SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/AppleCodeSigning.scr

   1 #
   2 # Test Software Update Apple Code Signing cert verification policy.
   3 # This used to be called the Code Signing POlicy; it was renamed on 8/15/06.
   4 #
   5 # The keychain CodeSignTest.keychain, in this directory, contains all the
   6 # keys and certs used to generate these test cases. Password is CodeSignTest.
   7 #
   8 globals
   9 allowUnverified = true
  10 crlNetFetchEnable = false
  11 certNetFetchEnable = false
  12 useSystemAnchors = false
  13 end
  14
  15 test = "Full Code Signing verification success"
  16 cert = csLeaf.cer
  17 cert = csCA.cer
  18 root = csRoot.cer
  19 policy = swuSign
  20 end
  21
  22 test = "DEVELOPMENT detection"
  23 cert = csDevLeaf.cer
  24 cert = csCA.cer
  25 root = csRoot.cer
  26 policy = swuSign
  27 error = APPLETP_CODE_SIGN_DEVELOPMENT
  28 certerror = 0:APPLETP_CODE_SIGN_DEVELOPMENT
  29 end
  30
  31 test = "No ExtendedKeyUsage in Leaf"
  32 cert = csLeafNoEKU.cer
  33 cert = csCA.cer
  34 root = csRoot.cer
  35 policy = swuSign
  36 error = APPLETP_CS_NO_EXTENDED_KEY_USAGE
  37 certerror = 0:APPLETP_CS_NO_EXTENDED_KEY_USAGE
  38 end
  39
  40 test = "Bad ExtendedKeyUsage in Leaf"
  41 cert = csLeafBadEKU.cer
  42 cert = csCA.cer
  43 root = csRoot.cer
  44 policy = swuSign
  45 error = APPLETP_INVALID_EXTENDED_KEY_USAGE
  46 certerror = 0:APPLETP_INVALID_EXTENDED_KEY_USAGE
  47 end
  48
  49 test = "No ExtendedKeyUsage in Intermediate"
  50 cert = csLeafNoEKUinInt.cer
  51 cert = csCaNoEKU.cer
  52 root = csRoot.cer
  53 policy = swuSign
  54 error = APPLETP_CS_NO_EXTENDED_KEY_USAGE
  55 certerror = 1:APPLETP_CS_NO_EXTENDED_KEY_USAGE
  56 end
  57
  58 test = "Bad ExtendedKeyUsage in Intermediate"
  59 cert = csLeafBadEKUinInt.cer
  60 cert = csCaBadEKU.cer
  61 root = csRoot.cer
  62 policy = swuSign
  63 error = APPLETP_INVALID_EXTENDED_KEY_USAGE
  64 certerror = 1:APPLETP_INVALID_EXTENDED_KEY_USAGE
  65 end
  66
  67 test = "No BC in Intermediate"
  68 cert = csLeafNoBcInInt.cer
  69 cert = csCaNoBC.cer
  70 root = csRoot.cer
  71 policy = swuSign
  72 error = CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS
  73 certerror = 1:CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS
  74 end
  75
  76 test = "Short Path"
  77 cert = csLeafShortPath.cer
  78 root = csRoot.cer
  79 policy = swuSign
  80 error = CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH
  81 end
  82
  83