|
Packit |
40b132 |
#!/bin/bash
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# mozilla/security/nss/tests/pkits/pkits.sh
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# Script to test the NIST PKITS tests
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# needs to work on all Unix and Windows platforms
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# tests implemented:
|
|
Packit |
40b132 |
# vfychain
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# special NOTES
|
|
Packit |
40b132 |
# ---------------
|
|
Packit |
40b132 |
# NIST PKITS data needs to be downloaded from
|
|
Packit |
40b132 |
# http://csrc.nist.gov/pki/testing/x509paths.html
|
|
Packit |
40b132 |
# Environment variable PKITS_DATA needs to be set to the directory
|
|
Packit |
40b132 |
# where this data is downloaded, or test data needs to be copied under
|
|
Packit |
40b132 |
# the mozilla source tree in mozilla/PKITS_DATA
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
############################## pkits_init ##############################
|
|
Packit |
40b132 |
# local shell function to initialize this script
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
pkits_init()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
SCRIPTNAME=pkits.sh
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -z "${CLEANUP}" ] ; then
|
|
Packit |
40b132 |
CLEANUP="${SCRIPTNAME}"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
|
|
Packit |
40b132 |
cd ../common
|
|
Packit |
40b132 |
. ./init.sh
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -z "${PKITS_DATA}" ]; then
|
|
Packit |
40b132 |
echo "${SCRIPTNAME}: PKITS data directory not defined, skipping."
|
|
Packit |
40b132 |
exit 0
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ ! -d "${PKITS_DATA}" ]; then
|
|
Packit |
40b132 |
echo "${SCRIPTNAME}: PKITS data directory ${PKITS_DATA} doesn't exist, skipping."
|
|
Packit |
40b132 |
exit 0
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
PKITSDIR=${HOSTDIR}/pkits
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
COPYDIR=${PKITSDIR}/copydir
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
mkdir -p ${PKITSDIR}
|
|
Packit |
40b132 |
mkdir -p ${COPYDIR}
|
|
Packit |
40b132 |
mkdir -p ${PKITSDIR}/html
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
certs=${PKITS_DATA}/certs
|
|
Packit |
40b132 |
crls=${PKITS_DATA}/crls
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
cd ${PKITSDIR}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
PKITSdb=${PKITSDIR}/PKITSdb
|
|
Packit |
40b132 |
PKITSbkp=${PKITSDIR}/PKITSbkp
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
PKITS_LOG=${PKITSDIR}/pkits.log #getting its own logfile
|
|
Packit |
40b132 |
pkits_log "Start of logfile $PKITS_LOG"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ ! -d "${PKITSdb}" ]; then
|
|
Packit |
40b132 |
mkdir -p ${PKITSdb}
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
pkits_log "$SCRIPTNAME: WARNING - ${PKITSdb} exists"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ ! -d "${PKITSbkp}" ]; then
|
|
Packit |
40b132 |
mkdir -p ${PKITSbkp}
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
pkits_log "$SCRIPTNAME: WARNING - ${PKITSbkp} exists"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
echo "HOSTDIR" $HOSTDIR
|
|
Packit |
40b132 |
echo "PKITSDIR" $PKITSDIR
|
|
Packit |
40b132 |
echo "PKITSdb" $PKITSdb
|
|
Packit |
40b132 |
echo "PKITSbkp" $PKITSbkp
|
|
Packit |
40b132 |
echo "PKITS_DATA" $PKITS_DATA
|
|
Packit |
40b132 |
echo "certs" $certs
|
|
Packit |
40b132 |
echo "crls" $crls
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
echo nss > ${PKITSdb}/pw
|
|
Packit |
40b132 |
${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
|
|
Packit |
40b132 |
$certs/TrustAnchorRootCertificate.crt -d $PKITSdb
|
|
Packit |
40b132 |
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
|
|
Packit |
40b132 |
${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
html "NO CRLs are being used."
|
|
Packit |
40b132 |
pkits_log "NO CRLs are being used."
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
cp ${PKITSdb}/* ${PKITSbkp}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
KNOWN_BUG=
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
############################### pkits_log ##############################
|
|
Packit |
40b132 |
# write to pkits.log file
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
pkits_log()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
echo "$SCRIPTNAME $*"
|
|
Packit |
40b132 |
echo $* >> ${PKITS_LOG}
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
restore_db()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
echo "Restore DB"
|
|
Packit |
40b132 |
rm ${PKITSdb}/*
|
|
Packit |
40b132 |
cp ${PKITSbkp}/* ${PKITSdb}
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
log_banner()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
echo ""
|
|
Packit |
40b132 |
echo "--------------------------------------------------------------------"
|
|
Packit |
40b132 |
echo "Test case ${VFY_ACTION}"
|
|
Packit |
40b132 |
echo ""
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
start_table()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
html ""
|
|
Packit |
40b132 |
html "Test CaseResult"
|
|
Packit |
40b132 |
echo ""
|
|
Packit |
40b132 |
echo "***************************************************************"
|
|
Packit |
40b132 |
echo "$*"
|
|
Packit |
40b132 |
echo "***************************************************************"
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
break_table()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
html ""
|
|
Packit |
40b132 |
start_table "$@"
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
################################ pkits #################################
|
|
Packit |
40b132 |
# local shell function for positive testcases, calls vfychain, writes
|
|
Packit |
40b132 |
# action and options to stdout, sets variable RET and writes results to
|
|
Packit |
40b132 |
# the html file results
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
pkits()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
echo "vfychain -d $PKITSdb -u 4 $*"
|
|
Packit |
40b132 |
${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
|
|
Packit |
40b132 |
RET=`expr ${RET} + ${CNT}`
|
|
Packit |
40b132 |
cat ${PKITSDIR}/cmdout.txt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$RET" -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "ERROR: ${VFY_ACTION} failed $RET"
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
html_passed "${VFY_ACTION}"
|
|
Packit |
40b132 |
pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
################################ pkitsn #################################
|
|
Packit |
40b132 |
# local shell function for negative testcases, calls vfychain, writes
|
|
Packit |
40b132 |
# action and options to stdout, sets variable RET and writes results to
|
|
Packit |
40b132 |
# the html file results
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
pkitsn()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
echo "vfychain -d $PKITSdb -u 4 $*"
|
|
Packit |
40b132 |
${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
|
|
Packit |
40b132 |
RET=`expr ${RET} + ${CNT}`
|
|
Packit |
40b132 |
cat ${PKITSDIR}/cmdout.txt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$RET" -eq 0 ]; then
|
|
Packit |
40b132 |
html_failed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "ERROR: ${VFY_ACTION} failed $RET"
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
html_passed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
################################ crlImport #############################
|
|
Packit |
40b132 |
# local shell function to import a CRL, calls crlutil -I -i, writes
|
|
Packit |
40b132 |
# action and options to stdout
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
crlImport()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
|
|
Packit |
40b132 |
echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
|
|
Packit |
40b132 |
${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
cat ${PKITSDIR}/cmdout.txt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$RET" -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "ERROR: ${VFY_ACTION} failed $RET"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
################################ crlImportn #############################
|
|
Packit |
40b132 |
# local shell function to import an incorrect CRL, calls crlutil -I -i,
|
|
Packit |
40b132 |
# writes action and options to stdout
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
crlImportn()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
RET=0
|
|
Packit |
40b132 |
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
|
|
Packit |
40b132 |
echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
|
|
Packit |
40b132 |
${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
cat ${PKITSDIR}/cmdout.txt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$RET" -eq 0 ]; then
|
|
Packit |
40b132 |
html_failed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "ERROR: ${VFY_ACTION} failed $RET"
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
html_passed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
################################ certImport #############################
|
|
Packit |
40b132 |
# local shell function to import a Cert, calls certutil -A, writes
|
|
Packit |
40b132 |
# action and options to stdout
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
certImport()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
|
|
Packit |
40b132 |
${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
cat ${PKITSDIR}/cmdout.txt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$RET" -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "ERROR: ${VFY_ACTION} failed $RET"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
################################ certImportn #############################
|
|
Packit |
40b132 |
# local shell function to import an incorrect Cert, calls certutil -A,
|
|
Packit |
40b132 |
# writes action and options to stdout
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
certImportn()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
RET=0
|
|
Packit |
40b132 |
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
|
|
Packit |
40b132 |
echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
|
|
Packit |
40b132 |
${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
cat ${PKITSDIR}/cmdout.txt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$RET" -eq 0 ]; then
|
|
Packit |
40b132 |
html_failed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "ERROR: ${VFY_ACTION} failed $RET"
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
html_passed "${VFY_ACTION} ($RET) "
|
|
Packit |
40b132 |
pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
############################## pkits_tests_bySection ###################
|
|
Packit |
40b132 |
# running the various PKITS tests
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
pkits_SignatureVerification()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
start_table "NIST PKITS Section 4.1: Signature Verification"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Signatures Test1"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidCertificatePathTest1EE.crt $certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid CA Signature Test2"; log_banner
|
|
Packit |
40b132 |
certImport BadSignedCACert
|
|
Packit |
40b132 |
crlImport BadSignedCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidCASignatureTest2EE.crt \
|
|
Packit |
40b132 |
$certs/BadSignedCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid EE Signature Test3"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidEESignatureTest3EE.crt $certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DSA Signatures Test4"; log_banner
|
|
Packit |
40b132 |
certImport DSACACert
|
|
Packit |
40b132 |
crlImport DSACACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDSASignaturesTest4EE.crt $certs/DSACACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DSA Parameter Inheritance Test5"; log_banner
|
|
Packit |
40b132 |
certImport DSACACert
|
|
Packit |
40b132 |
crlImport DSACACRL.crl
|
|
Packit |
40b132 |
certImport DSAParametersInheritedCACert
|
|
Packit |
40b132 |
crlImport DSAParametersInheritedCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDSAParameterInheritanceTest5EE.crt \
|
|
Packit |
40b132 |
$certs/DSAParametersInheritedCACert.crt \
|
|
Packit |
40b132 |
$certs/DSACACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DSA Signature Test6"; log_banner
|
|
Packit |
40b132 |
certImport DSACACert
|
|
Packit |
40b132 |
crlImport DSACACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDSASignatureTest6EE.crt $certs/DSACACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_ValidityPeriods()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.2: Validity Periods"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid CA notBefore Date Test1"; log_banner
|
|
Packit |
40b132 |
certImport BadnotBeforeDateCACert
|
|
Packit |
40b132 |
crlImportn BadnotBeforeDateCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidCAnotBeforeDateTest1EE.crt \
|
|
Packit |
40b132 |
$certs/BadnotBeforeDateCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid EE notBefore Date Test2"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidEEnotBeforeDateTest2EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid pre2000 UTC notBefore Date Test3"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/Validpre2000UTCnotBeforeDateTest3EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid GeneralizedTime notBefore Date Test4"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid CA notAfter Date Test5"; log_banner
|
|
Packit |
40b132 |
certImport BadnotAfterDateCACert
|
|
Packit |
40b132 |
crlImportn BadnotAfterDateCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidCAnotAfterDateTest5EE.crt \
|
|
Packit |
40b132 |
$certs/BadnotAfterDateCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid EE notAfter Date Test6"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidEEnotAfterDateTest6EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pre2000 UTC EE notAfter Date Test7"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="ValidGeneralizedTime notAfter Date Test8"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidGeneralizedTimenotAfterDateTest8EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_NameChaining()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.3: Verifying NameChaining"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Name Chaining EE Test1"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidNameChainingTest1EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Name Chaining Order Test2"; log_banner
|
|
Packit |
40b132 |
certImport NameOrderingCACert
|
|
Packit |
40b132 |
crlImport NameOrderCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidNameChainingOrderTest2EE.crt \
|
|
Packit |
40b132 |
$certs/NameOrderingCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 216123 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Name Chaining Whitespace Test3"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidNameChainingWhitespaceTest3EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Name Chaining Whitespace Test4"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidNameChainingWhitespaceTest4EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Name Chaining Capitalization Test5"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidNameChainingCapitalizationTest5EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Name Chaining UIDs Test6"; log_banner
|
|
Packit |
40b132 |
certImport UIDCACert
|
|
Packit |
40b132 |
crlImport UIDCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidNameUIDsTest6EE.crt $certs/UIDCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RFC3280 Mandatory Attribute Types Test7"; log_banner
|
|
Packit |
40b132 |
certImport RFC3280MandatoryAttributeTypesCACert
|
|
Packit |
40b132 |
crlImport RFC3280MandatoryAttributeTypesCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt \
|
|
Packit |
40b132 |
$certs/RFC3280MandatoryAttributeTypesCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RFC3280 Optional Attribute Types Test8"; log_banner
|
|
Packit |
40b132 |
certImport RFC3280OptionalAttributeTypesCACert
|
|
Packit |
40b132 |
crlImport RFC3280OptionalAttributeTypesCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt \
|
|
Packit |
40b132 |
$certs/RFC3280OptionalAttributeTypesCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid UTF8String Encoded Names Test9"; log_banner
|
|
Packit |
40b132 |
certImport UTF8StringEncodedNamesCACert
|
|
Packit |
40b132 |
crlImport UTF8StringEncodedNamesCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidUTF8StringEncodedNamesTest9EE.crt \
|
|
Packit |
40b132 |
$certs/UTF8StringEncodedNamesCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 216123 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Rollover from PrintableString to UTF8String Test10"; log_banner
|
|
Packit |
40b132 |
certImport RolloverfromPrintableStringtoUTF8StringCACert
|
|
Packit |
40b132 |
crlImport RolloverfromPrintableStringtoUTF8StringCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt \
|
|
Packit |
40b132 |
$certs/RolloverfromPrintableStringtoUTF8StringCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid UTF8String case Insensitive Match Test11"; log_banner
|
|
Packit |
40b132 |
certImport UTF8StringCaseInsensitiveMatchCACert
|
|
Packit |
40b132 |
crlImport UTF8StringCaseInsensitiveMatchCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt \
|
|
Packit |
40b132 |
$certs/UTF8StringCaseInsensitiveMatchCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_BasicCertRevocation()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.4: Basic Certificate Revocation Tests"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 414556 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Missing CRL Test1"; log_banner
|
|
Packit |
40b132 |
pkitsn $certs/InvalidMissingCRLTest1EE.crt \
|
|
Packit |
40b132 |
$certs/NoCRLCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Revoked CA Test2"; log_banner
|
|
Packit |
40b132 |
certImport RevokedsubCACert
|
|
Packit |
40b132 |
crlImport RevokedsubCACRL.crl
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidRevokedCATest2EE.crt \
|
|
Packit |
40b132 |
$certs/RevokedsubCACert.crt $certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Revoked EE Test3"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidRevokedEETest3EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Bad CRL Signature Test4"; log_banner
|
|
Packit |
40b132 |
certImport BadCRLSignatureCACert
|
|
Packit |
40b132 |
crlImportn BadCRLSignatureCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidBadCRLSignatureTest4EE.crt \
|
|
Packit |
40b132 |
$certs/BadCRLSignatureCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Bad CRL Issuer Name Test5"; log_banner
|
|
Packit |
40b132 |
certImport BadCRLIssuerNameCACert
|
|
Packit |
40b132 |
crlImportn BadCRLIssuerNameCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidBadCRLIssuerNameTest5EE.crt \
|
|
Packit |
40b132 |
$certs/BadCRLIssuerNameCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 414556 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Wrong CRL Test6"; log_banner
|
|
Packit |
40b132 |
certImport WrongCRLCACert
|
|
Packit |
40b132 |
crlImport WrongCRLCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidWrongCRLTest6EE.crt \
|
|
Packit |
40b132 |
$certs/WrongCRLCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Two CRLs Test7"; log_banner
|
|
Packit |
40b132 |
certImport TwoCRLsCACert
|
|
Packit |
40b132 |
crlImport TwoCRLsCAGoodCRL.crl
|
|
Packit |
40b132 |
crlImportn TwoCRLsCABadCRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidTwoCRLsTest7EE.crt \
|
|
Packit |
40b132 |
$certs/TwoCRLsCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Unknown CRL Entry Extension Test8"; log_banner
|
|
Packit |
40b132 |
certImport UnknownCRLEntryExtensionCACert
|
|
Packit |
40b132 |
crlImportn UnknownCRLEntryExtensionCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidUnknownCRLEntryExtensionTest8EE.crt \
|
|
Packit |
40b132 |
$certs/UnknownCRLEntryExtensionCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Unknown CRL Extension Test9"; log_banner
|
|
Packit |
40b132 |
certImport UnknownCRLExtensionCACert
|
|
Packit |
40b132 |
crlImportn UnknownCRLExtensionCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidUnknownCRLExtensionTest9EE.crt \
|
|
Packit |
40b132 |
$certs/UnknownCRLExtensionCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Unknown CRL Extension Test10"; log_banner
|
|
Packit |
40b132 |
certImport UnknownCRLExtensionCACert
|
|
Packit |
40b132 |
crlImportn UnknownCRLExtensionCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidUnknownCRLExtensionTest10EE.crt \
|
|
Packit |
40b132 |
$certs/UnknownCRLExtensionCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 414563 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Old CRL nextUpdate Test11"; log_banner
|
|
Packit |
40b132 |
certImport OldCRLnextUpdateCACert
|
|
Packit |
40b132 |
crlImport OldCRLnextUpdateCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidOldCRLnextUpdateTest11EE.crt \
|
|
Packit |
40b132 |
$certs/OldCRLnextUpdateCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pre2000 CRL nextUpdate Test12"; log_banner
|
|
Packit |
40b132 |
certImport pre2000CRLnextUpdateCACert
|
|
Packit |
40b132 |
crlImport pre2000CRLnextUpdateCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/Invalidpre2000CRLnextUpdateTest12EE.crt \
|
|
Packit |
40b132 |
$certs/pre2000CRLnextUpdateCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid GeneralizedTime CRL nextUpdate Test13"; log_banner
|
|
Packit |
40b132 |
certImport GeneralizedTimeCRLnextUpdateCACert
|
|
Packit |
40b132 |
crlImport GeneralizedTimeCRLnextUpdateCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt \
|
|
Packit |
40b132 |
$certs/GeneralizedTimeCRLnextUpdateCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Negative Serial Number Test14"; log_banner
|
|
Packit |
40b132 |
certImport NegativeSerialNumberCACert
|
|
Packit |
40b132 |
crlImport NegativeSerialNumberCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidNegativeSerialNumberTest14EE.crt \
|
|
Packit |
40b132 |
$certs/NegativeSerialNumberCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Negative Serial Number Test15"; log_banner
|
|
Packit |
40b132 |
certImport NegativeSerialNumberCACert
|
|
Packit |
40b132 |
crlImport NegativeSerialNumberCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidNegativeSerialNumberTest15EE.crt \
|
|
Packit |
40b132 |
$certs/NegativeSerialNumberCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Long Serial Number Test16"; log_banner
|
|
Packit |
40b132 |
certImport LongSerialNumberCACert
|
|
Packit |
40b132 |
crlImport LongSerialNumberCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidLongSerialNumberTest16EE.crt \
|
|
Packit |
40b132 |
$certs/LongSerialNumberCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Long Serial Number Test17"; log_banner
|
|
Packit |
40b132 |
certImport LongSerialNumberCACert
|
|
Packit |
40b132 |
crlImport LongSerialNumberCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidLongSerialNumberTest17EE.crt \
|
|
Packit |
40b132 |
$certs/LongSerialNumberCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Long Serial Number Test18"; log_banner
|
|
Packit |
40b132 |
certImport LongSerialNumberCACert
|
|
Packit |
40b132 |
crlImport LongSerialNumberCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidLongSerialNumberTest18EE.crt \
|
|
Packit |
40b132 |
$certs/LongSerialNumberCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 232737 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Separate Certificate and CRL Keys Test19"; log_banner
|
|
Packit |
40b132 |
certImport SeparateCertificateandCRLKeysCertificateSigningCACert
|
|
Packit |
40b132 |
certImport SeparateCertificateandCRLKeysCRLSigningCert
|
|
Packit |
40b132 |
crlImport SeparateCertificateandCRLKeysCRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidSeparateCertificateandCRLKeysTest19EE.crt \
|
|
Packit |
40b132 |
$certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Separate Certificate and CRL Keys Test20"; log_banner
|
|
Packit |
40b132 |
certImport SeparateCertificateandCRLKeysCertificateSigningCACert
|
|
Packit |
40b132 |
certImport SeparateCertificateandCRLKeysCRLSigningCert
|
|
Packit |
40b132 |
crlImport SeparateCertificateandCRLKeysCRL.crl
|
|
Packit |
40b132 |
pkits $certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt \
|
|
Packit |
40b132 |
$certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Separate Certificate and CRL Keys Test21"; log_banner
|
|
Packit |
40b132 |
certImport SeparateCertificateandCRLKeysCA2CertificateSigningCACert
|
|
Packit |
40b132 |
certImport SeparateCertificateandCRLKeysCA2CRLSigningCert
|
|
Packit |
40b132 |
crlImport SeparateCertificateandCRLKeysCA2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt \
|
|
Packit |
40b132 |
$certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_PathVerificWithSelfIssuedCerts()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.5: Self-Issued Certificates"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 232737 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Basic Self-Issued Old With New Test1"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedNewKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedNewKeyCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedNewKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Basic Self-Issued Old With New Test2"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedNewKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedNewKeyCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedNewKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bugs 321755 & 418769 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Basic Self-Issued New With Old Test3"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedOldKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedOldKeyCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedOldKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Basic Self-Issued New With Old Test4"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedOldKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedOldKeyCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedOldKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Basic Self-Issued New With Old Test5"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedOldKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedOldKeyCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedOldKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Basic Self-Issued CRL Signing Key Test6"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedCRLSigningKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedOldKeyCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedCRLSigningKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test7"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedCRLSigningKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedOldKeyCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedCRLSigningKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test8"; log_banner
|
|
Packit |
40b132 |
certImport BasicSelfIssuedCRLSigningKeyCACert
|
|
Packit |
40b132 |
crlImport BasicSelfIssuedOldKeyCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
|
|
Packit |
40b132 |
$certs/BasicSelfIssuedCRLSigningKeyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_BasicConstraints()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.6: Verifying Basic Constraints"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Missing basicConstraints Test1"; log_banner
|
|
Packit |
40b132 |
certImport MissingbasicConstraintsCACert
|
|
Packit |
40b132 |
crlImport MissingbasicConstraintsCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidMissingbasicConstraintsTest1EE.crt \
|
|
Packit |
40b132 |
$certs/MissingbasicConstraintsCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid cA False Test2"; log_banner
|
|
Packit |
40b132 |
certImport basicConstraintsCriticalcAFalseCACert
|
|
Packit |
40b132 |
crlImport basicConstraintsCriticalcAFalseCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidcAFalseTest2EE.crt \
|
|
Packit |
40b132 |
$certs/basicConstraintsCriticalcAFalseCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid cA False Test3"; log_banner
|
|
Packit |
40b132 |
certImport basicConstraintsNotCriticalcAFalseCACert
|
|
Packit |
40b132 |
crlImport basicConstraintsNotCriticalcAFalseCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidcAFalseTest3EE.crt \
|
|
Packit |
40b132 |
$certs/basicConstraintsNotCriticalcAFalseCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid basicConstraints Not Critical Test4"; log_banner
|
|
Packit |
40b132 |
certImport basicConstraintsNotCriticalCACert
|
|
Packit |
40b132 |
crlImport basicConstraintsNotCriticalCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidbasicConstraintsNotCriticalTest4EE.crt \
|
|
Packit |
40b132 |
$certs/basicConstraintsNotCriticalCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pathLenConstraint Test5"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint0CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint0subCACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0subCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidpathLenConstraintTest5EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0subCACert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pathLenConstraint Test6"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint0CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint0subCACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0subCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidpathLenConstraintTest6EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0subCACert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid pathLenConstraint Test7"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint0CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidpathLenConstraintTest7EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid pathLenConstraint test8"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint0CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidpathLenConstraintTest8EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pathLenConstraint Test9"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint6CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subCA0Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subCA0CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubCA00Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubCA00CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidpathLenConstraintTest9EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubCA00Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subCA0Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pathLenConstraint Test10"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint6CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subCA0Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subCA0CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubCA00Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubCA00CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidpathLenConstraintTest10EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubCA00Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subCA0Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pathLenConstraint Test11"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint6CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subCA1Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subCA1CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubCA11Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubCA11CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubsubCA11XCert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubsubCA11XCRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidpathLenConstraintTest11EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubsubCA11XCert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubCA11Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subCA1Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid pathLenConstraint test12"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint6CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subCA1Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subCA1CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubCA11Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubCA11CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubsubCA11XCert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubsubCA11XCRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidpathLenConstraintTest12EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubsubCA11XCert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubCA11Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subCA1Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid pathLenConstraint Test13"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint6CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subCA4Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subCA4CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubCA41Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubCA41CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubsubCA41XCert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubsubCA41XCRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidpathLenConstraintTest13EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubsubCA41XCert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubCA41Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subCA4Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid pathLenConstraint Test14"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint6CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subCA4Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subCA4CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubCA41Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubCA41CRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint6subsubsubCA41XCert
|
|
Packit |
40b132 |
crlImport pathLenConstraint6subsubsubCA41XCRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidpathLenConstraintTest14EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubsubCA41XCert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subsubCA41Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6subCA4Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint6CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 232737 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Self-Issued pathLenConstraint Test15"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint0CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidSelfIssuedpathLenConstraintTest15EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued pathLenConstraint Test16"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint0CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint0subCA2Cert
|
|
Packit |
40b132 |
crlImport pathLenConstraint0subCA2CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 232737 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Self-Issued pathLenConstraint Test17"; log_banner
|
|
Packit |
40b132 |
certImport pathLenConstraint1CACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint1CACRL.crl
|
|
Packit |
40b132 |
certImport pathLenConstraint1subCACert
|
|
Packit |
40b132 |
crlImport pathLenConstraint1subCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidSelfIssuedpathLenConstraintTest17EE.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint1SelfIssuedsubCACert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint1subCACert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/pathLenConstraint1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_KeyUsage()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.7: Key Usage"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid keyUsage Critical keyCertSign False Test1"; log_banner
|
|
Packit |
40b132 |
certImport keyUsageCriticalkeyCertSignFalseCACert
|
|
Packit |
40b132 |
crlImport keyUsageCriticalkeyCertSignFalseCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt \
|
|
Packit |
40b132 |
$certs/keyUsageCriticalkeyCertSignFalseCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid keyUsage Not Critical keyCertSign False Test2"; log_banner
|
|
Packit |
40b132 |
certImport keyUsageNotCriticalkeyCertSignFalseCACert
|
|
Packit |
40b132 |
crlImport keyUsageNotCriticalkeyCertSignFalseCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt \
|
|
Packit |
40b132 |
$certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid keyUsage Not Critical Test3"; log_banner
|
|
Packit |
40b132 |
certImport keyUsageNotCriticalCACert
|
|
Packit |
40b132 |
crlImport keyUsageNotCriticalCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidkeyUsageNotCriticalTest3EE.crt \
|
|
Packit |
40b132 |
$certs/keyUsageNotCriticalCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid keyUsage Critical cRLSign False Test4"; log_banner
|
|
Packit |
40b132 |
certImport keyUsageCriticalcRLSignFalseCACert
|
|
Packit |
40b132 |
crlImportn keyUsageCriticalcRLSignFalseCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt \
|
|
Packit |
40b132 |
$certs/keyUsageCriticalcRLSignFalseCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid keyUsage Not Critical cRLSign False Test5"; log_banner
|
|
Packit |
40b132 |
certImport keyUsageNotCriticalcRLSignFalseCACert
|
|
Packit |
40b132 |
crlImportn keyUsageNotCriticalcRLSignFalseCACRL.crl
|
|
Packit |
40b132 |
if [ $RET -eq 0 ] ; then
|
|
Packit |
40b132 |
pkitsn $certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt \
|
|
Packit |
40b132 |
$certs/keyUsageNotCriticalcRLSignFalseCACert.crt
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_CertificatePolicies()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.8: Certificate Policies"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="All Certificates Same Policy Test1"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidCertificatePathTest1EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="All Certificates No Policies Test2"; log_banner
|
|
Packit |
40b132 |
certImport NoPoliciesCACert
|
|
Packit |
40b132 |
crlImport NoPoliciesCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/AllCertificatesNoPoliciesTest2EE.crt \
|
|
Packit |
40b132 |
$certs/NoPoliciesCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Different Policies Test3"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP2subCACert
|
|
Packit |
40b132 |
crlImport PoliciesP2subCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/DifferentPoliciesTest3EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP2subCACert.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Different Policies Test4"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
certImport GoodsubCACert
|
|
Packit |
40b132 |
crlImport GoodsubCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/DifferentPoliciesTest4EE.crt \
|
|
Packit |
40b132 |
$certs/GoodsubCACert.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Different Policies Test5"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP2subCA2Cert
|
|
Packit |
40b132 |
crlImport PoliciesP2subCA2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/DifferentPoliciesTest5EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP2subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Overlapping Policies Test6"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP1234CACert
|
|
Packit |
40b132 |
crlImport PoliciesP1234CACRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP1234subCAP123Cert
|
|
Packit |
40b132 |
crlImport PoliciesP1234subCAP123CRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP1234subsubCAP123P12Cert
|
|
Packit |
40b132 |
crlImport PoliciesP1234subsubCAP123P12CRL.crl
|
|
Packit |
40b132 |
pkits $certs/OverlappingPoliciesTest6EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP1234subsubCAP123P12Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP1234subCAP123Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP1234CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Different Policies Test7"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP123CACert
|
|
Packit |
40b132 |
crlImport PoliciesP123CACRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP123subCAP12Cert
|
|
Packit |
40b132 |
crlImport PoliciesP123subCAP12CRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP123subsubCAP12P1Cert
|
|
Packit |
40b132 |
crlImport PoliciesP123subsubCAP12P1CRL.crl
|
|
Packit |
40b132 |
pkits $certs/DifferentPoliciesTest7EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP123subsubCAP12P1Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP123subCAP12Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP123CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Different Policies Test8"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP12CACert
|
|
Packit |
40b132 |
crlImport PoliciesP12CACRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP12subCAP1Cert
|
|
Packit |
40b132 |
crlImport PoliciesP12subCAP1CRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP12subsubCAP1P2Cert
|
|
Packit |
40b132 |
crlImport PoliciesP12subsubCAP1P2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/DifferentPoliciesTest8EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP123subsubCAP12P1Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP12subCAP1Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP12CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Different Policies Test9"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP123CACert
|
|
Packit |
40b132 |
crlImport PoliciesP123CACRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP123subCAP12Cert
|
|
Packit |
40b132 |
crlImport PoliciesP123subCAP12CRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP123subsubCAP12P2Cert
|
|
Packit |
40b132 |
crlImport PoliciesP123subsubCAP2P2CRL.crl
|
|
Packit |
40b132 |
certImport PoliciesP123subsubsubCAP12P2P1Cert
|
|
Packit |
40b132 |
crlImport PoliciesP123subsubsubCAP12P2P1CRL.crl
|
|
Packit |
40b132 |
pkits $certs/DifferentPoliciesTest9EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP123subsubsubCAP12P2P1Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP123subsubCAP12P1Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP12subCAP1Cert.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP12CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="All Certificates Same Policies Test10"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP12CACert
|
|
Packit |
40b132 |
crlImport PoliciesP12CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/AllCertificatesSamePoliciesTest10EE.crt \
|
|
Packit |
40b132 |
$certs/NoPoliciesCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="All Certificates AnyPolicy Test11"; log_banner
|
|
Packit |
40b132 |
certImport anyPolicyCACert
|
|
Packit |
40b132 |
crlImport anyPolicyCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/AllCertificatesanyPolicyTest11EE.crt \
|
|
Packit |
40b132 |
$certs/anyPolicyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Different Policies Test12"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP3CACert
|
|
Packit |
40b132 |
crlImport PoliciesP3CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/DifferentPoliciesTest12EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="All Certificates Same Policies Test13"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP123CACert
|
|
Packit |
40b132 |
crlImport PoliciesP123CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/AllCertificatesSamePoliciesTest13EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP123CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="AnyPolicy Test14"; log_banner
|
|
Packit |
40b132 |
certImport anyPolicyCACert
|
|
Packit |
40b132 |
crlImport anyPolicyCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/AnyPolicyTest14EE.crt \
|
|
Packit |
40b132 |
$certs/anyPolicyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="User Notice Qualifier Test15"; log_banner
|
|
Packit |
40b132 |
pkits $certs/UserNoticeQualifierTest15EE.crt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="User Notice Qualifier Test16"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/UserNoticeQualifierTest16EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="User Notice Qualifier Test17"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/UserNoticeQualifierTest17EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="User Notice Qualifier Test18"; log_banner
|
|
Packit |
40b132 |
certImport PoliciesP12CACert
|
|
Packit |
40b132 |
crlImport PoliciesP12CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/UserNoticeQualifierTest18EE.crt \
|
|
Packit |
40b132 |
$certs/PoliciesP12CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="User Notice Qualifier Test19"; log_banner
|
|
Packit |
40b132 |
pkits $certs/UserNoticeQualifierTest19EE.crt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="CPS Pointer Qualifier Test20"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/CPSPointerQualifierTest20EE.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_RequireExplicitPolicy()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.9: Require Explicit Policy"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RequireExplicitPolicy Test1"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy10CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy10CACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy10subCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy10subCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy10subsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy10subsubCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy10subsubsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy10subsubsubCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidrequireExplicitPolicyTest1EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy10subsubsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy10subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy10subCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy10CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RequireExplicitPolicy Test2"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy5CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy5CACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy5subCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy5subCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy5subsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy5subsubCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy5subsubsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy5subsubsubCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidrequireExplicitPolicyTest2EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy5subsubsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy5subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy5subCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy5CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid RequireExplicitPolicy Test3"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy4CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy4CACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy4subCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy4subCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy4subsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy4subsubCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy4subsubsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy4subsubsubCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidrequireExplicitPolicyTest3EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy4subsubsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy4subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy4subCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy4CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RequireExplicitPolicy Test4"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy0CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy0CACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy0subCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy0subCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy0subsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy0subsubCACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy0subsubsubCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy0subsubsubCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidrequireExplicitPolicyTest4EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy0subsubsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy0subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy0subCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid RequireExplicitPolicy Test5"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy7CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy7CACRL.crl
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy7subCARE2Cert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy7subCARE2CRL.crl
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy7subsubCARE2RE4Cert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy7subsubCARE2RE4CRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy7subsubsubCARE2RE4Cert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy7subsubsubCARE2RE4CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidrequireExplicitPolicyTest5EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy7subCARE2Cert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy7CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Self-Issued RequireExplicitPolicy Test6"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy2CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test7"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy2CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy2CACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy2subCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy2subCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2subCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test8"; log_banner
|
|
Packit |
40b132 |
certImportn requireExplicitPolicy2CACert
|
|
Packit |
40b132 |
crlImportn requireExplicitPolicy2CACRL.crl
|
|
Packit |
40b132 |
certImport requireExplicitPolicy2subCACert
|
|
Packit |
40b132 |
crlImport requireExplicitPolicy2subCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2SelfIssuedsubCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2subCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/requireExplicitPolicy2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_PolicyMappings()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.10: Policy Mappings"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test1"; log_banner
|
|
Packit |
40b132 |
certImportn Mapping1to2CACert
|
|
Packit |
40b132 |
crlImportn Mapping1to2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest1EE.crt \
|
|
Packit |
40b132 |
$certs/Mapping1to2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Policy Mapping Test2"; log_banner
|
|
Packit |
40b132 |
certImportn Mapping1to2CACert
|
|
Packit |
40b132 |
crlImportn Mapping1to2CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidPolicyMappingTest2EE.crt \
|
|
Packit |
40b132 |
$certs/Mapping1to2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test3"; log_banner
|
|
Packit |
40b132 |
certImportn P12Mapping1to3CACert
|
|
Packit |
40b132 |
crlImportn P12Mapping1to3CACRL.crl
|
|
Packit |
40b132 |
certImportn P12Mapping1to3subCACert
|
|
Packit |
40b132 |
crlImportn P12Mapping1to3subCACRL.crl
|
|
Packit |
40b132 |
certImportn P12Mapping1to3subsubCACert
|
|
Packit |
40b132 |
crlImportn P12Mapping1to3subsubCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest3EE.crt \
|
|
Packit |
40b132 |
$certs/P12Mapping1to3subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/P12Mapping1to3subCACert.crt \
|
|
Packit |
40b132 |
$certs/P12Mapping1to3CA.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Policy Mapping Test4"; log_banner
|
|
Packit |
40b132 |
certImportn P12Mapping1to3CACert
|
|
Packit |
40b132 |
crlImportn P12Mapping1to3CACRL.crl
|
|
Packit |
40b132 |
certImportn P12Mapping1to3subCACert
|
|
Packit |
40b132 |
crlImportn P12Mapping1to3subCACRL.crl
|
|
Packit |
40b132 |
certImportn P12Mapping1to3subsubCACert
|
|
Packit |
40b132 |
crlImportn P12Mapping1to3subsubCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidPolicyMappingTest4EE.crt \
|
|
Packit |
40b132 |
$certs/P12Mapping1to3subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/P12Mapping1to3subCACert.crt \
|
|
Packit |
40b132 |
$certs/P12Mapping1to3CA.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test5"; log_banner
|
|
Packit |
40b132 |
certImportn P1Mapping1to234CACert
|
|
Packit |
40b132 |
crlImportn P1Mapping1to234CACRL.crl
|
|
Packit |
40b132 |
certImportn P1Mapping1to234subCACert
|
|
Packit |
40b132 |
crlImportn P1Mapping1to234subCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest5EE.crt \
|
|
Packit |
40b132 |
$certs/P1Mapping1to234subCACert.crt \
|
|
Packit |
40b132 |
$certs/P1Mapping1to234CA.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test6"; log_banner
|
|
Packit |
40b132 |
certImportn P1Mapping1to234CACert
|
|
Packit |
40b132 |
crlImportn P1Mapping1to234CACRL.crl
|
|
Packit |
40b132 |
certImportn P1Mapping1to234subCACert
|
|
Packit |
40b132 |
crlImportn P1Mapping1to234subCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest6EE.crt \
|
|
Packit |
40b132 |
$certs/P1Mapping1to234subCACert.crt \
|
|
Packit |
40b132 |
$certs/P1Mapping1to234CA.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Mapping from anyPolicy Test7"; log_banner
|
|
Packit |
40b132 |
certImportn MappingFromanyPolicyCACert
|
|
Packit |
40b132 |
crlImportn MappingFromanyPolicyCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidMappingFromanyPolicyTest7EE.crt \
|
|
Packit |
40b132 |
$certs/MappingFromanyPolicyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Mapping to anyPolicy Test8"; log_banner
|
|
Packit |
40b132 |
certImportn MappingToanyPolicyCACert
|
|
Packit |
40b132 |
crlImportn MappingToanyPolicyCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidMappingToanyPolicyTest8EE.crt \
|
|
Packit |
40b132 |
$certs/MappingToanyPolicyCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test9"; log_banner
|
|
Packit |
40b132 |
certImport PanyPolicyMapping1to2CACert
|
|
Packit |
40b132 |
crlImport PanyPolicyMapping1to2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest9EE.crt \
|
|
Packit |
40b132 |
$certs/PanyPolicyMapping1to2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Policy Mapping Test10"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
certImportn GoodsubCAPanyPolicyMapping1to2CACert
|
|
Packit |
40b132 |
crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidPolicyMappingTest10EE.crt \
|
|
Packit |
40b132 |
$certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test11"; log_banner
|
|
Packit |
40b132 |
certImport GoodCACert
|
|
Packit |
40b132 |
crlImport GoodCACRL.crl
|
|
Packit |
40b132 |
certImportn GoodsubCAPanyPolicyMapping1to2CACert
|
|
Packit |
40b132 |
crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest11EE.crt \
|
|
Packit |
40b132 |
$certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
|
|
Packit |
40b132 |
$certs/GoodCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test12"; log_banner
|
|
Packit |
40b132 |
certImportn P12Mapping1to3CACert
|
|
Packit |
40b132 |
crlImportn P12Mapping1to3CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest12EE.crt \
|
|
Packit |
40b132 |
$certs/P12Mapping1to3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test13"; log_banner
|
|
Packit |
40b132 |
certImportn P1anyPolicyMapping1to2CACert
|
|
Packit |
40b132 |
crlImportn P1anyPolicyMapping1to2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest13EE.crt \
|
|
Packit |
40b132 |
$certs/P1anyPolicyMapping1to2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Policy Mapping Test14"; log_banner
|
|
Packit |
40b132 |
certImportn P1anyPolicyMapping1to2CACert
|
|
Packit |
40b132 |
crlImportn P1anyPolicyMapping1to2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidPolicyMappingTest14EE.crt \
|
|
Packit |
40b132 |
$certs/P1anyPolicyMapping1to2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_InhibitPolicyMapping()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.11: Inhibit Policy Mapping"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitPolicyMapping Test1"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping0CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping0CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping0subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping0subCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitPolicyMappingTest1EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping0CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping0subCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid inhibitPolicyMapping Test2"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12subCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidinhibitPolicyMappingTest2EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12subCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitPolicyMapping Test3"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12subCACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12subsubCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitPolicyMappingTest3EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid inhibitPolicyMapping Test4"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12subCACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12subsubCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidinhibitPolicyMappingTest4EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12subCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitPolicyMapping Test5"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping5CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping5CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping5subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping5subCACRL.crl
|
|
Packit |
40b132 |
certImport inhibitPolicyMapping5subsubCACert
|
|
Packit |
40b132 |
crlImport inhibitPolicyMapping5subsubCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitPolicyMappingTest5EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping5subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping5subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping5CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitPolicyMapping Test6"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P12subCAIPM5Cert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12subCAIPM5CRL.crl
|
|
Packit |
40b132 |
certImport inhibitPolicyMapping1P12subsubCAIPM5Cert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P12subsubCAIPM5CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitPolicyMappingTest6EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P12CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Self-Issued inhibitPolicyMapping Test7"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1subCACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test8"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1subCACRL.crl
|
|
Packit |
40b132 |
certImport inhibitPolicyMapping1P1subsubCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test9"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1subCACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1subsubCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1subsubCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test10"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1subCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test11"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1CACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitPolicyMapping1P1subCACert
|
|
Packit |
40b132 |
crlImportn inhibitPolicyMapping1P1subCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitPolicyMapping1P1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_InhibitAnyPolicy()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.12: Inhibit Any Policy"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitAnyPolicy Test1"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy0CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy0CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitAnyPolicyTest1EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid inhibitAnyPolicy Test2"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy0CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy0CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidinhibitAnyPolicyTest2EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy0CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="inhibitAnyPolicy Test3"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1CACRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy1subCA1Cert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy1subCA1CRL.crl
|
|
Packit |
40b132 |
pkits $certs/inhibitAnyPolicyTest3EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1subCA1Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitAnyPolicy Test4"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1CACRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy1subCA1Cert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy1subCA1CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitAnyPolicyTest4EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1subCA1Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitAnyPolicy Test5"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy5CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy5CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy5subCACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy5subCACRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy5subsubCACert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy5subsubCACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy5CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy5subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy5subsubCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid inhibitAnyPolicy Test6"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1CACRL.crl
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1subCAIAP5Cert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1subCAIAP5CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy5subCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy5subsubCACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test7"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1CACRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy1subCA2Cert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy1subCA2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1subCA2Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test8"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1CACRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy1subCA2Cert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy1subCA2CRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy1subsubCA2Cert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy1subsubCA2CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1subsubCA2Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test9"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1CACRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy1subCA2Cert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy1subCA2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test10"; log_banner
|
|
Packit |
40b132 |
certImportn inhibitAnyPolicy1CACert
|
|
Packit |
40b132 |
crlImportn inhibitAnyPolicy1CACRL.crl
|
|
Packit |
40b132 |
certImport inhibitAnyPolicy1subCA2Cert
|
|
Packit |
40b132 |
crlImport inhibitAnyPolicy1subCA2CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1CACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/inhibitAnyPolicy1subCA2Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_NameConstraints()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.13: Name Constraints"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN nameConstraints Test1"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest1EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test2"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest2EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test3"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest3EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN nameConstraints Test4"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest4EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN nameConstraints Test5"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN2CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest5EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN nameConstraints Test6"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN3CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest6EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test7"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN3CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest7EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test8"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN4CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN4CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest8EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN4CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test9"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN4CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN4CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest9EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN4CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test10"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN5CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN5CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest10EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN5CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN nameConstraints Test11"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN5CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN5CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest11EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN5CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test12"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN1subCA1Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1subCA1CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest12EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1subCA1Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test13"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN1subCA2Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1subCA2CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest13EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN nameConstraints Test14"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN1subCA2Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1subCA2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest14EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test15"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN3CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN3subCA1Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3subCA1CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest15EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3subCA1Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test16"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN3CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN3subCA1Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3subCA1CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest16EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3subCA1Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN nameConstraints Test17"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN3CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN3subCA2Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3subCA2CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest17EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN nameConstraints Test18"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN3CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN3subCA2Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN3subCA2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest18EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3subCA2Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN3CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
### bug 232737 ###
|
|
Packit |
40b132 |
if [ -n "${KNOWN_BUG}" ]; then
|
|
Packit |
40b132 |
VFY_ACTION="Valid Self-Issued DN nameConstraints Test19"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNnameConstraintsTest19EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1SelfIssuedCACert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Self-Issued DN nameConstraints Test20"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNnameConstraintsTest20EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RFC822 nameConstraints Test21"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsRFC822CA1Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsRFC822CA1CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidRFC822nameConstraintsTest21EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsRFC822CA1Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid RFC822 nameConstraints Test22"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsRFC822CA1Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsRFC822CA1CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidRFC822nameConstraintsTest22EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsRFC822CA1Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RFC822 nameConstraints Test23"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsRFC822CA2Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsRFC822CA2CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidRFC822nameConstraintsTest23EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsRFC822CA2Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid RFC822 nameConstraints Test24"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsRFC822CA2Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsRFC822CA2CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidRFC822nameConstraintsTest24EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsRFC822CA2Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid RFC822 nameConstraints Test25"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsRFC822CA3Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsRFC822CA3CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidRFC822nameConstraintsTest25EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsRFC822CA3Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid RFC822 nameConstraints Test26"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsRFC822CA3Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsRFC822CA3CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidRFC822nameConstraintsTest26EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsRFC822CA3Cert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DN and RFC822 nameConstraints Test27"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN1subCA3Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1subCA3CRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNandRFC822nameConstraintsTest27EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1subCA3Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN and RFC822 nameConstraints Test28"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN1subCA3Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1subCA3CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNandRFC822nameConstraintsTest28EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1subCA3Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DN and RFC822 nameConstraints Test29"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDN1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1CACRL.crl
|
|
Packit |
40b132 |
certImport nameConstraintsDN1subCA3Cert
|
|
Packit |
40b132 |
crlImport nameConstraintsDN1subCA3CRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNandRFC822nameConstraintsTest29EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1subCA3Cert.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDN1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DNS nameConstraints Test30"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDNS1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDNS1CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNSnameConstraintsTest30EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDNS1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DNS nameConstraints Test31"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDNS1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDNS1CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNSnameConstraintsTest31EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDNS1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid DNS nameConstraints Test32"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDNS2CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDNS2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidDNSnameConstraintsTest32EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDNS2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DNS nameConstraints Test33"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDNS2CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDNS2CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNSnameConstraintsTest33EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDNS2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid URI nameConstraints Test34"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsURI1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsURI1CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidURInameConstraintsTest34EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsURI1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid URI nameConstraints Test35"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsURI1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsURI1CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidURInameConstraintsTest35EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsURI1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid URI nameConstraints Test36"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsURI2CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsURI2CACRL.crl
|
|
Packit |
40b132 |
pkits $certs/ValidURInameConstraintsTest36EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsURI2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid URI nameConstraints Test37"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsURI2CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsURI2CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidURInameConstraintsTest37EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsURI2CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid DNS nameConstraints Test38"; log_banner
|
|
Packit |
40b132 |
certImport nameConstraintsDNS1CACert
|
|
Packit |
40b132 |
crlImport nameConstraintsDNS1CACRL.crl
|
|
Packit |
40b132 |
pkitsn $certs/InvalidDNSnameConstraintsTest38EE.crt \
|
|
Packit |
40b132 |
$certs/nameConstraintsDNS1CACert.crt
|
|
Packit |
40b132 |
restore_db
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
pkits_PvtCertExtensions()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
break_table "NIST PKITS Section 4.16: Private Certificate Extensions"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Valid Unknown Not Critical Certificate Extension Test1"; log_banner
|
|
Packit |
40b132 |
pkits $certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
VFY_ACTION="Invalid Unknown Critical Certificate Extension Test2"; log_banner
|
|
Packit |
40b132 |
pkitsn $certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
############################## pkits_cleanup ###########################
|
|
Packit |
40b132 |
# local shell function to finish this script (no exit since it might be
|
|
Packit |
40b132 |
# sourced)
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
pkits_cleanup()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
html "
"
|
|
Packit |
40b132 |
cd ${QADIR}
|
|
Packit |
40b132 |
. common/cleanup.sh
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
################################## main ################################
|
|
Packit |
40b132 |
pkits_init
|
|
Packit |
40b132 |
pkits_SignatureVerification | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_ValidityPeriods | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_NameChaining | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_BasicCertRevocation | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_PathVerificWithSelfIssuedCerts | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_BasicConstraints | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_KeyUsage | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
if [ -n "$NSS_PKITS_POLICIES" ]; then
|
|
Packit |
40b132 |
pkits_CertificatePolicies | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_RequireExplicitPolicy | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_PolicyMappings | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_InhibitPolicyMapping | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_InhibitAnyPolicy | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
pkits_NameConstraints | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_PvtCertExtensions | tee -a $PKITS_LOG
|
|
Packit |
40b132 |
pkits_cleanup
|
|
Packit |
40b132 |
|