[apple/security.git] / SecurityTests / clxutils / certcrl / testSubjects / expiredAppleCA / expiredCA.scr

#
# test handling of expired Apple development CA certs, Radar 3622125.
#

globals
allowUnverified = true
crlNetFetchEnable = false
certNetFetchEnable = false
useSystemAnchors = false
end

#
# Original Dev CA expires Sep 7, 2007
# New Dev CA expires Dec 31, 2008
# leaf cert expires Oct 13, 2006
#
# After initial sanity checks, we evaluate at a time after the 
# original CA expired and before the new CA expires; we assume
# that the leaf is expired in all cases.
#

test = "Old CA before it expires, expired leaf"
cert = dmitchtread.cer
cert = OriginalDevCAIntermediate.pem
root = AppleDevRoot.pem
verifyTime = 20061201000000
error = CSSMERR_TP_CERT_EXPIRED
# leaf expired
# IS_IN_INPUT_CERTS | EXPIRED
certstatus = 0:0x05
# IS_IN_INPUT_CERTS
certstatus = 1:0x04
# IS_IN_ANCHORS  IS_ROOT
certstatus = 2:0x18
end

test = "New CA before it expires, expired leaf"
cert = dmitchtread.cer
cert = NewDevCAIntermdiate.pem
root = AppleDevRoot.pem
verifyTime = 20061201000000
error = CSSMERR_TP_CERT_EXPIRED
# leaf expired
# IS_IN_INPUT_CERTS | EXPIRED
certstatus = 0:0x05
# Verify IS_IN_INPUT_CERTS
certstatus = 1:0x04
# IS_IN_ANCHORS  IS_ROOT
certstatus = 2:0x18
end

test = "Old CA after it expires, expired leaf"
cert = dmitchtread.cer
cert = OriginalDevCAIntermediate.pem
root = AppleDevRoot.pem
verifyTime = 20071201000000
error = CSSMERR_TP_CERT_EXPIRED
# leaf expired
# IS_IN_INPUT_CERTS | EXPIRED
certstatus = 0:0x05
# IS_IN_INPUT_CERTS | EXPIRED
certstatus = 1:0x05
# IS_IN_ANCHORS  IS_ROOT
certstatus = 2:0x18
end

test = "Old CA and new CA in input certs"
cert = dmitchtread.cer
cert = OriginalDevCAIntermediate.pem
cert = NewDevCAIntermdiate.pem
root = AppleDevRoot.pem
verifyTime = 20071201000000
error = CSSMERR_TP_CERT_EXPIRED
# leaf expired
# IS_IN_INPUT_CERTS | EXPIRED
certstatus = 0:0x05
# IS_IN_INPUT_CERTS, !EXPIRED
certstatus = 1:0x04
# IS_IN_ANCHORS  IS_ROOT
certstatus = 2:0x18
end

test = "Old CA input certs, both CAs in DlDb"
cert = dmitchtread.cer
cert = OriginalDevCAIntermediate.pem
root = AppleDevRoot.pem
certDb = appleDevCAs.keychain
verifyTime = 20071201000000
error = CSSMERR_TP_CERT_EXPIRED
# leaf expired
# IS_IN_INPUT_CERTS | EXPIRED
certstatus = 0:0x05
# Verify !IS_IN_INPUT_CERTS, !EXPIRED
certstatus = 1:0x0
# IS_IN_ANCHORS  IS_ROOT
certstatus = 2:0x18
end

test = "No CA input certs, both CAs in DlDb"
cert = dmitchtread.cer
root = AppleDevRoot.pem
certDb = appleDevCAs.keychain
verifyTime = 20071201000000
error = CSSMERR_TP_CERT_EXPIRED
# leaf expired
# IS_IN_INPUT_CERTS | EXPIRED
certstatus = 0:0x05
# !IS_IN_INPUT_CERTS, !EXPIRED
certstatus = 1:0x0
# IS_IN_ANCHORS  IS_ROOT
certstatus = 2:0x18
end
Commit	Line	Data
d8f41ccd A	1	#
	2	# test handling of expired Apple development CA certs, Radar 3622125.
	3	#
	4
	5	globals
	6	allowUnverified = true
	7	crlNetFetchEnable = false
	8	certNetFetchEnable = false
	9	useSystemAnchors = false
	10	end
	11
	12	#
	13	# Original Dev CA expires Sep 7, 2007
	14	# New Dev CA expires Dec 31, 2008
	15	# leaf cert expires Oct 13, 2006
	16	#
	17	# After initial sanity checks, we evaluate at a time after the
	18	# original CA expired and before the new CA expires; we assume
	19	# that the leaf is expired in all cases.
	20	#
	21
	22	test = "Old CA before it expires, expired leaf"
	23	cert = dmitchtread.cer
	24	cert = OriginalDevCAIntermediate.pem
	25	root = AppleDevRoot.pem
	26	verifyTime = 20061201000000
	27	error = CSSMERR_TP_CERT_EXPIRED
	28	# leaf expired
	29	# IS_IN_INPUT_CERTS \| EXPIRED
	30	certstatus = 0:0x05
	31	# IS_IN_INPUT_CERTS
	32	certstatus = 1:0x04
	33	# IS_IN_ANCHORS IS_ROOT
	34	certstatus = 2:0x18
	35	end
	36
	37	test = "New CA before it expires, expired leaf"
	38	cert = dmitchtread.cer
	39	cert = NewDevCAIntermdiate.pem
	40	root = AppleDevRoot.pem
	41	verifyTime = 20061201000000
	42	error = CSSMERR_TP_CERT_EXPIRED
	43	# leaf expired
	44	# IS_IN_INPUT_CERTS \| EXPIRED
	45	certstatus = 0:0x05
	46	# Verify IS_IN_INPUT_CERTS
	47	certstatus = 1:0x04
	48	# IS_IN_ANCHORS IS_ROOT
	49	certstatus = 2:0x18
	50	end
	51
	52	test = "Old CA after it expires, expired leaf"
	53	cert = dmitchtread.cer
	54	cert = OriginalDevCAIntermediate.pem
	55	root = AppleDevRoot.pem
	56	verifyTime = 20071201000000
	57	error = CSSMERR_TP_CERT_EXPIRED
	58	# leaf expired
	59	# IS_IN_INPUT_CERTS \| EXPIRED
	60	certstatus = 0:0x05
	61	# IS_IN_INPUT_CERTS \| EXPIRED
	62	certstatus = 1:0x05
	63	# IS_IN_ANCHORS IS_ROOT
	64	certstatus = 2:0x18
65	end
66
67	test = "Old CA and new CA in input certs"
68	cert = dmitchtread.cer
69	cert = OriginalDevCAIntermediate.pem
70	cert = NewDevCAIntermdiate.pem
71	root = AppleDevRoot.pem
72	verifyTime = 20071201000000
73	error = CSSMERR_TP_CERT_EXPIRED
74	# leaf expired
75	# IS_IN_INPUT_CERTS \| EXPIRED
76	certstatus = 0:0x05
77	# IS_IN_INPUT_CERTS, !EXPIRED
78	certstatus = 1:0x04
79	# IS_IN_ANCHORS IS_ROOT
80	certstatus = 2:0x18
81	end
82
83	test = "Old CA input certs, both CAs in DlDb"
84	cert = dmitchtread.cer
85	cert = OriginalDevCAIntermediate.pem
86	root = AppleDevRoot.pem
87	certDb = appleDevCAs.keychain
88	verifyTime = 20071201000000
89	error = CSSMERR_TP_CERT_EXPIRED
90	# leaf expired
91	# IS_IN_INPUT_CERTS \| EXPIRED
92	certstatus = 0:0x05
93	# Verify !IS_IN_INPUT_CERTS, !EXPIRED
94	certstatus = 1:0x0
95	# IS_IN_ANCHORS IS_ROOT
96	certstatus = 2:0x18
97	end
98
99	test = "No CA input certs, both CAs in DlDb"
100	cert = dmitchtread.cer
101	root = AppleDevRoot.pem
102	certDb = appleDevCAs.keychain
103	verifyTime = 20071201000000
104	error = CSSMERR_TP_CERT_EXPIRED
105	# leaf expired
106	# IS_IN_INPUT_CERTS \| EXPIRED
107	certstatus = 0:0x05
108	# !IS_IN_INPUT_CERTS, !EXPIRED
109	certstatus = 1:0x0
110	# IS_IN_ANCHORS IS_ROOT
111	certstatus = 2:0x18
112	end