The Tor Browser / file comparison
comparison: security/nss/tests/chains/scenarios/trustanchors.cfg
security/nss/tests/chains/scenarios/trustanchors.cfg
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:05985717718f |
|---|---|
| 1 # This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 # License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 # file, You can obtain one at http://mozilla.org/MPL/2.0/. | |
| 4 | |
| 5 scenario TrustAnchors | |
| 6 | |
| 7 entity RootCA | |
| 8 type Root | |
| 9 | |
| 10 entity CA1 | |
| 11 type Intermediate | |
| 12 issuer RootCA | |
| 13 | |
| 14 entity CA2 | |
| 15 type Intermediate | |
| 16 issuer CA1 | |
| 17 | |
| 18 entity EE1 | |
| 19 type EE | |
| 20 issuer CA2 | |
| 21 | |
| 22 entity OtherRoot | |
| 23 type Root | |
| 24 | |
| 25 entity OtherIntermediate | |
| 26 type Intermediate | |
| 27 issuer OtherRoot | |
| 28 | |
| 29 entity EE2 | |
| 30 type EE | |
| 31 issuer OtherIntermediate | |
| 32 | |
| 33 # Scenarios where trust only comes from the DB | |
| 34 db DBOnly | |
| 35 | |
| 36 import RootCA::CT,C,C | |
| 37 import CA1:RootCA: | |
| 38 | |
| 39 # Simple chaining - no trust anchors | |
| 40 verify EE1:CA2 | |
| 41 cert CA2:CA1 | |
| 42 result pass | |
| 43 | |
| 44 # Simple trust anchors - ignore the Cert DB | |
| 45 verify EE1:CA2 | |
| 46 trust CA2:CA1 | |
| 47 result pass | |
| 48 | |
| 49 # Redundant trust - trust anchor and DB | |
| 50 verify EE1:CA2 | |
| 51 cert CA2:CA1 | |
| 52 trust RootCA | |
| 53 result pass | |
| 54 | |
| 55 | |
| 56 # Scenarios where trust only comes from trust anchors | |
| 57 db TrustOnly | |
| 58 | |
| 59 # Simple checking - direct trust anchor | |
| 60 verify EE1:CA2 | |
| 61 cert CA2:CA1 | |
| 62 cert CA1:RootCA: | |
| 63 trust RootCA: | |
| 64 result pass | |
| 65 | |
| 66 # Partial chain (not self-signed), with a trust anchor | |
| 67 verify EE1:CA2 | |
| 68 trust CA2:CA1 | |
| 69 result pass | |
| 70 | |
| 71 | |
| 72 # Scenarios where trust comes from both trust anchors and the DB | |
| 73 db TrustAndDB | |
| 74 | |
| 75 import RootCA::CT,C,C | |
| 76 import CA1:RootCA: | |
| 77 | |
| 78 # Check that trust in the DB works | |
| 79 verify EE1:CA2 | |
| 80 cert CA2:CA1 | |
| 81 result pass | |
| 82 | |
| 83 # Check that trust anchors work | |
| 84 verify EE2:OtherIntermediate | |
| 85 cert OtherIntermediate:OtherRoot | |
| 86 trust OtherRoot: | |
| 87 result pass | |
| 88 | |
| 89 # Check that specifying a trust anchor still allows searching the cert DB | |
| 90 verify EE1:CA2 | |
| 91 trust_and_db | |
| 92 cert CA2:CA1 | |
| 93 trust OtherIntermediate:OtherRoot | |
| 94 trust OtherRoot: | |
| 95 result pass | |
| 96 | |
| 97 # Scenarios where the trust DB has explicitly distrusted one or more certs, | |
| 98 # even when the trust anchors indicate trust | |
| 99 db ExplicitDistrust | |
| 100 | |
| 101 import RootCA::CT,C,C | |
| 102 import CA1:RootCA:p,p,p | |
| 103 import OtherRoot::p,p,p | |
| 104 | |
| 105 # Verify that a distrusted intermediate, but trusted root, is rejected. | |
| 106 verify EE1:CA2 | |
| 107 cert CA2:CA1 | |
| 108 trust CA1:RootCA | |
| 109 result fail | |
| 110 | |
| 111 # Verify that a trusted intermediate, but distrusted root, is accepted. | |
| 112 verify EE2:OtherIntermediate | |
| 113 trust OtherIntermediate:OtherRoot | |
| 114 result pass |
