The Tor Browser / file comparison

comparison: security/nss/tests/pkits/pkits.sh

security/nss/tests/pkits/pkits.sh

changeset 0
6474c204b198
equal deleted inserted replaced
-1:000000000000 0:4b39df61caa4
1 #!/bin/bash
2 #
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7 ########################################################################
8 #
9 # mozilla/security/nss/tests/pkits/pkits.sh
10 #
11 # Script to test the NIST PKITS tests
12 #
13 # needs to work on all Unix and Windows platforms
14 #
15 # tests implemented:
16 # vfychain
17 #
18 # special NOTES
19 # ---------------
20 # NIST PKITS data needs to be downloaded from
21 # http://csrc.nist.gov/pki/testing/x509paths.html
22 # Environment variable PKITS_DATA needs to be set to the directory
23 # where this data is downloaded, or test data needs to be copied under
24 # the mozilla source tree in mozilla/PKITS_DATA
25 ########################################################################
26
27 ############################## pkits_init ##############################
28 # local shell function to initialize this script
29 ########################################################################
30 pkits_init()
31 {
32 SCRIPTNAME=pkits.sh
33
34 if [ -z "${CLEANUP}" ] ; then
35 CLEANUP="${SCRIPTNAME}"
36 fi
37
38 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
39 cd ../common
40 . ./init.sh
41 fi
42
43 if [ -z "${PKITS_DATA}" ]; then
44 echo "${SCRIPTNAME}: PKITS data directory not defined, skipping."
45 exit 0
46 fi
47
48 if [ ! -d "${PKITS_DATA}" ]; then
49 echo "${SCRIPTNAME}: PKITS data directory ${PKITS_DATA} doesn't exist, skipping."
50 exit 0
51 fi
52
53 PKITSDIR=${HOSTDIR}/pkits
54
55 COPYDIR=${PKITSDIR}/copydir
56
57 mkdir -p ${PKITSDIR}
58 mkdir -p ${COPYDIR}
59 mkdir -p ${PKITSDIR}/html
60
61 certs=${PKITS_DATA}/certs
62 crls=${PKITS_DATA}/crls
63
64 cd ${PKITSDIR}
65
66 PKITSdb=${PKITSDIR}/PKITSdb
67 PKITSbkp=${PKITSDIR}/PKITSbkp
68
69 PKITS_LOG=${PKITSDIR}/pkits.log #getting its own logfile
70 pkits_log "Start of logfile $PKITS_LOG"
71
72 if [ ! -d "${PKITSdb}" ]; then
73 mkdir -p ${PKITSdb}
74 else
75 pkits_log "$SCRIPTNAME: WARNING - ${PKITSdb} exists"
76 fi
77
78 if [ ! -d "${PKITSbkp}" ]; then
79 mkdir -p ${PKITSbkp}
80 else
81 pkits_log "$SCRIPTNAME: WARNING - ${PKITSbkp} exists"
82 fi
83
84 echo "HOSTDIR" $HOSTDIR
85 echo "PKITSDIR" $PKITSDIR
86 echo "PKITSdb" $PKITSdb
87 echo "PKITSbkp" $PKITSbkp
88 echo "PKITS_DATA" $PKITS_DATA
89 echo "certs" $certs
90 echo "crls" $crls
91
92 echo nss > ${PKITSdb}/pw
93 ${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
94
95 ${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
96 $certs/TrustAnchorRootCertificate.crt -d $PKITSdb
97 if [ -z "$NSS_NO_PKITS_CRLS" ]; then
98 ${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
99 else
100 html "<H3>NO CRLs are being used.</H3>"
101 pkits_log "NO CRLs are being used."
102 fi
103
104 cp ${PKITSdb}/* ${PKITSbkp}
105
106 KNOWN_BUG=
107 }
108
109 ############################### pkits_log ##############################
110 # write to pkits.log file
111 ########################################################################
112 pkits_log()
113 {
114 echo "$SCRIPTNAME $*"
115 echo $* >> ${PKITS_LOG}
116 }
117
118 restore_db()
119 {
120 echo "Restore DB"
121 rm ${PKITSdb}/*
122 cp ${PKITSbkp}/* ${PKITSdb}
123 }
124
125 log_banner()
126 {
127 echo ""
128 echo "--------------------------------------------------------------------"
129 echo "Test case ${VFY_ACTION}"
130 echo ""
131 }
132
133 start_table()
134 {
135 html "<TABLE BORDER=1><TR><TH COLSPAN=3>$*</TH></TR>"
136 html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>"
137 echo ""
138 echo "***************************************************************"
139 echo "$*"
140 echo "***************************************************************"
141 }
142
143 break_table()
144 {
145 html "</TABLE><P>"
146 start_table "$@"
147 }
148
149 ################################ pkits #################################
150 # local shell function for positive testcases, calls vfychain, writes
151 # action and options to stdout, sets variable RET and writes results to
152 # the html file results
153 ########################################################################
154 pkits()
155 {
156 echo "vfychain -d $PKITSdb -u 4 $*"
157 ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
158 RET=$?
159 CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
160 RET=`expr ${RET} + ${CNT}`
161 cat ${PKITSDIR}/cmdout.txt
162
163 if [ "$RET" -ne 0 ]; then
164 html_failed "${VFY_ACTION} ($RET) "
165 pkits_log "ERROR: ${VFY_ACTION} failed $RET"
166 else
167 html_passed "${VFY_ACTION}"
168 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
169 fi
170
171 return $RET
172 }
173
174 ################################ pkitsn #################################
175 # local shell function for negative testcases, calls vfychain, writes
176 # action and options to stdout, sets variable RET and writes results to
177 # the html file results
178 ########################################################################
179 pkitsn()
180 {
181 echo "vfychain -d $PKITSdb -u 4 $*"
182 ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
183 RET=$?
184 CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
185 RET=`expr ${RET} + ${CNT}`
186 cat ${PKITSDIR}/cmdout.txt
187
188 if [ "$RET" -eq 0 ]; then
189 html_failed "${VFY_ACTION} ($RET) "
190 pkits_log "ERROR: ${VFY_ACTION} failed $RET"
191 else
192 html_passed "${VFY_ACTION} ($RET) "
193 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
194 fi
195 return $RET
196 }
197
198 ################################ crlImport #############################
199 # local shell function to import a CRL, calls crlutil -I -i, writes
200 # action and options to stdout
201 ########################################################################
202 crlImport()
203 {
204 if [ -z "$NSS_NO_PKITS_CRLS" ]; then
205 echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
206 ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
207 RET=$?
208 cat ${PKITSDIR}/cmdout.txt
209
210 if [ "$RET" -ne 0 ]; then
211 html_failed "${VFY_ACTION} ($RET) "
212 pkits_log "ERROR: ${VFY_ACTION} failed $RET"
213 fi
214 fi
215 }
216
217 ################################ crlImportn #############################
218 # local shell function to import an incorrect CRL, calls crlutil -I -i,
219 # writes action and options to stdout
220 ########################################################################
221 crlImportn()
222 {
223 RET=0
224 if [ -z "$NSS_NO_PKITS_CRLS" ]; then
225 echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
226 ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
227 RET=$?
228 cat ${PKITSDIR}/cmdout.txt
229
230 if [ "$RET" -eq 0 ]; then
231 html_failed "${VFY_ACTION} ($RET) "
232 pkits_log "ERROR: ${VFY_ACTION} failed $RET"
233 else
234 html_passed "${VFY_ACTION} ($RET) "
235 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
236 fi
237 fi
238 return $RET
239 }
240
241 ################################ certImport #############################
242 # local shell function to import a Cert, calls certutil -A, writes
243 # action and options to stdout
244 ########################################################################
245 certImport()
246 {
247 echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
248 ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
249 RET=$?
250 cat ${PKITSDIR}/cmdout.txt
251
252 if [ "$RET" -ne 0 ]; then
253 html_failed "${VFY_ACTION} ($RET) "
254 pkits_log "ERROR: ${VFY_ACTION} failed $RET"
255 fi
256 }
257
258 ################################ certImportn #############################
259 # local shell function to import an incorrect Cert, calls certutil -A,
260 # writes action and options to stdout
261 ########################################################################
262 certImportn()
263 {
264 RET=0
265 if [ -z "$NSS_NO_PKITS_CRLS" ]; then
266 echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
267 ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
268 RET=$?
269 cat ${PKITSDIR}/cmdout.txt
270
271 if [ "$RET" -eq 0 ]; then
272 html_failed "${VFY_ACTION} ($RET) "
273 pkits_log "ERROR: ${VFY_ACTION} failed $RET"
274 else
275 html_passed "${VFY_ACTION} ($RET) "
276 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
277 fi
278 fi
279 }
280
281 ############################## pkits_tests_bySection ###################
282 # running the various PKITS tests
283 ########################################################################
284 pkits_SignatureVerification()
285 {
286 start_table "NIST PKITS Section 4.1: Signature Verification"
287
288 VFY_ACTION="Valid Signatures Test1"; log_banner
289 certImport GoodCACert
290 crlImport GoodCACRL.crl
291 pkits $certs/ValidCertificatePathTest1EE.crt $certs/GoodCACert.crt
292 restore_db
293
294 VFY_ACTION="Invalid CA Signature Test2"; log_banner
295 certImport BadSignedCACert
296 crlImport BadSignedCACRL.crl
297 pkitsn $certs/InvalidCASignatureTest2EE.crt \
298 $certs/BadSignedCACert.crt
299 restore_db
300
301 VFY_ACTION="Invalid EE Signature Test3"; log_banner
302 certImport GoodCACert
303 crlImport GoodCACRL.crl
304 pkitsn $certs/InvalidEESignatureTest3EE.crt $certs/GoodCACert.crt
305 restore_db
306
307 VFY_ACTION="Valid DSA Signatures Test4"; log_banner
308 certImport DSACACert
309 crlImport DSACACRL.crl
310 pkits $certs/ValidDSASignaturesTest4EE.crt $certs/DSACACert.crt
311 restore_db
312
313 VFY_ACTION="Valid DSA Parameter Inheritance Test5"; log_banner
314 certImport DSACACert
315 crlImport DSACACRL.crl
316 certImport DSAParametersInheritedCACert
317 crlImport DSAParametersInheritedCACRL.crl
318 pkits $certs/ValidDSAParameterInheritanceTest5EE.crt \
319 $certs/DSAParametersInheritedCACert.crt \
320 $certs/DSACACert.crt
321 restore_db
322
323 VFY_ACTION="Invalid DSA Signature Test6"; log_banner
324 certImport DSACACert
325 crlImport DSACACRL.crl
326 pkitsn $certs/InvalidDSASignatureTest6EE.crt $certs/DSACACert.crt
327 restore_db
328 }
329
330 pkits_ValidityPeriods()
331 {
332 break_table "NIST PKITS Section 4.2: Validity Periods"
333
334 VFY_ACTION="Invalid CA notBefore Date Test1"; log_banner
335 certImport BadnotBeforeDateCACert
336 crlImportn BadnotBeforeDateCACRL.crl
337 if [ $RET -eq 0 ] ; then
338 pkitsn $certs/InvalidCAnotBeforeDateTest1EE.crt \
339 $certs/BadnotBeforeDateCACert.crt
340 fi
341 restore_db
342
343 VFY_ACTION="Invalid EE notBefore Date Test2"; log_banner
344 certImport GoodCACert
345 crlImport GoodCACRL.crl
346 pkitsn $certs/InvalidEEnotBeforeDateTest2EE.crt \
347 $certs/GoodCACert.crt
348 restore_db
349
350 VFY_ACTION="Valid pre2000 UTC notBefore Date Test3"; log_banner
351 certImport GoodCACert
352 crlImport GoodCACRL.crl
353 pkits $certs/Validpre2000UTCnotBeforeDateTest3EE.crt \
354 $certs/GoodCACert.crt
355 restore_db
356
357 VFY_ACTION="Valid GeneralizedTime notBefore Date Test4"; log_banner
358 certImport GoodCACert
359 crlImport GoodCACRL.crl
360 pkits $certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt \
361 $certs/GoodCACert.crt
362 restore_db
363
364 VFY_ACTION="Invalid CA notAfter Date Test5"; log_banner
365 certImport BadnotAfterDateCACert
366 crlImportn BadnotAfterDateCACRL.crl
367 if [ $RET -eq 0 ] ; then
368 pkitsn $certs/InvalidCAnotAfterDateTest5EE.crt \
369 $certs/BadnotAfterDateCACert.crt
370 fi
371 restore_db
372
373 VFY_ACTION="Invalid EE notAfter Date Test6"; log_banner
374 certImport GoodCACert
375 crlImport GoodCACRL.crl
376 pkitsn $certs/InvalidEEnotAfterDateTest6EE.crt \
377 $certs/GoodCACert.crt
378 restore_db
379
380 VFY_ACTION="Invalid pre2000 UTC EE notAfter Date Test7"; log_banner
381 certImport GoodCACert
382 crlImport GoodCACRL.crl
383 pkitsn $certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt \
384 $certs/GoodCACert.crt
385 restore_db
386
387 VFY_ACTION="ValidGeneralizedTime notAfter Date Test8"; log_banner
388 certImport GoodCACert
389 crlImport GoodCACRL.crl
390 pkits $certs/ValidGeneralizedTimenotAfterDateTest8EE.crt \
391 $certs/GoodCACert.crt
392 restore_db
393 }
394
395 pkits_NameChaining()
396 {
397 break_table "NIST PKITS Section 4.3: Verifying NameChaining"
398
399 VFY_ACTION="Invalid Name Chaining EE Test1"; log_banner
400 certImport GoodCACert
401 crlImport GoodCACRL.crl
402 pkitsn $certs/InvalidNameChainingTest1EE.crt \
403 $certs/GoodCACert.crt
404 restore_db
405
406 VFY_ACTION="Invalid Name Chaining Order Test2"; log_banner
407 certImport NameOrderingCACert
408 crlImport NameOrderCACRL.crl
409 pkitsn $certs/InvalidNameChainingOrderTest2EE.crt \
410 $certs/NameOrderingCACert.crt
411 restore_db
412
413 ### bug 216123 ###
414 if [ -n "${KNOWN_BUG}" ]; then
415 VFY_ACTION="Valid Name Chaining Whitespace Test3"; log_banner
416 certImport GoodCACert
417 crlImport GoodCACRL.crl
418 pkits $certs/ValidNameChainingWhitespaceTest3EE.crt \
419 $certs/GoodCACert.crt
420 restore_db
421
422 VFY_ACTION="Valid Name Chaining Whitespace Test4"; log_banner
423 certImport GoodCACert
424 crlImport GoodCACRL.crl
425 pkits $certs/ValidNameChainingWhitespaceTest4EE.crt \
426 $certs/GoodCACert.crt
427 restore_db
428
429 VFY_ACTION="Valid Name Chaining Capitalization Test5"; log_banner
430 certImport GoodCACert
431 crlImport GoodCACRL.crl
432 pkits $certs/ValidNameChainingCapitalizationTest5EE.crt \
433 $certs/GoodCACert.crt
434 restore_db
435 fi
436
437 VFY_ACTION="Valid Name Chaining UIDs Test6"; log_banner
438 certImport UIDCACert
439 crlImport UIDCACRL.crl
440 pkits $certs/ValidNameUIDsTest6EE.crt $certs/UIDCACert.crt
441 restore_db
442
443 VFY_ACTION="Valid RFC3280 Mandatory Attribute Types Test7"; log_banner
444 certImport RFC3280MandatoryAttributeTypesCACert
445 crlImport RFC3280MandatoryAttributeTypesCACRL.crl
446 pkits $certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt \
447 $certs/RFC3280MandatoryAttributeTypesCACert.crt
448 restore_db
449
450 VFY_ACTION="Valid RFC3280 Optional Attribute Types Test8"; log_banner
451 certImport RFC3280OptionalAttributeTypesCACert
452 crlImport RFC3280OptionalAttributeTypesCACRL.crl
453 pkits $certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt \
454 $certs/RFC3280OptionalAttributeTypesCACert.crt
455 restore_db
456
457 VFY_ACTION="Valid UTF8String Encoded Names Test9"; log_banner
458 certImport UTF8StringEncodedNamesCACert
459 crlImport UTF8StringEncodedNamesCACRL.crl
460 pkits $certs/ValidUTF8StringEncodedNamesTest9EE.crt \
461 $certs/UTF8StringEncodedNamesCACert.crt
462 restore_db
463
464 ### bug 216123 ###
465 if [ -n "${KNOWN_BUG}" ]; then
466 VFY_ACTION="Valid Rollover from PrintableString to UTF8String Test10"; log_banner
467 certImport RolloverfromPrintableStringtoUTF8StringCACert
468 crlImport RolloverfromPrintableStringtoUTF8StringCACRL.crl
469 pkits $certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt \
470 $certs/RolloverfromPrintableStringtoUTF8StringCACert.crt
471 restore_db
472
473 VFY_ACTION="Valid UTF8String case Insensitive Match Test11"; log_banner
474 certImport UTF8StringCaseInsensitiveMatchCACert
475 crlImport UTF8StringCaseInsensitiveMatchCACRL.crl
476 pkits $certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt \
477 $certs/UTF8StringCaseInsensitiveMatchCACert.crt
478 restore_db
479 fi
480 }
481
482 pkits_BasicCertRevocation()
483 {
484 break_table "NIST PKITS Section 4.4: Basic Certificate Revocation Tests"
485
486 ### bug 414556 ###
487 if [ -n "${KNOWN_BUG}" ]; then
488 VFY_ACTION="Missing CRL Test1"; log_banner
489 pkitsn $certs/InvalidMissingCRLTest1EE.crt \
490 $certs/NoCRLCACert.crt
491 fi
492
493 VFY_ACTION="Invalid Revoked CA Test2"; log_banner
494 certImport RevokedsubCACert
495 crlImport RevokedsubCACRL.crl
496 certImport GoodCACert
497 crlImport GoodCACRL.crl
498 pkitsn $certs/InvalidRevokedCATest2EE.crt \
499 $certs/RevokedsubCACert.crt $certs/GoodCACert.crt
500 restore_db
501
502 VFY_ACTION="Invalid Revoked EE Test3"; log_banner
503 certImport GoodCACert
504 crlImport GoodCACRL.crl
505 pkitsn $certs/InvalidRevokedEETest3EE.crt \
506 $certs/GoodCACert.crt
507 restore_db
508
509 VFY_ACTION="Invalid Bad CRL Signature Test4"; log_banner
510 certImport BadCRLSignatureCACert
511 crlImportn BadCRLSignatureCACRL.crl
512 if [ $RET -eq 0 ] ; then
513 pkitsn $certs/InvalidBadCRLSignatureTest4EE.crt \
514 $certs/BadCRLSignatureCACert.crt
515 fi
516 restore_db
517
518 VFY_ACTION="Invalid Bad CRL Issuer Name Test5"; log_banner
519 certImport BadCRLIssuerNameCACert
520 crlImportn BadCRLIssuerNameCACRL.crl
521 if [ $RET -eq 0 ] ; then
522 pkitsn $certs/InvalidBadCRLIssuerNameTest5EE.crt \
523 $certs/BadCRLIssuerNameCACert.crt
524 fi
525 restore_db
526
527 ### bug 414556 ###
528 if [ -n "${KNOWN_BUG}" ]; then
529 VFY_ACTION="Invalid Wrong CRL Test6"; log_banner
530 certImport WrongCRLCACert
531 crlImport WrongCRLCACRL.crl
532 pkitsn $certs/InvalidWrongCRLTest6EE.crt \
533 $certs/WrongCRLCACert.crt
534 restore_db
535 fi
536
537 VFY_ACTION="Valid Two CRLs Test7"; log_banner
538 certImport TwoCRLsCACert
539 crlImport TwoCRLsCAGoodCRL.crl
540 crlImportn TwoCRLsCABadCRL.crl
541 pkits $certs/ValidTwoCRLsTest7EE.crt \
542 $certs/TwoCRLsCACert.crt
543 restore_db
544
545 VFY_ACTION="Invalid Unknown CRL Entry Extension Test8"; log_banner
546 certImport UnknownCRLEntryExtensionCACert
547 crlImportn UnknownCRLEntryExtensionCACRL.crl
548 if [ $RET -eq 0 ] ; then
549 pkitsn $certs/InvalidUnknownCRLEntryExtensionTest8EE.crt \
550 $certs/UnknownCRLEntryExtensionCACert.crt
551 fi
552 restore_db
553
554 VFY_ACTION="Invalid Unknown CRL Extension Test9"; log_banner
555 certImport UnknownCRLExtensionCACert
556 crlImportn UnknownCRLExtensionCACRL.crl
557 if [ $RET -eq 0 ] ; then
558 pkitsn $certs/InvalidUnknownCRLExtensionTest9EE.crt \
559 $certs/UnknownCRLExtensionCACert.crt
560 fi
561 restore_db
562
563 VFY_ACTION="Invalid Unknown CRL Extension Test10"; log_banner
564 certImport UnknownCRLExtensionCACert
565 crlImportn UnknownCRLExtensionCACRL.crl
566 if [ $RET -eq 0 ] ; then
567 pkitsn $certs/InvalidUnknownCRLExtensionTest10EE.crt \
568 $certs/UnknownCRLExtensionCACert.crt
569 fi
570 restore_db
571
572 ### bug 414563 ###
573 if [ -n "${KNOWN_BUG}" ]; then
574 VFY_ACTION="Invalid Old CRL nextUpdate Test11"; log_banner
575 certImport OldCRLnextUpdateCACert
576 crlImport OldCRLnextUpdateCACRL.crl
577 pkitsn $certs/InvalidOldCRLnextUpdateTest11EE.crt \
578 $certs/OldCRLnextUpdateCACert.crt
579 restore_db
580
581 VFY_ACTION="Invalid pre2000 CRL nextUpdate Test12"; log_banner
582 certImport pre2000CRLnextUpdateCACert
583 crlImport pre2000CRLnextUpdateCACRL.crl
584 pkitsn $certs/Invalidpre2000CRLnextUpdateTest12EE.crt \
585 $certs/pre2000CRLnextUpdateCACert.crt
586 restore_db
587 fi
588
589 VFY_ACTION="Valid GeneralizedTime CRL nextUpdate Test13"; log_banner
590 certImport GeneralizedTimeCRLnextUpdateCACert
591 crlImport GeneralizedTimeCRLnextUpdateCACRL.crl
592 pkits $certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt \
593 $certs/GeneralizedTimeCRLnextUpdateCACert.crt
594 restore_db
595
596 VFY_ACTION="Valid Negative Serial Number Test14"; log_banner
597 certImport NegativeSerialNumberCACert
598 crlImport NegativeSerialNumberCACRL.crl
599 pkits $certs/ValidNegativeSerialNumberTest14EE.crt \
600 $certs/NegativeSerialNumberCACert.crt
601 restore_db
602
603 VFY_ACTION="Invalid Negative Serial Number Test15"; log_banner
604 certImport NegativeSerialNumberCACert
605 crlImport NegativeSerialNumberCACRL.crl
606 pkitsn $certs/InvalidNegativeSerialNumberTest15EE.crt \
607 $certs/NegativeSerialNumberCACert.crt
608 restore_db
609
610 VFY_ACTION="Valid Long Serial Number Test16"; log_banner
611 certImport LongSerialNumberCACert
612 crlImport LongSerialNumberCACRL.crl
613 pkits $certs/ValidLongSerialNumberTest16EE.crt \
614 $certs/LongSerialNumberCACert.crt
615 restore_db
616
617 VFY_ACTION="Valid Long Serial Number Test17"; log_banner
618 certImport LongSerialNumberCACert
619 crlImport LongSerialNumberCACRL.crl
620 pkits $certs/ValidLongSerialNumberTest17EE.crt \
621 $certs/LongSerialNumberCACert.crt
622 restore_db
623
624 VFY_ACTION="Invalid Long Serial Number Test18"; log_banner
625 certImport LongSerialNumberCACert
626 crlImport LongSerialNumberCACRL.crl
627 pkitsn $certs/InvalidLongSerialNumberTest18EE.crt \
628 $certs/LongSerialNumberCACert.crt
629 restore_db
630
631 ### bug 232737 ###
632 if [ -n "${KNOWN_BUG}" ]; then
633 VFY_ACTION="Valid Separate Certificate and CRL Keys Test19"; log_banner
634 certImport SeparateCertificateandCRLKeysCertificateSigningCACert
635 certImport SeparateCertificateandCRLKeysCRLSigningCert
636 crlImport SeparateCertificateandCRLKeysCRL.crl
637 pkits $certs/ValidSeparateCertificateandCRLKeysTest19EE.crt \
638 $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
639 restore_db
640
641 VFY_ACTION="Invalid Separate Certificate and CRL Keys Test20"; log_banner
642 certImport SeparateCertificateandCRLKeysCertificateSigningCACert
643 certImport SeparateCertificateandCRLKeysCRLSigningCert
644 crlImport SeparateCertificateandCRLKeysCRL.crl
645 pkits $certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt \
646 $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
647 restore_db
648
649 VFY_ACTION="Invalid Separate Certificate and CRL Keys Test21"; log_banner
650 certImport SeparateCertificateandCRLKeysCA2CertificateSigningCACert
651 certImport SeparateCertificateandCRLKeysCA2CRLSigningCert
652 crlImport SeparateCertificateandCRLKeysCA2CRL.crl
653 pkits $certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt \
654 $certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
655 restore_db
656 fi
657 }
658
659 pkits_PathVerificWithSelfIssuedCerts()
660 {
661 break_table "NIST PKITS Section 4.5: Self-Issued Certificates"
662
663 ### bug 232737 ###
664 if [ -n "${KNOWN_BUG}" ]; then
665 VFY_ACTION="Valid Basic Self-Issued Old With New Test1"; log_banner
666 certImport BasicSelfIssuedNewKeyCACert
667 crlImport BasicSelfIssuedNewKeyCACRL.crl
668 pkits $certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt \
669 $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
670 $certs/BasicSelfIssuedNewKeyCACert.crt
671 restore_db
672
673 VFY_ACTION="Invalid Basic Self-Issued Old With New Test2"; log_banner
674 certImport BasicSelfIssuedNewKeyCACert
675 crlImport BasicSelfIssuedNewKeyCACRL.crl
676 pkitsn $certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt \
677 $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
678 $certs/BasicSelfIssuedNewKeyCACert.crt
679 restore_db
680 fi
681
682 ### bugs 321755 & 418769 ###
683 if [ -n "${KNOWN_BUG}" ]; then
684 VFY_ACTION="Valid Basic Self-Issued New With Old Test3"; log_banner
685 certImport BasicSelfIssuedOldKeyCACert
686 crlImport BasicSelfIssuedOldKeyCACRL.crl
687 pkits $certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt \
688 $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
689 $certs/BasicSelfIssuedOldKeyCACert.crt
690 restore_db
691
692 VFY_ACTION="Valid Basic Self-Issued New With Old Test4"; log_banner
693 certImport BasicSelfIssuedOldKeyCACert
694 crlImport BasicSelfIssuedOldKeyCACRL.crl
695 pkits $certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt \
696 $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
697 $certs/BasicSelfIssuedOldKeyCACert.crt
698 restore_db
699
700 VFY_ACTION="Invalid Basic Self-Issued New With Old Test5"; log_banner
701 certImport BasicSelfIssuedOldKeyCACert
702 crlImport BasicSelfIssuedOldKeyCACRL.crl
703 pkitsn $certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt \
704 $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
705 $certs/BasicSelfIssuedOldKeyCACert.crt
706 restore_db
707
708 VFY_ACTION="Valid Basic Self-Issued CRL Signing Key Test6"; log_banner
709 certImport BasicSelfIssuedCRLSigningKeyCACert
710 crlImport BasicSelfIssuedOldKeyCACRL.crl
711 pkits $certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt \
712 $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
713 $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
714 restore_db
715
716 VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test7"; log_banner
717 certImport BasicSelfIssuedCRLSigningKeyCACert
718 crlImport BasicSelfIssuedOldKeyCACRL.crl
719 pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt \
720 $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
721 $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
722 restore_db
723
724 VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test8"; log_banner
725 certImport BasicSelfIssuedCRLSigningKeyCACert
726 crlImport BasicSelfIssuedOldKeyCACRL.crl
727 pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt \
728 $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
729 $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
730 restore_db
731 fi
732 }
733
734 pkits_BasicConstraints()
735 {
736 break_table "NIST PKITS Section 4.6: Verifying Basic Constraints"
737
738 VFY_ACTION="Invalid Missing basicConstraints Test1"; log_banner
739 certImport MissingbasicConstraintsCACert
740 crlImport MissingbasicConstraintsCACRL.crl
741 pkitsn $certs/InvalidMissingbasicConstraintsTest1EE.crt \
742 $certs/MissingbasicConstraintsCACert.crt
743 restore_db
744
745 VFY_ACTION="Invalid cA False Test2"; log_banner
746 certImport basicConstraintsCriticalcAFalseCACert
747 crlImport basicConstraintsCriticalcAFalseCACRL.crl
748 pkitsn $certs/InvalidcAFalseTest2EE.crt \
749 $certs/basicConstraintsCriticalcAFalseCACert.crt
750 restore_db
751
752 VFY_ACTION="Invalid cA False Test3"; log_banner
753 certImport basicConstraintsNotCriticalcAFalseCACert
754 crlImport basicConstraintsNotCriticalcAFalseCACRL.crl
755 pkitsn $certs/InvalidcAFalseTest3EE.crt \
756 $certs/basicConstraintsNotCriticalcAFalseCACert.crt
757 restore_db
758
759 VFY_ACTION="Valid basicConstraints Not Critical Test4"; log_banner
760 certImport basicConstraintsNotCriticalCACert
761 crlImport basicConstraintsNotCriticalCACRL.crl
762 pkits $certs/ValidbasicConstraintsNotCriticalTest4EE.crt \
763 $certs/basicConstraintsNotCriticalCACert.crt
764 restore_db
765
766 VFY_ACTION="Invalid pathLenConstraint Test5"; log_banner
767 certImport pathLenConstraint0CACert
768 crlImport pathLenConstraint0CACRL.crl
769 certImport pathLenConstraint0subCACert
770 crlImport pathLenConstraint0subCACRL.crl
771 pkitsn $certs/InvalidpathLenConstraintTest5EE.crt \
772 $certs/pathLenConstraint0subCACert.crt \
773 $certs/pathLenConstraint0CACert.crt
774 restore_db
775
776 VFY_ACTION="Invalid pathLenConstraint Test6"; log_banner
777 certImport pathLenConstraint0CACert
778 crlImport pathLenConstraint0CACRL.crl
779 certImport pathLenConstraint0subCACert
780 crlImport pathLenConstraint0subCACRL.crl
781 pkitsn $certs/InvalidpathLenConstraintTest6EE.crt \
782 $certs/pathLenConstraint0subCACert.crt \
783 $certs/pathLenConstraint0CACert.crt
784 restore_db
785
786 VFY_ACTION="Valid pathLenConstraint Test7"; log_banner
787 certImport pathLenConstraint0CACert
788 crlImport pathLenConstraint0CACRL.crl
789 pkits $certs/ValidpathLenConstraintTest7EE.crt \
790 $certs/pathLenConstraint0CACert.crt
791 restore_db
792
793 VFY_ACTION="Valid pathLenConstraint test8"; log_banner
794 certImport pathLenConstraint0CACert
795 crlImport pathLenConstraint0CACRL.crl
796 pkits $certs/ValidpathLenConstraintTest8EE.crt \
797 $certs/pathLenConstraint0CACert.crt
798 restore_db
799
800 VFY_ACTION="Invalid pathLenConstraint Test9"; log_banner
801 certImport pathLenConstraint6CACert
802 crlImport pathLenConstraint6CACRL.crl
803 certImport pathLenConstraint6subCA0Cert
804 crlImport pathLenConstraint6subCA0CRL.crl
805 certImport pathLenConstraint6subsubCA00Cert
806 crlImport pathLenConstraint6subsubCA00CRL.crl
807 pkitsn $certs/InvalidpathLenConstraintTest9EE.crt \
808 $certs/pathLenConstraint6subsubCA00Cert.crt \
809 $certs/pathLenConstraint6subCA0Cert.crt \
810 $certs/pathLenConstraint6CACert.crt
811 restore_db
812
813 VFY_ACTION="Invalid pathLenConstraint Test10"; log_banner
814 certImport pathLenConstraint6CACert
815 crlImport pathLenConstraint6CACRL.crl
816 certImport pathLenConstraint6subCA0Cert
817 crlImport pathLenConstraint6subCA0CRL.crl
818 certImport pathLenConstraint6subsubCA00Cert
819 crlImport pathLenConstraint6subsubCA00CRL.crl
820 pkitsn $certs/InvalidpathLenConstraintTest10EE.crt \
821 $certs/pathLenConstraint6subsubCA00Cert.crt \
822 $certs/pathLenConstraint6subCA0Cert.crt \
823 $certs/pathLenConstraint6CACert.crt
824 restore_db
825
826 VFY_ACTION="Invalid pathLenConstraint Test11"; log_banner
827 certImport pathLenConstraint6CACert
828 crlImport pathLenConstraint6CACRL.crl
829 certImport pathLenConstraint6subCA1Cert
830 crlImport pathLenConstraint6subCA1CRL.crl
831 certImport pathLenConstraint6subsubCA11Cert
832 crlImport pathLenConstraint6subsubCA11CRL.crl
833 certImport pathLenConstraint6subsubsubCA11XCert
834 crlImport pathLenConstraint6subsubsubCA11XCRL.crl
835 pkitsn $certs/InvalidpathLenConstraintTest11EE.crt \
836 $certs/pathLenConstraint6subsubsubCA11XCert.crt \
837 $certs/pathLenConstraint6subsubCA11Cert.crt \
838 $certs/pathLenConstraint6subCA1Cert.crt \
839 $certs/pathLenConstraint6CACert.crt
840 restore_db
841
842 VFY_ACTION="Invalid pathLenConstraint test12"; log_banner
843 certImport pathLenConstraint6CACert
844 crlImport pathLenConstraint6CACRL.crl
845 certImport pathLenConstraint6subCA1Cert
846 crlImport pathLenConstraint6subCA1CRL.crl
847 certImport pathLenConstraint6subsubCA11Cert
848 crlImport pathLenConstraint6subsubCA11CRL.crl
849 certImport pathLenConstraint6subsubsubCA11XCert
850 crlImport pathLenConstraint6subsubsubCA11XCRL.crl
851 pkitsn $certs/InvalidpathLenConstraintTest12EE.crt \
852 $certs/pathLenConstraint6subsubsubCA11XCert.crt \
853 $certs/pathLenConstraint6subsubCA11Cert.crt \
854 $certs/pathLenConstraint6subCA1Cert.crt \
855 $certs/pathLenConstraint6CACert.crt
856 restore_db
857
858 VFY_ACTION="Valid pathLenConstraint Test13"; log_banner
859 certImport pathLenConstraint6CACert
860 crlImport pathLenConstraint6CACRL.crl
861 certImport pathLenConstraint6subCA4Cert
862 crlImport pathLenConstraint6subCA4CRL.crl
863 certImport pathLenConstraint6subsubCA41Cert
864 crlImport pathLenConstraint6subsubCA41CRL.crl
865 certImport pathLenConstraint6subsubsubCA41XCert
866 crlImport pathLenConstraint6subsubsubCA41XCRL.crl
867 pkits $certs/ValidpathLenConstraintTest13EE.crt \
868 $certs/pathLenConstraint6subsubsubCA41XCert.crt \
869 $certs/pathLenConstraint6subsubCA41Cert.crt \
870 $certs/pathLenConstraint6subCA4Cert.crt \
871 $certs/pathLenConstraint6CACert.crt
872 restore_db
873
874 VFY_ACTION="Valid pathLenConstraint Test14"; log_banner
875 certImport pathLenConstraint6CACert
876 crlImport pathLenConstraint6CACRL.crl
877 certImport pathLenConstraint6subCA4Cert
878 crlImport pathLenConstraint6subCA4CRL.crl
879 certImport pathLenConstraint6subsubCA41Cert
880 crlImport pathLenConstraint6subsubCA41CRL.crl
881 certImport pathLenConstraint6subsubsubCA41XCert
882 crlImport pathLenConstraint6subsubsubCA41XCRL.crl
883 pkits $certs/ValidpathLenConstraintTest14EE.crt \
884 $certs/pathLenConstraint6subsubsubCA41XCert.crt \
885 $certs/pathLenConstraint6subsubCA41Cert.crt \
886 $certs/pathLenConstraint6subCA4Cert.crt \
887 $certs/pathLenConstraint6CACert.crt
888 restore_db
889
890 ### bug 232737 ###
891 if [ -n "${KNOWN_BUG}" ]; then
892 VFY_ACTION="Valid Self-Issued pathLenConstraint Test15"; log_banner
893 certImport pathLenConstraint0CACert
894 crlImport pathLenConstraint0CACRL.crl
895 pkits $certs/ValidSelfIssuedpathLenConstraintTest15EE.crt \
896 $certs/pathLenConstraint0SelfIssuedCACert.crt \
897 $certs/pathLenConstraint0CACert.crt
898 restore_db
899 fi
900
901 VFY_ACTION="Invalid Self-Issued pathLenConstraint Test16"; log_banner
902 certImport pathLenConstraint0CACert
903 crlImport pathLenConstraint0CACRL.crl
904 certImport pathLenConstraint0subCA2Cert
905 crlImport pathLenConstraint0subCA2CRL.crl
906 pkitsn $certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt \
907 $certs/pathLenConstraint0subCA2Cert.crt \
908 $certs/pathLenConstraint0SelfIssuedCACert.crt \
909 $certs/pathLenConstraint0CACert.crt
910 restore_db
911
912 ### bug 232737 ###
913 if [ -n "${KNOWN_BUG}" ]; then
914 VFY_ACTION="Valid Self-Issued pathLenConstraint Test17"; log_banner
915 certImport pathLenConstraint1CACert
916 crlImport pathLenConstraint1CACRL.crl
917 certImport pathLenConstraint1subCACert
918 crlImport pathLenConstraint1subCACRL.crl
919 pkits $certs/ValidSelfIssuedpathLenConstraintTest17EE.crt \
920 $certs/pathLenConstraint1SelfIssuedsubCACert.crt \
921 $certs/pathLenConstraint1subCACert.crt \
922 $certs/pathLenConstraint1SelfIssuedCACert.crt \
923 $certs/pathLenConstraint1CACert.crt
924 restore_db
925 fi
926 }
927
928 pkits_KeyUsage()
929 {
930 break_table "NIST PKITS Section 4.7: Key Usage"
931
932 VFY_ACTION="Invalid keyUsage Critical keyCertSign False Test1"; log_banner
933 certImport keyUsageCriticalkeyCertSignFalseCACert
934 crlImport keyUsageCriticalkeyCertSignFalseCACRL.crl
935 pkitsn $certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt \
936 $certs/keyUsageCriticalkeyCertSignFalseCACert.crt
937 restore_db
938
939 VFY_ACTION="Invalid keyUsage Not Critical keyCertSign False Test2"; log_banner
940 certImport keyUsageNotCriticalkeyCertSignFalseCACert
941 crlImport keyUsageNotCriticalkeyCertSignFalseCACRL.crl
942 pkitsn $certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt \
943 $certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt
944 restore_db
945
946 VFY_ACTION="Valid keyUsage Not Critical Test3"; log_banner
947 certImport keyUsageNotCriticalCACert
948 crlImport keyUsageNotCriticalCACRL.crl
949 pkits $certs/ValidkeyUsageNotCriticalTest3EE.crt \
950 $certs/keyUsageNotCriticalCACert.crt
951 restore_db
952
953 VFY_ACTION="Invalid keyUsage Critical cRLSign False Test4"; log_banner
954 certImport keyUsageCriticalcRLSignFalseCACert
955 crlImportn keyUsageCriticalcRLSignFalseCACRL.crl
956 if [ $RET -eq 0 ] ; then
957 pkitsn $certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt \
958 $certs/keyUsageCriticalcRLSignFalseCACert.crt
959 fi
960 restore_db
961
962 VFY_ACTION="Invalid keyUsage Not Critical cRLSign False Test5"; log_banner
963 certImport keyUsageNotCriticalcRLSignFalseCACert
964 crlImportn keyUsageNotCriticalcRLSignFalseCACRL.crl
965 if [ $RET -eq 0 ] ; then
966 pkitsn $certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt \
967 $certs/keyUsageNotCriticalcRLSignFalseCACert.crt
968 fi
969 restore_db
970 }
971
972 pkits_CertificatePolicies()
973 {
974 break_table "NIST PKITS Section 4.8: Certificate Policies"
975
976 VFY_ACTION="All Certificates Same Policy Test1"; log_banner
977 certImport GoodCACert
978 crlImport GoodCACRL.crl
979 pkits $certs/ValidCertificatePathTest1EE.crt \
980 $certs/GoodCACert.crt
981 restore_db
982
983 VFY_ACTION="All Certificates No Policies Test2"; log_banner
984 certImport NoPoliciesCACert
985 crlImport NoPoliciesCACRL.crl
986 pkits $certs/AllCertificatesNoPoliciesTest2EE.crt \
987 $certs/NoPoliciesCACert.crt
988 restore_db
989
990 VFY_ACTION="Different Policies Test3"; log_banner
991 certImport GoodCACert
992 crlImport GoodCACRL.crl
993 certImport PoliciesP2subCACert
994 crlImport PoliciesP2subCACRL.crl
995 pkits $certs/DifferentPoliciesTest3EE.crt \
996 $certs/PoliciesP2subCACert.crt \
997 $certs/GoodCACert.crt
998 restore_db
999
1000 VFY_ACTION="Different Policies Test4"; log_banner
1001 certImport GoodCACert
1002 crlImport GoodCACRL.crl
1003 certImport GoodsubCACert
1004 crlImport GoodsubCACRL.crl
1005 pkits $certs/DifferentPoliciesTest4EE.crt \
1006 $certs/GoodsubCACert.crt \
1007 $certs/GoodCACert.crt
1008 restore_db
1009
1010 VFY_ACTION="Different Policies Test5"; log_banner
1011 certImport GoodCACert
1012 crlImport GoodCACRL.crl
1013 certImport PoliciesP2subCA2Cert
1014 crlImport PoliciesP2subCA2CRL.crl
1015 pkits $certs/DifferentPoliciesTest5EE.crt \
1016 $certs/PoliciesP2subCA2Cert.crt \
1017 $certs/GoodCACert.crt
1018 restore_db
1019
1020 VFY_ACTION="Overlapping Policies Test6"; log_banner
1021 certImport PoliciesP1234CACert
1022 crlImport PoliciesP1234CACRL.crl
1023 certImport PoliciesP1234subCAP123Cert
1024 crlImport PoliciesP1234subCAP123CRL.crl
1025 certImport PoliciesP1234subsubCAP123P12Cert
1026 crlImport PoliciesP1234subsubCAP123P12CRL.crl
1027 pkits $certs/OverlappingPoliciesTest6EE.crt \
1028 $certs/PoliciesP1234subsubCAP123P12Cert.crt \
1029 $certs/PoliciesP1234subCAP123Cert.crt \
1030 $certs/PoliciesP1234CACert.crt
1031 restore_db
1032
1033 VFY_ACTION="Different Policies Test7"; log_banner
1034 certImport PoliciesP123CACert
1035 crlImport PoliciesP123CACRL.crl
1036 certImport PoliciesP123subCAP12Cert
1037 crlImport PoliciesP123subCAP12CRL.crl
1038 certImport PoliciesP123subsubCAP12P1Cert
1039 crlImport PoliciesP123subsubCAP12P1CRL.crl
1040 pkits $certs/DifferentPoliciesTest7EE.crt \
1041 $certs/PoliciesP123subsubCAP12P1Cert.crt \
1042 $certs/PoliciesP123subCAP12Cert.crt \
1043 $certs/PoliciesP123CACert.crt
1044 restore_db
1045
1046 VFY_ACTION="Different Policies Test8"; log_banner
1047 certImport PoliciesP12CACert
1048 crlImport PoliciesP12CACRL.crl
1049 certImport PoliciesP12subCAP1Cert
1050 crlImport PoliciesP12subCAP1CRL.crl
1051 certImport PoliciesP12subsubCAP1P2Cert
1052 crlImport PoliciesP12subsubCAP1P2CRL.crl
1053 pkits $certs/DifferentPoliciesTest8EE.crt \
1054 $certs/PoliciesP123subsubCAP12P1Cert.crt \
1055 $certs/PoliciesP12subCAP1Cert.crt \
1056 $certs/PoliciesP12CACert.crt
1057 restore_db
1058
1059 VFY_ACTION="Different Policies Test9"; log_banner
1060 certImport PoliciesP123CACert
1061 crlImport PoliciesP123CACRL.crl
1062 certImport PoliciesP123subCAP12Cert
1063 crlImport PoliciesP123subCAP12CRL.crl
1064 certImport PoliciesP123subsubCAP12P2Cert
1065 crlImport PoliciesP123subsubCAP2P2CRL.crl
1066 certImport PoliciesP123subsubsubCAP12P2P1Cert
1067 crlImport PoliciesP123subsubsubCAP12P2P1CRL.crl
1068 pkits $certs/DifferentPoliciesTest9EE.crt \
1069 $certs/PoliciesP123subsubsubCAP12P2P1Cert.crt \
1070 $certs/PoliciesP123subsubCAP12P1Cert.crt \
1071 $certs/PoliciesP12subCAP1Cert.crt \
1072 $certs/PoliciesP12CACert.crt
1073 restore_db
1074
1075 VFY_ACTION="All Certificates Same Policies Test10"; log_banner
1076 certImport PoliciesP12CACert
1077 crlImport PoliciesP12CACRL.crl
1078 pkits $certs/AllCertificatesSamePoliciesTest10EE.crt \
1079 $certs/NoPoliciesCACert.crt
1080 restore_db
1081
1082 VFY_ACTION="All Certificates AnyPolicy Test11"; log_banner
1083 certImport anyPolicyCACert
1084 crlImport anyPolicyCACRL.crl
1085 pkits $certs/AllCertificatesanyPolicyTest11EE.crt \
1086 $certs/anyPolicyCACert.crt
1087 restore_db
1088
1089 VFY_ACTION="Different Policies Test12"; log_banner
1090 certImport PoliciesP3CACert
1091 crlImport PoliciesP3CACRL.crl
1092 pkits $certs/DifferentPoliciesTest12EE.crt \
1093 $certs/PoliciesP3CACert.crt
1094 restore_db
1095
1096 VFY_ACTION="All Certificates Same Policies Test13"; log_banner
1097 certImport PoliciesP123CACert
1098 crlImport PoliciesP123CACRL.crl
1099 pkits $certs/AllCertificatesSamePoliciesTest13EE.crt \
1100 $certs/PoliciesP123CACert.crt
1101 restore_db
1102
1103 VFY_ACTION="AnyPolicy Test14"; log_banner
1104 certImport anyPolicyCACert
1105 crlImport anyPolicyCACRL.crl
1106 pkits $certs/AnyPolicyTest14EE.crt \
1107 $certs/anyPolicyCACert.crt
1108 restore_db
1109
1110 VFY_ACTION="User Notice Qualifier Test15"; log_banner
1111 pkits $certs/UserNoticeQualifierTest15EE.crt
1112
1113 VFY_ACTION="User Notice Qualifier Test16"; log_banner
1114 certImport GoodCACert
1115 crlImport GoodCACRL.crl
1116 pkits $certs/UserNoticeQualifierTest16EE.crt \
1117 $certs/GoodCACert.crt
1118
1119 VFY_ACTION="User Notice Qualifier Test17"; log_banner
1120 certImport GoodCACert
1121 crlImport GoodCACRL.crl
1122 pkits $certs/UserNoticeQualifierTest17EE.crt \
1123 $certs/GoodCACert.crt
1124 restore_db
1125
1126 VFY_ACTION="User Notice Qualifier Test18"; log_banner
1127 certImport PoliciesP12CACert
1128 crlImport PoliciesP12CACRL.crl
1129 pkits $certs/UserNoticeQualifierTest18EE.crt \
1130 $certs/PoliciesP12CACert.crt
1131 restore_db
1132
1133 VFY_ACTION="User Notice Qualifier Test19"; log_banner
1134 pkits $certs/UserNoticeQualifierTest19EE.crt
1135
1136 VFY_ACTION="CPS Pointer Qualifier Test20"; log_banner
1137 certImport GoodCACert
1138 crlImport GoodCACRL.crl
1139 pkits $certs/CPSPointerQualifierTest20EE.crt \
1140 $certs/GoodCACert.crt
1141 restore_db
1142 }
1143
1144 pkits_RequireExplicitPolicy()
1145 {
1146 break_table "NIST PKITS Section 4.9: Require Explicit Policy"
1147
1148 VFY_ACTION="Valid RequireExplicitPolicy Test1"; log_banner
1149 certImportn requireExplicitPolicy10CACert
1150 crlImportn requireExplicitPolicy10CACRL.crl
1151 certImport requireExplicitPolicy10subCACert
1152 crlImport requireExplicitPolicy10subCACRL.crl
1153 certImport requireExplicitPolicy10subsubCACert
1154 crlImport requireExplicitPolicy10subsubCACRL.crl
1155 certImport requireExplicitPolicy10subsubsubCACert
1156 crlImport requireExplicitPolicy10subsubsubCACRL.crl
1157 pkits $certs/ValidrequireExplicitPolicyTest1EE.crt \
1158 $certs/requireExplicitPolicy10subsubsubCACert.crt \
1159 $certs/requireExplicitPolicy10subsubCACert.crt \
1160 $certs/requireExplicitPolicy10subCACert.crt \
1161 $certs/requireExplicitPolicy10CACert.crt
1162 restore_db
1163
1164 VFY_ACTION="Valid RequireExplicitPolicy Test2"; log_banner
1165 certImportn requireExplicitPolicy5CACert
1166 crlImportn requireExplicitPolicy5CACRL.crl
1167 certImport requireExplicitPolicy5subCACert
1168 crlImport requireExplicitPolicy5subCACRL.crl
1169 certImport requireExplicitPolicy5subsubCACert
1170 crlImport requireExplicitPolicy5subsubCACRL.crl
1171 certImport requireExplicitPolicy5subsubsubCACert
1172 crlImport requireExplicitPolicy5subsubsubCACRL.crl
1173 pkits $certs/ValidrequireExplicitPolicyTest2EE.crt \
1174 $certs/requireExplicitPolicy5subsubsubCACert.crt \
1175 $certs/requireExplicitPolicy5subsubCACert.crt \
1176 $certs/requireExplicitPolicy5subCACert.crt \
1177 $certs/requireExplicitPolicy5CACert.crt
1178 restore_db
1179
1180 VFY_ACTION="Invalid RequireExplicitPolicy Test3"; log_banner
1181 certImportn requireExplicitPolicy4CACert
1182 crlImportn requireExplicitPolicy4CACRL.crl
1183 certImport requireExplicitPolicy4subCACert
1184 crlImport requireExplicitPolicy4subCACRL.crl
1185 certImport requireExplicitPolicy4subsubCACert
1186 crlImport requireExplicitPolicy4subsubCACRL.crl
1187 certImport requireExplicitPolicy4subsubsubCACert
1188 crlImport requireExplicitPolicy4subsubsubCACRL.crl
1189 pkitsn $certs/InvalidrequireExplicitPolicyTest3EE.crt \
1190 $certs/requireExplicitPolicy4subsubsubCACert.crt \
1191 $certs/requireExplicitPolicy4subsubCACert.crt \
1192 $certs/requireExplicitPolicy4subCACert.crt \
1193 $certs/requireExplicitPolicy4CACert.crt
1194 restore_db
1195
1196 VFY_ACTION="Valid RequireExplicitPolicy Test4"; log_banner
1197 certImportn requireExplicitPolicy0CACert
1198 crlImportn requireExplicitPolicy0CACRL.crl
1199 certImport requireExplicitPolicy0subCACert
1200 crlImport requireExplicitPolicy0subCACRL.crl
1201 certImport requireExplicitPolicy0subsubCACert
1202 crlImport requireExplicitPolicy0subsubCACRL.crl
1203 certImport requireExplicitPolicy0subsubsubCACert
1204 crlImport requireExplicitPolicy0subsubsubCACRL.crl
1205 pkits $certs/ValidrequireExplicitPolicyTest4EE.crt \
1206 $certs/requireExplicitPolicy0subsubsubCACert.crt \
1207 $certs/requireExplicitPolicy0subsubCACert.crt \
1208 $certs/requireExplicitPolicy0subCACert.crt \
1209 $certs/requireExplicitPolicy0CACert.crt
1210 restore_db
1211
1212 VFY_ACTION="Invalid RequireExplicitPolicy Test5"; log_banner
1213 certImportn requireExplicitPolicy7CACert
1214 crlImportn requireExplicitPolicy7CACRL.crl
1215 certImportn requireExplicitPolicy7subCARE2Cert
1216 crlImportn requireExplicitPolicy7subCARE2CRL.crl
1217 certImportn requireExplicitPolicy7subsubCARE2RE4Cert
1218 crlImportn requireExplicitPolicy7subsubCARE2RE4CRL.crl
1219 certImport requireExplicitPolicy7subsubsubCARE2RE4Cert
1220 crlImport requireExplicitPolicy7subsubsubCARE2RE4CRL.crl
1221 pkitsn $certs/InvalidrequireExplicitPolicyTest5EE.crt \
1222 $certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt \
1223 $certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt \
1224 $certs/requireExplicitPolicy7subCARE2Cert.crt \
1225 $certs/requireExplicitPolicy7CACert.crt
1226 restore_db
1227
1228 VFY_ACTION="Valid Self-Issued RequireExplicitPolicy Test6"; log_banner
1229 certImportn requireExplicitPolicy2CACert
1230 crlImportn requireExplicitPolicy2CACRL.crl
1231 pkits $certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt \
1232 $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
1233 $certs/requireExplicitPolicy2CACert.crt
1234 restore_db
1235
1236 VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test7"; log_banner
1237 certImportn requireExplicitPolicy2CACert
1238 crlImportn requireExplicitPolicy2CACRL.crl
1239 certImport requireExplicitPolicy2subCACert
1240 crlImport requireExplicitPolicy2subCACRL.crl
1241 pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt \
1242 $certs/requireExplicitPolicy2subCACert.crt \
1243 $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
1244 $certs/requireExplicitPolicy2CACert.crt
1245 restore_db
1246
1247 VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test8"; log_banner
1248 certImportn requireExplicitPolicy2CACert
1249 crlImportn requireExplicitPolicy2CACRL.crl
1250 certImport requireExplicitPolicy2subCACert
1251 crlImport requireExplicitPolicy2subCACRL.crl
1252 pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt \
1253 $certs/requireExplicitPolicy2SelfIssuedsubCACert.crt \
1254 $certs/requireExplicitPolicy2subCACert.crt \
1255 $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
1256 $certs/requireExplicitPolicy2CACert.crt
1257 restore_db
1258 }
1259
1260 pkits_PolicyMappings()
1261 {
1262 break_table "NIST PKITS Section 4.10: Policy Mappings"
1263
1264 VFY_ACTION="Valid Policy Mapping Test1"; log_banner
1265 certImportn Mapping1to2CACert
1266 crlImportn Mapping1to2CACRL.crl
1267 pkits $certs/ValidPolicyMappingTest1EE.crt \
1268 $certs/Mapping1to2CACert.crt
1269 restore_db
1270
1271 VFY_ACTION="Invalid Policy Mapping Test2"; log_banner
1272 certImportn Mapping1to2CACert
1273 crlImportn Mapping1to2CACRL.crl
1274 pkitsn $certs/InvalidPolicyMappingTest2EE.crt \
1275 $certs/Mapping1to2CACert.crt
1276 restore_db
1277
1278 VFY_ACTION="Valid Policy Mapping Test3"; log_banner
1279 certImportn P12Mapping1to3CACert
1280 crlImportn P12Mapping1to3CACRL.crl
1281 certImportn P12Mapping1to3subCACert
1282 crlImportn P12Mapping1to3subCACRL.crl
1283 certImportn P12Mapping1to3subsubCACert
1284 crlImportn P12Mapping1to3subsubCACRL.crl
1285 pkits $certs/ValidPolicyMappingTest3EE.crt \
1286 $certs/P12Mapping1to3subsubCACert.crt \
1287 $certs/P12Mapping1to3subCACert.crt \
1288 $certs/P12Mapping1to3CA.crt
1289 restore_db
1290
1291 VFY_ACTION="Invalid Policy Mapping Test4"; log_banner
1292 certImportn P12Mapping1to3CACert
1293 crlImportn P12Mapping1to3CACRL.crl
1294 certImportn P12Mapping1to3subCACert
1295 crlImportn P12Mapping1to3subCACRL.crl
1296 certImportn P12Mapping1to3subsubCACert
1297 crlImportn P12Mapping1to3subsubCACRL.crl
1298 pkitsn $certs/InvalidPolicyMappingTest4EE.crt \
1299 $certs/P12Mapping1to3subsubCACert.crt \
1300 $certs/P12Mapping1to3subCACert.crt \
1301 $certs/P12Mapping1to3CA.crt
1302 restore_db
1303
1304 VFY_ACTION="Valid Policy Mapping Test5"; log_banner
1305 certImportn P1Mapping1to234CACert
1306 crlImportn P1Mapping1to234CACRL.crl
1307 certImportn P1Mapping1to234subCACert
1308 crlImportn P1Mapping1to234subCACRL.crl
1309 pkits $certs/ValidPolicyMappingTest5EE.crt \
1310 $certs/P1Mapping1to234subCACert.crt \
1311 $certs/P1Mapping1to234CA.crt
1312 restore_db
1313
1314 VFY_ACTION="Valid Policy Mapping Test6"; log_banner
1315 certImportn P1Mapping1to234CACert
1316 crlImportn P1Mapping1to234CACRL.crl
1317 certImportn P1Mapping1to234subCACert
1318 crlImportn P1Mapping1to234subCACRL.crl
1319 pkits $certs/ValidPolicyMappingTest6EE.crt \
1320 $certs/P1Mapping1to234subCACert.crt \
1321 $certs/P1Mapping1to234CA.crt
1322 restore_db
1323
1324 VFY_ACTION="Invalid Mapping from anyPolicy Test7"; log_banner
1325 certImportn MappingFromanyPolicyCACert
1326 crlImportn MappingFromanyPolicyCACRL.crl
1327 pkitsn $certs/InvalidMappingFromanyPolicyTest7EE.crt \
1328 $certs/MappingFromanyPolicyCACert.crt
1329 restore_db
1330
1331 VFY_ACTION="Invalid Mapping to anyPolicy Test8"; log_banner
1332 certImportn MappingToanyPolicyCACert
1333 crlImportn MappingToanyPolicyCACRL.crl
1334 pkitsn $certs/InvalidMappingToanyPolicyTest8EE.crt \
1335 $certs/MappingToanyPolicyCACert.crt
1336 restore_db
1337
1338 VFY_ACTION="Valid Policy Mapping Test9"; log_banner
1339 certImport PanyPolicyMapping1to2CACert
1340 crlImport PanyPolicyMapping1to2CACRL.crl
1341 pkits $certs/ValidPolicyMappingTest9EE.crt \
1342 $certs/PanyPolicyMapping1to2CACert.crt
1343 restore_db
1344
1345 VFY_ACTION="Invalid Policy Mapping Test10"; log_banner
1346 certImport GoodCACert
1347 crlImport GoodCACRL.crl
1348 certImportn GoodsubCAPanyPolicyMapping1to2CACert
1349 crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
1350 pkitsn $certs/InvalidPolicyMappingTest10EE.crt \
1351 $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
1352 $certs/GoodCACert.crt
1353 restore_db
1354
1355 VFY_ACTION="Valid Policy Mapping Test11"; log_banner
1356 certImport GoodCACert
1357 crlImport GoodCACRL.crl
1358 certImportn GoodsubCAPanyPolicyMapping1to2CACert
1359 crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
1360 pkits $certs/ValidPolicyMappingTest11EE.crt \
1361 $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
1362 $certs/GoodCACert.crt
1363 restore_db
1364
1365 VFY_ACTION="Valid Policy Mapping Test12"; log_banner
1366 certImportn P12Mapping1to3CACert
1367 crlImportn P12Mapping1to3CACRL.crl
1368 pkits $certs/ValidPolicyMappingTest12EE.crt \
1369 $certs/P12Mapping1to3CACert.crt
1370 restore_db
1371
1372 VFY_ACTION="Valid Policy Mapping Test13"; log_banner
1373 certImportn P1anyPolicyMapping1to2CACert
1374 crlImportn P1anyPolicyMapping1to2CACRL.crl
1375 pkits $certs/ValidPolicyMappingTest13EE.crt \
1376 $certs/P1anyPolicyMapping1to2CACert.crt
1377 restore_db
1378
1379 VFY_ACTION="Valid Policy Mapping Test14"; log_banner
1380 certImportn P1anyPolicyMapping1to2CACert
1381 crlImportn P1anyPolicyMapping1to2CACRL.crl
1382 pkits $certs/ValidPolicyMappingTest14EE.crt \
1383 $certs/P1anyPolicyMapping1to2CACert.crt
1384 restore_db
1385 }
1386
1387
1388 pkits_InhibitPolicyMapping()
1389 {
1390 break_table "NIST PKITS Section 4.11: Inhibit Policy Mapping"
1391
1392 VFY_ACTION="Invalid inhibitPolicyMapping Test1"; log_banner
1393 certImportn inhibitPolicyMapping0CACert
1394 crlImportn inhibitPolicyMapping0CACRL.crl
1395 certImportn inhibitPolicyMapping0subCACert
1396 crlImportn inhibitPolicyMapping0subCACRL.crl
1397 pkitsn $certs/InvalidinhibitPolicyMappingTest1EE.crt \
1398 $certs/inhibitPolicyMapping0CACert.crt \
1399 $certs/inhibitPolicyMapping0subCACert.crt
1400 restore_db
1401
1402 VFY_ACTION="Valid inhibitPolicyMapping Test2"; log_banner
1403 certImportn inhibitPolicyMapping1P12CACert
1404 crlImportn inhibitPolicyMapping1P12CACRL.crl
1405 certImportn inhibitPolicyMapping1P12subCACert
1406 crlImportn inhibitPolicyMapping1P12subCACRL.crl
1407 pkits $certs/ValidinhibitPolicyMappingTest2EE.crt \
1408 $certs/inhibitPolicyMapping1P12CACert.crt \
1409 $certs/inhibitPolicyMapping1P12subCACert.crt
1410 restore_db
1411
1412 VFY_ACTION="Invalid inhibitPolicyMapping Test3"; log_banner
1413 certImportn inhibitPolicyMapping1P12CACert
1414 crlImportn inhibitPolicyMapping1P12CACRL.crl
1415 certImportn inhibitPolicyMapping1P12subCACert
1416 crlImportn inhibitPolicyMapping1P12subCACRL.crl
1417 certImportn inhibitPolicyMapping1P12subsubCACert
1418 crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
1419 pkitsn $certs/InvalidinhibitPolicyMappingTest3EE.crt \
1420 $certs/inhibitPolicyMapping1P12subsubCACert.crt \
1421 $certs/inhibitPolicyMapping1P12subCACert.crt \
1422 $certs/inhibitPolicyMapping1P12CACert.crt
1423 restore_db
1424
1425 VFY_ACTION="Valid inhibitPolicyMapping Test4"; log_banner
1426 certImportn inhibitPolicyMapping1P12CACert
1427 crlImportn inhibitPolicyMapping1P12CACRL.crl
1428 certImportn inhibitPolicyMapping1P12subCACert
1429 crlImportn inhibitPolicyMapping1P12subCACRL.crl
1430 certImportn inhibitPolicyMapping1P12subsubCACert
1431 crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
1432 pkits $certs/ValidinhibitPolicyMappingTest4EE.crt \
1433 $certs/inhibitPolicyMapping1P12CACert.crt \
1434 $certs/inhibitPolicyMapping1P12subCACert.crt
1435 restore_db
1436
1437 VFY_ACTION="Invalid inhibitPolicyMapping Test5"; log_banner
1438 certImportn inhibitPolicyMapping5CACert
1439 crlImportn inhibitPolicyMapping5CACRL.crl
1440 certImportn inhibitPolicyMapping5subCACert
1441 crlImportn inhibitPolicyMapping5subCACRL.crl
1442 certImport inhibitPolicyMapping5subsubCACert
1443 crlImport inhibitPolicyMapping5subsubCACRL.crl
1444 pkitsn $certs/InvalidinhibitPolicyMappingTest5EE.crt \
1445 $certs/inhibitPolicyMapping5subsubCACert.crt \
1446 $certs/inhibitPolicyMapping5subCACert.crt \
1447 $certs/inhibitPolicyMapping5CACert.crt
1448 restore_db
1449
1450 VFY_ACTION="Invalid inhibitPolicyMapping Test6"; log_banner
1451 certImportn inhibitPolicyMapping1P12CACert
1452 crlImportn inhibitPolicyMapping1P12CACRL.crl
1453 certImportn inhibitPolicyMapping1P12subCAIPM5Cert
1454 crlImportn inhibitPolicyMapping1P12subCAIPM5CRL.crl
1455 certImport inhibitPolicyMapping1P12subsubCAIPM5Cert
1456 crlImportn inhibitPolicyMapping1P12subsubCAIPM5CRL.crl
1457 pkitsn $certs/InvalidinhibitPolicyMappingTest6EE.crt \
1458 $certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt \
1459 $certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt \
1460 $certs/inhibitPolicyMapping1P12CACert.crt
1461 restore_db
1462
1463 VFY_ACTION="Valid Self-Issued inhibitPolicyMapping Test7"; log_banner
1464 certImportn inhibitPolicyMapping1P1CACert
1465 crlImportn inhibitPolicyMapping1P1CACRL.crl
1466 certImportn inhibitPolicyMapping1P1subCACert
1467 crlImportn inhibitPolicyMapping1P1subCACRL.crl
1468 pkits $certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt \
1469 $certs/inhibitPolicyMapping1P1subCACert.crt \
1470 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1471 $certs/inhibitPolicyMapping1P1CACert.crt
1472 restore_db
1473
1474 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test8"; log_banner
1475 certImportn inhibitPolicyMapping1P1CACert
1476 crlImportn inhibitPolicyMapping1P1CACRL.crl
1477 certImportn inhibitPolicyMapping1P1subCACert
1478 crlImportn inhibitPolicyMapping1P1subCACRL.crl
1479 certImport inhibitPolicyMapping1P1subsubCACert
1480 crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
1481 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt \
1482 $certs/inhibitPolicyMapping1P1subsubCACert.crt \
1483 $certs/inhibitPolicyMapping1P1subCACert.crt \
1484 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1485 $certs/inhibitPolicyMapping1P1CACert.crt
1486 restore_db
1487
1488 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test9"; log_banner
1489 certImportn inhibitPolicyMapping1P1CACert
1490 crlImportn inhibitPolicyMapping1P1CACRL.crl
1491 certImportn inhibitPolicyMapping1P1subCACert
1492 crlImportn inhibitPolicyMapping1P1subCACRL.crl
1493 certImportn inhibitPolicyMapping1P1subsubCACert
1494 crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
1495 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt \
1496 $certs/inhibitPolicyMapping1P1subsubCACert.crt \
1497 $certs/inhibitPolicyMapping1P1subCACert.crt \
1498 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1499 $certs/inhibitPolicyMapping1P1CACert.crt
1500 restore_db
1501
1502 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test10"; log_banner
1503 certImportn inhibitPolicyMapping1P1CACert
1504 crlImportn inhibitPolicyMapping1P1CACRL.crl
1505 certImportn inhibitPolicyMapping1P1subCACert
1506 crlImportn inhibitPolicyMapping1P1subCACRL.crl
1507 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt \
1508 $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
1509 $certs/inhibitPolicyMapping1P1subCACert.crt \
1510 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1511 $certs/inhibitPolicyMapping1P1CACert.crt
1512 restore_db
1513
1514 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test11"; log_banner
1515 certImportn inhibitPolicyMapping1P1CACert
1516 crlImportn inhibitPolicyMapping1P1CACRL.crl
1517 certImportn inhibitPolicyMapping1P1subCACert
1518 crlImportn inhibitPolicyMapping1P1subCACRL.crl
1519 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt \
1520 $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
1521 $certs/inhibitPolicyMapping1P1subCACert.crt \
1522 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1523 $certs/inhibitPolicyMapping1P1CACert.crt
1524 restore_db
1525 }
1526
1527
1528 pkits_InhibitAnyPolicy()
1529 {
1530 break_table "NIST PKITS Section 4.12: Inhibit Any Policy"
1531
1532 VFY_ACTION="Invalid inhibitAnyPolicy Test1"; log_banner
1533 certImportn inhibitAnyPolicy0CACert
1534 crlImportn inhibitAnyPolicy0CACRL.crl
1535 pkitsn $certs/InvalidinhibitAnyPolicyTest1EE.crt \
1536 $certs/inhibitAnyPolicy0CACert.crt
1537 restore_db
1538
1539 VFY_ACTION="Valid inhibitAnyPolicy Test2"; log_banner
1540 certImportn inhibitAnyPolicy0CACert
1541 crlImportn inhibitAnyPolicy0CACRL.crl
1542 pkits $certs/ValidinhibitAnyPolicyTest2EE.crt \
1543 $certs/inhibitAnyPolicy0CACert.crt
1544 restore_db
1545
1546 VFY_ACTION="inhibitAnyPolicy Test3"; log_banner
1547 certImportn inhibitAnyPolicy1CACert
1548 crlImportn inhibitAnyPolicy1CACRL.crl
1549 certImport inhibitAnyPolicy1subCA1Cert
1550 crlImport inhibitAnyPolicy1subCA1CRL.crl
1551 pkits $certs/inhibitAnyPolicyTest3EE.crt \
1552 $certs/inhibitAnyPolicy1CACert.crt \
1553 $certs/inhibitAnyPolicy1subCA1Cert.crt
1554 restore_db
1555
1556 VFY_ACTION="Invalid inhibitAnyPolicy Test4"; log_banner
1557 certImportn inhibitAnyPolicy1CACert
1558 crlImportn inhibitAnyPolicy1CACRL.crl
1559 certImport inhibitAnyPolicy1subCA1Cert
1560 crlImport inhibitAnyPolicy1subCA1CRL.crl
1561 pkitsn $certs/InvalidinhibitAnyPolicyTest4EE.crt \
1562 $certs/inhibitAnyPolicy1CACert.crt \
1563 $certs/inhibitAnyPolicy1subCA1Cert.crt
1564 restore_db
1565
1566 VFY_ACTION="Invalid inhibitAnyPolicy Test5"; log_banner
1567 certImportn inhibitAnyPolicy5CACert
1568 crlImportn inhibitAnyPolicy5CACRL.crl
1569 certImportn inhibitAnyPolicy5subCACert
1570 crlImportn inhibitAnyPolicy5subCACRL.crl
1571 certImport inhibitAnyPolicy5subsubCACert
1572 crlImport inhibitAnyPolicy5subsubCACRL.crl
1573 pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
1574 $certs/inhibitAnyPolicy5CACert.crt \
1575 $certs/inhibitAnyPolicy5subCACert.crt \
1576 $certs/inhibitAnyPolicy5subsubCACert.crt
1577 restore_db
1578
1579 VFY_ACTION="Invalid inhibitAnyPolicy Test6"; log_banner
1580 certImportn inhibitAnyPolicy1CACert
1581 crlImportn inhibitAnyPolicy1CACRL.crl
1582 certImportn inhibitAnyPolicy1subCAIAP5Cert
1583 crlImportn inhibitAnyPolicy1subCAIAP5CRL.crl
1584 pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
1585 $certs/inhibitAnyPolicy1CACert.crt \
1586 $certs/inhibitAnyPolicy5subCACert.crt \
1587 $certs/inhibitAnyPolicy5subsubCACert.crt
1588 restore_db
1589
1590 VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test7"; log_banner
1591 certImportn inhibitAnyPolicy1CACert
1592 crlImportn inhibitAnyPolicy1CACRL.crl
1593 certImport inhibitAnyPolicy1subCA2Cert
1594 crlImport inhibitAnyPolicy1subCA2CRL.crl
1595 pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt \
1596 $certs/inhibitAnyPolicy1CACert.crt \
1597 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1598 $certs/inhibitAnyPolicy1subCA2Cert.crt
1599 restore_db
1600
1601 VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test8"; log_banner
1602 certImportn inhibitAnyPolicy1CACert
1603 crlImportn inhibitAnyPolicy1CACRL.crl
1604 certImport inhibitAnyPolicy1subCA2Cert
1605 crlImport inhibitAnyPolicy1subCA2CRL.crl
1606 certImport inhibitAnyPolicy1subsubCA2Cert
1607 crlImport inhibitAnyPolicy1subsubCA2CRL.crl
1608 pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt \
1609 $certs/inhibitAnyPolicy1CACert.crt \
1610 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1611 $certs/inhibitAnyPolicy1subCA2Cert.crt \
1612 $certs/inhibitAnyPolicy1subsubCA2Cert.crt
1613 restore_db
1614
1615 VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test9"; log_banner
1616 certImportn inhibitAnyPolicy1CACert
1617 crlImportn inhibitAnyPolicy1CACRL.crl
1618 certImport inhibitAnyPolicy1subCA2Cert
1619 crlImport inhibitAnyPolicy1subCA2CRL.crl
1620 pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt \
1621 $certs/inhibitAnyPolicy1CACert.crt \
1622 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1623 $certs/inhibitAnyPolicy1subCA2Cert.crt \
1624 $certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
1625 restore_db
1626
1627 VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test10"; log_banner
1628 certImportn inhibitAnyPolicy1CACert
1629 crlImportn inhibitAnyPolicy1CACRL.crl
1630 certImport inhibitAnyPolicy1subCA2Cert
1631 crlImport inhibitAnyPolicy1subCA2CRL.crl
1632 pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt \
1633 $certs/inhibitAnyPolicy1CACert.crt \
1634 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1635 $certs/inhibitAnyPolicy1subCA2Cert.crt
1636 restore_db
1637 }
1638
1639
1640 pkits_NameConstraints()
1641 {
1642 break_table "NIST PKITS Section 4.13: Name Constraints"
1643
1644 VFY_ACTION="Valid DN nameConstraints Test1"; log_banner
1645 certImport nameConstraintsDN1CACert
1646 crlImport nameConstraintsDN1CACRL.crl
1647 pkits $certs/ValidDNnameConstraintsTest1EE.crt \
1648 $certs/nameConstraintsDN1CACert.crt
1649 restore_db
1650
1651 VFY_ACTION="Invalid DN nameConstraints Test2"; log_banner
1652 certImport nameConstraintsDN1CACert
1653 crlImport nameConstraintsDN1CACRL.crl
1654 pkitsn $certs/InvalidDNnameConstraintsTest2EE.crt \
1655 $certs/nameConstraintsDN1CACert.crt
1656 restore_db
1657
1658 VFY_ACTION="Invalid DN nameConstraints Test3"; log_banner
1659 certImport nameConstraintsDN1CACert
1660 crlImport nameConstraintsDN1CACRL.crl
1661 pkitsn $certs/InvalidDNnameConstraintsTest3EE.crt \
1662 $certs/nameConstraintsDN1CACert.crt
1663 restore_db
1664
1665 VFY_ACTION="Valid DN nameConstraints Test4"; log_banner
1666 certImport nameConstraintsDN1CACert
1667 crlImport nameConstraintsDN1CACRL.crl
1668 pkits $certs/ValidDNnameConstraintsTest4EE.crt \
1669 $certs/nameConstraintsDN1CACert.crt
1670 restore_db
1671
1672 VFY_ACTION="Valid DN nameConstraints Test5"; log_banner
1673 certImport nameConstraintsDN2CACert
1674 crlImport nameConstraintsDN2CACRL.crl
1675 pkits $certs/ValidDNnameConstraintsTest5EE.crt \
1676 $certs/nameConstraintsDN2CACert.crt
1677 restore_db
1678
1679 VFY_ACTION="Valid DN nameConstraints Test6"; log_banner
1680 certImport nameConstraintsDN3CACert
1681 crlImport nameConstraintsDN3CACRL.crl
1682 pkits $certs/ValidDNnameConstraintsTest6EE.crt \
1683 $certs/nameConstraintsDN3CACert.crt
1684 restore_db
1685
1686 VFY_ACTION="Invalid DN nameConstraints Test7"; log_banner
1687 certImport nameConstraintsDN3CACert
1688 crlImport nameConstraintsDN3CACRL.crl
1689 pkitsn $certs/InvalidDNnameConstraintsTest7EE.crt \
1690 $certs/nameConstraintsDN3CACert.crt
1691 restore_db
1692
1693 VFY_ACTION="Invalid DN nameConstraints Test8"; log_banner
1694 certImport nameConstraintsDN4CACert
1695 crlImport nameConstraintsDN4CACRL.crl
1696 pkitsn $certs/InvalidDNnameConstraintsTest8EE.crt \
1697 $certs/nameConstraintsDN4CACert.crt
1698 restore_db
1699
1700 VFY_ACTION="Invalid DN nameConstraints Test9"; log_banner
1701 certImport nameConstraintsDN4CACert
1702 crlImport nameConstraintsDN4CACRL.crl
1703 pkitsn $certs/InvalidDNnameConstraintsTest9EE.crt \
1704 $certs/nameConstraintsDN4CACert.crt
1705 restore_db
1706
1707 VFY_ACTION="Invalid DN nameConstraints Test10"; log_banner
1708 certImport nameConstraintsDN5CACert
1709 crlImport nameConstraintsDN5CACRL.crl
1710 pkitsn $certs/InvalidDNnameConstraintsTest10EE.crt \
1711 $certs/nameConstraintsDN5CACert.crt
1712 restore_db
1713
1714 VFY_ACTION="Valid DN nameConstraints Test11"; log_banner
1715 certImport nameConstraintsDN5CACert
1716 crlImport nameConstraintsDN5CACRL.crl
1717 pkits $certs/ValidDNnameConstraintsTest11EE.crt \
1718 $certs/nameConstraintsDN5CACert.crt
1719 restore_db
1720
1721 VFY_ACTION="Invalid DN nameConstraints Test12"; log_banner
1722 certImport nameConstraintsDN1CACert
1723 crlImport nameConstraintsDN1CACRL.crl
1724 certImport nameConstraintsDN1subCA1Cert
1725 crlImport nameConstraintsDN1subCA1CRL.crl
1726 pkitsn $certs/InvalidDNnameConstraintsTest12EE.crt \
1727 $certs/nameConstraintsDN1subCA1Cert.crt \
1728 $certs/nameConstraintsDN1CACert.crt
1729 restore_db
1730
1731 VFY_ACTION="Invalid DN nameConstraints Test13"; log_banner
1732 certImport nameConstraintsDN1CACert
1733 crlImport nameConstraintsDN1CACRL.crl
1734 certImport nameConstraintsDN1subCA2Cert
1735 crlImport nameConstraintsDN1subCA2CRL.crl
1736 pkitsn $certs/InvalidDNnameConstraintsTest13EE.crt \
1737 $certs/nameConstraintsDN1subCA2Cert.crt \
1738 $certs/nameConstraintsDN1CACert.crt
1739 restore_db
1740
1741 VFY_ACTION="Valid DN nameConstraints Test14"; log_banner
1742 certImport nameConstraintsDN1CACert
1743 crlImport nameConstraintsDN1CACRL.crl
1744 certImport nameConstraintsDN1subCA2Cert
1745 crlImport nameConstraintsDN1subCA2CRL.crl
1746 pkits $certs/ValidDNnameConstraintsTest14EE.crt \
1747 $certs/nameConstraintsDN1subCA2Cert.crt \
1748 $certs/nameConstraintsDN1CACert.crt
1749 restore_db
1750
1751 VFY_ACTION="Invalid DN nameConstraints Test15"; log_banner
1752 certImport nameConstraintsDN3CACert
1753 crlImport nameConstraintsDN3CACRL.crl
1754 certImport nameConstraintsDN3subCA1Cert
1755 crlImport nameConstraintsDN3subCA1CRL.crl
1756 pkitsn $certs/InvalidDNnameConstraintsTest15EE.crt \
1757 $certs/nameConstraintsDN3subCA1Cert.crt \
1758 $certs/nameConstraintsDN3CACert.crt
1759 restore_db
1760
1761 VFY_ACTION="Invalid DN nameConstraints Test16"; log_banner
1762 certImport nameConstraintsDN3CACert
1763 crlImport nameConstraintsDN3CACRL.crl
1764 certImport nameConstraintsDN3subCA1Cert
1765 crlImport nameConstraintsDN3subCA1CRL.crl
1766 pkitsn $certs/InvalidDNnameConstraintsTest16EE.crt \
1767 $certs/nameConstraintsDN3subCA1Cert.crt \
1768 $certs/nameConstraintsDN3CACert.crt
1769 restore_db
1770
1771 VFY_ACTION="Invalid DN nameConstraints Test17"; log_banner
1772 certImport nameConstraintsDN3CACert
1773 crlImport nameConstraintsDN3CACRL.crl
1774 certImport nameConstraintsDN3subCA2Cert
1775 crlImport nameConstraintsDN3subCA2CRL.crl
1776 pkitsn $certs/InvalidDNnameConstraintsTest17EE.crt \
1777 $certs/nameConstraintsDN3subCA2Cert.crt \
1778 $certs/nameConstraintsDN3CACert.crt
1779 restore_db
1780
1781 VFY_ACTION="Valid DN nameConstraints Test18"; log_banner
1782 certImport nameConstraintsDN3CACert
1783 crlImport nameConstraintsDN3CACRL.crl
1784 certImport nameConstraintsDN3subCA2Cert
1785 crlImport nameConstraintsDN3subCA2CRL.crl
1786 pkits $certs/ValidDNnameConstraintsTest18EE.crt \
1787 $certs/nameConstraintsDN3subCA2Cert.crt \
1788 $certs/nameConstraintsDN3CACert.crt
1789 restore_db
1790
1791 ### bug 232737 ###
1792 if [ -n "${KNOWN_BUG}" ]; then
1793 VFY_ACTION="Valid Self-Issued DN nameConstraints Test19"; log_banner
1794 certImport nameConstraintsDN1CACert
1795 crlImport nameConstraintsDN1CACRL.crl
1796 pkits $certs/ValidDNnameConstraintsTest19EE.crt \
1797 $certs/nameConstraintsDN1SelfIssuedCACert.crt \
1798 $certs/nameConstraintsDN1CACert.crt
1799 restore_db
1800 fi
1801
1802 VFY_ACTION="Invalid Self-Issued DN nameConstraints Test20"; log_banner
1803 certImport nameConstraintsDN1CACert
1804 crlImport nameConstraintsDN1CACRL.crl
1805 pkitsn $certs/InvalidDNnameConstraintsTest20EE.crt \
1806 $certs/nameConstraintsDN1CACert.crt
1807 restore_db
1808
1809 VFY_ACTION="Valid RFC822 nameConstraints Test21"; log_banner
1810 certImport nameConstraintsRFC822CA1Cert
1811 crlImport nameConstraintsRFC822CA1CRL.crl
1812 pkits $certs/ValidRFC822nameConstraintsTest21EE.crt \
1813 $certs/nameConstraintsRFC822CA1Cert.crt
1814 restore_db
1815
1816 VFY_ACTION="Invalid RFC822 nameConstraints Test22"; log_banner
1817 certImport nameConstraintsRFC822CA1Cert
1818 crlImport nameConstraintsRFC822CA1CRL.crl
1819 pkitsn $certs/InvalidRFC822nameConstraintsTest22EE.crt \
1820 $certs/nameConstraintsRFC822CA1Cert.crt
1821 restore_db
1822
1823 VFY_ACTION="Valid RFC822 nameConstraints Test23"; log_banner
1824 certImport nameConstraintsRFC822CA2Cert
1825 crlImport nameConstraintsRFC822CA2CRL.crl
1826 pkits $certs/ValidRFC822nameConstraintsTest23EE.crt \
1827 $certs/nameConstraintsRFC822CA2Cert.crt
1828 restore_db
1829
1830 VFY_ACTION="Invalid RFC822 nameConstraints Test24"; log_banner
1831 certImport nameConstraintsRFC822CA2Cert
1832 crlImport nameConstraintsRFC822CA2CRL.crl
1833 pkitsn $certs/InvalidRFC822nameConstraintsTest24EE.crt \
1834 $certs/nameConstraintsRFC822CA2Cert.crt
1835 restore_db
1836
1837 VFY_ACTION="Valid RFC822 nameConstraints Test25"; log_banner
1838 certImport nameConstraintsRFC822CA3Cert
1839 crlImport nameConstraintsRFC822CA3CRL.crl
1840 pkits $certs/ValidRFC822nameConstraintsTest25EE.crt \
1841 $certs/nameConstraintsRFC822CA3Cert.crt
1842 restore_db
1843
1844 VFY_ACTION="Invalid RFC822 nameConstraints Test26"; log_banner
1845 certImport nameConstraintsRFC822CA3Cert
1846 crlImport nameConstraintsRFC822CA3CRL.crl
1847 pkitsn $certs/InvalidRFC822nameConstraintsTest26EE.crt \
1848 $certs/nameConstraintsRFC822CA3Cert.crt
1849 restore_db
1850
1851 VFY_ACTION="Valid DN and RFC822 nameConstraints Test27"; log_banner
1852 certImport nameConstraintsDN1CACert
1853 crlImport nameConstraintsDN1CACRL.crl
1854 certImport nameConstraintsDN1subCA3Cert
1855 crlImport nameConstraintsDN1subCA3CRL.crl
1856 pkits $certs/ValidDNandRFC822nameConstraintsTest27EE.crt \
1857 $certs/nameConstraintsDN1subCA3Cert.crt \
1858 $certs/nameConstraintsDN1CACert.crt
1859 restore_db
1860
1861 VFY_ACTION="Invalid DN and RFC822 nameConstraints Test28"; log_banner
1862 certImport nameConstraintsDN1CACert
1863 crlImport nameConstraintsDN1CACRL.crl
1864 certImport nameConstraintsDN1subCA3Cert
1865 crlImport nameConstraintsDN1subCA3CRL.crl
1866 pkitsn $certs/InvalidDNandRFC822nameConstraintsTest28EE.crt \
1867 $certs/nameConstraintsDN1subCA3Cert.crt \
1868 $certs/nameConstraintsDN1CACert.crt
1869 restore_db
1870
1871 VFY_ACTION="Invalid DN and RFC822 nameConstraints Test29"; log_banner
1872 certImport nameConstraintsDN1CACert
1873 crlImport nameConstraintsDN1CACRL.crl
1874 certImport nameConstraintsDN1subCA3Cert
1875 crlImport nameConstraintsDN1subCA3CRL.crl
1876 pkitsn $certs/InvalidDNandRFC822nameConstraintsTest29EE.crt \
1877 $certs/nameConstraintsDN1subCA3Cert.crt \
1878 $certs/nameConstraintsDN1CACert.crt
1879 restore_db
1880
1881 VFY_ACTION="Valid DNS nameConstraints Test30"; log_banner
1882 certImport nameConstraintsDNS1CACert
1883 crlImport nameConstraintsDNS1CACRL.crl
1884 pkits $certs/ValidDNSnameConstraintsTest30EE.crt \
1885 $certs/nameConstraintsDNS1CACert.crt
1886 restore_db
1887
1888 VFY_ACTION="Invalid DNS nameConstraints Test31"; log_banner
1889 certImport nameConstraintsDNS1CACert
1890 crlImport nameConstraintsDNS1CACRL.crl
1891 pkitsn $certs/InvalidDNSnameConstraintsTest31EE.crt \
1892 $certs/nameConstraintsDNS1CACert.crt
1893 restore_db
1894
1895 VFY_ACTION="Valid DNS nameConstraints Test32"; log_banner
1896 certImport nameConstraintsDNS2CACert
1897 crlImport nameConstraintsDNS2CACRL.crl
1898 pkits $certs/ValidDNSnameConstraintsTest32EE.crt \
1899 $certs/nameConstraintsDNS2CACert.crt
1900 restore_db
1901
1902 VFY_ACTION="Invalid DNS nameConstraints Test33"; log_banner
1903 certImport nameConstraintsDNS2CACert
1904 crlImport nameConstraintsDNS2CACRL.crl
1905 pkitsn $certs/InvalidDNSnameConstraintsTest33EE.crt \
1906 $certs/nameConstraintsDNS2CACert.crt
1907 restore_db
1908
1909 VFY_ACTION="Valid URI nameConstraints Test34"; log_banner
1910 certImport nameConstraintsURI1CACert
1911 crlImport nameConstraintsURI1CACRL.crl
1912 pkits $certs/ValidURInameConstraintsTest34EE.crt \
1913 $certs/nameConstraintsURI1CACert.crt
1914 restore_db
1915
1916 VFY_ACTION="Invalid URI nameConstraints Test35"; log_banner
1917 certImport nameConstraintsURI1CACert
1918 crlImport nameConstraintsURI1CACRL.crl
1919 pkitsn $certs/InvalidURInameConstraintsTest35EE.crt \
1920 $certs/nameConstraintsURI1CACert.crt
1921 restore_db
1922
1923 VFY_ACTION="Valid URI nameConstraints Test36"; log_banner
1924 certImport nameConstraintsURI2CACert
1925 crlImport nameConstraintsURI2CACRL.crl
1926 pkits $certs/ValidURInameConstraintsTest36EE.crt \
1927 $certs/nameConstraintsURI2CACert.crt
1928 restore_db
1929
1930 VFY_ACTION="Invalid URI nameConstraints Test37"; log_banner
1931 certImport nameConstraintsURI2CACert
1932 crlImport nameConstraintsURI2CACRL.crl
1933 pkitsn $certs/InvalidURInameConstraintsTest37EE.crt \
1934 $certs/nameConstraintsURI2CACert.crt
1935 restore_db
1936
1937 VFY_ACTION="Invalid DNS nameConstraints Test38"; log_banner
1938 certImport nameConstraintsDNS1CACert
1939 crlImport nameConstraintsDNS1CACRL.crl
1940 pkitsn $certs/InvalidDNSnameConstraintsTest38EE.crt \
1941 $certs/nameConstraintsDNS1CACert.crt
1942 restore_db
1943 }
1944
1945 pkits_PvtCertExtensions()
1946 {
1947 break_table "NIST PKITS Section 4.16: Private Certificate Extensions"
1948
1949 VFY_ACTION="Valid Unknown Not Critical Certificate Extension Test1"; log_banner
1950 pkits $certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
1951
1952 VFY_ACTION="Invalid Unknown Critical Certificate Extension Test2"; log_banner
1953 pkitsn $certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt
1954 }
1955
1956 ############################## pkits_cleanup ###########################
1957 # local shell function to finish this script (no exit since it might be
1958 # sourced)
1959 ########################################################################
1960 pkits_cleanup()
1961 {
1962 html "</TABLE><BR>"
1963 cd ${QADIR}
1964 . common/cleanup.sh
1965 }
1966
1967
1968 ################################## main ################################
1969 pkits_init
1970 pkits_SignatureVerification | tee -a $PKITS_LOG
1971 pkits_ValidityPeriods | tee -a $PKITS_LOG
1972 pkits_NameChaining | tee -a $PKITS_LOG
1973 pkits_BasicCertRevocation | tee -a $PKITS_LOG
1974 pkits_PathVerificWithSelfIssuedCerts | tee -a $PKITS_LOG
1975 pkits_BasicConstraints | tee -a $PKITS_LOG
1976 pkits_KeyUsage | tee -a $PKITS_LOG
1977 if [ -n "$NSS_PKITS_POLICIES" ]; then
1978 pkits_CertificatePolicies | tee -a $PKITS_LOG
1979 pkits_RequireExplicitPolicy | tee -a $PKITS_LOG
1980 pkits_PolicyMappings | tee -a $PKITS_LOG
1981 pkits_InhibitPolicyMapping | tee -a $PKITS_LOG
1982 pkits_InhibitAnyPolicy | tee -a $PKITS_LOG
1983 fi
1984 pkits_NameConstraints | tee -a $PKITS_LOG
1985 pkits_PvtCertExtensions | tee -a $PKITS_LOG
1986 pkits_cleanup
1987

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial