SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/expiredCA.scr

   1 #
   2 # test handling of expired Apple development CA certs, Radar 3622125.
   3 #
   4
   5 globals
   6 allowUnverified = true
   7 crlNetFetchEnable = false
   8 certNetFetchEnable = false
   9 useSystemAnchors = false
  10 end
  11
  12 #
  13 # Original Dev CA expires Sep 7, 2007
  14 # New Dev CA expires Dec 31, 2008
  15 # leaf cert expires Oct 13, 2006
  16 #
  17 # After initial sanity checks, we evaluate at a time after the
  18 # original CA expired and before the new CA expires; we assume
  19 # that the leaf is expired in all cases.
  20 #
  21
  22 test = "Old CA before it expires, expired leaf"
  23 cert = dmitchtread.cer
  24 cert = OriginalDevCAIntermediate.pem
  25 root = AppleDevRoot.pem
  26 verifyTime = 20061201000000
  27 error = CSSMERR_TP_CERT_EXPIRED
  28 # leaf expired
  29 # IS_IN_INPUT_CERTS | EXPIRED
  30 certstatus = 0:0x05
  31 # IS_IN_INPUT_CERTS
  32 certstatus = 1:0x04
  33 # IS_IN_ANCHORS  IS_ROOT
  34 certstatus = 2:0x18
  35 end
  36
  37 test = "New CA before it expires, expired leaf"
  38 cert = dmitchtread.cer
  39 cert = NewDevCAIntermdiate.pem
  40 root = AppleDevRoot.pem
  41 verifyTime = 20061201000000
  42 error = CSSMERR_TP_CERT_EXPIRED
  43 # leaf expired
  44 # IS_IN_INPUT_CERTS | EXPIRED
  45 certstatus = 0:0x05
  46 # Verify IS_IN_INPUT_CERTS
  47 certstatus = 1:0x04
  48 # IS_IN_ANCHORS  IS_ROOT
  49 certstatus = 2:0x18
  50 end
  51
  52 test = "Old CA after it expires, expired leaf"
  53 cert = dmitchtread.cer
  54 cert = OriginalDevCAIntermediate.pem
  55 root = AppleDevRoot.pem
  56 verifyTime = 20071201000000
  57 error = CSSMERR_TP_CERT_EXPIRED
  58 # leaf expired
  59 # IS_IN_INPUT_CERTS | EXPIRED
  60 certstatus = 0:0x05
  61 # IS_IN_INPUT_CERTS | EXPIRED
  62 certstatus = 1:0x05
  63 # IS_IN_ANCHORS  IS_ROOT
  64 certstatus = 2:0x18
  65 end
  66
  67 test = "Old CA and new CA in input certs"
  68 cert = dmitchtread.cer
  69 cert = OriginalDevCAIntermediate.pem
  70 cert = NewDevCAIntermdiate.pem
  71 root = AppleDevRoot.pem
  72 verifyTime = 20071201000000
  73 error = CSSMERR_TP_CERT_EXPIRED
  74 # leaf expired
  75 # IS_IN_INPUT_CERTS | EXPIRED
  76 certstatus = 0:0x05
  77 # IS_IN_INPUT_CERTS, !EXPIRED
  78 certstatus = 1:0x04
  79 # IS_IN_ANCHORS  IS_ROOT
  80 certstatus = 2:0x18
  81 end
  82
  83 test = "Old CA input certs, both CAs in DlDb"
  84 cert = dmitchtread.cer
  85 cert = OriginalDevCAIntermediate.pem
  86 root = AppleDevRoot.pem
  87 certDb = appleDevCAs.keychain
  88 verifyTime = 20071201000000
  89 error = CSSMERR_TP_CERT_EXPIRED
  90 # leaf expired
  91 # IS_IN_INPUT_CERTS | EXPIRED
  92 certstatus = 0:0x05
  93 # Verify !IS_IN_INPUT_CERTS, !EXPIRED
  94 certstatus = 1:0x0
  95 # IS_IN_ANCHORS  IS_ROOT
  96 certstatus = 2:0x18
  97 end
  98
  99 test = "No CA input certs, both CAs in DlDb"
 100 cert = dmitchtread.cer
 101 root = AppleDevRoot.pem
 102 certDb = appleDevCAs.keychain
 103 verifyTime = 20071201000000
 104 error = CSSMERR_TP_CERT_EXPIRED
 105 # leaf expired
 106 # IS_IN_INPUT_CERTS | EXPIRED
 107 certstatus = 0:0x05
 108 # !IS_IN_INPUT_CERTS, !EXPIRED
 109 certstatus = 1:0x0
 110 # IS_IN_ANCHORS  IS_ROOT
 111 certstatus = 2:0x18
 112 end