SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodePkgSigning.scr

   1 #
   2 # Test Code Signing and Package Signing policies.
   3 # This used to be called the Code Signing POlicy; it was renamed on 8/15/06.
   4 #
   5 globals
   6 allowUnverified = true
   7 crlNetFetchEnable = false
   8 certNetFetchEnable = false
   9 useSystemAnchors = false
  10 end
  11
  12 ### policy = CSSMOID_APPLE_TP_CODE_SIGNING ###
  13
  14 test = "Apple Code Signing success"
  15 cert = CodeSignLeaf.cer
  16 root = CodeSignRoot.cer
  17 policy = codeSign
  18 end
  19
  20 test = "Apple Code Signing, no EKU, expect fail"
  21 cert = NoEKULeaf.cer
  22 root = CodeSignRoot.cer
  23 policy = codeSign
  24 error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE
  25 end
  26
  27 test = "Apple Code Signing, wrong EKU, expect fail"
  28 cert = BadCodeSignLeaf.cer
  29 root = CodeSignRoot.cer
  30 policy = codeSign
  31 error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE
  32 end
  33
  34 ### policy = CSSMOID_APPLE_TP_PACKAGE_SIGNING ###
  35
  36 test = "Package Signing success"
  37 cert = CodeSignLeaf.cer
  38 root = CodeSignRoot.cer
  39 policy = pkgSign
  40 end
  41
  42 test = "Package Signing, no EKU, expect fail"
  43 cert = NoEKULeaf.cer
  44 root = CodeSignRoot.cer
  45 policy = pkgSign
  46 error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE
  47 end
  48
  49 test = "Package Signing, wrong EKU, expect fail"
  50 cert = BadCodeSignLeaf.cer
  51 root = CodeSignRoot.cer
  52 policy = pkgSign
  53 error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE
  54 end