[apple/security.git] / SecurityTests / clxutils / certcrl / testSubjects / smime / smime.scr

#
# certcrl script to test certs and CRLs from S/MIME examples
#
# Examples obtained from 
# http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-09.txt
#
# This script tests every cert and CRL from the examples package, ensuring
# both successful (normal) operation and a variety of error cases for 
# every cert. 
#

globals
allowUnverified = true
requireCrlForAll = true
crlNetFetchEnable = false
certNetFetchEnable = false
useSystemAnchors = false
end

###################################################

test = "Carl RSA root, Alice leaf"
revokePolicy = crl
cert = AliceRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLEmpty.crl
# note none of the RSA certs have email addresses in them
senderEmail = "alice@somewhere.net"
# Cert has DigitalSignature, NonRepudiation
keyUsage = 0x8000
end

###################################################

test = "Carl RSA root, Alice Leaf, bad key use"
revokePolicy = crl
cert = AliceRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLEmpty.crl
# this CRL revokes the root, which TP does not check
crl = CarlRSACRLForCarl.crl
senderEmail = "alice@somewhere.net"
keyUsage = 0x01
error = CSSMERR_TP_VERIFY_ACTION_FAILED
certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
end

###################################################

test = "Carl RSA root, Alice Leaf, revoked"
revokePolicy = crl
cert = AliceRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLForAll.crl
senderEmail = "alice@somewhere.net"
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl RSA root, Alice Leaf, no CRL"
revokePolicy = crl
cert = AliceRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = "alice@somewhere.net"
error = CSSMERR_APPLETP_CRL_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
end

###################################################

test = "Carl RSA root, Diane leaf"
revokePolicy = crl
cert = DianeRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLEmpty.crl
# note none of the RSA certs have email addresses in them
senderEmail = "diane@somewhere.net"
# DigitalSignature NonRepudiation KeyEncipherment
keyUsage = 0xe000
end

###################################################

test = "Carl RSA root, Diane leaf, bad key use"
revokePolicy = crl
cert = DianeRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLEmpty.crl
senderEmail = "diane@somewhere.net"
keyUsage = 0xf000
error = CSSMERR_TP_VERIFY_ACTION_FAILED
certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
end

###################################################

test = "Carl RSA root, Diane leaf, revoked"
revokePolicy = crl
cert = DianeRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLForAll.crl
senderEmail = "diane@somewhere.net"
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl RSA root, Diane leaf, no CRL"
revokePolicy = crl
cert = DianeRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = "diane@somewhere.net"
error = CSSMERR_APPLETP_CRL_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
end

###################################################

test = "Carl DSA root, Alice Leaf, full DSA params"
revokePolicy = crl
cert = AliceDSSSignByCarlNoInherit.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = aliceDss@examples.com
# Cert has DigitalSignature, NonRepudiation
keyUsage = 0x8000
end

###################################################

test = "Carl DSA root, Alice Leaf, full DSA params, revoked"
revokePolicy = crl
cert = AliceDSSSignByCarlNoInherit.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLForAll.crl
senderEmail = aliceDss@examples.com
keyUsage = 0x8000
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl DSA root, Alice Leaf, bad email address"
revokePolicy = crl
cert = AliceDSSSignByCarlNoInherit.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = bob@examples.com
keyUsage = 0x8000
error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
end

###################################################

test = "Carl DSA root, Bob DH Leaf"
revokePolicy = crl
cert = BobDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = bobDh@examples.com
# cert has KeyAgreement (only)
keyUsage = 0x900
end

###################################################

test = "Carl DSA root, Bob DH Leaf, bad KeyUsage"
revokePolicy = crl
cert = BobDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = bobDh@examples.com
# cert has KeyAgreement (only)
keyUsage = 0x4000
error = CSSMERR_TP_VERIFY_ACTION_FAILED
certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
end

###################################################

test = "Carl DSA root, Bob DH Leaf, no CRL"
revokePolicy = crl
cert = BobDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlRSACRLForAll.crl
senderEmail = bobDh@examples.com
keyUsage = 0x900
error = CSSMERR_APPLETP_CRL_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
end

###################################################

test = "Carl DSA root, Bob DH Leaf, Revoked"
revokePolicy = crl
cert = BobDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLForAll.crl
senderEmail = bobDh@examples.com
keyUsage = 0x900
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl DSA root, Erica DH Leaf"
revokePolicy = crl
cert = EricaDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = ericaDh@examples.com
# cert has KeyAgreement (only)
keyUsage = 0x900
end

###################################################

test = "Carl DSA root, Erica DH Leaf, bad KeyUsage"
revokePolicy = crl
cert = EricaDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = ericaDh@examples.com
# cert has KeyAgreement (only)
keyUsage = 0x4000
error = CSSMERR_TP_VERIFY_ACTION_FAILED
certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
end

###################################################

test = "Carl DSA root, Erica DH Leaf, no CRL"
revokePolicy = crl
cert = EricaDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlRSACRLForAll.crl
senderEmail = ericaDh@examples.com
keyUsage = 0x900
error = CSSMERR_APPLETP_CRL_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
end

###################################################

test = "Carl DSA root, Erica DH Leaf, Revoked"
revokePolicy = crl
cert = EricaDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLForAll.crl
senderEmail = ericaDh@examples.com
keyUsage = 0x900
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl RSA root, Bob leaf"
revokePolicy = crl
cert = BobRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLEmpty.crl
# note none of the RSA certs have email addresses in them
senderEmail = "bob@somewhere.net"
# Cert has KeyEncipherment
keyUsage = 0x2000
end

###################################################

test = "Carl RSA root, Bob Leaf, bad key use"
revokePolicy = crl
cert = BobRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLEmpty.crl
senderEmail = "bob@somewhere.net"
keyUsage = 0x01
error = CSSMERR_TP_VERIFY_ACTION_FAILED
certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
end

###################################################

test = "Carl RSA root, Bob Leaf, revoked"
revokePolicy = crl
cert = BobRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlRSACRLForAll.crl
senderEmail = "bob@somewhere.net"
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl RSA root, Bob Leaf, no CRL"
revokePolicy = crl
cert = BobRSASignByCarl.cer
root = CarlRSASelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = "bob@somewhere.net"
error = CSSMERR_APPLETP_CRL_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
end

###################################################

test = "Carl DSA root, Diane DH Leaf"
revokePolicy = crl
cert = DianeDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = dianeDh@examples.com
# cert has KeyAgreement (only)
keyUsage = 0x900
end

###################################################

test = "Carl DSA root, Diane DH Leaf, bad KeyUsage"
revokePolicy = crl
cert = DianeDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = dianeDh@examples.com
# cert has KeyAgreement (only)
keyUsage = 0x4000
error = CSSMERR_TP_VERIFY_ACTION_FAILED
certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
end

###################################################

test = "Carl DSA root, Diane DH Leaf, no CRL"
revokePolicy = crl
cert = DianeDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlRSACRLForAll.crl
senderEmail = dianeDh@examples.com
keyUsage = 0x900
error = CSSMERR_APPLETP_CRL_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
end

###################################################

test = "Carl DSA root, Diane DH Leaf, Revoked"
revokePolicy = crl
cert = DianeDHEncryptByCarl.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLForAll.crl
senderEmail = dianeDh@examples.com
keyUsage = 0x900
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl RSA root, Diane DH Leaf, no root"
revokePolicy = crl
cert = DianeDHEncryptByCarl.cer
root = CarlRSASelf.cer
crl = CarlDSSCRLEmpty.crl
senderEmail = dianeDh@examples.com
keyUsage = 0x900
error = CSSMERR_TP_NOT_TRUSTED
certerror = 0:CSSMERR_APPLETP_CRL_NOT_TRUSTED
end

###################################################

test = "Carl DSA root, Diane Leaf, partial DSA params"
revokePolicy = crl
cert = DianeDSSSignByCarlInherit.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLEmpty.crl
# this CRL revokes the root, which TP does not check
crl = CarlDSSCRLForCarl.crl
senderEmail = dianeDss@examples.com
# Cert has DigitalSignature, NonRepudiation
keyUsage = 0x8000
end

###################################################

test = "Carl DSA root, Diane Leaf, partial DSA params, revoked"
revokePolicy = crl
cert = DianeDSSSignByCarlInherit.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLForAll.crl
senderEmail = dianeDss@examples.com
# cert has DigitalSignature NonRepudiation
keyUsage = 0x8000
error = CSSMERR_TP_CERT_REVOKED
certerror = 0:CSSMERR_TP_CERT_REVOKED
end

###################################################

test = "Carl DSA root, Diane Leaf, partial DSA params, bad key use"
revokePolicy = crl
cert = DianeDSSSignByCarlInherit.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLForAll.crl
senderEmail = dianeDss@examples.com
# cert has DigitalSignature NonRepudiation
keyUsage = 0x01
error = CSSMERR_TP_VERIFY_ACTION_FAILED
certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
end

###################################################

test = "Carl DSA root, Diane Leaf, partial DSA params, bad email address"
revokePolicy = crl
cert = DianeDSSSignByCarlInherit.cer
root = CarlDSSSelf.cer
crl = CarlDSSCRLForAll.crl
senderEmail = bobDss@examples.com
# cert has DigitalSignature NonRepudiation
keyUsage = 0x8000
error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
end
Commit	Line	Data
d8f41ccd A	1	#
	2	# certcrl script to test certs and CRLs from S/MIME examples
	3	#
	4	# Examples obtained from
	5	# http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-09.txt
	6	#
	7	# This script tests every cert and CRL from the examples package, ensuring
	8	# both successful (normal) operation and a variety of error cases for
	9	# every cert.
	10	#
	11
	12	globals
	13	allowUnverified = true
	14	requireCrlForAll = true
	15	crlNetFetchEnable = false
	16	certNetFetchEnable = false
	17	useSystemAnchors = false
	18	end
	19
	20	###################################################
	21
	22	test = "Carl RSA root, Alice leaf"
	23	revokePolicy = crl
	24	cert = AliceRSASignByCarl.cer
	25	root = CarlRSASelf.cer
	26	crl = CarlRSACRLEmpty.crl
	27	# note none of the RSA certs have email addresses in them
	28	senderEmail = "alice@somewhere.net"
	29	# Cert has DigitalSignature, NonRepudiation
	30	keyUsage = 0x8000
	31	end
	32
	33	###################################################
	34
	35	test = "Carl RSA root, Alice Leaf, bad key use"
	36	revokePolicy = crl
	37	cert = AliceRSASignByCarl.cer
	38	root = CarlRSASelf.cer
	39	crl = CarlRSACRLEmpty.crl
	40	# this CRL revokes the root, which TP does not check
	41	crl = CarlRSACRLForCarl.crl
	42	senderEmail = "alice@somewhere.net"
	43	keyUsage = 0x01
	44	error = CSSMERR_TP_VERIFY_ACTION_FAILED
	45	certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
	46	end
	47
	48	###################################################
	49
	50	test = "Carl RSA root, Alice Leaf, revoked"
	51	revokePolicy = crl
	52	cert = AliceRSASignByCarl.cer
	53	root = CarlRSASelf.cer
	54	crl = CarlRSACRLForAll.crl
	55	senderEmail = "alice@somewhere.net"
	56	error = CSSMERR_TP_CERT_REVOKED
	57	certerror = 0:CSSMERR_TP_CERT_REVOKED
	58	end
	59
	60	###################################################
	61
	62	test = "Carl RSA root, Alice Leaf, no CRL"
	63	revokePolicy = crl
	64	cert = AliceRSASignByCarl.cer
65	root = CarlRSASelf.cer
66	crl = CarlDSSCRLEmpty.crl
67	senderEmail = "alice@somewhere.net"
68	error = CSSMERR_APPLETP_CRL_NOT_FOUND
69	certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
70	end
71
72	###################################################
73
74	test = "Carl RSA root, Diane leaf"
75	revokePolicy = crl
76	cert = DianeRSASignByCarl.cer
77	root = CarlRSASelf.cer
78	crl = CarlRSACRLEmpty.crl
79	# note none of the RSA certs have email addresses in them
80	senderEmail = "diane@somewhere.net"
81	# DigitalSignature NonRepudiation KeyEncipherment
82	keyUsage = 0xe000
83	end
84
85	###################################################
86
87	test = "Carl RSA root, Diane leaf, bad key use"
88	revokePolicy = crl
89	cert = DianeRSASignByCarl.cer
90	root = CarlRSASelf.cer
91	crl = CarlRSACRLEmpty.crl
92	senderEmail = "diane@somewhere.net"
93	keyUsage = 0xf000
94	error = CSSMERR_TP_VERIFY_ACTION_FAILED
95	certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
96	end
97
98	###################################################
99
100	test = "Carl RSA root, Diane leaf, revoked"
101	revokePolicy = crl
102	cert = DianeRSASignByCarl.cer
103	root = CarlRSASelf.cer
104	crl = CarlRSACRLForAll.crl
105	senderEmail = "diane@somewhere.net"
106	error = CSSMERR_TP_CERT_REVOKED
107	certerror = 0:CSSMERR_TP_CERT_REVOKED
108	end
109
110	###################################################
111
112	test = "Carl RSA root, Diane leaf, no CRL"
113	revokePolicy = crl
114	cert = DianeRSASignByCarl.cer
115	root = CarlRSASelf.cer
116	crl = CarlDSSCRLEmpty.crl
117	senderEmail = "diane@somewhere.net"
118	error = CSSMERR_APPLETP_CRL_NOT_FOUND
119	certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
120	end
121
122	###################################################
123
124	test = "Carl DSA root, Alice Leaf, full DSA params"
125	revokePolicy = crl
126	cert = AliceDSSSignByCarlNoInherit.cer
127	root = CarlDSSSelf.cer
128	crl = CarlDSSCRLEmpty.crl
129	senderEmail = aliceDss@examples.com
130	# Cert has DigitalSignature, NonRepudiation
131	keyUsage = 0x8000
132	end
133
134	###################################################
135
136	test = "Carl DSA root, Alice Leaf, full DSA params, revoked"
137	revokePolicy = crl
138	cert = AliceDSSSignByCarlNoInherit.cer
139	root = CarlDSSSelf.cer
140	crl = CarlDSSCRLForAll.crl
141	senderEmail = aliceDss@examples.com
142	keyUsage = 0x8000
143	error = CSSMERR_TP_CERT_REVOKED
144	certerror = 0:CSSMERR_TP_CERT_REVOKED
145	end
146
147	###################################################
148
149	test = "Carl DSA root, Alice Leaf, bad email address"
150	revokePolicy = crl
151	cert = AliceDSSSignByCarlNoInherit.cer
152	root = CarlDSSSelf.cer
153	crl = CarlDSSCRLEmpty.crl
154	senderEmail = bob@examples.com
155	keyUsage = 0x8000
156	error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
157	certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
158	end
159
160	###################################################
161
162	test = "Carl DSA root, Bob DH Leaf"
163	revokePolicy = crl
164	cert = BobDHEncryptByCarl.cer
165	root = CarlDSSSelf.cer
166	crl = CarlDSSCRLEmpty.crl
167	senderEmail = bobDh@examples.com
168	# cert has KeyAgreement (only)
169	keyUsage = 0x900
170	end
171
172	###################################################
173
174	test = "Carl DSA root, Bob DH Leaf, bad KeyUsage"
175	revokePolicy = crl
176	cert = BobDHEncryptByCarl.cer
177	root = CarlDSSSelf.cer
178	crl = CarlDSSCRLEmpty.crl
179	senderEmail = bobDh@examples.com
180	# cert has KeyAgreement (only)
181	keyUsage = 0x4000
182	error = CSSMERR_TP_VERIFY_ACTION_FAILED
183	certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
184	end
185
186	###################################################
187
188	test = "Carl DSA root, Bob DH Leaf, no CRL"
189	revokePolicy = crl
190	cert = BobDHEncryptByCarl.cer
191	root = CarlDSSSelf.cer
192	crl = CarlRSACRLForAll.crl
193	senderEmail = bobDh@examples.com
194	keyUsage = 0x900
195	error = CSSMERR_APPLETP_CRL_NOT_FOUND
196	certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
197	end
198
199	###################################################
200
201	test = "Carl DSA root, Bob DH Leaf, Revoked"
202	revokePolicy = crl
203	cert = BobDHEncryptByCarl.cer
204	root = CarlDSSSelf.cer
205	crl = CarlDSSCRLForAll.crl
206	senderEmail = bobDh@examples.com
207	keyUsage = 0x900
208	error = CSSMERR_TP_CERT_REVOKED
209	certerror = 0:CSSMERR_TP_CERT_REVOKED
210	end
211
212	###################################################
213
214	test = "Carl DSA root, Erica DH Leaf"
215	revokePolicy = crl
216	cert = EricaDHEncryptByCarl.cer
217	root = CarlDSSSelf.cer
218	crl = CarlDSSCRLEmpty.crl
219	senderEmail = ericaDh@examples.com
220	# cert has KeyAgreement (only)
221	keyUsage = 0x900
222	end
223
224	###################################################
225
226	test = "Carl DSA root, Erica DH Leaf, bad KeyUsage"
227	revokePolicy = crl
228	cert = EricaDHEncryptByCarl.cer
229	root = CarlDSSSelf.cer
230	crl = CarlDSSCRLEmpty.crl
231	senderEmail = ericaDh@examples.com
232	# cert has KeyAgreement (only)
233	keyUsage = 0x4000
234	error = CSSMERR_TP_VERIFY_ACTION_FAILED
235	certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
236	end
237
238	###################################################
239
240	test = "Carl DSA root, Erica DH Leaf, no CRL"
241	revokePolicy = crl
242	cert = EricaDHEncryptByCarl.cer
243	root = CarlDSSSelf.cer
244	crl = CarlRSACRLForAll.crl
245	senderEmail = ericaDh@examples.com
246	keyUsage = 0x900
247	error = CSSMERR_APPLETP_CRL_NOT_FOUND
248	certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
249	end
250
251	###################################################
252
253	test = "Carl DSA root, Erica DH Leaf, Revoked"
254	revokePolicy = crl
255	cert = EricaDHEncryptByCarl.cer
256	root = CarlDSSSelf.cer
257	crl = CarlDSSCRLForAll.crl
258	senderEmail = ericaDh@examples.com
259	keyUsage = 0x900
260	error = CSSMERR_TP_CERT_REVOKED
261	certerror = 0:CSSMERR_TP_CERT_REVOKED
262	end
263
264	###################################################
265
266	test = "Carl RSA root, Bob leaf"
267	revokePolicy = crl
268	cert = BobRSASignByCarl.cer
269	root = CarlRSASelf.cer
270	crl = CarlRSACRLEmpty.crl
271	# note none of the RSA certs have email addresses in them
272	senderEmail = "bob@somewhere.net"
273	# Cert has KeyEncipherment
274	keyUsage = 0x2000
275	end
276
277	###################################################
278
279	test = "Carl RSA root, Bob Leaf, bad key use"
280	revokePolicy = crl
281	cert = BobRSASignByCarl.cer
282	root = CarlRSASelf.cer
283	crl = CarlRSACRLEmpty.crl
284	senderEmail = "bob@somewhere.net"
285	keyUsage = 0x01
286	error = CSSMERR_TP_VERIFY_ACTION_FAILED
287	certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
288	end
289
290	###################################################
291
292	test = "Carl RSA root, Bob Leaf, revoked"
293	revokePolicy = crl
294	cert = BobRSASignByCarl.cer
295	root = CarlRSASelf.cer
296	crl = CarlRSACRLForAll.crl
297	senderEmail = "bob@somewhere.net"
298	error = CSSMERR_TP_CERT_REVOKED
299	certerror = 0:CSSMERR_TP_CERT_REVOKED
300	end
301
302	###################################################
303
304	test = "Carl RSA root, Bob Leaf, no CRL"
305	revokePolicy = crl
306	cert = BobRSASignByCarl.cer
307	root = CarlRSASelf.cer
308	crl = CarlDSSCRLEmpty.crl
309	senderEmail = "bob@somewhere.net"
310	error = CSSMERR_APPLETP_CRL_NOT_FOUND
311	certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
312	end
313
314	###################################################
315
316	test = "Carl DSA root, Diane DH Leaf"
317	revokePolicy = crl
318	cert = DianeDHEncryptByCarl.cer
319	root = CarlDSSSelf.cer
320	crl = CarlDSSCRLEmpty.crl
321	senderEmail = dianeDh@examples.com
322	# cert has KeyAgreement (only)
323	keyUsage = 0x900
324	end
325
326	###################################################
327
328	test = "Carl DSA root, Diane DH Leaf, bad KeyUsage"
329	revokePolicy = crl
330	cert = DianeDHEncryptByCarl.cer
331	root = CarlDSSSelf.cer
332	crl = CarlDSSCRLEmpty.crl
333	senderEmail = dianeDh@examples.com
334	# cert has KeyAgreement (only)
335	keyUsage = 0x4000
336	error = CSSMERR_TP_VERIFY_ACTION_FAILED
337	certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
338	end
339
340	###################################################
341
342	test = "Carl DSA root, Diane DH Leaf, no CRL"
343	revokePolicy = crl
344	cert = DianeDHEncryptByCarl.cer
345	root = CarlDSSSelf.cer
346	crl = CarlRSACRLForAll.crl
347	senderEmail = dianeDh@examples.com
348	keyUsage = 0x900
349	error = CSSMERR_APPLETP_CRL_NOT_FOUND
350	certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
351	end
352
353	###################################################
354
355	test = "Carl DSA root, Diane DH Leaf, Revoked"
356	revokePolicy = crl
357	cert = DianeDHEncryptByCarl.cer
358	root = CarlDSSSelf.cer
359	crl = CarlDSSCRLForAll.crl
360	senderEmail = dianeDh@examples.com
361	keyUsage = 0x900
362	error = CSSMERR_TP_CERT_REVOKED
363	certerror = 0:CSSMERR_TP_CERT_REVOKED
364	end
365
366	###################################################
367
368	test = "Carl RSA root, Diane DH Leaf, no root"
369	revokePolicy = crl
370	cert = DianeDHEncryptByCarl.cer
371	root = CarlRSASelf.cer
372	crl = CarlDSSCRLEmpty.crl
373	senderEmail = dianeDh@examples.com
374	keyUsage = 0x900
375	error = CSSMERR_TP_NOT_TRUSTED
376	certerror = 0:CSSMERR_APPLETP_CRL_NOT_TRUSTED
377	end
378
379	###################################################
380
381	test = "Carl DSA root, Diane Leaf, partial DSA params"
382	revokePolicy = crl
383	cert = DianeDSSSignByCarlInherit.cer
384	root = CarlDSSSelf.cer
385	crl = CarlDSSCRLEmpty.crl
386	# this CRL revokes the root, which TP does not check
387	crl = CarlDSSCRLForCarl.crl
388	senderEmail = dianeDss@examples.com
389	# Cert has DigitalSignature, NonRepudiation
390	keyUsage = 0x8000
391	end
392
393	###################################################
394
395	test = "Carl DSA root, Diane Leaf, partial DSA params, revoked"
396	revokePolicy = crl
397	cert = DianeDSSSignByCarlInherit.cer
398	root = CarlDSSSelf.cer
399	crl = CarlDSSCRLForAll.crl
400	senderEmail = dianeDss@examples.com
401	# cert has DigitalSignature NonRepudiation
402	keyUsage = 0x8000
403	error = CSSMERR_TP_CERT_REVOKED
404	certerror = 0:CSSMERR_TP_CERT_REVOKED
405	end
406
407	###################################################
408
409	test = "Carl DSA root, Diane Leaf, partial DSA params, bad key use"
410	revokePolicy = crl
411	cert = DianeDSSSignByCarlInherit.cer
412	root = CarlDSSSelf.cer
413	crl = CarlDSSCRLForAll.crl
414	senderEmail = dianeDss@examples.com
415	# cert has DigitalSignature NonRepudiation
416	keyUsage = 0x01
417	error = CSSMERR_TP_VERIFY_ACTION_FAILED
418	certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
419	end
420
421	###################################################
422
423	test = "Carl DSA root, Diane Leaf, partial DSA params, bad email address"
424	revokePolicy = crl
425	cert = DianeDSSSignByCarlInherit.cer
426	root = CarlDSSSelf.cer
427	crl = CarlDSSCRLForAll.crl
428	senderEmail = bobDss@examples.com
429	# cert has DigitalSignature NonRepudiation
430	keyUsage = 0x8000
431	error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
432	certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
433	end
434
435
436