]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/certcrl/testSubjects/smime/smime.scr
Security-57031.10.10.tar.gz
[apple/security.git] / SecurityTests / clxutils / certcrl / testSubjects / smime / smime.scr
1 #
2 # certcrl script to test certs and CRLs from S/MIME examples
3 #
4 # Examples obtained from
5 # http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-09.txt
6 #
7 # This script tests every cert and CRL from the examples package, ensuring
8 # both successful (normal) operation and a variety of error cases for
9 # every cert.
10 #
11
12 globals
13 allowUnverified = true
14 requireCrlForAll = true
15 crlNetFetchEnable = false
16 certNetFetchEnable = false
17 useSystemAnchors = false
18 end
19
20 ###################################################
21
22 test = "Carl RSA root, Alice leaf"
23 revokePolicy = crl
24 cert = AliceRSASignByCarl.cer
25 root = CarlRSASelf.cer
26 crl = CarlRSACRLEmpty.crl
27 # note none of the RSA certs have email addresses in them
28 senderEmail = "alice@somewhere.net"
29 # Cert has DigitalSignature, NonRepudiation
30 keyUsage = 0x8000
31 end
32
33 ###################################################
34
35 test = "Carl RSA root, Alice Leaf, bad key use"
36 revokePolicy = crl
37 cert = AliceRSASignByCarl.cer
38 root = CarlRSASelf.cer
39 crl = CarlRSACRLEmpty.crl
40 # this CRL revokes the root, which TP does not check
41 crl = CarlRSACRLForCarl.crl
42 senderEmail = "alice@somewhere.net"
43 keyUsage = 0x01
44 error = CSSMERR_TP_VERIFY_ACTION_FAILED
45 certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
46 end
47
48 ###################################################
49
50 test = "Carl RSA root, Alice Leaf, revoked"
51 revokePolicy = crl
52 cert = AliceRSASignByCarl.cer
53 root = CarlRSASelf.cer
54 crl = CarlRSACRLForAll.crl
55 senderEmail = "alice@somewhere.net"
56 error = CSSMERR_TP_CERT_REVOKED
57 certerror = 0:CSSMERR_TP_CERT_REVOKED
58 end
59
60 ###################################################
61
62 test = "Carl RSA root, Alice Leaf, no CRL"
63 revokePolicy = crl
64 cert = AliceRSASignByCarl.cer
65 root = CarlRSASelf.cer
66 crl = CarlDSSCRLEmpty.crl
67 senderEmail = "alice@somewhere.net"
68 error = CSSMERR_APPLETP_CRL_NOT_FOUND
69 certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
70 end
71
72 ###################################################
73
74 test = "Carl RSA root, Diane leaf"
75 revokePolicy = crl
76 cert = DianeRSASignByCarl.cer
77 root = CarlRSASelf.cer
78 crl = CarlRSACRLEmpty.crl
79 # note none of the RSA certs have email addresses in them
80 senderEmail = "diane@somewhere.net"
81 # DigitalSignature NonRepudiation KeyEncipherment
82 keyUsage = 0xe000
83 end
84
85 ###################################################
86
87 test = "Carl RSA root, Diane leaf, bad key use"
88 revokePolicy = crl
89 cert = DianeRSASignByCarl.cer
90 root = CarlRSASelf.cer
91 crl = CarlRSACRLEmpty.crl
92 senderEmail = "diane@somewhere.net"
93 keyUsage = 0xf000
94 error = CSSMERR_TP_VERIFY_ACTION_FAILED
95 certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
96 end
97
98 ###################################################
99
100 test = "Carl RSA root, Diane leaf, revoked"
101 revokePolicy = crl
102 cert = DianeRSASignByCarl.cer
103 root = CarlRSASelf.cer
104 crl = CarlRSACRLForAll.crl
105 senderEmail = "diane@somewhere.net"
106 error = CSSMERR_TP_CERT_REVOKED
107 certerror = 0:CSSMERR_TP_CERT_REVOKED
108 end
109
110 ###################################################
111
112 test = "Carl RSA root, Diane leaf, no CRL"
113 revokePolicy = crl
114 cert = DianeRSASignByCarl.cer
115 root = CarlRSASelf.cer
116 crl = CarlDSSCRLEmpty.crl
117 senderEmail = "diane@somewhere.net"
118 error = CSSMERR_APPLETP_CRL_NOT_FOUND
119 certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
120 end
121
122 ###################################################
123
124 test = "Carl DSA root, Alice Leaf, full DSA params"
125 revokePolicy = crl
126 cert = AliceDSSSignByCarlNoInherit.cer
127 root = CarlDSSSelf.cer
128 crl = CarlDSSCRLEmpty.crl
129 senderEmail = aliceDss@examples.com
130 # Cert has DigitalSignature, NonRepudiation
131 keyUsage = 0x8000
132 end
133
134 ###################################################
135
136 test = "Carl DSA root, Alice Leaf, full DSA params, revoked"
137 revokePolicy = crl
138 cert = AliceDSSSignByCarlNoInherit.cer
139 root = CarlDSSSelf.cer
140 crl = CarlDSSCRLForAll.crl
141 senderEmail = aliceDss@examples.com
142 keyUsage = 0x8000
143 error = CSSMERR_TP_CERT_REVOKED
144 certerror = 0:CSSMERR_TP_CERT_REVOKED
145 end
146
147 ###################################################
148
149 test = "Carl DSA root, Alice Leaf, bad email address"
150 revokePolicy = crl
151 cert = AliceDSSSignByCarlNoInherit.cer
152 root = CarlDSSSelf.cer
153 crl = CarlDSSCRLEmpty.crl
154 senderEmail = bob@examples.com
155 keyUsage = 0x8000
156 error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
157 certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
158 end
159
160 ###################################################
161
162 test = "Carl DSA root, Bob DH Leaf"
163 revokePolicy = crl
164 cert = BobDHEncryptByCarl.cer
165 root = CarlDSSSelf.cer
166 crl = CarlDSSCRLEmpty.crl
167 senderEmail = bobDh@examples.com
168 # cert has KeyAgreement (only)
169 keyUsage = 0x900
170 end
171
172 ###################################################
173
174 test = "Carl DSA root, Bob DH Leaf, bad KeyUsage"
175 revokePolicy = crl
176 cert = BobDHEncryptByCarl.cer
177 root = CarlDSSSelf.cer
178 crl = CarlDSSCRLEmpty.crl
179 senderEmail = bobDh@examples.com
180 # cert has KeyAgreement (only)
181 keyUsage = 0x4000
182 error = CSSMERR_TP_VERIFY_ACTION_FAILED
183 certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
184 end
185
186 ###################################################
187
188 test = "Carl DSA root, Bob DH Leaf, no CRL"
189 revokePolicy = crl
190 cert = BobDHEncryptByCarl.cer
191 root = CarlDSSSelf.cer
192 crl = CarlRSACRLForAll.crl
193 senderEmail = bobDh@examples.com
194 keyUsage = 0x900
195 error = CSSMERR_APPLETP_CRL_NOT_FOUND
196 certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
197 end
198
199 ###################################################
200
201 test = "Carl DSA root, Bob DH Leaf, Revoked"
202 revokePolicy = crl
203 cert = BobDHEncryptByCarl.cer
204 root = CarlDSSSelf.cer
205 crl = CarlDSSCRLForAll.crl
206 senderEmail = bobDh@examples.com
207 keyUsage = 0x900
208 error = CSSMERR_TP_CERT_REVOKED
209 certerror = 0:CSSMERR_TP_CERT_REVOKED
210 end
211
212 ###################################################
213
214 test = "Carl DSA root, Erica DH Leaf"
215 revokePolicy = crl
216 cert = EricaDHEncryptByCarl.cer
217 root = CarlDSSSelf.cer
218 crl = CarlDSSCRLEmpty.crl
219 senderEmail = ericaDh@examples.com
220 # cert has KeyAgreement (only)
221 keyUsage = 0x900
222 end
223
224 ###################################################
225
226 test = "Carl DSA root, Erica DH Leaf, bad KeyUsage"
227 revokePolicy = crl
228 cert = EricaDHEncryptByCarl.cer
229 root = CarlDSSSelf.cer
230 crl = CarlDSSCRLEmpty.crl
231 senderEmail = ericaDh@examples.com
232 # cert has KeyAgreement (only)
233 keyUsage = 0x4000
234 error = CSSMERR_TP_VERIFY_ACTION_FAILED
235 certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
236 end
237
238 ###################################################
239
240 test = "Carl DSA root, Erica DH Leaf, no CRL"
241 revokePolicy = crl
242 cert = EricaDHEncryptByCarl.cer
243 root = CarlDSSSelf.cer
244 crl = CarlRSACRLForAll.crl
245 senderEmail = ericaDh@examples.com
246 keyUsage = 0x900
247 error = CSSMERR_APPLETP_CRL_NOT_FOUND
248 certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
249 end
250
251 ###################################################
252
253 test = "Carl DSA root, Erica DH Leaf, Revoked"
254 revokePolicy = crl
255 cert = EricaDHEncryptByCarl.cer
256 root = CarlDSSSelf.cer
257 crl = CarlDSSCRLForAll.crl
258 senderEmail = ericaDh@examples.com
259 keyUsage = 0x900
260 error = CSSMERR_TP_CERT_REVOKED
261 certerror = 0:CSSMERR_TP_CERT_REVOKED
262 end
263
264 ###################################################
265
266 test = "Carl RSA root, Bob leaf"
267 revokePolicy = crl
268 cert = BobRSASignByCarl.cer
269 root = CarlRSASelf.cer
270 crl = CarlRSACRLEmpty.crl
271 # note none of the RSA certs have email addresses in them
272 senderEmail = "bob@somewhere.net"
273 # Cert has KeyEncipherment
274 keyUsage = 0x2000
275 end
276
277 ###################################################
278
279 test = "Carl RSA root, Bob Leaf, bad key use"
280 revokePolicy = crl
281 cert = BobRSASignByCarl.cer
282 root = CarlRSASelf.cer
283 crl = CarlRSACRLEmpty.crl
284 senderEmail = "bob@somewhere.net"
285 keyUsage = 0x01
286 error = CSSMERR_TP_VERIFY_ACTION_FAILED
287 certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
288 end
289
290 ###################################################
291
292 test = "Carl RSA root, Bob Leaf, revoked"
293 revokePolicy = crl
294 cert = BobRSASignByCarl.cer
295 root = CarlRSASelf.cer
296 crl = CarlRSACRLForAll.crl
297 senderEmail = "bob@somewhere.net"
298 error = CSSMERR_TP_CERT_REVOKED
299 certerror = 0:CSSMERR_TP_CERT_REVOKED
300 end
301
302 ###################################################
303
304 test = "Carl RSA root, Bob Leaf, no CRL"
305 revokePolicy = crl
306 cert = BobRSASignByCarl.cer
307 root = CarlRSASelf.cer
308 crl = CarlDSSCRLEmpty.crl
309 senderEmail = "bob@somewhere.net"
310 error = CSSMERR_APPLETP_CRL_NOT_FOUND
311 certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
312 end
313
314 ###################################################
315
316 test = "Carl DSA root, Diane DH Leaf"
317 revokePolicy = crl
318 cert = DianeDHEncryptByCarl.cer
319 root = CarlDSSSelf.cer
320 crl = CarlDSSCRLEmpty.crl
321 senderEmail = dianeDh@examples.com
322 # cert has KeyAgreement (only)
323 keyUsage = 0x900
324 end
325
326 ###################################################
327
328 test = "Carl DSA root, Diane DH Leaf, bad KeyUsage"
329 revokePolicy = crl
330 cert = DianeDHEncryptByCarl.cer
331 root = CarlDSSSelf.cer
332 crl = CarlDSSCRLEmpty.crl
333 senderEmail = dianeDh@examples.com
334 # cert has KeyAgreement (only)
335 keyUsage = 0x4000
336 error = CSSMERR_TP_VERIFY_ACTION_FAILED
337 certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
338 end
339
340 ###################################################
341
342 test = "Carl DSA root, Diane DH Leaf, no CRL"
343 revokePolicy = crl
344 cert = DianeDHEncryptByCarl.cer
345 root = CarlDSSSelf.cer
346 crl = CarlRSACRLForAll.crl
347 senderEmail = dianeDh@examples.com
348 keyUsage = 0x900
349 error = CSSMERR_APPLETP_CRL_NOT_FOUND
350 certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND
351 end
352
353 ###################################################
354
355 test = "Carl DSA root, Diane DH Leaf, Revoked"
356 revokePolicy = crl
357 cert = DianeDHEncryptByCarl.cer
358 root = CarlDSSSelf.cer
359 crl = CarlDSSCRLForAll.crl
360 senderEmail = dianeDh@examples.com
361 keyUsage = 0x900
362 error = CSSMERR_TP_CERT_REVOKED
363 certerror = 0:CSSMERR_TP_CERT_REVOKED
364 end
365
366 ###################################################
367
368 test = "Carl RSA root, Diane DH Leaf, no root"
369 revokePolicy = crl
370 cert = DianeDHEncryptByCarl.cer
371 root = CarlRSASelf.cer
372 crl = CarlDSSCRLEmpty.crl
373 senderEmail = dianeDh@examples.com
374 keyUsage = 0x900
375 error = CSSMERR_TP_NOT_TRUSTED
376 certerror = 0:CSSMERR_APPLETP_CRL_NOT_TRUSTED
377 end
378
379 ###################################################
380
381 test = "Carl DSA root, Diane Leaf, partial DSA params"
382 revokePolicy = crl
383 cert = DianeDSSSignByCarlInherit.cer
384 root = CarlDSSSelf.cer
385 crl = CarlDSSCRLEmpty.crl
386 # this CRL revokes the root, which TP does not check
387 crl = CarlDSSCRLForCarl.crl
388 senderEmail = dianeDss@examples.com
389 # Cert has DigitalSignature, NonRepudiation
390 keyUsage = 0x8000
391 end
392
393 ###################################################
394
395 test = "Carl DSA root, Diane Leaf, partial DSA params, revoked"
396 revokePolicy = crl
397 cert = DianeDSSSignByCarlInherit.cer
398 root = CarlDSSSelf.cer
399 crl = CarlDSSCRLForAll.crl
400 senderEmail = dianeDss@examples.com
401 # cert has DigitalSignature NonRepudiation
402 keyUsage = 0x8000
403 error = CSSMERR_TP_CERT_REVOKED
404 certerror = 0:CSSMERR_TP_CERT_REVOKED
405 end
406
407 ###################################################
408
409 test = "Carl DSA root, Diane Leaf, partial DSA params, bad key use"
410 revokePolicy = crl
411 cert = DianeDSSSignByCarlInherit.cer
412 root = CarlDSSSelf.cer
413 crl = CarlDSSCRLForAll.crl
414 senderEmail = dianeDss@examples.com
415 # cert has DigitalSignature NonRepudiation
416 keyUsage = 0x01
417 error = CSSMERR_TP_VERIFY_ACTION_FAILED
418 certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE
419 end
420
421 ###################################################
422
423 test = "Carl DSA root, Diane Leaf, partial DSA params, bad email address"
424 revokePolicy = crl
425 cert = DianeDSSSignByCarlInherit.cer
426 root = CarlDSSSelf.cer
427 crl = CarlDSSCRLForAll.crl
428 senderEmail = bobDss@examples.com
429 # cert has DigitalSignature NonRepudiation
430 keyUsage = 0x8000
431 error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
432 certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND
433 end
434
435
436