SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteErrDetect.scr

   1 #
   2 # Test for NISCC Parasitic key bearing certs.
   3 # This version runs with stock key size limits.
   4 #
   5 globals
   6 allowUnverified = true
   7 crlNetFetchEnable = false
   8 certNetFetchEnable = false
   9 useSystemAnchors = false
  10 end
  11
  12 test = "locally generated 6K keys"
  13 cert = ssSubjCert.der
  14 root = ssRootCert.der
  15 # leaf cert has a bad public key
  16 verifyTime = 20060726000000
  17 error = CSSMERR_TP_INVALID_CERTIFICATE
  18 end
  19
  20 test = "test1, uee8k"
  21 cert = uee8k.pem
  22 cert = shintca.pem
  23 root = shroot.pem
  24 # leaf cert has a bad public key
  25 verifyTime = 20060726000000
  26 error = CSSMERR_TP_INVALID_CERTIFICATE
  27 end
  28
  29 test = "test1, uee16k.pem"
  30 cert = uee16k.pem
  31 cert = shintca.pem
  32 root = shroot.pem
  33 # leaf cert has a bad public key
  34 verifyTime = 20060726000000
  35 error = CSSMERR_TP_INVALID_CERTIFICATE
  36 end
  37
  38 test = "test2a, huge pkint8k.pem CA"
  39 cert = eepkint1.pem
  40 cert = pkint8k.pem
  41 root = shroot.pem
  42 # leaf cert OK but subsequent certs have too-large keys
  43 verifyTime = 20060726000000
  44 error = CSSMERR_TP_NOT_TRUSTED
  45 end
  46
  47 test = "test2a, bad pkint8k.pem CA, wrong root"
  48 cert = eepkint1.pem
  49 cert = pkint8k.pem
  50 root = root.pem
  51 verifyTime = 20060726000000
  52 error = CSSMERR_TP_NOT_TRUSTED
  53 end
  54
  55 test = "test2b, huge pkint16k.pem CA"
  56 cert = eepkint2.pem
  57 cert = pkint16k.pem
  58 root = shroot.pem
  59 # leaf cert OK but subsequent certs have too-large keys
  60 verifyTime = 20060726000000
  61 error = CSSMERR_TP_NOT_TRUSTED
  62 end
  63
  64 test = "test2b, bad pkint16k.pem CA, wrong root"
  65 cert = eepkint2.pem
  66 cert = pkint16k.pem
  67 root = root.pem
  68 verifyTime = 20060726000000
  69 error = CSSMERR_TP_NOT_TRUSTED
  70 end