1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/tests/pkits/pkits.sh Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1987 @@
1.4 +#!/bin/bash
1.5 +#
1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.9 +
1.10 +########################################################################
1.11 +#
1.12 +# mozilla/security/nss/tests/pkits/pkits.sh
1.13 +#
1.14 +# Script to test the NIST PKITS tests
1.15 +#
1.16 +# needs to work on all Unix and Windows platforms
1.17 +#
1.18 +# tests implemented:
1.19 +# vfychain
1.20 +#
1.21 +# special NOTES
1.22 +# ---------------
1.23 +# NIST PKITS data needs to be downloaded from
1.24 +# http://csrc.nist.gov/pki/testing/x509paths.html
1.25 +# Environment variable PKITS_DATA needs to be set to the directory
1.26 +# where this data is downloaded, or test data needs to be copied under
1.27 +# the mozilla source tree in mozilla/PKITS_DATA
1.28 +########################################################################
1.29 +
1.30 +############################## pkits_init ##############################
1.31 +# local shell function to initialize this script
1.32 +########################################################################
1.33 +pkits_init()
1.34 +{
1.35 + SCRIPTNAME=pkits.sh
1.36 +
1.37 + if [ -z "${CLEANUP}" ] ; then
1.38 + CLEANUP="${SCRIPTNAME}"
1.39 + fi
1.40 +
1.41 + if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
1.42 + cd ../common
1.43 + . ./init.sh
1.44 + fi
1.45 +
1.46 + if [ -z "${PKITS_DATA}" ]; then
1.47 + echo "${SCRIPTNAME}: PKITS data directory not defined, skipping."
1.48 + exit 0
1.49 + fi
1.50 +
1.51 + if [ ! -d "${PKITS_DATA}" ]; then
1.52 + echo "${SCRIPTNAME}: PKITS data directory ${PKITS_DATA} doesn't exist, skipping."
1.53 + exit 0
1.54 + fi
1.55 +
1.56 + PKITSDIR=${HOSTDIR}/pkits
1.57 +
1.58 + COPYDIR=${PKITSDIR}/copydir
1.59 +
1.60 + mkdir -p ${PKITSDIR}
1.61 + mkdir -p ${COPYDIR}
1.62 + mkdir -p ${PKITSDIR}/html
1.63 +
1.64 + certs=${PKITS_DATA}/certs
1.65 + crls=${PKITS_DATA}/crls
1.66 +
1.67 + cd ${PKITSDIR}
1.68 +
1.69 + PKITSdb=${PKITSDIR}/PKITSdb
1.70 + PKITSbkp=${PKITSDIR}/PKITSbkp
1.71 +
1.72 + PKITS_LOG=${PKITSDIR}/pkits.log #getting its own logfile
1.73 + pkits_log "Start of logfile $PKITS_LOG"
1.74 +
1.75 + if [ ! -d "${PKITSdb}" ]; then
1.76 + mkdir -p ${PKITSdb}
1.77 + else
1.78 + pkits_log "$SCRIPTNAME: WARNING - ${PKITSdb} exists"
1.79 + fi
1.80 +
1.81 + if [ ! -d "${PKITSbkp}" ]; then
1.82 + mkdir -p ${PKITSbkp}
1.83 + else
1.84 + pkits_log "$SCRIPTNAME: WARNING - ${PKITSbkp} exists"
1.85 + fi
1.86 +
1.87 + echo "HOSTDIR" $HOSTDIR
1.88 + echo "PKITSDIR" $PKITSDIR
1.89 + echo "PKITSdb" $PKITSdb
1.90 + echo "PKITSbkp" $PKITSbkp
1.91 + echo "PKITS_DATA" $PKITS_DATA
1.92 + echo "certs" $certs
1.93 + echo "crls" $crls
1.94 +
1.95 + echo nss > ${PKITSdb}/pw
1.96 + ${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
1.97 +
1.98 + ${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
1.99 + $certs/TrustAnchorRootCertificate.crt -d $PKITSdb
1.100 + if [ -z "$NSS_NO_PKITS_CRLS" ]; then
1.101 + ${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
1.102 + else
1.103 + html "<H3>NO CRLs are being used.</H3>"
1.104 + pkits_log "NO CRLs are being used."
1.105 + fi
1.106 +
1.107 + cp ${PKITSdb}/* ${PKITSbkp}
1.108 +
1.109 + KNOWN_BUG=
1.110 +}
1.111 +
1.112 +############################### pkits_log ##############################
1.113 +# write to pkits.log file
1.114 +########################################################################
1.115 +pkits_log()
1.116 +{
1.117 + echo "$SCRIPTNAME $*"
1.118 + echo $* >> ${PKITS_LOG}
1.119 +}
1.120 +
1.121 +restore_db()
1.122 +{
1.123 + echo "Restore DB"
1.124 + rm ${PKITSdb}/*
1.125 + cp ${PKITSbkp}/* ${PKITSdb}
1.126 +}
1.127 +
1.128 +log_banner()
1.129 +{
1.130 + echo ""
1.131 + echo "--------------------------------------------------------------------"
1.132 + echo "Test case ${VFY_ACTION}"
1.133 + echo ""
1.134 +}
1.135 +
1.136 +start_table()
1.137 +{
1.138 + html "<TABLE BORDER=1><TR><TH COLSPAN=3>$*</TH></TR>"
1.139 + html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>"
1.140 + echo ""
1.141 + echo "***************************************************************"
1.142 + echo "$*"
1.143 + echo "***************************************************************"
1.144 +}
1.145 +
1.146 +break_table()
1.147 +{
1.148 + html "</TABLE><P>"
1.149 + start_table "$@"
1.150 +}
1.151 +
1.152 +################################ pkits #################################
1.153 +# local shell function for positive testcases, calls vfychain, writes
1.154 +# action and options to stdout, sets variable RET and writes results to
1.155 +# the html file results
1.156 +########################################################################
1.157 +pkits()
1.158 +{
1.159 + echo "vfychain -d $PKITSdb -u 4 $*"
1.160 + ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
1.161 + RET=$?
1.162 + CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
1.163 + RET=`expr ${RET} + ${CNT}`
1.164 + cat ${PKITSDIR}/cmdout.txt
1.165 +
1.166 + if [ "$RET" -ne 0 ]; then
1.167 + html_failed "${VFY_ACTION} ($RET) "
1.168 + pkits_log "ERROR: ${VFY_ACTION} failed $RET"
1.169 + else
1.170 + html_passed "${VFY_ACTION}"
1.171 + pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
1.172 + fi
1.173 +
1.174 + return $RET
1.175 +}
1.176 +
1.177 +################################ pkitsn #################################
1.178 +# local shell function for negative testcases, calls vfychain, writes
1.179 +# action and options to stdout, sets variable RET and writes results to
1.180 +# the html file results
1.181 +########################################################################
1.182 +pkitsn()
1.183 +{
1.184 + echo "vfychain -d $PKITSdb -u 4 $*"
1.185 + ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
1.186 + RET=$?
1.187 + CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
1.188 + RET=`expr ${RET} + ${CNT}`
1.189 + cat ${PKITSDIR}/cmdout.txt
1.190 +
1.191 + if [ "$RET" -eq 0 ]; then
1.192 + html_failed "${VFY_ACTION} ($RET) "
1.193 + pkits_log "ERROR: ${VFY_ACTION} failed $RET"
1.194 + else
1.195 + html_passed "${VFY_ACTION} ($RET) "
1.196 + pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
1.197 + fi
1.198 + return $RET
1.199 +}
1.200 +
1.201 +################################ crlImport #############################
1.202 +# local shell function to import a CRL, calls crlutil -I -i, writes
1.203 +# action and options to stdout
1.204 +########################################################################
1.205 +crlImport()
1.206 +{
1.207 + if [ -z "$NSS_NO_PKITS_CRLS" ]; then
1.208 + echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
1.209 + ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
1.210 + RET=$?
1.211 + cat ${PKITSDIR}/cmdout.txt
1.212 +
1.213 + if [ "$RET" -ne 0 ]; then
1.214 + html_failed "${VFY_ACTION} ($RET) "
1.215 + pkits_log "ERROR: ${VFY_ACTION} failed $RET"
1.216 + fi
1.217 + fi
1.218 +}
1.219 +
1.220 +################################ crlImportn #############################
1.221 +# local shell function to import an incorrect CRL, calls crlutil -I -i,
1.222 +# writes action and options to stdout
1.223 +########################################################################
1.224 +crlImportn()
1.225 +{
1.226 + RET=0
1.227 + if [ -z "$NSS_NO_PKITS_CRLS" ]; then
1.228 + echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
1.229 + ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
1.230 + RET=$?
1.231 + cat ${PKITSDIR}/cmdout.txt
1.232 +
1.233 + if [ "$RET" -eq 0 ]; then
1.234 + html_failed "${VFY_ACTION} ($RET) "
1.235 + pkits_log "ERROR: ${VFY_ACTION} failed $RET"
1.236 + else
1.237 + html_passed "${VFY_ACTION} ($RET) "
1.238 + pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
1.239 + fi
1.240 + fi
1.241 + return $RET
1.242 +}
1.243 +
1.244 +################################ certImport #############################
1.245 +# local shell function to import a Cert, calls certutil -A, writes
1.246 +# action and options to stdout
1.247 +########################################################################
1.248 +certImport()
1.249 +{
1.250 + echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
1.251 + ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
1.252 + RET=$?
1.253 + cat ${PKITSDIR}/cmdout.txt
1.254 +
1.255 + if [ "$RET" -ne 0 ]; then
1.256 + html_failed "${VFY_ACTION} ($RET) "
1.257 + pkits_log "ERROR: ${VFY_ACTION} failed $RET"
1.258 + fi
1.259 +}
1.260 +
1.261 +################################ certImportn #############################
1.262 +# local shell function to import an incorrect Cert, calls certutil -A,
1.263 +# writes action and options to stdout
1.264 +########################################################################
1.265 +certImportn()
1.266 +{
1.267 + RET=0
1.268 + if [ -z "$NSS_NO_PKITS_CRLS" ]; then
1.269 + echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
1.270 + ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
1.271 + RET=$?
1.272 + cat ${PKITSDIR}/cmdout.txt
1.273 +
1.274 + if [ "$RET" -eq 0 ]; then
1.275 + html_failed "${VFY_ACTION} ($RET) "
1.276 + pkits_log "ERROR: ${VFY_ACTION} failed $RET"
1.277 + else
1.278 + html_passed "${VFY_ACTION} ($RET) "
1.279 + pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
1.280 + fi
1.281 + fi
1.282 +}
1.283 +
1.284 +############################## pkits_tests_bySection ###################
1.285 +# running the various PKITS tests
1.286 +########################################################################
1.287 +pkits_SignatureVerification()
1.288 +{
1.289 + start_table "NIST PKITS Section 4.1: Signature Verification"
1.290 +
1.291 + VFY_ACTION="Valid Signatures Test1"; log_banner
1.292 + certImport GoodCACert
1.293 + crlImport GoodCACRL.crl
1.294 + pkits $certs/ValidCertificatePathTest1EE.crt $certs/GoodCACert.crt
1.295 + restore_db
1.296 +
1.297 + VFY_ACTION="Invalid CA Signature Test2"; log_banner
1.298 + certImport BadSignedCACert
1.299 + crlImport BadSignedCACRL.crl
1.300 + pkitsn $certs/InvalidCASignatureTest2EE.crt \
1.301 + $certs/BadSignedCACert.crt
1.302 + restore_db
1.303 +
1.304 + VFY_ACTION="Invalid EE Signature Test3"; log_banner
1.305 + certImport GoodCACert
1.306 + crlImport GoodCACRL.crl
1.307 + pkitsn $certs/InvalidEESignatureTest3EE.crt $certs/GoodCACert.crt
1.308 + restore_db
1.309 +
1.310 + VFY_ACTION="Valid DSA Signatures Test4"; log_banner
1.311 + certImport DSACACert
1.312 + crlImport DSACACRL.crl
1.313 + pkits $certs/ValidDSASignaturesTest4EE.crt $certs/DSACACert.crt
1.314 + restore_db
1.315 +
1.316 + VFY_ACTION="Valid DSA Parameter Inheritance Test5"; log_banner
1.317 + certImport DSACACert
1.318 + crlImport DSACACRL.crl
1.319 + certImport DSAParametersInheritedCACert
1.320 + crlImport DSAParametersInheritedCACRL.crl
1.321 + pkits $certs/ValidDSAParameterInheritanceTest5EE.crt \
1.322 + $certs/DSAParametersInheritedCACert.crt \
1.323 + $certs/DSACACert.crt
1.324 + restore_db
1.325 +
1.326 + VFY_ACTION="Invalid DSA Signature Test6"; log_banner
1.327 + certImport DSACACert
1.328 + crlImport DSACACRL.crl
1.329 + pkitsn $certs/InvalidDSASignatureTest6EE.crt $certs/DSACACert.crt
1.330 + restore_db
1.331 +}
1.332 +
1.333 +pkits_ValidityPeriods()
1.334 +{
1.335 + break_table "NIST PKITS Section 4.2: Validity Periods"
1.336 +
1.337 + VFY_ACTION="Invalid CA notBefore Date Test1"; log_banner
1.338 + certImport BadnotBeforeDateCACert
1.339 + crlImportn BadnotBeforeDateCACRL.crl
1.340 + if [ $RET -eq 0 ] ; then
1.341 + pkitsn $certs/InvalidCAnotBeforeDateTest1EE.crt \
1.342 + $certs/BadnotBeforeDateCACert.crt
1.343 + fi
1.344 + restore_db
1.345 +
1.346 + VFY_ACTION="Invalid EE notBefore Date Test2"; log_banner
1.347 + certImport GoodCACert
1.348 + crlImport GoodCACRL.crl
1.349 + pkitsn $certs/InvalidEEnotBeforeDateTest2EE.crt \
1.350 + $certs/GoodCACert.crt
1.351 + restore_db
1.352 +
1.353 + VFY_ACTION="Valid pre2000 UTC notBefore Date Test3"; log_banner
1.354 + certImport GoodCACert
1.355 + crlImport GoodCACRL.crl
1.356 + pkits $certs/Validpre2000UTCnotBeforeDateTest3EE.crt \
1.357 + $certs/GoodCACert.crt
1.358 + restore_db
1.359 +
1.360 + VFY_ACTION="Valid GeneralizedTime notBefore Date Test4"; log_banner
1.361 + certImport GoodCACert
1.362 + crlImport GoodCACRL.crl
1.363 + pkits $certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt \
1.364 + $certs/GoodCACert.crt
1.365 + restore_db
1.366 +
1.367 + VFY_ACTION="Invalid CA notAfter Date Test5"; log_banner
1.368 + certImport BadnotAfterDateCACert
1.369 + crlImportn BadnotAfterDateCACRL.crl
1.370 + if [ $RET -eq 0 ] ; then
1.371 + pkitsn $certs/InvalidCAnotAfterDateTest5EE.crt \
1.372 + $certs/BadnotAfterDateCACert.crt
1.373 + fi
1.374 + restore_db
1.375 +
1.376 + VFY_ACTION="Invalid EE notAfter Date Test6"; log_banner
1.377 + certImport GoodCACert
1.378 + crlImport GoodCACRL.crl
1.379 + pkitsn $certs/InvalidEEnotAfterDateTest6EE.crt \
1.380 + $certs/GoodCACert.crt
1.381 + restore_db
1.382 +
1.383 + VFY_ACTION="Invalid pre2000 UTC EE notAfter Date Test7"; log_banner
1.384 + certImport GoodCACert
1.385 + crlImport GoodCACRL.crl
1.386 + pkitsn $certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt \
1.387 + $certs/GoodCACert.crt
1.388 + restore_db
1.389 +
1.390 + VFY_ACTION="ValidGeneralizedTime notAfter Date Test8"; log_banner
1.391 + certImport GoodCACert
1.392 + crlImport GoodCACRL.crl
1.393 + pkits $certs/ValidGeneralizedTimenotAfterDateTest8EE.crt \
1.394 + $certs/GoodCACert.crt
1.395 + restore_db
1.396 +}
1.397 +
1.398 +pkits_NameChaining()
1.399 +{
1.400 + break_table "NIST PKITS Section 4.3: Verifying NameChaining"
1.401 +
1.402 + VFY_ACTION="Invalid Name Chaining EE Test1"; log_banner
1.403 + certImport GoodCACert
1.404 + crlImport GoodCACRL.crl
1.405 + pkitsn $certs/InvalidNameChainingTest1EE.crt \
1.406 + $certs/GoodCACert.crt
1.407 + restore_db
1.408 +
1.409 + VFY_ACTION="Invalid Name Chaining Order Test2"; log_banner
1.410 + certImport NameOrderingCACert
1.411 + crlImport NameOrderCACRL.crl
1.412 + pkitsn $certs/InvalidNameChainingOrderTest2EE.crt \
1.413 + $certs/NameOrderingCACert.crt
1.414 + restore_db
1.415 +
1.416 +### bug 216123 ###
1.417 +if [ -n "${KNOWN_BUG}" ]; then
1.418 + VFY_ACTION="Valid Name Chaining Whitespace Test3"; log_banner
1.419 + certImport GoodCACert
1.420 + crlImport GoodCACRL.crl
1.421 + pkits $certs/ValidNameChainingWhitespaceTest3EE.crt \
1.422 + $certs/GoodCACert.crt
1.423 + restore_db
1.424 +
1.425 + VFY_ACTION="Valid Name Chaining Whitespace Test4"; log_banner
1.426 + certImport GoodCACert
1.427 + crlImport GoodCACRL.crl
1.428 + pkits $certs/ValidNameChainingWhitespaceTest4EE.crt \
1.429 + $certs/GoodCACert.crt
1.430 + restore_db
1.431 +
1.432 + VFY_ACTION="Valid Name Chaining Capitalization Test5"; log_banner
1.433 + certImport GoodCACert
1.434 + crlImport GoodCACRL.crl
1.435 + pkits $certs/ValidNameChainingCapitalizationTest5EE.crt \
1.436 + $certs/GoodCACert.crt
1.437 + restore_db
1.438 +fi
1.439 +
1.440 + VFY_ACTION="Valid Name Chaining UIDs Test6"; log_banner
1.441 + certImport UIDCACert
1.442 + crlImport UIDCACRL.crl
1.443 + pkits $certs/ValidNameUIDsTest6EE.crt $certs/UIDCACert.crt
1.444 + restore_db
1.445 +
1.446 + VFY_ACTION="Valid RFC3280 Mandatory Attribute Types Test7"; log_banner
1.447 + certImport RFC3280MandatoryAttributeTypesCACert
1.448 + crlImport RFC3280MandatoryAttributeTypesCACRL.crl
1.449 + pkits $certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt \
1.450 + $certs/RFC3280MandatoryAttributeTypesCACert.crt
1.451 + restore_db
1.452 +
1.453 + VFY_ACTION="Valid RFC3280 Optional Attribute Types Test8"; log_banner
1.454 + certImport RFC3280OptionalAttributeTypesCACert
1.455 + crlImport RFC3280OptionalAttributeTypesCACRL.crl
1.456 + pkits $certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt \
1.457 + $certs/RFC3280OptionalAttributeTypesCACert.crt
1.458 + restore_db
1.459 +
1.460 + VFY_ACTION="Valid UTF8String Encoded Names Test9"; log_banner
1.461 + certImport UTF8StringEncodedNamesCACert
1.462 + crlImport UTF8StringEncodedNamesCACRL.crl
1.463 + pkits $certs/ValidUTF8StringEncodedNamesTest9EE.crt \
1.464 + $certs/UTF8StringEncodedNamesCACert.crt
1.465 + restore_db
1.466 +
1.467 +### bug 216123 ###
1.468 +if [ -n "${KNOWN_BUG}" ]; then
1.469 + VFY_ACTION="Valid Rollover from PrintableString to UTF8String Test10"; log_banner
1.470 + certImport RolloverfromPrintableStringtoUTF8StringCACert
1.471 + crlImport RolloverfromPrintableStringtoUTF8StringCACRL.crl
1.472 + pkits $certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt \
1.473 + $certs/RolloverfromPrintableStringtoUTF8StringCACert.crt
1.474 + restore_db
1.475 +
1.476 + VFY_ACTION="Valid UTF8String case Insensitive Match Test11"; log_banner
1.477 + certImport UTF8StringCaseInsensitiveMatchCACert
1.478 + crlImport UTF8StringCaseInsensitiveMatchCACRL.crl
1.479 + pkits $certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt \
1.480 + $certs/UTF8StringCaseInsensitiveMatchCACert.crt
1.481 + restore_db
1.482 +fi
1.483 +}
1.484 +
1.485 +pkits_BasicCertRevocation()
1.486 +{
1.487 + break_table "NIST PKITS Section 4.4: Basic Certificate Revocation Tests"
1.488 +
1.489 +### bug 414556 ###
1.490 +if [ -n "${KNOWN_BUG}" ]; then
1.491 + VFY_ACTION="Missing CRL Test1"; log_banner
1.492 + pkitsn $certs/InvalidMissingCRLTest1EE.crt \
1.493 + $certs/NoCRLCACert.crt
1.494 +fi
1.495 +
1.496 + VFY_ACTION="Invalid Revoked CA Test2"; log_banner
1.497 + certImport RevokedsubCACert
1.498 + crlImport RevokedsubCACRL.crl
1.499 + certImport GoodCACert
1.500 + crlImport GoodCACRL.crl
1.501 + pkitsn $certs/InvalidRevokedCATest2EE.crt \
1.502 + $certs/RevokedsubCACert.crt $certs/GoodCACert.crt
1.503 + restore_db
1.504 +
1.505 + VFY_ACTION="Invalid Revoked EE Test3"; log_banner
1.506 + certImport GoodCACert
1.507 + crlImport GoodCACRL.crl
1.508 + pkitsn $certs/InvalidRevokedEETest3EE.crt \
1.509 + $certs/GoodCACert.crt
1.510 + restore_db
1.511 +
1.512 + VFY_ACTION="Invalid Bad CRL Signature Test4"; log_banner
1.513 + certImport BadCRLSignatureCACert
1.514 + crlImportn BadCRLSignatureCACRL.crl
1.515 + if [ $RET -eq 0 ] ; then
1.516 + pkitsn $certs/InvalidBadCRLSignatureTest4EE.crt \
1.517 + $certs/BadCRLSignatureCACert.crt
1.518 + fi
1.519 + restore_db
1.520 +
1.521 + VFY_ACTION="Invalid Bad CRL Issuer Name Test5"; log_banner
1.522 + certImport BadCRLIssuerNameCACert
1.523 + crlImportn BadCRLIssuerNameCACRL.crl
1.524 + if [ $RET -eq 0 ] ; then
1.525 + pkitsn $certs/InvalidBadCRLIssuerNameTest5EE.crt \
1.526 + $certs/BadCRLIssuerNameCACert.crt
1.527 + fi
1.528 + restore_db
1.529 +
1.530 +### bug 414556 ###
1.531 +if [ -n "${KNOWN_BUG}" ]; then
1.532 + VFY_ACTION="Invalid Wrong CRL Test6"; log_banner
1.533 + certImport WrongCRLCACert
1.534 + crlImport WrongCRLCACRL.crl
1.535 + pkitsn $certs/InvalidWrongCRLTest6EE.crt \
1.536 + $certs/WrongCRLCACert.crt
1.537 + restore_db
1.538 +fi
1.539 +
1.540 + VFY_ACTION="Valid Two CRLs Test7"; log_banner
1.541 + certImport TwoCRLsCACert
1.542 + crlImport TwoCRLsCAGoodCRL.crl
1.543 + crlImportn TwoCRLsCABadCRL.crl
1.544 + pkits $certs/ValidTwoCRLsTest7EE.crt \
1.545 + $certs/TwoCRLsCACert.crt
1.546 + restore_db
1.547 +
1.548 + VFY_ACTION="Invalid Unknown CRL Entry Extension Test8"; log_banner
1.549 + certImport UnknownCRLEntryExtensionCACert
1.550 + crlImportn UnknownCRLEntryExtensionCACRL.crl
1.551 + if [ $RET -eq 0 ] ; then
1.552 + pkitsn $certs/InvalidUnknownCRLEntryExtensionTest8EE.crt \
1.553 + $certs/UnknownCRLEntryExtensionCACert.crt
1.554 + fi
1.555 + restore_db
1.556 +
1.557 + VFY_ACTION="Invalid Unknown CRL Extension Test9"; log_banner
1.558 + certImport UnknownCRLExtensionCACert
1.559 + crlImportn UnknownCRLExtensionCACRL.crl
1.560 + if [ $RET -eq 0 ] ; then
1.561 + pkitsn $certs/InvalidUnknownCRLExtensionTest9EE.crt \
1.562 + $certs/UnknownCRLExtensionCACert.crt
1.563 + fi
1.564 + restore_db
1.565 +
1.566 + VFY_ACTION="Invalid Unknown CRL Extension Test10"; log_banner
1.567 + certImport UnknownCRLExtensionCACert
1.568 + crlImportn UnknownCRLExtensionCACRL.crl
1.569 + if [ $RET -eq 0 ] ; then
1.570 + pkitsn $certs/InvalidUnknownCRLExtensionTest10EE.crt \
1.571 + $certs/UnknownCRLExtensionCACert.crt
1.572 + fi
1.573 + restore_db
1.574 +
1.575 +### bug 414563 ###
1.576 +if [ -n "${KNOWN_BUG}" ]; then
1.577 + VFY_ACTION="Invalid Old CRL nextUpdate Test11"; log_banner
1.578 + certImport OldCRLnextUpdateCACert
1.579 + crlImport OldCRLnextUpdateCACRL.crl
1.580 + pkitsn $certs/InvalidOldCRLnextUpdateTest11EE.crt \
1.581 + $certs/OldCRLnextUpdateCACert.crt
1.582 + restore_db
1.583 +
1.584 + VFY_ACTION="Invalid pre2000 CRL nextUpdate Test12"; log_banner
1.585 + certImport pre2000CRLnextUpdateCACert
1.586 + crlImport pre2000CRLnextUpdateCACRL.crl
1.587 + pkitsn $certs/Invalidpre2000CRLnextUpdateTest12EE.crt \
1.588 + $certs/pre2000CRLnextUpdateCACert.crt
1.589 + restore_db
1.590 +fi
1.591 +
1.592 + VFY_ACTION="Valid GeneralizedTime CRL nextUpdate Test13"; log_banner
1.593 + certImport GeneralizedTimeCRLnextUpdateCACert
1.594 + crlImport GeneralizedTimeCRLnextUpdateCACRL.crl
1.595 + pkits $certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt \
1.596 + $certs/GeneralizedTimeCRLnextUpdateCACert.crt
1.597 + restore_db
1.598 +
1.599 + VFY_ACTION="Valid Negative Serial Number Test14"; log_banner
1.600 + certImport NegativeSerialNumberCACert
1.601 + crlImport NegativeSerialNumberCACRL.crl
1.602 + pkits $certs/ValidNegativeSerialNumberTest14EE.crt \
1.603 + $certs/NegativeSerialNumberCACert.crt
1.604 + restore_db
1.605 +
1.606 + VFY_ACTION="Invalid Negative Serial Number Test15"; log_banner
1.607 + certImport NegativeSerialNumberCACert
1.608 + crlImport NegativeSerialNumberCACRL.crl
1.609 + pkitsn $certs/InvalidNegativeSerialNumberTest15EE.crt \
1.610 + $certs/NegativeSerialNumberCACert.crt
1.611 + restore_db
1.612 +
1.613 + VFY_ACTION="Valid Long Serial Number Test16"; log_banner
1.614 + certImport LongSerialNumberCACert
1.615 + crlImport LongSerialNumberCACRL.crl
1.616 + pkits $certs/ValidLongSerialNumberTest16EE.crt \
1.617 + $certs/LongSerialNumberCACert.crt
1.618 + restore_db
1.619 +
1.620 + VFY_ACTION="Valid Long Serial Number Test17"; log_banner
1.621 + certImport LongSerialNumberCACert
1.622 + crlImport LongSerialNumberCACRL.crl
1.623 + pkits $certs/ValidLongSerialNumberTest17EE.crt \
1.624 + $certs/LongSerialNumberCACert.crt
1.625 + restore_db
1.626 +
1.627 + VFY_ACTION="Invalid Long Serial Number Test18"; log_banner
1.628 + certImport LongSerialNumberCACert
1.629 + crlImport LongSerialNumberCACRL.crl
1.630 + pkitsn $certs/InvalidLongSerialNumberTest18EE.crt \
1.631 + $certs/LongSerialNumberCACert.crt
1.632 + restore_db
1.633 +
1.634 +### bug 232737 ###
1.635 +if [ -n "${KNOWN_BUG}" ]; then
1.636 + VFY_ACTION="Valid Separate Certificate and CRL Keys Test19"; log_banner
1.637 + certImport SeparateCertificateandCRLKeysCertificateSigningCACert
1.638 + certImport SeparateCertificateandCRLKeysCRLSigningCert
1.639 + crlImport SeparateCertificateandCRLKeysCRL.crl
1.640 + pkits $certs/ValidSeparateCertificateandCRLKeysTest19EE.crt \
1.641 + $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
1.642 + restore_db
1.643 +
1.644 + VFY_ACTION="Invalid Separate Certificate and CRL Keys Test20"; log_banner
1.645 + certImport SeparateCertificateandCRLKeysCertificateSigningCACert
1.646 + certImport SeparateCertificateandCRLKeysCRLSigningCert
1.647 + crlImport SeparateCertificateandCRLKeysCRL.crl
1.648 + pkits $certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt \
1.649 + $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
1.650 + restore_db
1.651 +
1.652 + VFY_ACTION="Invalid Separate Certificate and CRL Keys Test21"; log_banner
1.653 + certImport SeparateCertificateandCRLKeysCA2CertificateSigningCACert
1.654 + certImport SeparateCertificateandCRLKeysCA2CRLSigningCert
1.655 + crlImport SeparateCertificateandCRLKeysCA2CRL.crl
1.656 + pkits $certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt \
1.657 + $certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
1.658 + restore_db
1.659 +fi
1.660 +}
1.661 +
1.662 +pkits_PathVerificWithSelfIssuedCerts()
1.663 +{
1.664 + break_table "NIST PKITS Section 4.5: Self-Issued Certificates"
1.665 +
1.666 +### bug 232737 ###
1.667 +if [ -n "${KNOWN_BUG}" ]; then
1.668 + VFY_ACTION="Valid Basic Self-Issued Old With New Test1"; log_banner
1.669 + certImport BasicSelfIssuedNewKeyCACert
1.670 + crlImport BasicSelfIssuedNewKeyCACRL.crl
1.671 + pkits $certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt \
1.672 + $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
1.673 + $certs/BasicSelfIssuedNewKeyCACert.crt
1.674 + restore_db
1.675 +
1.676 + VFY_ACTION="Invalid Basic Self-Issued Old With New Test2"; log_banner
1.677 + certImport BasicSelfIssuedNewKeyCACert
1.678 + crlImport BasicSelfIssuedNewKeyCACRL.crl
1.679 + pkitsn $certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt \
1.680 + $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
1.681 + $certs/BasicSelfIssuedNewKeyCACert.crt
1.682 + restore_db
1.683 +fi
1.684 +
1.685 +### bugs 321755 & 418769 ###
1.686 +if [ -n "${KNOWN_BUG}" ]; then
1.687 + VFY_ACTION="Valid Basic Self-Issued New With Old Test3"; log_banner
1.688 + certImport BasicSelfIssuedOldKeyCACert
1.689 + crlImport BasicSelfIssuedOldKeyCACRL.crl
1.690 + pkits $certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt \
1.691 + $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
1.692 + $certs/BasicSelfIssuedOldKeyCACert.crt
1.693 + restore_db
1.694 +
1.695 + VFY_ACTION="Valid Basic Self-Issued New With Old Test4"; log_banner
1.696 + certImport BasicSelfIssuedOldKeyCACert
1.697 + crlImport BasicSelfIssuedOldKeyCACRL.crl
1.698 + pkits $certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt \
1.699 + $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
1.700 + $certs/BasicSelfIssuedOldKeyCACert.crt
1.701 + restore_db
1.702 +
1.703 + VFY_ACTION="Invalid Basic Self-Issued New With Old Test5"; log_banner
1.704 + certImport BasicSelfIssuedOldKeyCACert
1.705 + crlImport BasicSelfIssuedOldKeyCACRL.crl
1.706 + pkitsn $certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt \
1.707 + $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
1.708 + $certs/BasicSelfIssuedOldKeyCACert.crt
1.709 + restore_db
1.710 +
1.711 + VFY_ACTION="Valid Basic Self-Issued CRL Signing Key Test6"; log_banner
1.712 + certImport BasicSelfIssuedCRLSigningKeyCACert
1.713 + crlImport BasicSelfIssuedOldKeyCACRL.crl
1.714 + pkits $certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt \
1.715 + $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
1.716 + $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
1.717 + restore_db
1.718 +
1.719 + VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test7"; log_banner
1.720 + certImport BasicSelfIssuedCRLSigningKeyCACert
1.721 + crlImport BasicSelfIssuedOldKeyCACRL.crl
1.722 + pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt \
1.723 + $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
1.724 + $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
1.725 + restore_db
1.726 +
1.727 + VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test8"; log_banner
1.728 + certImport BasicSelfIssuedCRLSigningKeyCACert
1.729 + crlImport BasicSelfIssuedOldKeyCACRL.crl
1.730 + pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt \
1.731 + $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
1.732 + $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
1.733 + restore_db
1.734 +fi
1.735 +}
1.736 +
1.737 +pkits_BasicConstraints()
1.738 +{
1.739 + break_table "NIST PKITS Section 4.6: Verifying Basic Constraints"
1.740 +
1.741 + VFY_ACTION="Invalid Missing basicConstraints Test1"; log_banner
1.742 + certImport MissingbasicConstraintsCACert
1.743 + crlImport MissingbasicConstraintsCACRL.crl
1.744 + pkitsn $certs/InvalidMissingbasicConstraintsTest1EE.crt \
1.745 + $certs/MissingbasicConstraintsCACert.crt
1.746 + restore_db
1.747 +
1.748 + VFY_ACTION="Invalid cA False Test2"; log_banner
1.749 + certImport basicConstraintsCriticalcAFalseCACert
1.750 + crlImport basicConstraintsCriticalcAFalseCACRL.crl
1.751 + pkitsn $certs/InvalidcAFalseTest2EE.crt \
1.752 + $certs/basicConstraintsCriticalcAFalseCACert.crt
1.753 + restore_db
1.754 +
1.755 + VFY_ACTION="Invalid cA False Test3"; log_banner
1.756 + certImport basicConstraintsNotCriticalcAFalseCACert
1.757 + crlImport basicConstraintsNotCriticalcAFalseCACRL.crl
1.758 + pkitsn $certs/InvalidcAFalseTest3EE.crt \
1.759 + $certs/basicConstraintsNotCriticalcAFalseCACert.crt
1.760 + restore_db
1.761 +
1.762 + VFY_ACTION="Valid basicConstraints Not Critical Test4"; log_banner
1.763 + certImport basicConstraintsNotCriticalCACert
1.764 + crlImport basicConstraintsNotCriticalCACRL.crl
1.765 + pkits $certs/ValidbasicConstraintsNotCriticalTest4EE.crt \
1.766 + $certs/basicConstraintsNotCriticalCACert.crt
1.767 + restore_db
1.768 +
1.769 + VFY_ACTION="Invalid pathLenConstraint Test5"; log_banner
1.770 + certImport pathLenConstraint0CACert
1.771 + crlImport pathLenConstraint0CACRL.crl
1.772 + certImport pathLenConstraint0subCACert
1.773 + crlImport pathLenConstraint0subCACRL.crl
1.774 + pkitsn $certs/InvalidpathLenConstraintTest5EE.crt \
1.775 + $certs/pathLenConstraint0subCACert.crt \
1.776 + $certs/pathLenConstraint0CACert.crt
1.777 + restore_db
1.778 +
1.779 + VFY_ACTION="Invalid pathLenConstraint Test6"; log_banner
1.780 + certImport pathLenConstraint0CACert
1.781 + crlImport pathLenConstraint0CACRL.crl
1.782 + certImport pathLenConstraint0subCACert
1.783 + crlImport pathLenConstraint0subCACRL.crl
1.784 + pkitsn $certs/InvalidpathLenConstraintTest6EE.crt \
1.785 + $certs/pathLenConstraint0subCACert.crt \
1.786 + $certs/pathLenConstraint0CACert.crt
1.787 + restore_db
1.788 +
1.789 + VFY_ACTION="Valid pathLenConstraint Test7"; log_banner
1.790 + certImport pathLenConstraint0CACert
1.791 + crlImport pathLenConstraint0CACRL.crl
1.792 + pkits $certs/ValidpathLenConstraintTest7EE.crt \
1.793 + $certs/pathLenConstraint0CACert.crt
1.794 + restore_db
1.795 +
1.796 + VFY_ACTION="Valid pathLenConstraint test8"; log_banner
1.797 + certImport pathLenConstraint0CACert
1.798 + crlImport pathLenConstraint0CACRL.crl
1.799 + pkits $certs/ValidpathLenConstraintTest8EE.crt \
1.800 + $certs/pathLenConstraint0CACert.crt
1.801 + restore_db
1.802 +
1.803 + VFY_ACTION="Invalid pathLenConstraint Test9"; log_banner
1.804 + certImport pathLenConstraint6CACert
1.805 + crlImport pathLenConstraint6CACRL.crl
1.806 + certImport pathLenConstraint6subCA0Cert
1.807 + crlImport pathLenConstraint6subCA0CRL.crl
1.808 + certImport pathLenConstraint6subsubCA00Cert
1.809 + crlImport pathLenConstraint6subsubCA00CRL.crl
1.810 + pkitsn $certs/InvalidpathLenConstraintTest9EE.crt \
1.811 + $certs/pathLenConstraint6subsubCA00Cert.crt \
1.812 + $certs/pathLenConstraint6subCA0Cert.crt \
1.813 + $certs/pathLenConstraint6CACert.crt
1.814 + restore_db
1.815 +
1.816 + VFY_ACTION="Invalid pathLenConstraint Test10"; log_banner
1.817 + certImport pathLenConstraint6CACert
1.818 + crlImport pathLenConstraint6CACRL.crl
1.819 + certImport pathLenConstraint6subCA0Cert
1.820 + crlImport pathLenConstraint6subCA0CRL.crl
1.821 + certImport pathLenConstraint6subsubCA00Cert
1.822 + crlImport pathLenConstraint6subsubCA00CRL.crl
1.823 + pkitsn $certs/InvalidpathLenConstraintTest10EE.crt \
1.824 + $certs/pathLenConstraint6subsubCA00Cert.crt \
1.825 + $certs/pathLenConstraint6subCA0Cert.crt \
1.826 + $certs/pathLenConstraint6CACert.crt
1.827 + restore_db
1.828 +
1.829 + VFY_ACTION="Invalid pathLenConstraint Test11"; log_banner
1.830 + certImport pathLenConstraint6CACert
1.831 + crlImport pathLenConstraint6CACRL.crl
1.832 + certImport pathLenConstraint6subCA1Cert
1.833 + crlImport pathLenConstraint6subCA1CRL.crl
1.834 + certImport pathLenConstraint6subsubCA11Cert
1.835 + crlImport pathLenConstraint6subsubCA11CRL.crl
1.836 + certImport pathLenConstraint6subsubsubCA11XCert
1.837 + crlImport pathLenConstraint6subsubsubCA11XCRL.crl
1.838 + pkitsn $certs/InvalidpathLenConstraintTest11EE.crt \
1.839 + $certs/pathLenConstraint6subsubsubCA11XCert.crt \
1.840 + $certs/pathLenConstraint6subsubCA11Cert.crt \
1.841 + $certs/pathLenConstraint6subCA1Cert.crt \
1.842 + $certs/pathLenConstraint6CACert.crt
1.843 + restore_db
1.844 +
1.845 + VFY_ACTION="Invalid pathLenConstraint test12"; log_banner
1.846 + certImport pathLenConstraint6CACert
1.847 + crlImport pathLenConstraint6CACRL.crl
1.848 + certImport pathLenConstraint6subCA1Cert
1.849 + crlImport pathLenConstraint6subCA1CRL.crl
1.850 + certImport pathLenConstraint6subsubCA11Cert
1.851 + crlImport pathLenConstraint6subsubCA11CRL.crl
1.852 + certImport pathLenConstraint6subsubsubCA11XCert
1.853 + crlImport pathLenConstraint6subsubsubCA11XCRL.crl
1.854 + pkitsn $certs/InvalidpathLenConstraintTest12EE.crt \
1.855 + $certs/pathLenConstraint6subsubsubCA11XCert.crt \
1.856 + $certs/pathLenConstraint6subsubCA11Cert.crt \
1.857 + $certs/pathLenConstraint6subCA1Cert.crt \
1.858 + $certs/pathLenConstraint6CACert.crt
1.859 + restore_db
1.860 +
1.861 + VFY_ACTION="Valid pathLenConstraint Test13"; log_banner
1.862 + certImport pathLenConstraint6CACert
1.863 + crlImport pathLenConstraint6CACRL.crl
1.864 + certImport pathLenConstraint6subCA4Cert
1.865 + crlImport pathLenConstraint6subCA4CRL.crl
1.866 + certImport pathLenConstraint6subsubCA41Cert
1.867 + crlImport pathLenConstraint6subsubCA41CRL.crl
1.868 + certImport pathLenConstraint6subsubsubCA41XCert
1.869 + crlImport pathLenConstraint6subsubsubCA41XCRL.crl
1.870 + pkits $certs/ValidpathLenConstraintTest13EE.crt \
1.871 + $certs/pathLenConstraint6subsubsubCA41XCert.crt \
1.872 + $certs/pathLenConstraint6subsubCA41Cert.crt \
1.873 + $certs/pathLenConstraint6subCA4Cert.crt \
1.874 + $certs/pathLenConstraint6CACert.crt
1.875 + restore_db
1.876 +
1.877 + VFY_ACTION="Valid pathLenConstraint Test14"; log_banner
1.878 + certImport pathLenConstraint6CACert
1.879 + crlImport pathLenConstraint6CACRL.crl
1.880 + certImport pathLenConstraint6subCA4Cert
1.881 + crlImport pathLenConstraint6subCA4CRL.crl
1.882 + certImport pathLenConstraint6subsubCA41Cert
1.883 + crlImport pathLenConstraint6subsubCA41CRL.crl
1.884 + certImport pathLenConstraint6subsubsubCA41XCert
1.885 + crlImport pathLenConstraint6subsubsubCA41XCRL.crl
1.886 + pkits $certs/ValidpathLenConstraintTest14EE.crt \
1.887 + $certs/pathLenConstraint6subsubsubCA41XCert.crt \
1.888 + $certs/pathLenConstraint6subsubCA41Cert.crt \
1.889 + $certs/pathLenConstraint6subCA4Cert.crt \
1.890 + $certs/pathLenConstraint6CACert.crt
1.891 + restore_db
1.892 +
1.893 +### bug 232737 ###
1.894 +if [ -n "${KNOWN_BUG}" ]; then
1.895 + VFY_ACTION="Valid Self-Issued pathLenConstraint Test15"; log_banner
1.896 + certImport pathLenConstraint0CACert
1.897 + crlImport pathLenConstraint0CACRL.crl
1.898 + pkits $certs/ValidSelfIssuedpathLenConstraintTest15EE.crt \
1.899 + $certs/pathLenConstraint0SelfIssuedCACert.crt \
1.900 + $certs/pathLenConstraint0CACert.crt
1.901 + restore_db
1.902 +fi
1.903 +
1.904 + VFY_ACTION="Invalid Self-Issued pathLenConstraint Test16"; log_banner
1.905 + certImport pathLenConstraint0CACert
1.906 + crlImport pathLenConstraint0CACRL.crl
1.907 + certImport pathLenConstraint0subCA2Cert
1.908 + crlImport pathLenConstraint0subCA2CRL.crl
1.909 + pkitsn $certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt \
1.910 + $certs/pathLenConstraint0subCA2Cert.crt \
1.911 + $certs/pathLenConstraint0SelfIssuedCACert.crt \
1.912 + $certs/pathLenConstraint0CACert.crt
1.913 + restore_db
1.914 +
1.915 +### bug 232737 ###
1.916 +if [ -n "${KNOWN_BUG}" ]; then
1.917 + VFY_ACTION="Valid Self-Issued pathLenConstraint Test17"; log_banner
1.918 + certImport pathLenConstraint1CACert
1.919 + crlImport pathLenConstraint1CACRL.crl
1.920 + certImport pathLenConstraint1subCACert
1.921 + crlImport pathLenConstraint1subCACRL.crl
1.922 + pkits $certs/ValidSelfIssuedpathLenConstraintTest17EE.crt \
1.923 + $certs/pathLenConstraint1SelfIssuedsubCACert.crt \
1.924 + $certs/pathLenConstraint1subCACert.crt \
1.925 + $certs/pathLenConstraint1SelfIssuedCACert.crt \
1.926 + $certs/pathLenConstraint1CACert.crt
1.927 + restore_db
1.928 +fi
1.929 +}
1.930 +
1.931 +pkits_KeyUsage()
1.932 +{
1.933 + break_table "NIST PKITS Section 4.7: Key Usage"
1.934 +
1.935 + VFY_ACTION="Invalid keyUsage Critical keyCertSign False Test1"; log_banner
1.936 + certImport keyUsageCriticalkeyCertSignFalseCACert
1.937 + crlImport keyUsageCriticalkeyCertSignFalseCACRL.crl
1.938 + pkitsn $certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt \
1.939 + $certs/keyUsageCriticalkeyCertSignFalseCACert.crt
1.940 + restore_db
1.941 +
1.942 + VFY_ACTION="Invalid keyUsage Not Critical keyCertSign False Test2"; log_banner
1.943 + certImport keyUsageNotCriticalkeyCertSignFalseCACert
1.944 + crlImport keyUsageNotCriticalkeyCertSignFalseCACRL.crl
1.945 + pkitsn $certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt \
1.946 + $certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt
1.947 + restore_db
1.948 +
1.949 + VFY_ACTION="Valid keyUsage Not Critical Test3"; log_banner
1.950 + certImport keyUsageNotCriticalCACert
1.951 + crlImport keyUsageNotCriticalCACRL.crl
1.952 + pkits $certs/ValidkeyUsageNotCriticalTest3EE.crt \
1.953 + $certs/keyUsageNotCriticalCACert.crt
1.954 + restore_db
1.955 +
1.956 + VFY_ACTION="Invalid keyUsage Critical cRLSign False Test4"; log_banner
1.957 + certImport keyUsageCriticalcRLSignFalseCACert
1.958 + crlImportn keyUsageCriticalcRLSignFalseCACRL.crl
1.959 + if [ $RET -eq 0 ] ; then
1.960 + pkitsn $certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt \
1.961 + $certs/keyUsageCriticalcRLSignFalseCACert.crt
1.962 + fi
1.963 + restore_db
1.964 +
1.965 + VFY_ACTION="Invalid keyUsage Not Critical cRLSign False Test5"; log_banner
1.966 + certImport keyUsageNotCriticalcRLSignFalseCACert
1.967 + crlImportn keyUsageNotCriticalcRLSignFalseCACRL.crl
1.968 + if [ $RET -eq 0 ] ; then
1.969 + pkitsn $certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt \
1.970 + $certs/keyUsageNotCriticalcRLSignFalseCACert.crt
1.971 + fi
1.972 + restore_db
1.973 +}
1.974 +
1.975 +pkits_CertificatePolicies()
1.976 +{
1.977 + break_table "NIST PKITS Section 4.8: Certificate Policies"
1.978 +
1.979 + VFY_ACTION="All Certificates Same Policy Test1"; log_banner
1.980 + certImport GoodCACert
1.981 + crlImport GoodCACRL.crl
1.982 + pkits $certs/ValidCertificatePathTest1EE.crt \
1.983 + $certs/GoodCACert.crt
1.984 + restore_db
1.985 +
1.986 + VFY_ACTION="All Certificates No Policies Test2"; log_banner
1.987 + certImport NoPoliciesCACert
1.988 + crlImport NoPoliciesCACRL.crl
1.989 + pkits $certs/AllCertificatesNoPoliciesTest2EE.crt \
1.990 + $certs/NoPoliciesCACert.crt
1.991 + restore_db
1.992 +
1.993 + VFY_ACTION="Different Policies Test3"; log_banner
1.994 + certImport GoodCACert
1.995 + crlImport GoodCACRL.crl
1.996 + certImport PoliciesP2subCACert
1.997 + crlImport PoliciesP2subCACRL.crl
1.998 + pkits $certs/DifferentPoliciesTest3EE.crt \
1.999 + $certs/PoliciesP2subCACert.crt \
1.1000 + $certs/GoodCACert.crt
1.1001 + restore_db
1.1002 +
1.1003 + VFY_ACTION="Different Policies Test4"; log_banner
1.1004 + certImport GoodCACert
1.1005 + crlImport GoodCACRL.crl
1.1006 + certImport GoodsubCACert
1.1007 + crlImport GoodsubCACRL.crl
1.1008 + pkits $certs/DifferentPoliciesTest4EE.crt \
1.1009 + $certs/GoodsubCACert.crt \
1.1010 + $certs/GoodCACert.crt
1.1011 + restore_db
1.1012 +
1.1013 + VFY_ACTION="Different Policies Test5"; log_banner
1.1014 + certImport GoodCACert
1.1015 + crlImport GoodCACRL.crl
1.1016 + certImport PoliciesP2subCA2Cert
1.1017 + crlImport PoliciesP2subCA2CRL.crl
1.1018 + pkits $certs/DifferentPoliciesTest5EE.crt \
1.1019 + $certs/PoliciesP2subCA2Cert.crt \
1.1020 + $certs/GoodCACert.crt
1.1021 + restore_db
1.1022 +
1.1023 + VFY_ACTION="Overlapping Policies Test6"; log_banner
1.1024 + certImport PoliciesP1234CACert
1.1025 + crlImport PoliciesP1234CACRL.crl
1.1026 + certImport PoliciesP1234subCAP123Cert
1.1027 + crlImport PoliciesP1234subCAP123CRL.crl
1.1028 + certImport PoliciesP1234subsubCAP123P12Cert
1.1029 + crlImport PoliciesP1234subsubCAP123P12CRL.crl
1.1030 + pkits $certs/OverlappingPoliciesTest6EE.crt \
1.1031 + $certs/PoliciesP1234subsubCAP123P12Cert.crt \
1.1032 + $certs/PoliciesP1234subCAP123Cert.crt \
1.1033 + $certs/PoliciesP1234CACert.crt
1.1034 + restore_db
1.1035 +
1.1036 + VFY_ACTION="Different Policies Test7"; log_banner
1.1037 + certImport PoliciesP123CACert
1.1038 + crlImport PoliciesP123CACRL.crl
1.1039 + certImport PoliciesP123subCAP12Cert
1.1040 + crlImport PoliciesP123subCAP12CRL.crl
1.1041 + certImport PoliciesP123subsubCAP12P1Cert
1.1042 + crlImport PoliciesP123subsubCAP12P1CRL.crl
1.1043 + pkits $certs/DifferentPoliciesTest7EE.crt \
1.1044 + $certs/PoliciesP123subsubCAP12P1Cert.crt \
1.1045 + $certs/PoliciesP123subCAP12Cert.crt \
1.1046 + $certs/PoliciesP123CACert.crt
1.1047 + restore_db
1.1048 +
1.1049 + VFY_ACTION="Different Policies Test8"; log_banner
1.1050 + certImport PoliciesP12CACert
1.1051 + crlImport PoliciesP12CACRL.crl
1.1052 + certImport PoliciesP12subCAP1Cert
1.1053 + crlImport PoliciesP12subCAP1CRL.crl
1.1054 + certImport PoliciesP12subsubCAP1P2Cert
1.1055 + crlImport PoliciesP12subsubCAP1P2CRL.crl
1.1056 + pkits $certs/DifferentPoliciesTest8EE.crt \
1.1057 + $certs/PoliciesP123subsubCAP12P1Cert.crt \
1.1058 + $certs/PoliciesP12subCAP1Cert.crt \
1.1059 + $certs/PoliciesP12CACert.crt
1.1060 + restore_db
1.1061 +
1.1062 + VFY_ACTION="Different Policies Test9"; log_banner
1.1063 + certImport PoliciesP123CACert
1.1064 + crlImport PoliciesP123CACRL.crl
1.1065 + certImport PoliciesP123subCAP12Cert
1.1066 + crlImport PoliciesP123subCAP12CRL.crl
1.1067 + certImport PoliciesP123subsubCAP12P2Cert
1.1068 + crlImport PoliciesP123subsubCAP2P2CRL.crl
1.1069 + certImport PoliciesP123subsubsubCAP12P2P1Cert
1.1070 + crlImport PoliciesP123subsubsubCAP12P2P1CRL.crl
1.1071 + pkits $certs/DifferentPoliciesTest9EE.crt \
1.1072 + $certs/PoliciesP123subsubsubCAP12P2P1Cert.crt \
1.1073 + $certs/PoliciesP123subsubCAP12P1Cert.crt \
1.1074 + $certs/PoliciesP12subCAP1Cert.crt \
1.1075 + $certs/PoliciesP12CACert.crt
1.1076 + restore_db
1.1077 +
1.1078 + VFY_ACTION="All Certificates Same Policies Test10"; log_banner
1.1079 + certImport PoliciesP12CACert
1.1080 + crlImport PoliciesP12CACRL.crl
1.1081 + pkits $certs/AllCertificatesSamePoliciesTest10EE.crt \
1.1082 + $certs/NoPoliciesCACert.crt
1.1083 + restore_db
1.1084 +
1.1085 + VFY_ACTION="All Certificates AnyPolicy Test11"; log_banner
1.1086 + certImport anyPolicyCACert
1.1087 + crlImport anyPolicyCACRL.crl
1.1088 + pkits $certs/AllCertificatesanyPolicyTest11EE.crt \
1.1089 + $certs/anyPolicyCACert.crt
1.1090 + restore_db
1.1091 +
1.1092 + VFY_ACTION="Different Policies Test12"; log_banner
1.1093 + certImport PoliciesP3CACert
1.1094 + crlImport PoliciesP3CACRL.crl
1.1095 + pkits $certs/DifferentPoliciesTest12EE.crt \
1.1096 + $certs/PoliciesP3CACert.crt
1.1097 + restore_db
1.1098 +
1.1099 + VFY_ACTION="All Certificates Same Policies Test13"; log_banner
1.1100 + certImport PoliciesP123CACert
1.1101 + crlImport PoliciesP123CACRL.crl
1.1102 + pkits $certs/AllCertificatesSamePoliciesTest13EE.crt \
1.1103 + $certs/PoliciesP123CACert.crt
1.1104 + restore_db
1.1105 +
1.1106 + VFY_ACTION="AnyPolicy Test14"; log_banner
1.1107 + certImport anyPolicyCACert
1.1108 + crlImport anyPolicyCACRL.crl
1.1109 + pkits $certs/AnyPolicyTest14EE.crt \
1.1110 + $certs/anyPolicyCACert.crt
1.1111 + restore_db
1.1112 +
1.1113 + VFY_ACTION="User Notice Qualifier Test15"; log_banner
1.1114 + pkits $certs/UserNoticeQualifierTest15EE.crt
1.1115 +
1.1116 + VFY_ACTION="User Notice Qualifier Test16"; log_banner
1.1117 + certImport GoodCACert
1.1118 + crlImport GoodCACRL.crl
1.1119 + pkits $certs/UserNoticeQualifierTest16EE.crt \
1.1120 + $certs/GoodCACert.crt
1.1121 +
1.1122 + VFY_ACTION="User Notice Qualifier Test17"; log_banner
1.1123 + certImport GoodCACert
1.1124 + crlImport GoodCACRL.crl
1.1125 + pkits $certs/UserNoticeQualifierTest17EE.crt \
1.1126 + $certs/GoodCACert.crt
1.1127 + restore_db
1.1128 +
1.1129 + VFY_ACTION="User Notice Qualifier Test18"; log_banner
1.1130 + certImport PoliciesP12CACert
1.1131 + crlImport PoliciesP12CACRL.crl
1.1132 + pkits $certs/UserNoticeQualifierTest18EE.crt \
1.1133 + $certs/PoliciesP12CACert.crt
1.1134 + restore_db
1.1135 +
1.1136 + VFY_ACTION="User Notice Qualifier Test19"; log_banner
1.1137 + pkits $certs/UserNoticeQualifierTest19EE.crt
1.1138 +
1.1139 + VFY_ACTION="CPS Pointer Qualifier Test20"; log_banner
1.1140 + certImport GoodCACert
1.1141 + crlImport GoodCACRL.crl
1.1142 + pkits $certs/CPSPointerQualifierTest20EE.crt \
1.1143 + $certs/GoodCACert.crt
1.1144 + restore_db
1.1145 +}
1.1146 +
1.1147 +pkits_RequireExplicitPolicy()
1.1148 +{
1.1149 + break_table "NIST PKITS Section 4.9: Require Explicit Policy"
1.1150 +
1.1151 + VFY_ACTION="Valid RequireExplicitPolicy Test1"; log_banner
1.1152 + certImportn requireExplicitPolicy10CACert
1.1153 + crlImportn requireExplicitPolicy10CACRL.crl
1.1154 + certImport requireExplicitPolicy10subCACert
1.1155 + crlImport requireExplicitPolicy10subCACRL.crl
1.1156 + certImport requireExplicitPolicy10subsubCACert
1.1157 + crlImport requireExplicitPolicy10subsubCACRL.crl
1.1158 + certImport requireExplicitPolicy10subsubsubCACert
1.1159 + crlImport requireExplicitPolicy10subsubsubCACRL.crl
1.1160 + pkits $certs/ValidrequireExplicitPolicyTest1EE.crt \
1.1161 + $certs/requireExplicitPolicy10subsubsubCACert.crt \
1.1162 + $certs/requireExplicitPolicy10subsubCACert.crt \
1.1163 + $certs/requireExplicitPolicy10subCACert.crt \
1.1164 + $certs/requireExplicitPolicy10CACert.crt
1.1165 + restore_db
1.1166 +
1.1167 + VFY_ACTION="Valid RequireExplicitPolicy Test2"; log_banner
1.1168 + certImportn requireExplicitPolicy5CACert
1.1169 + crlImportn requireExplicitPolicy5CACRL.crl
1.1170 + certImport requireExplicitPolicy5subCACert
1.1171 + crlImport requireExplicitPolicy5subCACRL.crl
1.1172 + certImport requireExplicitPolicy5subsubCACert
1.1173 + crlImport requireExplicitPolicy5subsubCACRL.crl
1.1174 + certImport requireExplicitPolicy5subsubsubCACert
1.1175 + crlImport requireExplicitPolicy5subsubsubCACRL.crl
1.1176 + pkits $certs/ValidrequireExplicitPolicyTest2EE.crt \
1.1177 + $certs/requireExplicitPolicy5subsubsubCACert.crt \
1.1178 + $certs/requireExplicitPolicy5subsubCACert.crt \
1.1179 + $certs/requireExplicitPolicy5subCACert.crt \
1.1180 + $certs/requireExplicitPolicy5CACert.crt
1.1181 + restore_db
1.1182 +
1.1183 + VFY_ACTION="Invalid RequireExplicitPolicy Test3"; log_banner
1.1184 + certImportn requireExplicitPolicy4CACert
1.1185 + crlImportn requireExplicitPolicy4CACRL.crl
1.1186 + certImport requireExplicitPolicy4subCACert
1.1187 + crlImport requireExplicitPolicy4subCACRL.crl
1.1188 + certImport requireExplicitPolicy4subsubCACert
1.1189 + crlImport requireExplicitPolicy4subsubCACRL.crl
1.1190 + certImport requireExplicitPolicy4subsubsubCACert
1.1191 + crlImport requireExplicitPolicy4subsubsubCACRL.crl
1.1192 + pkitsn $certs/InvalidrequireExplicitPolicyTest3EE.crt \
1.1193 + $certs/requireExplicitPolicy4subsubsubCACert.crt \
1.1194 + $certs/requireExplicitPolicy4subsubCACert.crt \
1.1195 + $certs/requireExplicitPolicy4subCACert.crt \
1.1196 + $certs/requireExplicitPolicy4CACert.crt
1.1197 + restore_db
1.1198 +
1.1199 + VFY_ACTION="Valid RequireExplicitPolicy Test4"; log_banner
1.1200 + certImportn requireExplicitPolicy0CACert
1.1201 + crlImportn requireExplicitPolicy0CACRL.crl
1.1202 + certImport requireExplicitPolicy0subCACert
1.1203 + crlImport requireExplicitPolicy0subCACRL.crl
1.1204 + certImport requireExplicitPolicy0subsubCACert
1.1205 + crlImport requireExplicitPolicy0subsubCACRL.crl
1.1206 + certImport requireExplicitPolicy0subsubsubCACert
1.1207 + crlImport requireExplicitPolicy0subsubsubCACRL.crl
1.1208 + pkits $certs/ValidrequireExplicitPolicyTest4EE.crt \
1.1209 + $certs/requireExplicitPolicy0subsubsubCACert.crt \
1.1210 + $certs/requireExplicitPolicy0subsubCACert.crt \
1.1211 + $certs/requireExplicitPolicy0subCACert.crt \
1.1212 + $certs/requireExplicitPolicy0CACert.crt
1.1213 + restore_db
1.1214 +
1.1215 + VFY_ACTION="Invalid RequireExplicitPolicy Test5"; log_banner
1.1216 + certImportn requireExplicitPolicy7CACert
1.1217 + crlImportn requireExplicitPolicy7CACRL.crl
1.1218 + certImportn requireExplicitPolicy7subCARE2Cert
1.1219 + crlImportn requireExplicitPolicy7subCARE2CRL.crl
1.1220 + certImportn requireExplicitPolicy7subsubCARE2RE4Cert
1.1221 + crlImportn requireExplicitPolicy7subsubCARE2RE4CRL.crl
1.1222 + certImport requireExplicitPolicy7subsubsubCARE2RE4Cert
1.1223 + crlImport requireExplicitPolicy7subsubsubCARE2RE4CRL.crl
1.1224 + pkitsn $certs/InvalidrequireExplicitPolicyTest5EE.crt \
1.1225 + $certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt \
1.1226 + $certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt \
1.1227 + $certs/requireExplicitPolicy7subCARE2Cert.crt \
1.1228 + $certs/requireExplicitPolicy7CACert.crt
1.1229 + restore_db
1.1230 +
1.1231 + VFY_ACTION="Valid Self-Issued RequireExplicitPolicy Test6"; log_banner
1.1232 + certImportn requireExplicitPolicy2CACert
1.1233 + crlImportn requireExplicitPolicy2CACRL.crl
1.1234 + pkits $certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt \
1.1235 + $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
1.1236 + $certs/requireExplicitPolicy2CACert.crt
1.1237 + restore_db
1.1238 +
1.1239 + VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test7"; log_banner
1.1240 + certImportn requireExplicitPolicy2CACert
1.1241 + crlImportn requireExplicitPolicy2CACRL.crl
1.1242 + certImport requireExplicitPolicy2subCACert
1.1243 + crlImport requireExplicitPolicy2subCACRL.crl
1.1244 + pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt \
1.1245 + $certs/requireExplicitPolicy2subCACert.crt \
1.1246 + $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
1.1247 + $certs/requireExplicitPolicy2CACert.crt
1.1248 + restore_db
1.1249 +
1.1250 + VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test8"; log_banner
1.1251 + certImportn requireExplicitPolicy2CACert
1.1252 + crlImportn requireExplicitPolicy2CACRL.crl
1.1253 + certImport requireExplicitPolicy2subCACert
1.1254 + crlImport requireExplicitPolicy2subCACRL.crl
1.1255 + pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt \
1.1256 + $certs/requireExplicitPolicy2SelfIssuedsubCACert.crt \
1.1257 + $certs/requireExplicitPolicy2subCACert.crt \
1.1258 + $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
1.1259 + $certs/requireExplicitPolicy2CACert.crt
1.1260 + restore_db
1.1261 +}
1.1262 +
1.1263 +pkits_PolicyMappings()
1.1264 +{
1.1265 + break_table "NIST PKITS Section 4.10: Policy Mappings"
1.1266 +
1.1267 + VFY_ACTION="Valid Policy Mapping Test1"; log_banner
1.1268 + certImportn Mapping1to2CACert
1.1269 + crlImportn Mapping1to2CACRL.crl
1.1270 + pkits $certs/ValidPolicyMappingTest1EE.crt \
1.1271 + $certs/Mapping1to2CACert.crt
1.1272 + restore_db
1.1273 +
1.1274 + VFY_ACTION="Invalid Policy Mapping Test2"; log_banner
1.1275 + certImportn Mapping1to2CACert
1.1276 + crlImportn Mapping1to2CACRL.crl
1.1277 + pkitsn $certs/InvalidPolicyMappingTest2EE.crt \
1.1278 + $certs/Mapping1to2CACert.crt
1.1279 + restore_db
1.1280 +
1.1281 + VFY_ACTION="Valid Policy Mapping Test3"; log_banner
1.1282 + certImportn P12Mapping1to3CACert
1.1283 + crlImportn P12Mapping1to3CACRL.crl
1.1284 + certImportn P12Mapping1to3subCACert
1.1285 + crlImportn P12Mapping1to3subCACRL.crl
1.1286 + certImportn P12Mapping1to3subsubCACert
1.1287 + crlImportn P12Mapping1to3subsubCACRL.crl
1.1288 + pkits $certs/ValidPolicyMappingTest3EE.crt \
1.1289 + $certs/P12Mapping1to3subsubCACert.crt \
1.1290 + $certs/P12Mapping1to3subCACert.crt \
1.1291 + $certs/P12Mapping1to3CA.crt
1.1292 + restore_db
1.1293 +
1.1294 + VFY_ACTION="Invalid Policy Mapping Test4"; log_banner
1.1295 + certImportn P12Mapping1to3CACert
1.1296 + crlImportn P12Mapping1to3CACRL.crl
1.1297 + certImportn P12Mapping1to3subCACert
1.1298 + crlImportn P12Mapping1to3subCACRL.crl
1.1299 + certImportn P12Mapping1to3subsubCACert
1.1300 + crlImportn P12Mapping1to3subsubCACRL.crl
1.1301 + pkitsn $certs/InvalidPolicyMappingTest4EE.crt \
1.1302 + $certs/P12Mapping1to3subsubCACert.crt \
1.1303 + $certs/P12Mapping1to3subCACert.crt \
1.1304 + $certs/P12Mapping1to3CA.crt
1.1305 + restore_db
1.1306 +
1.1307 + VFY_ACTION="Valid Policy Mapping Test5"; log_banner
1.1308 + certImportn P1Mapping1to234CACert
1.1309 + crlImportn P1Mapping1to234CACRL.crl
1.1310 + certImportn P1Mapping1to234subCACert
1.1311 + crlImportn P1Mapping1to234subCACRL.crl
1.1312 + pkits $certs/ValidPolicyMappingTest5EE.crt \
1.1313 + $certs/P1Mapping1to234subCACert.crt \
1.1314 + $certs/P1Mapping1to234CA.crt
1.1315 + restore_db
1.1316 +
1.1317 + VFY_ACTION="Valid Policy Mapping Test6"; log_banner
1.1318 + certImportn P1Mapping1to234CACert
1.1319 + crlImportn P1Mapping1to234CACRL.crl
1.1320 + certImportn P1Mapping1to234subCACert
1.1321 + crlImportn P1Mapping1to234subCACRL.crl
1.1322 + pkits $certs/ValidPolicyMappingTest6EE.crt \
1.1323 + $certs/P1Mapping1to234subCACert.crt \
1.1324 + $certs/P1Mapping1to234CA.crt
1.1325 + restore_db
1.1326 +
1.1327 + VFY_ACTION="Invalid Mapping from anyPolicy Test7"; log_banner
1.1328 + certImportn MappingFromanyPolicyCACert
1.1329 + crlImportn MappingFromanyPolicyCACRL.crl
1.1330 + pkitsn $certs/InvalidMappingFromanyPolicyTest7EE.crt \
1.1331 + $certs/MappingFromanyPolicyCACert.crt
1.1332 + restore_db
1.1333 +
1.1334 + VFY_ACTION="Invalid Mapping to anyPolicy Test8"; log_banner
1.1335 + certImportn MappingToanyPolicyCACert
1.1336 + crlImportn MappingToanyPolicyCACRL.crl
1.1337 + pkitsn $certs/InvalidMappingToanyPolicyTest8EE.crt \
1.1338 + $certs/MappingToanyPolicyCACert.crt
1.1339 + restore_db
1.1340 +
1.1341 + VFY_ACTION="Valid Policy Mapping Test9"; log_banner
1.1342 + certImport PanyPolicyMapping1to2CACert
1.1343 + crlImport PanyPolicyMapping1to2CACRL.crl
1.1344 + pkits $certs/ValidPolicyMappingTest9EE.crt \
1.1345 + $certs/PanyPolicyMapping1to2CACert.crt
1.1346 + restore_db
1.1347 +
1.1348 + VFY_ACTION="Invalid Policy Mapping Test10"; log_banner
1.1349 + certImport GoodCACert
1.1350 + crlImport GoodCACRL.crl
1.1351 + certImportn GoodsubCAPanyPolicyMapping1to2CACert
1.1352 + crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
1.1353 + pkitsn $certs/InvalidPolicyMappingTest10EE.crt \
1.1354 + $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
1.1355 + $certs/GoodCACert.crt
1.1356 + restore_db
1.1357 +
1.1358 + VFY_ACTION="Valid Policy Mapping Test11"; log_banner
1.1359 + certImport GoodCACert
1.1360 + crlImport GoodCACRL.crl
1.1361 + certImportn GoodsubCAPanyPolicyMapping1to2CACert
1.1362 + crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
1.1363 + pkits $certs/ValidPolicyMappingTest11EE.crt \
1.1364 + $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
1.1365 + $certs/GoodCACert.crt
1.1366 + restore_db
1.1367 +
1.1368 + VFY_ACTION="Valid Policy Mapping Test12"; log_banner
1.1369 + certImportn P12Mapping1to3CACert
1.1370 + crlImportn P12Mapping1to3CACRL.crl
1.1371 + pkits $certs/ValidPolicyMappingTest12EE.crt \
1.1372 + $certs/P12Mapping1to3CACert.crt
1.1373 + restore_db
1.1374 +
1.1375 + VFY_ACTION="Valid Policy Mapping Test13"; log_banner
1.1376 + certImportn P1anyPolicyMapping1to2CACert
1.1377 + crlImportn P1anyPolicyMapping1to2CACRL.crl
1.1378 + pkits $certs/ValidPolicyMappingTest13EE.crt \
1.1379 + $certs/P1anyPolicyMapping1to2CACert.crt
1.1380 + restore_db
1.1381 +
1.1382 + VFY_ACTION="Valid Policy Mapping Test14"; log_banner
1.1383 + certImportn P1anyPolicyMapping1to2CACert
1.1384 + crlImportn P1anyPolicyMapping1to2CACRL.crl
1.1385 + pkits $certs/ValidPolicyMappingTest14EE.crt \
1.1386 + $certs/P1anyPolicyMapping1to2CACert.crt
1.1387 + restore_db
1.1388 +}
1.1389 +
1.1390 +
1.1391 +pkits_InhibitPolicyMapping()
1.1392 +{
1.1393 + break_table "NIST PKITS Section 4.11: Inhibit Policy Mapping"
1.1394 +
1.1395 + VFY_ACTION="Invalid inhibitPolicyMapping Test1"; log_banner
1.1396 + certImportn inhibitPolicyMapping0CACert
1.1397 + crlImportn inhibitPolicyMapping0CACRL.crl
1.1398 + certImportn inhibitPolicyMapping0subCACert
1.1399 + crlImportn inhibitPolicyMapping0subCACRL.crl
1.1400 + pkitsn $certs/InvalidinhibitPolicyMappingTest1EE.crt \
1.1401 + $certs/inhibitPolicyMapping0CACert.crt \
1.1402 + $certs/inhibitPolicyMapping0subCACert.crt
1.1403 + restore_db
1.1404 +
1.1405 + VFY_ACTION="Valid inhibitPolicyMapping Test2"; log_banner
1.1406 + certImportn inhibitPolicyMapping1P12CACert
1.1407 + crlImportn inhibitPolicyMapping1P12CACRL.crl
1.1408 + certImportn inhibitPolicyMapping1P12subCACert
1.1409 + crlImportn inhibitPolicyMapping1P12subCACRL.crl
1.1410 + pkits $certs/ValidinhibitPolicyMappingTest2EE.crt \
1.1411 + $certs/inhibitPolicyMapping1P12CACert.crt \
1.1412 + $certs/inhibitPolicyMapping1P12subCACert.crt
1.1413 + restore_db
1.1414 +
1.1415 + VFY_ACTION="Invalid inhibitPolicyMapping Test3"; log_banner
1.1416 + certImportn inhibitPolicyMapping1P12CACert
1.1417 + crlImportn inhibitPolicyMapping1P12CACRL.crl
1.1418 + certImportn inhibitPolicyMapping1P12subCACert
1.1419 + crlImportn inhibitPolicyMapping1P12subCACRL.crl
1.1420 + certImportn inhibitPolicyMapping1P12subsubCACert
1.1421 + crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
1.1422 + pkitsn $certs/InvalidinhibitPolicyMappingTest3EE.crt \
1.1423 + $certs/inhibitPolicyMapping1P12subsubCACert.crt \
1.1424 + $certs/inhibitPolicyMapping1P12subCACert.crt \
1.1425 + $certs/inhibitPolicyMapping1P12CACert.crt
1.1426 + restore_db
1.1427 +
1.1428 + VFY_ACTION="Valid inhibitPolicyMapping Test4"; log_banner
1.1429 + certImportn inhibitPolicyMapping1P12CACert
1.1430 + crlImportn inhibitPolicyMapping1P12CACRL.crl
1.1431 + certImportn inhibitPolicyMapping1P12subCACert
1.1432 + crlImportn inhibitPolicyMapping1P12subCACRL.crl
1.1433 + certImportn inhibitPolicyMapping1P12subsubCACert
1.1434 + crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
1.1435 + pkits $certs/ValidinhibitPolicyMappingTest4EE.crt \
1.1436 + $certs/inhibitPolicyMapping1P12CACert.crt \
1.1437 + $certs/inhibitPolicyMapping1P12subCACert.crt
1.1438 + restore_db
1.1439 +
1.1440 + VFY_ACTION="Invalid inhibitPolicyMapping Test5"; log_banner
1.1441 + certImportn inhibitPolicyMapping5CACert
1.1442 + crlImportn inhibitPolicyMapping5CACRL.crl
1.1443 + certImportn inhibitPolicyMapping5subCACert
1.1444 + crlImportn inhibitPolicyMapping5subCACRL.crl
1.1445 + certImport inhibitPolicyMapping5subsubCACert
1.1446 + crlImport inhibitPolicyMapping5subsubCACRL.crl
1.1447 + pkitsn $certs/InvalidinhibitPolicyMappingTest5EE.crt \
1.1448 + $certs/inhibitPolicyMapping5subsubCACert.crt \
1.1449 + $certs/inhibitPolicyMapping5subCACert.crt \
1.1450 + $certs/inhibitPolicyMapping5CACert.crt
1.1451 + restore_db
1.1452 +
1.1453 + VFY_ACTION="Invalid inhibitPolicyMapping Test6"; log_banner
1.1454 + certImportn inhibitPolicyMapping1P12CACert
1.1455 + crlImportn inhibitPolicyMapping1P12CACRL.crl
1.1456 + certImportn inhibitPolicyMapping1P12subCAIPM5Cert
1.1457 + crlImportn inhibitPolicyMapping1P12subCAIPM5CRL.crl
1.1458 + certImport inhibitPolicyMapping1P12subsubCAIPM5Cert
1.1459 + crlImportn inhibitPolicyMapping1P12subsubCAIPM5CRL.crl
1.1460 + pkitsn $certs/InvalidinhibitPolicyMappingTest6EE.crt \
1.1461 + $certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt \
1.1462 + $certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt \
1.1463 + $certs/inhibitPolicyMapping1P12CACert.crt
1.1464 + restore_db
1.1465 +
1.1466 + VFY_ACTION="Valid Self-Issued inhibitPolicyMapping Test7"; log_banner
1.1467 + certImportn inhibitPolicyMapping1P1CACert
1.1468 + crlImportn inhibitPolicyMapping1P1CACRL.crl
1.1469 + certImportn inhibitPolicyMapping1P1subCACert
1.1470 + crlImportn inhibitPolicyMapping1P1subCACRL.crl
1.1471 + pkits $certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt \
1.1472 + $certs/inhibitPolicyMapping1P1subCACert.crt \
1.1473 + $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1.1474 + $certs/inhibitPolicyMapping1P1CACert.crt
1.1475 + restore_db
1.1476 +
1.1477 + VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test8"; log_banner
1.1478 + certImportn inhibitPolicyMapping1P1CACert
1.1479 + crlImportn inhibitPolicyMapping1P1CACRL.crl
1.1480 + certImportn inhibitPolicyMapping1P1subCACert
1.1481 + crlImportn inhibitPolicyMapping1P1subCACRL.crl
1.1482 + certImport inhibitPolicyMapping1P1subsubCACert
1.1483 + crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
1.1484 + pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt \
1.1485 + $certs/inhibitPolicyMapping1P1subsubCACert.crt \
1.1486 + $certs/inhibitPolicyMapping1P1subCACert.crt \
1.1487 + $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1.1488 + $certs/inhibitPolicyMapping1P1CACert.crt
1.1489 + restore_db
1.1490 +
1.1491 + VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test9"; log_banner
1.1492 + certImportn inhibitPolicyMapping1P1CACert
1.1493 + crlImportn inhibitPolicyMapping1P1CACRL.crl
1.1494 + certImportn inhibitPolicyMapping1P1subCACert
1.1495 + crlImportn inhibitPolicyMapping1P1subCACRL.crl
1.1496 + certImportn inhibitPolicyMapping1P1subsubCACert
1.1497 + crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
1.1498 + pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt \
1.1499 + $certs/inhibitPolicyMapping1P1subsubCACert.crt \
1.1500 + $certs/inhibitPolicyMapping1P1subCACert.crt \
1.1501 + $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1.1502 + $certs/inhibitPolicyMapping1P1CACert.crt
1.1503 + restore_db
1.1504 +
1.1505 + VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test10"; log_banner
1.1506 + certImportn inhibitPolicyMapping1P1CACert
1.1507 + crlImportn inhibitPolicyMapping1P1CACRL.crl
1.1508 + certImportn inhibitPolicyMapping1P1subCACert
1.1509 + crlImportn inhibitPolicyMapping1P1subCACRL.crl
1.1510 + pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt \
1.1511 + $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
1.1512 + $certs/inhibitPolicyMapping1P1subCACert.crt \
1.1513 + $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1.1514 + $certs/inhibitPolicyMapping1P1CACert.crt
1.1515 + restore_db
1.1516 +
1.1517 + VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test11"; log_banner
1.1518 + certImportn inhibitPolicyMapping1P1CACert
1.1519 + crlImportn inhibitPolicyMapping1P1CACRL.crl
1.1520 + certImportn inhibitPolicyMapping1P1subCACert
1.1521 + crlImportn inhibitPolicyMapping1P1subCACRL.crl
1.1522 + pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt \
1.1523 + $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
1.1524 + $certs/inhibitPolicyMapping1P1subCACert.crt \
1.1525 + $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
1.1526 + $certs/inhibitPolicyMapping1P1CACert.crt
1.1527 + restore_db
1.1528 +}
1.1529 +
1.1530 +
1.1531 +pkits_InhibitAnyPolicy()
1.1532 +{
1.1533 + break_table "NIST PKITS Section 4.12: Inhibit Any Policy"
1.1534 +
1.1535 + VFY_ACTION="Invalid inhibitAnyPolicy Test1"; log_banner
1.1536 + certImportn inhibitAnyPolicy0CACert
1.1537 + crlImportn inhibitAnyPolicy0CACRL.crl
1.1538 + pkitsn $certs/InvalidinhibitAnyPolicyTest1EE.crt \
1.1539 + $certs/inhibitAnyPolicy0CACert.crt
1.1540 + restore_db
1.1541 +
1.1542 + VFY_ACTION="Valid inhibitAnyPolicy Test2"; log_banner
1.1543 + certImportn inhibitAnyPolicy0CACert
1.1544 + crlImportn inhibitAnyPolicy0CACRL.crl
1.1545 + pkits $certs/ValidinhibitAnyPolicyTest2EE.crt \
1.1546 + $certs/inhibitAnyPolicy0CACert.crt
1.1547 + restore_db
1.1548 +
1.1549 + VFY_ACTION="inhibitAnyPolicy Test3"; log_banner
1.1550 + certImportn inhibitAnyPolicy1CACert
1.1551 + crlImportn inhibitAnyPolicy1CACRL.crl
1.1552 + certImport inhibitAnyPolicy1subCA1Cert
1.1553 + crlImport inhibitAnyPolicy1subCA1CRL.crl
1.1554 + pkits $certs/inhibitAnyPolicyTest3EE.crt \
1.1555 + $certs/inhibitAnyPolicy1CACert.crt \
1.1556 + $certs/inhibitAnyPolicy1subCA1Cert.crt
1.1557 + restore_db
1.1558 +
1.1559 + VFY_ACTION="Invalid inhibitAnyPolicy Test4"; log_banner
1.1560 + certImportn inhibitAnyPolicy1CACert
1.1561 + crlImportn inhibitAnyPolicy1CACRL.crl
1.1562 + certImport inhibitAnyPolicy1subCA1Cert
1.1563 + crlImport inhibitAnyPolicy1subCA1CRL.crl
1.1564 + pkitsn $certs/InvalidinhibitAnyPolicyTest4EE.crt \
1.1565 + $certs/inhibitAnyPolicy1CACert.crt \
1.1566 + $certs/inhibitAnyPolicy1subCA1Cert.crt
1.1567 + restore_db
1.1568 +
1.1569 + VFY_ACTION="Invalid inhibitAnyPolicy Test5"; log_banner
1.1570 + certImportn inhibitAnyPolicy5CACert
1.1571 + crlImportn inhibitAnyPolicy5CACRL.crl
1.1572 + certImportn inhibitAnyPolicy5subCACert
1.1573 + crlImportn inhibitAnyPolicy5subCACRL.crl
1.1574 + certImport inhibitAnyPolicy5subsubCACert
1.1575 + crlImport inhibitAnyPolicy5subsubCACRL.crl
1.1576 + pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
1.1577 + $certs/inhibitAnyPolicy5CACert.crt \
1.1578 + $certs/inhibitAnyPolicy5subCACert.crt \
1.1579 + $certs/inhibitAnyPolicy5subsubCACert.crt
1.1580 + restore_db
1.1581 +
1.1582 + VFY_ACTION="Invalid inhibitAnyPolicy Test6"; log_banner
1.1583 + certImportn inhibitAnyPolicy1CACert
1.1584 + crlImportn inhibitAnyPolicy1CACRL.crl
1.1585 + certImportn inhibitAnyPolicy1subCAIAP5Cert
1.1586 + crlImportn inhibitAnyPolicy1subCAIAP5CRL.crl
1.1587 + pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
1.1588 + $certs/inhibitAnyPolicy1CACert.crt \
1.1589 + $certs/inhibitAnyPolicy5subCACert.crt \
1.1590 + $certs/inhibitAnyPolicy5subsubCACert.crt
1.1591 + restore_db
1.1592 +
1.1593 + VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test7"; log_banner
1.1594 + certImportn inhibitAnyPolicy1CACert
1.1595 + crlImportn inhibitAnyPolicy1CACRL.crl
1.1596 + certImport inhibitAnyPolicy1subCA2Cert
1.1597 + crlImport inhibitAnyPolicy1subCA2CRL.crl
1.1598 + pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt \
1.1599 + $certs/inhibitAnyPolicy1CACert.crt \
1.1600 + $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1.1601 + $certs/inhibitAnyPolicy1subCA2Cert.crt
1.1602 + restore_db
1.1603 +
1.1604 + VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test8"; log_banner
1.1605 + certImportn inhibitAnyPolicy1CACert
1.1606 + crlImportn inhibitAnyPolicy1CACRL.crl
1.1607 + certImport inhibitAnyPolicy1subCA2Cert
1.1608 + crlImport inhibitAnyPolicy1subCA2CRL.crl
1.1609 + certImport inhibitAnyPolicy1subsubCA2Cert
1.1610 + crlImport inhibitAnyPolicy1subsubCA2CRL.crl
1.1611 + pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt \
1.1612 + $certs/inhibitAnyPolicy1CACert.crt \
1.1613 + $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1.1614 + $certs/inhibitAnyPolicy1subCA2Cert.crt \
1.1615 + $certs/inhibitAnyPolicy1subsubCA2Cert.crt
1.1616 + restore_db
1.1617 +
1.1618 + VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test9"; log_banner
1.1619 + certImportn inhibitAnyPolicy1CACert
1.1620 + crlImportn inhibitAnyPolicy1CACRL.crl
1.1621 + certImport inhibitAnyPolicy1subCA2Cert
1.1622 + crlImport inhibitAnyPolicy1subCA2CRL.crl
1.1623 + pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt \
1.1624 + $certs/inhibitAnyPolicy1CACert.crt \
1.1625 + $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1.1626 + $certs/inhibitAnyPolicy1subCA2Cert.crt \
1.1627 + $certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
1.1628 + restore_db
1.1629 +
1.1630 + VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test10"; log_banner
1.1631 + certImportn inhibitAnyPolicy1CACert
1.1632 + crlImportn inhibitAnyPolicy1CACRL.crl
1.1633 + certImport inhibitAnyPolicy1subCA2Cert
1.1634 + crlImport inhibitAnyPolicy1subCA2CRL.crl
1.1635 + pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt \
1.1636 + $certs/inhibitAnyPolicy1CACert.crt \
1.1637 + $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
1.1638 + $certs/inhibitAnyPolicy1subCA2Cert.crt
1.1639 + restore_db
1.1640 +}
1.1641 +
1.1642 +
1.1643 +pkits_NameConstraints()
1.1644 +{
1.1645 + break_table "NIST PKITS Section 4.13: Name Constraints"
1.1646 +
1.1647 + VFY_ACTION="Valid DN nameConstraints Test1"; log_banner
1.1648 + certImport nameConstraintsDN1CACert
1.1649 + crlImport nameConstraintsDN1CACRL.crl
1.1650 + pkits $certs/ValidDNnameConstraintsTest1EE.crt \
1.1651 + $certs/nameConstraintsDN1CACert.crt
1.1652 + restore_db
1.1653 +
1.1654 + VFY_ACTION="Invalid DN nameConstraints Test2"; log_banner
1.1655 + certImport nameConstraintsDN1CACert
1.1656 + crlImport nameConstraintsDN1CACRL.crl
1.1657 + pkitsn $certs/InvalidDNnameConstraintsTest2EE.crt \
1.1658 + $certs/nameConstraintsDN1CACert.crt
1.1659 + restore_db
1.1660 +
1.1661 + VFY_ACTION="Invalid DN nameConstraints Test3"; log_banner
1.1662 + certImport nameConstraintsDN1CACert
1.1663 + crlImport nameConstraintsDN1CACRL.crl
1.1664 + pkitsn $certs/InvalidDNnameConstraintsTest3EE.crt \
1.1665 + $certs/nameConstraintsDN1CACert.crt
1.1666 + restore_db
1.1667 +
1.1668 + VFY_ACTION="Valid DN nameConstraints Test4"; log_banner
1.1669 + certImport nameConstraintsDN1CACert
1.1670 + crlImport nameConstraintsDN1CACRL.crl
1.1671 + pkits $certs/ValidDNnameConstraintsTest4EE.crt \
1.1672 + $certs/nameConstraintsDN1CACert.crt
1.1673 + restore_db
1.1674 +
1.1675 + VFY_ACTION="Valid DN nameConstraints Test5"; log_banner
1.1676 + certImport nameConstraintsDN2CACert
1.1677 + crlImport nameConstraintsDN2CACRL.crl
1.1678 + pkits $certs/ValidDNnameConstraintsTest5EE.crt \
1.1679 + $certs/nameConstraintsDN2CACert.crt
1.1680 + restore_db
1.1681 +
1.1682 + VFY_ACTION="Valid DN nameConstraints Test6"; log_banner
1.1683 + certImport nameConstraintsDN3CACert
1.1684 + crlImport nameConstraintsDN3CACRL.crl
1.1685 + pkits $certs/ValidDNnameConstraintsTest6EE.crt \
1.1686 + $certs/nameConstraintsDN3CACert.crt
1.1687 + restore_db
1.1688 +
1.1689 + VFY_ACTION="Invalid DN nameConstraints Test7"; log_banner
1.1690 + certImport nameConstraintsDN3CACert
1.1691 + crlImport nameConstraintsDN3CACRL.crl
1.1692 + pkitsn $certs/InvalidDNnameConstraintsTest7EE.crt \
1.1693 + $certs/nameConstraintsDN3CACert.crt
1.1694 + restore_db
1.1695 +
1.1696 + VFY_ACTION="Invalid DN nameConstraints Test8"; log_banner
1.1697 + certImport nameConstraintsDN4CACert
1.1698 + crlImport nameConstraintsDN4CACRL.crl
1.1699 + pkitsn $certs/InvalidDNnameConstraintsTest8EE.crt \
1.1700 + $certs/nameConstraintsDN4CACert.crt
1.1701 + restore_db
1.1702 +
1.1703 + VFY_ACTION="Invalid DN nameConstraints Test9"; log_banner
1.1704 + certImport nameConstraintsDN4CACert
1.1705 + crlImport nameConstraintsDN4CACRL.crl
1.1706 + pkitsn $certs/InvalidDNnameConstraintsTest9EE.crt \
1.1707 + $certs/nameConstraintsDN4CACert.crt
1.1708 + restore_db
1.1709 +
1.1710 + VFY_ACTION="Invalid DN nameConstraints Test10"; log_banner
1.1711 + certImport nameConstraintsDN5CACert
1.1712 + crlImport nameConstraintsDN5CACRL.crl
1.1713 + pkitsn $certs/InvalidDNnameConstraintsTest10EE.crt \
1.1714 + $certs/nameConstraintsDN5CACert.crt
1.1715 + restore_db
1.1716 +
1.1717 + VFY_ACTION="Valid DN nameConstraints Test11"; log_banner
1.1718 + certImport nameConstraintsDN5CACert
1.1719 + crlImport nameConstraintsDN5CACRL.crl
1.1720 + pkits $certs/ValidDNnameConstraintsTest11EE.crt \
1.1721 + $certs/nameConstraintsDN5CACert.crt
1.1722 + restore_db
1.1723 +
1.1724 + VFY_ACTION="Invalid DN nameConstraints Test12"; log_banner
1.1725 + certImport nameConstraintsDN1CACert
1.1726 + crlImport nameConstraintsDN1CACRL.crl
1.1727 + certImport nameConstraintsDN1subCA1Cert
1.1728 + crlImport nameConstraintsDN1subCA1CRL.crl
1.1729 + pkitsn $certs/InvalidDNnameConstraintsTest12EE.crt \
1.1730 + $certs/nameConstraintsDN1subCA1Cert.crt \
1.1731 + $certs/nameConstraintsDN1CACert.crt
1.1732 + restore_db
1.1733 +
1.1734 + VFY_ACTION="Invalid DN nameConstraints Test13"; log_banner
1.1735 + certImport nameConstraintsDN1CACert
1.1736 + crlImport nameConstraintsDN1CACRL.crl
1.1737 + certImport nameConstraintsDN1subCA2Cert
1.1738 + crlImport nameConstraintsDN1subCA2CRL.crl
1.1739 + pkitsn $certs/InvalidDNnameConstraintsTest13EE.crt \
1.1740 + $certs/nameConstraintsDN1subCA2Cert.crt \
1.1741 + $certs/nameConstraintsDN1CACert.crt
1.1742 + restore_db
1.1743 +
1.1744 + VFY_ACTION="Valid DN nameConstraints Test14"; log_banner
1.1745 + certImport nameConstraintsDN1CACert
1.1746 + crlImport nameConstraintsDN1CACRL.crl
1.1747 + certImport nameConstraintsDN1subCA2Cert
1.1748 + crlImport nameConstraintsDN1subCA2CRL.crl
1.1749 + pkits $certs/ValidDNnameConstraintsTest14EE.crt \
1.1750 + $certs/nameConstraintsDN1subCA2Cert.crt \
1.1751 + $certs/nameConstraintsDN1CACert.crt
1.1752 + restore_db
1.1753 +
1.1754 + VFY_ACTION="Invalid DN nameConstraints Test15"; log_banner
1.1755 + certImport nameConstraintsDN3CACert
1.1756 + crlImport nameConstraintsDN3CACRL.crl
1.1757 + certImport nameConstraintsDN3subCA1Cert
1.1758 + crlImport nameConstraintsDN3subCA1CRL.crl
1.1759 + pkitsn $certs/InvalidDNnameConstraintsTest15EE.crt \
1.1760 + $certs/nameConstraintsDN3subCA1Cert.crt \
1.1761 + $certs/nameConstraintsDN3CACert.crt
1.1762 + restore_db
1.1763 +
1.1764 + VFY_ACTION="Invalid DN nameConstraints Test16"; log_banner
1.1765 + certImport nameConstraintsDN3CACert
1.1766 + crlImport nameConstraintsDN3CACRL.crl
1.1767 + certImport nameConstraintsDN3subCA1Cert
1.1768 + crlImport nameConstraintsDN3subCA1CRL.crl
1.1769 + pkitsn $certs/InvalidDNnameConstraintsTest16EE.crt \
1.1770 + $certs/nameConstraintsDN3subCA1Cert.crt \
1.1771 + $certs/nameConstraintsDN3CACert.crt
1.1772 + restore_db
1.1773 +
1.1774 + VFY_ACTION="Invalid DN nameConstraints Test17"; log_banner
1.1775 + certImport nameConstraintsDN3CACert
1.1776 + crlImport nameConstraintsDN3CACRL.crl
1.1777 + certImport nameConstraintsDN3subCA2Cert
1.1778 + crlImport nameConstraintsDN3subCA2CRL.crl
1.1779 + pkitsn $certs/InvalidDNnameConstraintsTest17EE.crt \
1.1780 + $certs/nameConstraintsDN3subCA2Cert.crt \
1.1781 + $certs/nameConstraintsDN3CACert.crt
1.1782 + restore_db
1.1783 +
1.1784 + VFY_ACTION="Valid DN nameConstraints Test18"; log_banner
1.1785 + certImport nameConstraintsDN3CACert
1.1786 + crlImport nameConstraintsDN3CACRL.crl
1.1787 + certImport nameConstraintsDN3subCA2Cert
1.1788 + crlImport nameConstraintsDN3subCA2CRL.crl
1.1789 + pkits $certs/ValidDNnameConstraintsTest18EE.crt \
1.1790 + $certs/nameConstraintsDN3subCA2Cert.crt \
1.1791 + $certs/nameConstraintsDN3CACert.crt
1.1792 + restore_db
1.1793 +
1.1794 +### bug 232737 ###
1.1795 +if [ -n "${KNOWN_BUG}" ]; then
1.1796 + VFY_ACTION="Valid Self-Issued DN nameConstraints Test19"; log_banner
1.1797 + certImport nameConstraintsDN1CACert
1.1798 + crlImport nameConstraintsDN1CACRL.crl
1.1799 + pkits $certs/ValidDNnameConstraintsTest19EE.crt \
1.1800 + $certs/nameConstraintsDN1SelfIssuedCACert.crt \
1.1801 + $certs/nameConstraintsDN1CACert.crt
1.1802 + restore_db
1.1803 +fi
1.1804 +
1.1805 + VFY_ACTION="Invalid Self-Issued DN nameConstraints Test20"; log_banner
1.1806 + certImport nameConstraintsDN1CACert
1.1807 + crlImport nameConstraintsDN1CACRL.crl
1.1808 + pkitsn $certs/InvalidDNnameConstraintsTest20EE.crt \
1.1809 + $certs/nameConstraintsDN1CACert.crt
1.1810 + restore_db
1.1811 +
1.1812 + VFY_ACTION="Valid RFC822 nameConstraints Test21"; log_banner
1.1813 + certImport nameConstraintsRFC822CA1Cert
1.1814 + crlImport nameConstraintsRFC822CA1CRL.crl
1.1815 + pkits $certs/ValidRFC822nameConstraintsTest21EE.crt \
1.1816 + $certs/nameConstraintsRFC822CA1Cert.crt
1.1817 + restore_db
1.1818 +
1.1819 + VFY_ACTION="Invalid RFC822 nameConstraints Test22"; log_banner
1.1820 + certImport nameConstraintsRFC822CA1Cert
1.1821 + crlImport nameConstraintsRFC822CA1CRL.crl
1.1822 + pkitsn $certs/InvalidRFC822nameConstraintsTest22EE.crt \
1.1823 + $certs/nameConstraintsRFC822CA1Cert.crt
1.1824 + restore_db
1.1825 +
1.1826 + VFY_ACTION="Valid RFC822 nameConstraints Test23"; log_banner
1.1827 + certImport nameConstraintsRFC822CA2Cert
1.1828 + crlImport nameConstraintsRFC822CA2CRL.crl
1.1829 + pkits $certs/ValidRFC822nameConstraintsTest23EE.crt \
1.1830 + $certs/nameConstraintsRFC822CA2Cert.crt
1.1831 + restore_db
1.1832 +
1.1833 + VFY_ACTION="Invalid RFC822 nameConstraints Test24"; log_banner
1.1834 + certImport nameConstraintsRFC822CA2Cert
1.1835 + crlImport nameConstraintsRFC822CA2CRL.crl
1.1836 + pkitsn $certs/InvalidRFC822nameConstraintsTest24EE.crt \
1.1837 + $certs/nameConstraintsRFC822CA2Cert.crt
1.1838 + restore_db
1.1839 +
1.1840 + VFY_ACTION="Valid RFC822 nameConstraints Test25"; log_banner
1.1841 + certImport nameConstraintsRFC822CA3Cert
1.1842 + crlImport nameConstraintsRFC822CA3CRL.crl
1.1843 + pkits $certs/ValidRFC822nameConstraintsTest25EE.crt \
1.1844 + $certs/nameConstraintsRFC822CA3Cert.crt
1.1845 + restore_db
1.1846 +
1.1847 + VFY_ACTION="Invalid RFC822 nameConstraints Test26"; log_banner
1.1848 + certImport nameConstraintsRFC822CA3Cert
1.1849 + crlImport nameConstraintsRFC822CA3CRL.crl
1.1850 + pkitsn $certs/InvalidRFC822nameConstraintsTest26EE.crt \
1.1851 + $certs/nameConstraintsRFC822CA3Cert.crt
1.1852 + restore_db
1.1853 +
1.1854 + VFY_ACTION="Valid DN and RFC822 nameConstraints Test27"; log_banner
1.1855 + certImport nameConstraintsDN1CACert
1.1856 + crlImport nameConstraintsDN1CACRL.crl
1.1857 + certImport nameConstraintsDN1subCA3Cert
1.1858 + crlImport nameConstraintsDN1subCA3CRL.crl
1.1859 + pkits $certs/ValidDNandRFC822nameConstraintsTest27EE.crt \
1.1860 + $certs/nameConstraintsDN1subCA3Cert.crt \
1.1861 + $certs/nameConstraintsDN1CACert.crt
1.1862 + restore_db
1.1863 +
1.1864 + VFY_ACTION="Invalid DN and RFC822 nameConstraints Test28"; log_banner
1.1865 + certImport nameConstraintsDN1CACert
1.1866 + crlImport nameConstraintsDN1CACRL.crl
1.1867 + certImport nameConstraintsDN1subCA3Cert
1.1868 + crlImport nameConstraintsDN1subCA3CRL.crl
1.1869 + pkitsn $certs/InvalidDNandRFC822nameConstraintsTest28EE.crt \
1.1870 + $certs/nameConstraintsDN1subCA3Cert.crt \
1.1871 + $certs/nameConstraintsDN1CACert.crt
1.1872 + restore_db
1.1873 +
1.1874 + VFY_ACTION="Invalid DN and RFC822 nameConstraints Test29"; log_banner
1.1875 + certImport nameConstraintsDN1CACert
1.1876 + crlImport nameConstraintsDN1CACRL.crl
1.1877 + certImport nameConstraintsDN1subCA3Cert
1.1878 + crlImport nameConstraintsDN1subCA3CRL.crl
1.1879 + pkitsn $certs/InvalidDNandRFC822nameConstraintsTest29EE.crt \
1.1880 + $certs/nameConstraintsDN1subCA3Cert.crt \
1.1881 + $certs/nameConstraintsDN1CACert.crt
1.1882 + restore_db
1.1883 +
1.1884 + VFY_ACTION="Valid DNS nameConstraints Test30"; log_banner
1.1885 + certImport nameConstraintsDNS1CACert
1.1886 + crlImport nameConstraintsDNS1CACRL.crl
1.1887 + pkits $certs/ValidDNSnameConstraintsTest30EE.crt \
1.1888 + $certs/nameConstraintsDNS1CACert.crt
1.1889 + restore_db
1.1890 +
1.1891 + VFY_ACTION="Invalid DNS nameConstraints Test31"; log_banner
1.1892 + certImport nameConstraintsDNS1CACert
1.1893 + crlImport nameConstraintsDNS1CACRL.crl
1.1894 + pkitsn $certs/InvalidDNSnameConstraintsTest31EE.crt \
1.1895 + $certs/nameConstraintsDNS1CACert.crt
1.1896 + restore_db
1.1897 +
1.1898 + VFY_ACTION="Valid DNS nameConstraints Test32"; log_banner
1.1899 + certImport nameConstraintsDNS2CACert
1.1900 + crlImport nameConstraintsDNS2CACRL.crl
1.1901 + pkits $certs/ValidDNSnameConstraintsTest32EE.crt \
1.1902 + $certs/nameConstraintsDNS2CACert.crt
1.1903 + restore_db
1.1904 +
1.1905 + VFY_ACTION="Invalid DNS nameConstraints Test33"; log_banner
1.1906 + certImport nameConstraintsDNS2CACert
1.1907 + crlImport nameConstraintsDNS2CACRL.crl
1.1908 + pkitsn $certs/InvalidDNSnameConstraintsTest33EE.crt \
1.1909 + $certs/nameConstraintsDNS2CACert.crt
1.1910 + restore_db
1.1911 +
1.1912 + VFY_ACTION="Valid URI nameConstraints Test34"; log_banner
1.1913 + certImport nameConstraintsURI1CACert
1.1914 + crlImport nameConstraintsURI1CACRL.crl
1.1915 + pkits $certs/ValidURInameConstraintsTest34EE.crt \
1.1916 + $certs/nameConstraintsURI1CACert.crt
1.1917 + restore_db
1.1918 +
1.1919 + VFY_ACTION="Invalid URI nameConstraints Test35"; log_banner
1.1920 + certImport nameConstraintsURI1CACert
1.1921 + crlImport nameConstraintsURI1CACRL.crl
1.1922 + pkitsn $certs/InvalidURInameConstraintsTest35EE.crt \
1.1923 + $certs/nameConstraintsURI1CACert.crt
1.1924 + restore_db
1.1925 +
1.1926 + VFY_ACTION="Valid URI nameConstraints Test36"; log_banner
1.1927 + certImport nameConstraintsURI2CACert
1.1928 + crlImport nameConstraintsURI2CACRL.crl
1.1929 + pkits $certs/ValidURInameConstraintsTest36EE.crt \
1.1930 + $certs/nameConstraintsURI2CACert.crt
1.1931 + restore_db
1.1932 +
1.1933 + VFY_ACTION="Invalid URI nameConstraints Test37"; log_banner
1.1934 + certImport nameConstraintsURI2CACert
1.1935 + crlImport nameConstraintsURI2CACRL.crl
1.1936 + pkitsn $certs/InvalidURInameConstraintsTest37EE.crt \
1.1937 + $certs/nameConstraintsURI2CACert.crt
1.1938 + restore_db
1.1939 +
1.1940 + VFY_ACTION="Invalid DNS nameConstraints Test38"; log_banner
1.1941 + certImport nameConstraintsDNS1CACert
1.1942 + crlImport nameConstraintsDNS1CACRL.crl
1.1943 + pkitsn $certs/InvalidDNSnameConstraintsTest38EE.crt \
1.1944 + $certs/nameConstraintsDNS1CACert.crt
1.1945 + restore_db
1.1946 +}
1.1947 +
1.1948 +pkits_PvtCertExtensions()
1.1949 +{
1.1950 + break_table "NIST PKITS Section 4.16: Private Certificate Extensions"
1.1951 +
1.1952 + VFY_ACTION="Valid Unknown Not Critical Certificate Extension Test1"; log_banner
1.1953 + pkits $certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
1.1954 +
1.1955 + VFY_ACTION="Invalid Unknown Critical Certificate Extension Test2"; log_banner
1.1956 + pkitsn $certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt
1.1957 +}
1.1958 +
1.1959 +############################## pkits_cleanup ###########################
1.1960 +# local shell function to finish this script (no exit since it might be
1.1961 +# sourced)
1.1962 +########################################################################
1.1963 +pkits_cleanup()
1.1964 +{
1.1965 + html "</TABLE><BR>"
1.1966 + cd ${QADIR}
1.1967 + . common/cleanup.sh
1.1968 +}
1.1969 +
1.1970 +
1.1971 +################################## main ################################
1.1972 +pkits_init
1.1973 +pkits_SignatureVerification | tee -a $PKITS_LOG
1.1974 +pkits_ValidityPeriods | tee -a $PKITS_LOG
1.1975 +pkits_NameChaining | tee -a $PKITS_LOG
1.1976 +pkits_BasicCertRevocation | tee -a $PKITS_LOG
1.1977 +pkits_PathVerificWithSelfIssuedCerts | tee -a $PKITS_LOG
1.1978 +pkits_BasicConstraints | tee -a $PKITS_LOG
1.1979 +pkits_KeyUsage | tee -a $PKITS_LOG
1.1980 +if [ -n "$NSS_PKITS_POLICIES" ]; then
1.1981 + pkits_CertificatePolicies | tee -a $PKITS_LOG
1.1982 + pkits_RequireExplicitPolicy | tee -a $PKITS_LOG
1.1983 + pkits_PolicyMappings | tee -a $PKITS_LOG
1.1984 + pkits_InhibitPolicyMapping | tee -a $PKITS_LOG
1.1985 + pkits_InhibitAnyPolicy | tee -a $PKITS_LOG
1.1986 +fi
1.1987 +pkits_NameConstraints | tee -a $PKITS_LOG
1.1988 +pkits_PvtCertExtensions | tee -a $PKITS_LOG
1.1989 +pkits_cleanup
1.1990 +
