+            "Organization": "",
+            "NoticeNumbers": null
+        },
+        "ExplicitText": ""
+    }
+}