1#!/bin/bash 2# 3# This Source Code Form is subject to the terms of the Mozilla Public 4# License, v. 2.0. If a copy of the MPL was not distributed with this 5# file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7######################################################################## 8# 9# mozilla/security/nss/tests/pkits/pkits.sh 10# 11# Script to test the NIST PKITS tests 12# 13# needs to work on all Unix and Windows platforms 14# 15# tests implemented: 16# vfychain 17# 18# special NOTES 19# --------------- 20# NIST PKITS data needs to be downloaded from 21# http://csrc.nist.gov/pki/testing/x509paths.html 22# Environment variable PKITS_DATA needs to be set to the directory 23# where this data is downloaded, or test data needs to be copied under 24# the mozilla source tree in mozilla/PKITS_DATA 25######################################################################## 26 27############################## pkits_init ############################## 28# local shell function to initialize this script 29######################################################################## 30pkits_init() 31{ 32 SCRIPTNAME=pkits.sh 33 34 if [ -z "${CLEANUP}" ] ; then 35 CLEANUP="${SCRIPTNAME}" 36 fi 37 38 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then 39 cd ../common 40 . ./init.sh 41 fi 42 43 if [ -z "${PKITS_DATA}" ]; then 44 echo "${SCRIPTNAME}: PKITS data directory not defined, skipping." 45 exit 0 46 fi 47 48 if [ ! -d "${PKITS_DATA}" ]; then 49 echo "${SCRIPTNAME}: PKITS data directory ${PKITS_DATA} doesn't exist, skipping." 50 exit 0 51 fi 52 53 PKITSDIR=${HOSTDIR}/pkits 54 55 COPYDIR=${PKITSDIR}/copydir 56 57 mkdir -p ${PKITSDIR} 58 mkdir -p ${COPYDIR} 59 mkdir -p ${PKITSDIR}/html 60 61 certs=${PKITS_DATA}/certs 62 crls=${PKITS_DATA}/crls 63 64 cd ${PKITSDIR} 65 66 PKITSdb=${PKITSDIR}/PKITSdb 67 PKITSbkp=${PKITSDIR}/PKITSbkp 68 69 PKITS_LOG=${PKITSDIR}/pkits.log #getting its own logfile 70 pkits_log "Start of logfile $PKITS_LOG" 71 72 if [ ! -d "${PKITSdb}" ]; then 73 mkdir -p ${PKITSdb} 74 else 75 pkits_log "$SCRIPTNAME: WARNING - ${PKITSdb} exists" 76 fi 77 78 if [ ! -d "${PKITSbkp}" ]; then 79 mkdir -p ${PKITSbkp} 80 else 81 pkits_log "$SCRIPTNAME: WARNING - ${PKITSbkp} exists" 82 fi 83 84 echo "HOSTDIR" $HOSTDIR 85 echo "PKITSDIR" $PKITSDIR 86 echo "PKITSdb" $PKITSdb 87 echo "PKITSbkp" $PKITSbkp 88 echo "PKITS_DATA" $PKITS_DATA 89 echo "certs" $certs 90 echo "crls" $crls 91 92 echo nss > ${PKITSdb}/pw 93 ${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw 94 95 ${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \ 96 $certs/TrustAnchorRootCertificate.crt -d $PKITSdb 97 if [ -z "$NSS_NO_PKITS_CRLS" ]; then 98 ${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw 99 else 100 html "<H3>NO CRLs are being used.</H3>" 101 pkits_log "NO CRLs are being used." 102 fi 103 104 cp ${PKITSdb}/* ${PKITSbkp} 105 106 KNOWN_BUG= 107} 108 109############################### pkits_log ############################## 110# write to pkits.log file 111######################################################################## 112pkits_log() 113{ 114 echo "$SCRIPTNAME $*" 115 echo $* >> ${PKITS_LOG} 116} 117 118restore_db() 119{ 120 echo "Restore DB" 121 rm ${PKITSdb}/* 122 cp ${PKITSbkp}/* ${PKITSdb} 123} 124 125log_banner() 126{ 127 echo "" 128 echo "--------------------------------------------------------------------" 129 echo "Test case ${VFY_ACTION}" 130 echo "" 131} 132 133start_table() 134{ 135 html "<TABLE BORDER=1><TR><TH COLSPAN=3>$*</TH></TR>" 136 html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" 137 echo "" 138 echo "***************************************************************" 139 echo "$*" 140 echo "***************************************************************" 141} 142 143break_table() 144{ 145 html "</TABLE><P>" 146 start_table "$@" 147} 148 149################################ pkits ################################# 150# local shell function for positive testcases, calls vfychain, writes 151# action and options to stdout, sets variable RET and writes results to 152# the html file results 153######################################################################## 154pkits() 155{ 156 echo "vfychain -d $PKITSdb -u 4 $*" 157 ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1 158 RET=$? 159 CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt` 160 RET=`expr ${RET} + ${CNT}` 161 cat ${PKITSDIR}/cmdout.txt 162 163 if [ "$RET" -ne 0 ]; then 164 html_failed "${VFY_ACTION} ($RET) " 165 pkits_log "ERROR: ${VFY_ACTION} failed $RET" 166 else 167 html_passed "${VFY_ACTION}" 168 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET" 169 fi 170 171 return $RET 172} 173 174################################ pkitsn ################################# 175# local shell function for negative testcases, calls vfychain, writes 176# action and options to stdout, sets variable RET and writes results to 177# the html file results 178######################################################################## 179pkitsn() 180{ 181 echo "vfychain -d $PKITSdb -u 4 $*" 182 ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1 183 RET=$? 184 CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt` 185 RET=`expr ${RET} + ${CNT}` 186 cat ${PKITSDIR}/cmdout.txt 187 188 if [ "$RET" -eq 0 ]; then 189 html_failed "${VFY_ACTION} ($RET) " 190 pkits_log "ERROR: ${VFY_ACTION} failed $RET" 191 else 192 html_passed "${VFY_ACTION} ($RET) " 193 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET" 194 fi 195 return $RET 196} 197 198################################ crlImport ############################# 199# local shell function to import a CRL, calls crlutil -I -i, writes 200# action and options to stdout 201######################################################################## 202crlImport() 203{ 204 if [ -z "$NSS_NO_PKITS_CRLS" ]; then 205 echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*" 206 ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1 207 RET=$? 208 cat ${PKITSDIR}/cmdout.txt 209 210 if [ "$RET" -ne 0 ]; then 211 html_failed "${VFY_ACTION} ($RET) " 212 pkits_log "ERROR: ${VFY_ACTION} failed $RET" 213 fi 214 fi 215} 216 217################################ crlImportn ############################# 218# local shell function to import an incorrect CRL, calls crlutil -I -i, 219# writes action and options to stdout 220######################################################################## 221crlImportn() 222{ 223 RET=0 224 if [ -z "$NSS_NO_PKITS_CRLS" ]; then 225 echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*" 226 ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1 227 RET=$? 228 cat ${PKITSDIR}/cmdout.txt 229 230 if [ "$RET" -eq 0 ]; then 231 html_failed "${VFY_ACTION} ($RET) " 232 pkits_log "ERROR: ${VFY_ACTION} failed $RET" 233 else 234 html_passed "${VFY_ACTION} ($RET) " 235 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET" 236 fi 237 fi 238 return $RET 239} 240 241################################ certImport ############################# 242# local shell function to import a Cert, calls certutil -A, writes 243# action and options to stdout 244######################################################################## 245certImport() 246{ 247 echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt" 248 ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1 249 RET=$? 250 cat ${PKITSDIR}/cmdout.txt 251 252 if [ "$RET" -ne 0 ]; then 253 html_failed "${VFY_ACTION} ($RET) " 254 pkits_log "ERROR: ${VFY_ACTION} failed $RET" 255 fi 256} 257 258################################ certImportn ############################# 259# local shell function to import an incorrect Cert, calls certutil -A, 260# writes action and options to stdout 261######################################################################## 262certImportn() 263{ 264 RET=0 265 if [ -z "$NSS_NO_PKITS_CRLS" ]; then 266 echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt" 267 ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1 268 RET=$? 269 cat ${PKITSDIR}/cmdout.txt 270 271 if [ "$RET" -eq 0 ]; then 272 html_failed "${VFY_ACTION} ($RET) " 273 pkits_log "ERROR: ${VFY_ACTION} failed $RET" 274 else 275 html_passed "${VFY_ACTION} ($RET) " 276 pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET" 277 fi 278 fi 279} 280 281############################## pkits_tests_bySection ################### 282# running the various PKITS tests 283######################################################################## 284pkits_SignatureVerification() 285{ 286 start_table "NIST PKITS Section 4.1: Signature Verification" 287 288 VFY_ACTION="Valid Signatures Test1"; log_banner 289 certImport GoodCACert 290 crlImport GoodCACRL.crl 291 pkits $certs/ValidCertificatePathTest1EE.crt $certs/GoodCACert.crt 292 restore_db 293 294 VFY_ACTION="Invalid CA Signature Test2"; log_banner 295 certImport BadSignedCACert 296 crlImport BadSignedCACRL.crl 297 pkitsn $certs/InvalidCASignatureTest2EE.crt \ 298 $certs/BadSignedCACert.crt 299 restore_db 300 301 VFY_ACTION="Invalid EE Signature Test3"; log_banner 302 certImport GoodCACert 303 crlImport GoodCACRL.crl 304 pkitsn $certs/InvalidEESignatureTest3EE.crt $certs/GoodCACert.crt 305 restore_db 306 307 VFY_ACTION="Valid DSA Signatures Test4"; log_banner 308 certImport DSACACert 309 crlImport DSACACRL.crl 310 pkits $certs/ValidDSASignaturesTest4EE.crt $certs/DSACACert.crt 311 restore_db 312 313 # NSS doesn't support DSA parameter inheritance anymore (see bug 671097) 314 # VFY_ACTION="Valid DSA Parameter Inheritance Test5"; log_banner 315 # certImport DSACACert 316 # crlImport DSACACRL.crl 317 # certImport DSAParametersInheritedCACert 318 # crlImport DSAParametersInheritedCACRL.crl 319 # pkits $certs/ValidDSAParameterInheritanceTest5EE.crt \ 320 # $certs/DSAParametersInheritedCACert.crt \ 321 # $certs/DSACACert.crt 322 # restore_db 323 324 VFY_ACTION="Invalid DSA Signature Test6"; log_banner 325 certImport DSACACert 326 crlImport DSACACRL.crl 327 pkitsn $certs/InvalidDSASignatureTest6EE.crt $certs/DSACACert.crt 328 restore_db 329} 330 331pkits_ValidityPeriods() 332{ 333 break_table "NIST PKITS Section 4.2: Validity Periods" 334 335 VFY_ACTION="Invalid CA notBefore Date Test1"; log_banner 336 certImport BadnotBeforeDateCACert 337 crlImportn BadnotBeforeDateCACRL.crl 338 if [ $RET -eq 0 ] ; then 339 pkitsn $certs/InvalidCAnotBeforeDateTest1EE.crt \ 340 $certs/BadnotBeforeDateCACert.crt 341 fi 342 restore_db 343 344 VFY_ACTION="Invalid EE notBefore Date Test2"; log_banner 345 certImport GoodCACert 346 crlImport GoodCACRL.crl 347 pkitsn $certs/InvalidEEnotBeforeDateTest2EE.crt \ 348 $certs/GoodCACert.crt 349 restore_db 350 351 VFY_ACTION="Valid pre2000 UTC notBefore Date Test3"; log_banner 352 certImport GoodCACert 353 crlImport GoodCACRL.crl 354 pkits $certs/Validpre2000UTCnotBeforeDateTest3EE.crt \ 355 $certs/GoodCACert.crt 356 restore_db 357 358 VFY_ACTION="Valid GeneralizedTime notBefore Date Test4"; log_banner 359 certImport GoodCACert 360 crlImport GoodCACRL.crl 361 pkits $certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt \ 362 $certs/GoodCACert.crt 363 restore_db 364 365 VFY_ACTION="Invalid CA notAfter Date Test5"; log_banner 366 certImport BadnotAfterDateCACert 367 crlImportn BadnotAfterDateCACRL.crl 368 if [ $RET -eq 0 ] ; then 369 pkitsn $certs/InvalidCAnotAfterDateTest5EE.crt \ 370 $certs/BadnotAfterDateCACert.crt 371 fi 372 restore_db 373 374 VFY_ACTION="Invalid EE notAfter Date Test6"; log_banner 375 certImport GoodCACert 376 crlImport GoodCACRL.crl 377 pkitsn $certs/InvalidEEnotAfterDateTest6EE.crt \ 378 $certs/GoodCACert.crt 379 restore_db 380 381 VFY_ACTION="Invalid pre2000 UTC EE notAfter Date Test7"; log_banner 382 certImport GoodCACert 383 crlImport GoodCACRL.crl 384 pkitsn $certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt \ 385 $certs/GoodCACert.crt 386 restore_db 387 388 VFY_ACTION="ValidGeneralizedTime notAfter Date Test8"; log_banner 389 certImport GoodCACert 390 crlImport GoodCACRL.crl 391 pkits $certs/ValidGeneralizedTimenotAfterDateTest8EE.crt \ 392 $certs/GoodCACert.crt 393 restore_db 394} 395 396pkits_NameChaining() 397{ 398 break_table "NIST PKITS Section 4.3: Verifying NameChaining" 399 400 VFY_ACTION="Invalid Name Chaining EE Test1"; log_banner 401 certImport GoodCACert 402 crlImport GoodCACRL.crl 403 pkitsn $certs/InvalidNameChainingTest1EE.crt \ 404 $certs/GoodCACert.crt 405 restore_db 406 407 VFY_ACTION="Invalid Name Chaining Order Test2"; log_banner 408 certImport NameOrderingCACert 409 crlImport NameOrderCACRL.crl 410 pkitsn $certs/InvalidNameChainingOrderTest2EE.crt \ 411 $certs/NameOrderingCACert.crt 412 restore_db 413 414### bug 216123 ### 415if [ -n "${KNOWN_BUG}" ]; then 416 VFY_ACTION="Valid Name Chaining Whitespace Test3"; log_banner 417 certImport GoodCACert 418 crlImport GoodCACRL.crl 419 pkits $certs/ValidNameChainingWhitespaceTest3EE.crt \ 420 $certs/GoodCACert.crt 421 restore_db 422 423 VFY_ACTION="Valid Name Chaining Whitespace Test4"; log_banner 424 certImport GoodCACert 425 crlImport GoodCACRL.crl 426 pkits $certs/ValidNameChainingWhitespaceTest4EE.crt \ 427 $certs/GoodCACert.crt 428 restore_db 429 430 VFY_ACTION="Valid Name Chaining Capitalization Test5"; log_banner 431 certImport GoodCACert 432 crlImport GoodCACRL.crl 433 pkits $certs/ValidNameChainingCapitalizationTest5EE.crt \ 434 $certs/GoodCACert.crt 435 restore_db 436fi 437 438 VFY_ACTION="Valid Name Chaining UIDs Test6"; log_banner 439 certImport UIDCACert 440 crlImport UIDCACRL.crl 441 pkits $certs/ValidNameUIDsTest6EE.crt $certs/UIDCACert.crt 442 restore_db 443 444 VFY_ACTION="Valid RFC3280 Mandatory Attribute Types Test7"; log_banner 445 certImport RFC3280MandatoryAttributeTypesCACert 446 crlImport RFC3280MandatoryAttributeTypesCACRL.crl 447 pkits $certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt \ 448 $certs/RFC3280MandatoryAttributeTypesCACert.crt 449 restore_db 450 451 VFY_ACTION="Valid RFC3280 Optional Attribute Types Test8"; log_banner 452 certImport RFC3280OptionalAttributeTypesCACert 453 crlImport RFC3280OptionalAttributeTypesCACRL.crl 454 pkits $certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt \ 455 $certs/RFC3280OptionalAttributeTypesCACert.crt 456 restore_db 457 458 VFY_ACTION="Valid UTF8String Encoded Names Test9"; log_banner 459 certImport UTF8StringEncodedNamesCACert 460 crlImport UTF8StringEncodedNamesCACRL.crl 461 pkits $certs/ValidUTF8StringEncodedNamesTest9EE.crt \ 462 $certs/UTF8StringEncodedNamesCACert.crt 463 restore_db 464 465### bug 216123 ### 466if [ -n "${KNOWN_BUG}" ]; then 467 VFY_ACTION="Valid Rollover from PrintableString to UTF8String Test10"; log_banner 468 certImport RolloverfromPrintableStringtoUTF8StringCACert 469 crlImport RolloverfromPrintableStringtoUTF8StringCACRL.crl 470 pkits $certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt \ 471 $certs/RolloverfromPrintableStringtoUTF8StringCACert.crt 472 restore_db 473 474 VFY_ACTION="Valid UTF8String case Insensitive Match Test11"; log_banner 475 certImport UTF8StringCaseInsensitiveMatchCACert 476 crlImport UTF8StringCaseInsensitiveMatchCACRL.crl 477 pkits $certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt \ 478 $certs/UTF8StringCaseInsensitiveMatchCACert.crt 479 restore_db 480fi 481} 482 483pkits_BasicCertRevocation() 484{ 485 break_table "NIST PKITS Section 4.4: Basic Certificate Revocation Tests" 486 487### bug 414556 ### 488if [ -n "${KNOWN_BUG}" ]; then 489 VFY_ACTION="Missing CRL Test1"; log_banner 490 pkitsn $certs/InvalidMissingCRLTest1EE.crt \ 491 $certs/NoCRLCACert.crt 492fi 493 494 VFY_ACTION="Invalid Revoked CA Test2"; log_banner 495 certImport RevokedsubCACert 496 crlImport RevokedsubCACRL.crl 497 certImport GoodCACert 498 crlImport GoodCACRL.crl 499 pkitsn $certs/InvalidRevokedCATest2EE.crt \ 500 $certs/RevokedsubCACert.crt $certs/GoodCACert.crt 501 restore_db 502 503 VFY_ACTION="Invalid Revoked EE Test3"; log_banner 504 certImport GoodCACert 505 crlImport GoodCACRL.crl 506 pkitsn $certs/InvalidRevokedEETest3EE.crt \ 507 $certs/GoodCACert.crt 508 restore_db 509 510 VFY_ACTION="Invalid Bad CRL Signature Test4"; log_banner 511 certImport BadCRLSignatureCACert 512 crlImportn BadCRLSignatureCACRL.crl 513 if [ $RET -eq 0 ] ; then 514 pkitsn $certs/InvalidBadCRLSignatureTest4EE.crt \ 515 $certs/BadCRLSignatureCACert.crt 516 fi 517 restore_db 518 519 VFY_ACTION="Invalid Bad CRL Issuer Name Test5"; log_banner 520 certImport BadCRLIssuerNameCACert 521 crlImportn BadCRLIssuerNameCACRL.crl 522 if [ $RET -eq 0 ] ; then 523 pkitsn $certs/InvalidBadCRLIssuerNameTest5EE.crt \ 524 $certs/BadCRLIssuerNameCACert.crt 525 fi 526 restore_db 527 528### bug 414556 ### 529if [ -n "${KNOWN_BUG}" ]; then 530 VFY_ACTION="Invalid Wrong CRL Test6"; log_banner 531 certImport WrongCRLCACert 532 crlImport WrongCRLCACRL.crl 533 pkitsn $certs/InvalidWrongCRLTest6EE.crt \ 534 $certs/WrongCRLCACert.crt 535 restore_db 536fi 537 538 VFY_ACTION="Valid Two CRLs Test7"; log_banner 539 certImport TwoCRLsCACert 540 crlImport TwoCRLsCAGoodCRL.crl 541 crlImportn TwoCRLsCABadCRL.crl 542 pkits $certs/ValidTwoCRLsTest7EE.crt \ 543 $certs/TwoCRLsCACert.crt 544 restore_db 545 546 VFY_ACTION="Invalid Unknown CRL Entry Extension Test8"; log_banner 547 certImport UnknownCRLEntryExtensionCACert 548 crlImportn UnknownCRLEntryExtensionCACRL.crl 549 if [ $RET -eq 0 ] ; then 550 pkitsn $certs/InvalidUnknownCRLEntryExtensionTest8EE.crt \ 551 $certs/UnknownCRLEntryExtensionCACert.crt 552 fi 553 restore_db 554 555 VFY_ACTION="Invalid Unknown CRL Extension Test9"; log_banner 556 certImport UnknownCRLExtensionCACert 557 crlImportn UnknownCRLExtensionCACRL.crl 558 if [ $RET -eq 0 ] ; then 559 pkitsn $certs/InvalidUnknownCRLExtensionTest9EE.crt \ 560 $certs/UnknownCRLExtensionCACert.crt 561 fi 562 restore_db 563 564 VFY_ACTION="Invalid Unknown CRL Extension Test10"; log_banner 565 certImport UnknownCRLExtensionCACert 566 crlImportn UnknownCRLExtensionCACRL.crl 567 if [ $RET -eq 0 ] ; then 568 pkitsn $certs/InvalidUnknownCRLExtensionTest10EE.crt \ 569 $certs/UnknownCRLExtensionCACert.crt 570 fi 571 restore_db 572 573### bug 414563 ### 574if [ -n "${KNOWN_BUG}" ]; then 575 VFY_ACTION="Invalid Old CRL nextUpdate Test11"; log_banner 576 certImport OldCRLnextUpdateCACert 577 crlImport OldCRLnextUpdateCACRL.crl 578 pkitsn $certs/InvalidOldCRLnextUpdateTest11EE.crt \ 579 $certs/OldCRLnextUpdateCACert.crt 580 restore_db 581 582 VFY_ACTION="Invalid pre2000 CRL nextUpdate Test12"; log_banner 583 certImport pre2000CRLnextUpdateCACert 584 crlImport pre2000CRLnextUpdateCACRL.crl 585 pkitsn $certs/Invalidpre2000CRLnextUpdateTest12EE.crt \ 586 $certs/pre2000CRLnextUpdateCACert.crt 587 restore_db 588fi 589 590 VFY_ACTION="Valid GeneralizedTime CRL nextUpdate Test13"; log_banner 591 certImport GeneralizedTimeCRLnextUpdateCACert 592 crlImport GeneralizedTimeCRLnextUpdateCACRL.crl 593 pkits $certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt \ 594 $certs/GeneralizedTimeCRLnextUpdateCACert.crt 595 restore_db 596 597 VFY_ACTION="Valid Negative Serial Number Test14"; log_banner 598 certImport NegativeSerialNumberCACert 599 crlImport NegativeSerialNumberCACRL.crl 600 pkits $certs/ValidNegativeSerialNumberTest14EE.crt \ 601 $certs/NegativeSerialNumberCACert.crt 602 restore_db 603 604 VFY_ACTION="Invalid Negative Serial Number Test15"; log_banner 605 certImport NegativeSerialNumberCACert 606 crlImport NegativeSerialNumberCACRL.crl 607 pkitsn $certs/InvalidNegativeSerialNumberTest15EE.crt \ 608 $certs/NegativeSerialNumberCACert.crt 609 restore_db 610 611 VFY_ACTION="Valid Long Serial Number Test16"; log_banner 612 certImport LongSerialNumberCACert 613 crlImport LongSerialNumberCACRL.crl 614 pkits $certs/ValidLongSerialNumberTest16EE.crt \ 615 $certs/LongSerialNumberCACert.crt 616 restore_db 617 618 VFY_ACTION="Valid Long Serial Number Test17"; log_banner 619 certImport LongSerialNumberCACert 620 crlImport LongSerialNumberCACRL.crl 621 pkits $certs/ValidLongSerialNumberTest17EE.crt \ 622 $certs/LongSerialNumberCACert.crt 623 restore_db 624 625 VFY_ACTION="Invalid Long Serial Number Test18"; log_banner 626 certImport LongSerialNumberCACert 627 crlImport LongSerialNumberCACRL.crl 628 pkitsn $certs/InvalidLongSerialNumberTest18EE.crt \ 629 $certs/LongSerialNumberCACert.crt 630 restore_db 631 632### bug 232737 ### 633if [ -n "${KNOWN_BUG}" ]; then 634 VFY_ACTION="Valid Separate Certificate and CRL Keys Test19"; log_banner 635 certImport SeparateCertificateandCRLKeysCertificateSigningCACert 636 certImport SeparateCertificateandCRLKeysCRLSigningCert 637 crlImport SeparateCertificateandCRLKeysCRL.crl 638 pkits $certs/ValidSeparateCertificateandCRLKeysTest19EE.crt \ 639 $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt 640 restore_db 641 642 VFY_ACTION="Invalid Separate Certificate and CRL Keys Test20"; log_banner 643 certImport SeparateCertificateandCRLKeysCertificateSigningCACert 644 certImport SeparateCertificateandCRLKeysCRLSigningCert 645 crlImport SeparateCertificateandCRLKeysCRL.crl 646 pkits $certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt \ 647 $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt 648 restore_db 649 650 VFY_ACTION="Invalid Separate Certificate and CRL Keys Test21"; log_banner 651 certImport SeparateCertificateandCRLKeysCA2CertificateSigningCACert 652 certImport SeparateCertificateandCRLKeysCA2CRLSigningCert 653 crlImport SeparateCertificateandCRLKeysCA2CRL.crl 654 pkits $certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt \ 655 $certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt 656 restore_db 657fi 658} 659 660pkits_PathVerificWithSelfIssuedCerts() 661{ 662 break_table "NIST PKITS Section 4.5: Self-Issued Certificates" 663 664### bug 232737 ### 665if [ -n "${KNOWN_BUG}" ]; then 666 VFY_ACTION="Valid Basic Self-Issued Old With New Test1"; log_banner 667 certImport BasicSelfIssuedNewKeyCACert 668 crlImport BasicSelfIssuedNewKeyCACRL.crl 669 pkits $certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt \ 670 $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \ 671 $certs/BasicSelfIssuedNewKeyCACert.crt 672 restore_db 673 674 VFY_ACTION="Invalid Basic Self-Issued Old With New Test2"; log_banner 675 certImport BasicSelfIssuedNewKeyCACert 676 crlImport BasicSelfIssuedNewKeyCACRL.crl 677 pkitsn $certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt \ 678 $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \ 679 $certs/BasicSelfIssuedNewKeyCACert.crt 680 restore_db 681fi 682 683### bugs 321755 & 418769 ### 684if [ -n "${KNOWN_BUG}" ]; then 685 VFY_ACTION="Valid Basic Self-Issued New With Old Test3"; log_banner 686 certImport BasicSelfIssuedOldKeyCACert 687 crlImport BasicSelfIssuedOldKeyCACRL.crl 688 pkits $certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt \ 689 $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \ 690 $certs/BasicSelfIssuedOldKeyCACert.crt 691 restore_db 692 693 VFY_ACTION="Valid Basic Self-Issued New With Old Test4"; log_banner 694 certImport BasicSelfIssuedOldKeyCACert 695 crlImport BasicSelfIssuedOldKeyCACRL.crl 696 pkits $certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt \ 697 $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \ 698 $certs/BasicSelfIssuedOldKeyCACert.crt 699 restore_db 700 701 VFY_ACTION="Invalid Basic Self-Issued New With Old Test5"; log_banner 702 certImport BasicSelfIssuedOldKeyCACert 703 crlImport BasicSelfIssuedOldKeyCACRL.crl 704 pkitsn $certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt \ 705 $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \ 706 $certs/BasicSelfIssuedOldKeyCACert.crt 707 restore_db 708 709 VFY_ACTION="Valid Basic Self-Issued CRL Signing Key Test6"; log_banner 710 certImport BasicSelfIssuedCRLSigningKeyCACert 711 crlImport BasicSelfIssuedOldKeyCACRL.crl 712 pkits $certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt \ 713 $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \ 714 $certs/BasicSelfIssuedCRLSigningKeyCACert.crt 715 restore_db 716 717 VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test7"; log_banner 718 certImport BasicSelfIssuedCRLSigningKeyCACert 719 crlImport BasicSelfIssuedOldKeyCACRL.crl 720 pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt \ 721 $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \ 722 $certs/BasicSelfIssuedCRLSigningKeyCACert.crt 723 restore_db 724 725 VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test8"; log_banner 726 certImport BasicSelfIssuedCRLSigningKeyCACert 727 crlImport BasicSelfIssuedOldKeyCACRL.crl 728 pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt \ 729 $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \ 730 $certs/BasicSelfIssuedCRLSigningKeyCACert.crt 731 restore_db 732fi 733} 734 735pkits_BasicConstraints() 736{ 737 break_table "NIST PKITS Section 4.6: Verifying Basic Constraints" 738 739 VFY_ACTION="Invalid Missing basicConstraints Test1"; log_banner 740 certImport MissingbasicConstraintsCACert 741 crlImport MissingbasicConstraintsCACRL.crl 742 pkitsn $certs/InvalidMissingbasicConstraintsTest1EE.crt \ 743 $certs/MissingbasicConstraintsCACert.crt 744 restore_db 745 746 VFY_ACTION="Invalid cA False Test2"; log_banner 747 certImport basicConstraintsCriticalcAFalseCACert 748 crlImport basicConstraintsCriticalcAFalseCACRL.crl 749 pkitsn $certs/InvalidcAFalseTest2EE.crt \ 750 $certs/basicConstraintsCriticalcAFalseCACert.crt 751 restore_db 752 753 VFY_ACTION="Invalid cA False Test3"; log_banner 754 certImport basicConstraintsNotCriticalcAFalseCACert 755 crlImport basicConstraintsNotCriticalcAFalseCACRL.crl 756 pkitsn $certs/InvalidcAFalseTest3EE.crt \ 757 $certs/basicConstraintsNotCriticalcAFalseCACert.crt 758 restore_db 759 760 VFY_ACTION="Valid basicConstraints Not Critical Test4"; log_banner 761 certImport basicConstraintsNotCriticalCACert 762 crlImport basicConstraintsNotCriticalCACRL.crl 763 pkits $certs/ValidbasicConstraintsNotCriticalTest4EE.crt \ 764 $certs/basicConstraintsNotCriticalCACert.crt 765 restore_db 766 767 VFY_ACTION="Invalid pathLenConstraint Test5"; log_banner 768 certImport pathLenConstraint0CACert 769 crlImport pathLenConstraint0CACRL.crl 770 certImport pathLenConstraint0subCACert 771 crlImport pathLenConstraint0subCACRL.crl 772 pkitsn $certs/InvalidpathLenConstraintTest5EE.crt \ 773 $certs/pathLenConstraint0subCACert.crt \ 774 $certs/pathLenConstraint0CACert.crt 775 restore_db 776 777 VFY_ACTION="Invalid pathLenConstraint Test6"; log_banner 778 certImport pathLenConstraint0CACert 779 crlImport pathLenConstraint0CACRL.crl 780 certImport pathLenConstraint0subCACert 781 crlImport pathLenConstraint0subCACRL.crl 782 pkitsn $certs/InvalidpathLenConstraintTest6EE.crt \ 783 $certs/pathLenConstraint0subCACert.crt \ 784 $certs/pathLenConstraint0CACert.crt 785 restore_db 786 787 VFY_ACTION="Valid pathLenConstraint Test7"; log_banner 788 certImport pathLenConstraint0CACert 789 crlImport pathLenConstraint0CACRL.crl 790 pkits $certs/ValidpathLenConstraintTest7EE.crt \ 791 $certs/pathLenConstraint0CACert.crt 792 restore_db 793 794 VFY_ACTION="Valid pathLenConstraint test8"; log_banner 795 certImport pathLenConstraint0CACert 796 crlImport pathLenConstraint0CACRL.crl 797 pkits $certs/ValidpathLenConstraintTest8EE.crt \ 798 $certs/pathLenConstraint0CACert.crt 799 restore_db 800 801 VFY_ACTION="Invalid pathLenConstraint Test9"; log_banner 802 certImport pathLenConstraint6CACert 803 crlImport pathLenConstraint6CACRL.crl 804 certImport pathLenConstraint6subCA0Cert 805 crlImport pathLenConstraint6subCA0CRL.crl 806 certImport pathLenConstraint6subsubCA00Cert 807 crlImport pathLenConstraint6subsubCA00CRL.crl 808 pkitsn $certs/InvalidpathLenConstraintTest9EE.crt \ 809 $certs/pathLenConstraint6subsubCA00Cert.crt \ 810 $certs/pathLenConstraint6subCA0Cert.crt \ 811 $certs/pathLenConstraint6CACert.crt 812 restore_db 813 814 VFY_ACTION="Invalid pathLenConstraint Test10"; log_banner 815 certImport pathLenConstraint6CACert 816 crlImport pathLenConstraint6CACRL.crl 817 certImport pathLenConstraint6subCA0Cert 818 crlImport pathLenConstraint6subCA0CRL.crl 819 certImport pathLenConstraint6subsubCA00Cert 820 crlImport pathLenConstraint6subsubCA00CRL.crl 821 pkitsn $certs/InvalidpathLenConstraintTest10EE.crt \ 822 $certs/pathLenConstraint6subsubCA00Cert.crt \ 823 $certs/pathLenConstraint6subCA0Cert.crt \ 824 $certs/pathLenConstraint6CACert.crt 825 restore_db 826 827 VFY_ACTION="Invalid pathLenConstraint Test11"; log_banner 828 certImport pathLenConstraint6CACert 829 crlImport pathLenConstraint6CACRL.crl 830 certImport pathLenConstraint6subCA1Cert 831 crlImport pathLenConstraint6subCA1CRL.crl 832 certImport pathLenConstraint6subsubCA11Cert 833 crlImport pathLenConstraint6subsubCA11CRL.crl 834 certImport pathLenConstraint6subsubsubCA11XCert 835 crlImport pathLenConstraint6subsubsubCA11XCRL.crl 836 pkitsn $certs/InvalidpathLenConstraintTest11EE.crt \ 837 $certs/pathLenConstraint6subsubsubCA11XCert.crt \ 838 $certs/pathLenConstraint6subsubCA11Cert.crt \ 839 $certs/pathLenConstraint6subCA1Cert.crt \ 840 $certs/pathLenConstraint6CACert.crt 841 restore_db 842 843 VFY_ACTION="Invalid pathLenConstraint test12"; log_banner 844 certImport pathLenConstraint6CACert 845 crlImport pathLenConstraint6CACRL.crl 846 certImport pathLenConstraint6subCA1Cert 847 crlImport pathLenConstraint6subCA1CRL.crl 848 certImport pathLenConstraint6subsubCA11Cert 849 crlImport pathLenConstraint6subsubCA11CRL.crl 850 certImport pathLenConstraint6subsubsubCA11XCert 851 crlImport pathLenConstraint6subsubsubCA11XCRL.crl 852 pkitsn $certs/InvalidpathLenConstraintTest12EE.crt \ 853 $certs/pathLenConstraint6subsubsubCA11XCert.crt \ 854 $certs/pathLenConstraint6subsubCA11Cert.crt \ 855 $certs/pathLenConstraint6subCA1Cert.crt \ 856 $certs/pathLenConstraint6CACert.crt 857 restore_db 858 859 VFY_ACTION="Valid pathLenConstraint Test13"; log_banner 860 certImport pathLenConstraint6CACert 861 crlImport pathLenConstraint6CACRL.crl 862 certImport pathLenConstraint6subCA4Cert 863 crlImport pathLenConstraint6subCA4CRL.crl 864 certImport pathLenConstraint6subsubCA41Cert 865 crlImport pathLenConstraint6subsubCA41CRL.crl 866 certImport pathLenConstraint6subsubsubCA41XCert 867 crlImport pathLenConstraint6subsubsubCA41XCRL.crl 868 pkits $certs/ValidpathLenConstraintTest13EE.crt \ 869 $certs/pathLenConstraint6subsubsubCA41XCert.crt \ 870 $certs/pathLenConstraint6subsubCA41Cert.crt \ 871 $certs/pathLenConstraint6subCA4Cert.crt \ 872 $certs/pathLenConstraint6CACert.crt 873 restore_db 874 875 VFY_ACTION="Valid pathLenConstraint Test14"; log_banner 876 certImport pathLenConstraint6CACert 877 crlImport pathLenConstraint6CACRL.crl 878 certImport pathLenConstraint6subCA4Cert 879 crlImport pathLenConstraint6subCA4CRL.crl 880 certImport pathLenConstraint6subsubCA41Cert 881 crlImport pathLenConstraint6subsubCA41CRL.crl 882 certImport pathLenConstraint6subsubsubCA41XCert 883 crlImport pathLenConstraint6subsubsubCA41XCRL.crl 884 pkits $certs/ValidpathLenConstraintTest14EE.crt \ 885 $certs/pathLenConstraint6subsubsubCA41XCert.crt \ 886 $certs/pathLenConstraint6subsubCA41Cert.crt \ 887 $certs/pathLenConstraint6subCA4Cert.crt \ 888 $certs/pathLenConstraint6CACert.crt 889 restore_db 890 891### bug 232737 ### 892if [ -n "${KNOWN_BUG}" ]; then 893 VFY_ACTION="Valid Self-Issued pathLenConstraint Test15"; log_banner 894 certImport pathLenConstraint0CACert 895 crlImport pathLenConstraint0CACRL.crl 896 pkits $certs/ValidSelfIssuedpathLenConstraintTest15EE.crt \ 897 $certs/pathLenConstraint0SelfIssuedCACert.crt \ 898 $certs/pathLenConstraint0CACert.crt 899 restore_db 900fi 901 902 VFY_ACTION="Invalid Self-Issued pathLenConstraint Test16"; log_banner 903 certImport pathLenConstraint0CACert 904 crlImport pathLenConstraint0CACRL.crl 905 certImport pathLenConstraint0subCA2Cert 906 crlImport pathLenConstraint0subCA2CRL.crl 907 pkitsn $certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt \ 908 $certs/pathLenConstraint0subCA2Cert.crt \ 909 $certs/pathLenConstraint0SelfIssuedCACert.crt \ 910 $certs/pathLenConstraint0CACert.crt 911 restore_db 912 913### bug 232737 ### 914if [ -n "${KNOWN_BUG}" ]; then 915 VFY_ACTION="Valid Self-Issued pathLenConstraint Test17"; log_banner 916 certImport pathLenConstraint1CACert 917 crlImport pathLenConstraint1CACRL.crl 918 certImport pathLenConstraint1subCACert 919 crlImport pathLenConstraint1subCACRL.crl 920 pkits $certs/ValidSelfIssuedpathLenConstraintTest17EE.crt \ 921 $certs/pathLenConstraint1SelfIssuedsubCACert.crt \ 922 $certs/pathLenConstraint1subCACert.crt \ 923 $certs/pathLenConstraint1SelfIssuedCACert.crt \ 924 $certs/pathLenConstraint1CACert.crt 925 restore_db 926fi 927} 928 929pkits_KeyUsage() 930{ 931 break_table "NIST PKITS Section 4.7: Key Usage" 932 933 VFY_ACTION="Invalid keyUsage Critical keyCertSign False Test1"; log_banner 934 certImport keyUsageCriticalkeyCertSignFalseCACert 935 crlImport keyUsageCriticalkeyCertSignFalseCACRL.crl 936 pkitsn $certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt \ 937 $certs/keyUsageCriticalkeyCertSignFalseCACert.crt 938 restore_db 939 940 VFY_ACTION="Invalid keyUsage Not Critical keyCertSign False Test2"; log_banner 941 certImport keyUsageNotCriticalkeyCertSignFalseCACert 942 crlImport keyUsageNotCriticalkeyCertSignFalseCACRL.crl 943 pkitsn $certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt \ 944 $certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt 945 restore_db 946 947 VFY_ACTION="Valid keyUsage Not Critical Test3"; log_banner 948 certImport keyUsageNotCriticalCACert 949 crlImport keyUsageNotCriticalCACRL.crl 950 pkits $certs/ValidkeyUsageNotCriticalTest3EE.crt \ 951 $certs/keyUsageNotCriticalCACert.crt 952 restore_db 953 954 VFY_ACTION="Invalid keyUsage Critical cRLSign False Test4"; log_banner 955 certImport keyUsageCriticalcRLSignFalseCACert 956 crlImportn keyUsageCriticalcRLSignFalseCACRL.crl 957 if [ $RET -eq 0 ] ; then 958 pkitsn $certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt \ 959 $certs/keyUsageCriticalcRLSignFalseCACert.crt 960 fi 961 restore_db 962 963 VFY_ACTION="Invalid keyUsage Not Critical cRLSign False Test5"; log_banner 964 certImport keyUsageNotCriticalcRLSignFalseCACert 965 crlImportn keyUsageNotCriticalcRLSignFalseCACRL.crl 966 if [ $RET -eq 0 ] ; then 967 pkitsn $certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt \ 968 $certs/keyUsageNotCriticalcRLSignFalseCACert.crt 969 fi 970 restore_db 971} 972 973pkits_CertificatePolicies() 974{ 975 break_table "NIST PKITS Section 4.8: Certificate Policies" 976 977 VFY_ACTION="All Certificates Same Policy Test1"; log_banner 978 certImport GoodCACert 979 crlImport GoodCACRL.crl 980 pkits $certs/ValidCertificatePathTest1EE.crt \ 981 $certs/GoodCACert.crt 982 restore_db 983 984 VFY_ACTION="All Certificates No Policies Test2"; log_banner 985 certImport NoPoliciesCACert 986 crlImport NoPoliciesCACRL.crl 987 pkits $certs/AllCertificatesNoPoliciesTest2EE.crt \ 988 $certs/NoPoliciesCACert.crt 989 restore_db 990 991 VFY_ACTION="Different Policies Test3"; log_banner 992 certImport GoodCACert 993 crlImport GoodCACRL.crl 994 certImport PoliciesP2subCACert 995 crlImport PoliciesP2subCACRL.crl 996 pkits $certs/DifferentPoliciesTest3EE.crt \ 997 $certs/PoliciesP2subCACert.crt \ 998 $certs/GoodCACert.crt 999 restore_db 1000 1001 VFY_ACTION="Different Policies Test4"; log_banner 1002 certImport GoodCACert 1003 crlImport GoodCACRL.crl 1004 certImport GoodsubCACert 1005 crlImport GoodsubCACRL.crl 1006 pkits $certs/DifferentPoliciesTest4EE.crt \ 1007 $certs/GoodsubCACert.crt \ 1008 $certs/GoodCACert.crt 1009 restore_db 1010 1011 VFY_ACTION="Different Policies Test5"; log_banner 1012 certImport GoodCACert 1013 crlImport GoodCACRL.crl 1014 certImport PoliciesP2subCA2Cert 1015 crlImport PoliciesP2subCA2CRL.crl 1016 pkits $certs/DifferentPoliciesTest5EE.crt \ 1017 $certs/PoliciesP2subCA2Cert.crt \ 1018 $certs/GoodCACert.crt 1019 restore_db 1020 1021 VFY_ACTION="Overlapping Policies Test6"; log_banner 1022 certImport PoliciesP1234CACert 1023 crlImport PoliciesP1234CACRL.crl 1024 certImport PoliciesP1234subCAP123Cert 1025 crlImport PoliciesP1234subCAP123CRL.crl 1026 certImport PoliciesP1234subsubCAP123P12Cert 1027 crlImport PoliciesP1234subsubCAP123P12CRL.crl 1028 pkits $certs/OverlappingPoliciesTest6EE.crt \ 1029 $certs/PoliciesP1234subsubCAP123P12Cert.crt \ 1030 $certs/PoliciesP1234subCAP123Cert.crt \ 1031 $certs/PoliciesP1234CACert.crt 1032 restore_db 1033 1034 VFY_ACTION="Different Policies Test7"; log_banner 1035 certImport PoliciesP123CACert 1036 crlImport PoliciesP123CACRL.crl 1037 certImport PoliciesP123subCAP12Cert 1038 crlImport PoliciesP123subCAP12CRL.crl 1039 certImport PoliciesP123subsubCAP12P1Cert 1040 crlImport PoliciesP123subsubCAP12P1CRL.crl 1041 pkits $certs/DifferentPoliciesTest7EE.crt \ 1042 $certs/PoliciesP123subsubCAP12P1Cert.crt \ 1043 $certs/PoliciesP123subCAP12Cert.crt \ 1044 $certs/PoliciesP123CACert.crt 1045 restore_db 1046 1047 VFY_ACTION="Different Policies Test8"; log_banner 1048 certImport PoliciesP12CACert 1049 crlImport PoliciesP12CACRL.crl 1050 certImport PoliciesP12subCAP1Cert 1051 crlImport PoliciesP12subCAP1CRL.crl 1052 certImport PoliciesP12subsubCAP1P2Cert 1053 crlImport PoliciesP12subsubCAP1P2CRL.crl 1054 pkits $certs/DifferentPoliciesTest8EE.crt \ 1055 $certs/PoliciesP123subsubCAP12P1Cert.crt \ 1056 $certs/PoliciesP12subCAP1Cert.crt \ 1057 $certs/PoliciesP12CACert.crt 1058 restore_db 1059 1060 VFY_ACTION="Different Policies Test9"; log_banner 1061 certImport PoliciesP123CACert 1062 crlImport PoliciesP123CACRL.crl 1063 certImport PoliciesP123subCAP12Cert 1064 crlImport PoliciesP123subCAP12CRL.crl 1065 certImport PoliciesP123subsubCAP12P2Cert 1066 crlImport PoliciesP123subsubCAP2P2CRL.crl 1067 certImport PoliciesP123subsubsubCAP12P2P1Cert 1068 crlImport PoliciesP123subsubsubCAP12P2P1CRL.crl 1069 pkits $certs/DifferentPoliciesTest9EE.crt \ 1070 $certs/PoliciesP123subsubsubCAP12P2P1Cert.crt \ 1071 $certs/PoliciesP123subsubCAP12P1Cert.crt \ 1072 $certs/PoliciesP12subCAP1Cert.crt \ 1073 $certs/PoliciesP12CACert.crt 1074 restore_db 1075 1076 VFY_ACTION="All Certificates Same Policies Test10"; log_banner 1077 certImport PoliciesP12CACert 1078 crlImport PoliciesP12CACRL.crl 1079 pkits $certs/AllCertificatesSamePoliciesTest10EE.crt \ 1080 $certs/NoPoliciesCACert.crt 1081 restore_db 1082 1083 VFY_ACTION="All Certificates AnyPolicy Test11"; log_banner 1084 certImport anyPolicyCACert 1085 crlImport anyPolicyCACRL.crl 1086 pkits $certs/AllCertificatesanyPolicyTest11EE.crt \ 1087 $certs/anyPolicyCACert.crt 1088 restore_db 1089 1090 VFY_ACTION="Different Policies Test12"; log_banner 1091 certImport PoliciesP3CACert 1092 crlImport PoliciesP3CACRL.crl 1093 pkits $certs/DifferentPoliciesTest12EE.crt \ 1094 $certs/PoliciesP3CACert.crt 1095 restore_db 1096 1097 VFY_ACTION="All Certificates Same Policies Test13"; log_banner 1098 certImport PoliciesP123CACert 1099 crlImport PoliciesP123CACRL.crl 1100 pkits $certs/AllCertificatesSamePoliciesTest13EE.crt \ 1101 $certs/PoliciesP123CACert.crt 1102 restore_db 1103 1104 VFY_ACTION="AnyPolicy Test14"; log_banner 1105 certImport anyPolicyCACert 1106 crlImport anyPolicyCACRL.crl 1107 pkits $certs/AnyPolicyTest14EE.crt \ 1108 $certs/anyPolicyCACert.crt 1109 restore_db 1110 1111 VFY_ACTION="User Notice Qualifier Test15"; log_banner 1112 pkits $certs/UserNoticeQualifierTest15EE.crt 1113 1114 VFY_ACTION="User Notice Qualifier Test16"; log_banner 1115 certImport GoodCACert 1116 crlImport GoodCACRL.crl 1117 pkits $certs/UserNoticeQualifierTest16EE.crt \ 1118 $certs/GoodCACert.crt 1119 1120 VFY_ACTION="User Notice Qualifier Test17"; log_banner 1121 certImport GoodCACert 1122 crlImport GoodCACRL.crl 1123 pkits $certs/UserNoticeQualifierTest17EE.crt \ 1124 $certs/GoodCACert.crt 1125 restore_db 1126 1127 VFY_ACTION="User Notice Qualifier Test18"; log_banner 1128 certImport PoliciesP12CACert 1129 crlImport PoliciesP12CACRL.crl 1130 pkits $certs/UserNoticeQualifierTest18EE.crt \ 1131 $certs/PoliciesP12CACert.crt 1132 restore_db 1133 1134 VFY_ACTION="User Notice Qualifier Test19"; log_banner 1135 pkits $certs/UserNoticeQualifierTest19EE.crt 1136 1137 VFY_ACTION="CPS Pointer Qualifier Test20"; log_banner 1138 certImport GoodCACert 1139 crlImport GoodCACRL.crl 1140 pkits $certs/CPSPointerQualifierTest20EE.crt \ 1141 $certs/GoodCACert.crt 1142 restore_db 1143} 1144 1145pkits_RequireExplicitPolicy() 1146{ 1147 break_table "NIST PKITS Section 4.9: Require Explicit Policy" 1148 1149 VFY_ACTION="Valid RequireExplicitPolicy Test1"; log_banner 1150 certImportn requireExplicitPolicy10CACert 1151 crlImportn requireExplicitPolicy10CACRL.crl 1152 certImport requireExplicitPolicy10subCACert 1153 crlImport requireExplicitPolicy10subCACRL.crl 1154 certImport requireExplicitPolicy10subsubCACert 1155 crlImport requireExplicitPolicy10subsubCACRL.crl 1156 certImport requireExplicitPolicy10subsubsubCACert 1157 crlImport requireExplicitPolicy10subsubsubCACRL.crl 1158 pkits $certs/ValidrequireExplicitPolicyTest1EE.crt \ 1159 $certs/requireExplicitPolicy10subsubsubCACert.crt \ 1160 $certs/requireExplicitPolicy10subsubCACert.crt \ 1161 $certs/requireExplicitPolicy10subCACert.crt \ 1162 $certs/requireExplicitPolicy10CACert.crt 1163 restore_db 1164 1165 VFY_ACTION="Valid RequireExplicitPolicy Test2"; log_banner 1166 certImportn requireExplicitPolicy5CACert 1167 crlImportn requireExplicitPolicy5CACRL.crl 1168 certImport requireExplicitPolicy5subCACert 1169 crlImport requireExplicitPolicy5subCACRL.crl 1170 certImport requireExplicitPolicy5subsubCACert 1171 crlImport requireExplicitPolicy5subsubCACRL.crl 1172 certImport requireExplicitPolicy5subsubsubCACert 1173 crlImport requireExplicitPolicy5subsubsubCACRL.crl 1174 pkits $certs/ValidrequireExplicitPolicyTest2EE.crt \ 1175 $certs/requireExplicitPolicy5subsubsubCACert.crt \ 1176 $certs/requireExplicitPolicy5subsubCACert.crt \ 1177 $certs/requireExplicitPolicy5subCACert.crt \ 1178 $certs/requireExplicitPolicy5CACert.crt 1179 restore_db 1180 1181 VFY_ACTION="Invalid RequireExplicitPolicy Test3"; log_banner 1182 certImportn requireExplicitPolicy4CACert 1183 crlImportn requireExplicitPolicy4CACRL.crl 1184 certImport requireExplicitPolicy4subCACert 1185 crlImport requireExplicitPolicy4subCACRL.crl 1186 certImport requireExplicitPolicy4subsubCACert 1187 crlImport requireExplicitPolicy4subsubCACRL.crl 1188 certImport requireExplicitPolicy4subsubsubCACert 1189 crlImport requireExplicitPolicy4subsubsubCACRL.crl 1190 pkitsn $certs/InvalidrequireExplicitPolicyTest3EE.crt \ 1191 $certs/requireExplicitPolicy4subsubsubCACert.crt \ 1192 $certs/requireExplicitPolicy4subsubCACert.crt \ 1193 $certs/requireExplicitPolicy4subCACert.crt \ 1194 $certs/requireExplicitPolicy4CACert.crt 1195 restore_db 1196 1197 VFY_ACTION="Valid RequireExplicitPolicy Test4"; log_banner 1198 certImportn requireExplicitPolicy0CACert 1199 crlImportn requireExplicitPolicy0CACRL.crl 1200 certImport requireExplicitPolicy0subCACert 1201 crlImport requireExplicitPolicy0subCACRL.crl 1202 certImport requireExplicitPolicy0subsubCACert 1203 crlImport requireExplicitPolicy0subsubCACRL.crl 1204 certImport requireExplicitPolicy0subsubsubCACert 1205 crlImport requireExplicitPolicy0subsubsubCACRL.crl 1206 pkits $certs/ValidrequireExplicitPolicyTest4EE.crt \ 1207 $certs/requireExplicitPolicy0subsubsubCACert.crt \ 1208 $certs/requireExplicitPolicy0subsubCACert.crt \ 1209 $certs/requireExplicitPolicy0subCACert.crt \ 1210 $certs/requireExplicitPolicy0CACert.crt 1211 restore_db 1212 1213 VFY_ACTION="Invalid RequireExplicitPolicy Test5"; log_banner 1214 certImportn requireExplicitPolicy7CACert 1215 crlImportn requireExplicitPolicy7CACRL.crl 1216 certImportn requireExplicitPolicy7subCARE2Cert 1217 crlImportn requireExplicitPolicy7subCARE2CRL.crl 1218 certImportn requireExplicitPolicy7subsubCARE2RE4Cert 1219 crlImportn requireExplicitPolicy7subsubCARE2RE4CRL.crl 1220 certImport requireExplicitPolicy7subsubsubCARE2RE4Cert 1221 crlImport requireExplicitPolicy7subsubsubCARE2RE4CRL.crl 1222 pkitsn $certs/InvalidrequireExplicitPolicyTest5EE.crt \ 1223 $certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt \ 1224 $certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt \ 1225 $certs/requireExplicitPolicy7subCARE2Cert.crt \ 1226 $certs/requireExplicitPolicy7CACert.crt 1227 restore_db 1228 1229 VFY_ACTION="Valid Self-Issued RequireExplicitPolicy Test6"; log_banner 1230 certImportn requireExplicitPolicy2CACert 1231 crlImportn requireExplicitPolicy2CACRL.crl 1232 pkits $certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt \ 1233 $certs/requireExplicitPolicy2SelfIssuedCACert.crt \ 1234 $certs/requireExplicitPolicy2CACert.crt 1235 restore_db 1236 1237 VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test7"; log_banner 1238 certImportn requireExplicitPolicy2CACert 1239 crlImportn requireExplicitPolicy2CACRL.crl 1240 certImport requireExplicitPolicy2subCACert 1241 crlImport requireExplicitPolicy2subCACRL.crl 1242 pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt \ 1243 $certs/requireExplicitPolicy2subCACert.crt \ 1244 $certs/requireExplicitPolicy2SelfIssuedCACert.crt \ 1245 $certs/requireExplicitPolicy2CACert.crt 1246 restore_db 1247 1248 VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test8"; log_banner 1249 certImportn requireExplicitPolicy2CACert 1250 crlImportn requireExplicitPolicy2CACRL.crl 1251 certImport requireExplicitPolicy2subCACert 1252 crlImport requireExplicitPolicy2subCACRL.crl 1253 pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt \ 1254 $certs/requireExplicitPolicy2SelfIssuedsubCACert.crt \ 1255 $certs/requireExplicitPolicy2subCACert.crt \ 1256 $certs/requireExplicitPolicy2SelfIssuedCACert.crt \ 1257 $certs/requireExplicitPolicy2CACert.crt 1258 restore_db 1259} 1260 1261pkits_PolicyMappings() 1262{ 1263 break_table "NIST PKITS Section 4.10: Policy Mappings" 1264 1265 VFY_ACTION="Valid Policy Mapping Test1"; log_banner 1266 certImportn Mapping1to2CACert 1267 crlImportn Mapping1to2CACRL.crl 1268 pkits $certs/ValidPolicyMappingTest1EE.crt \ 1269 $certs/Mapping1to2CACert.crt 1270 restore_db 1271 1272 VFY_ACTION="Invalid Policy Mapping Test2"; log_banner 1273 certImportn Mapping1to2CACert 1274 crlImportn Mapping1to2CACRL.crl 1275 pkitsn $certs/InvalidPolicyMappingTest2EE.crt \ 1276 $certs/Mapping1to2CACert.crt 1277 restore_db 1278 1279 VFY_ACTION="Valid Policy Mapping Test3"; log_banner 1280 certImportn P12Mapping1to3CACert 1281 crlImportn P12Mapping1to3CACRL.crl 1282 certImportn P12Mapping1to3subCACert 1283 crlImportn P12Mapping1to3subCACRL.crl 1284 certImportn P12Mapping1to3subsubCACert 1285 crlImportn P12Mapping1to3subsubCACRL.crl 1286 pkits $certs/ValidPolicyMappingTest3EE.crt \ 1287 $certs/P12Mapping1to3subsubCACert.crt \ 1288 $certs/P12Mapping1to3subCACert.crt \ 1289 $certs/P12Mapping1to3CA.crt 1290 restore_db 1291 1292 VFY_ACTION="Invalid Policy Mapping Test4"; log_banner 1293 certImportn P12Mapping1to3CACert 1294 crlImportn P12Mapping1to3CACRL.crl 1295 certImportn P12Mapping1to3subCACert 1296 crlImportn P12Mapping1to3subCACRL.crl 1297 certImportn P12Mapping1to3subsubCACert 1298 crlImportn P12Mapping1to3subsubCACRL.crl 1299 pkitsn $certs/InvalidPolicyMappingTest4EE.crt \ 1300 $certs/P12Mapping1to3subsubCACert.crt \ 1301 $certs/P12Mapping1to3subCACert.crt \ 1302 $certs/P12Mapping1to3CA.crt 1303 restore_db 1304 1305 VFY_ACTION="Valid Policy Mapping Test5"; log_banner 1306 certImportn P1Mapping1to234CACert 1307 crlImportn P1Mapping1to234CACRL.crl 1308 certImportn P1Mapping1to234subCACert 1309 crlImportn P1Mapping1to234subCACRL.crl 1310 pkits $certs/ValidPolicyMappingTest5EE.crt \ 1311 $certs/P1Mapping1to234subCACert.crt \ 1312 $certs/P1Mapping1to234CA.crt 1313 restore_db 1314 1315 VFY_ACTION="Valid Policy Mapping Test6"; log_banner 1316 certImportn P1Mapping1to234CACert 1317 crlImportn P1Mapping1to234CACRL.crl 1318 certImportn P1Mapping1to234subCACert 1319 crlImportn P1Mapping1to234subCACRL.crl 1320 pkits $certs/ValidPolicyMappingTest6EE.crt \ 1321 $certs/P1Mapping1to234subCACert.crt \ 1322 $certs/P1Mapping1to234CA.crt 1323 restore_db 1324 1325 VFY_ACTION="Invalid Mapping from anyPolicy Test7"; log_banner 1326 certImportn MappingFromanyPolicyCACert 1327 crlImportn MappingFromanyPolicyCACRL.crl 1328 pkitsn $certs/InvalidMappingFromanyPolicyTest7EE.crt \ 1329 $certs/MappingFromanyPolicyCACert.crt 1330 restore_db 1331 1332 VFY_ACTION="Invalid Mapping to anyPolicy Test8"; log_banner 1333 certImportn MappingToanyPolicyCACert 1334 crlImportn MappingToanyPolicyCACRL.crl 1335 pkitsn $certs/InvalidMappingToanyPolicyTest8EE.crt \ 1336 $certs/MappingToanyPolicyCACert.crt 1337 restore_db 1338 1339 VFY_ACTION="Valid Policy Mapping Test9"; log_banner 1340 certImport PanyPolicyMapping1to2CACert 1341 crlImport PanyPolicyMapping1to2CACRL.crl 1342 pkits $certs/ValidPolicyMappingTest9EE.crt \ 1343 $certs/PanyPolicyMapping1to2CACert.crt 1344 restore_db 1345 1346 VFY_ACTION="Invalid Policy Mapping Test10"; log_banner 1347 certImport GoodCACert 1348 crlImport GoodCACRL.crl 1349 certImportn GoodsubCAPanyPolicyMapping1to2CACert 1350 crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl 1351 pkitsn $certs/InvalidPolicyMappingTest10EE.crt \ 1352 $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \ 1353 $certs/GoodCACert.crt 1354 restore_db 1355 1356 VFY_ACTION="Valid Policy Mapping Test11"; log_banner 1357 certImport GoodCACert 1358 crlImport GoodCACRL.crl 1359 certImportn GoodsubCAPanyPolicyMapping1to2CACert 1360 crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl 1361 pkits $certs/ValidPolicyMappingTest11EE.crt \ 1362 $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \ 1363 $certs/GoodCACert.crt 1364 restore_db 1365 1366 VFY_ACTION="Valid Policy Mapping Test12"; log_banner 1367 certImportn P12Mapping1to3CACert 1368 crlImportn P12Mapping1to3CACRL.crl 1369 pkits $certs/ValidPolicyMappingTest12EE.crt \ 1370 $certs/P12Mapping1to3CACert.crt 1371 restore_db 1372 1373 VFY_ACTION="Valid Policy Mapping Test13"; log_banner 1374 certImportn P1anyPolicyMapping1to2CACert 1375 crlImportn P1anyPolicyMapping1to2CACRL.crl 1376 pkits $certs/ValidPolicyMappingTest13EE.crt \ 1377 $certs/P1anyPolicyMapping1to2CACert.crt 1378 restore_db 1379 1380 VFY_ACTION="Valid Policy Mapping Test14"; log_banner 1381 certImportn P1anyPolicyMapping1to2CACert 1382 crlImportn P1anyPolicyMapping1to2CACRL.crl 1383 pkits $certs/ValidPolicyMappingTest14EE.crt \ 1384 $certs/P1anyPolicyMapping1to2CACert.crt 1385 restore_db 1386} 1387 1388 1389pkits_InhibitPolicyMapping() 1390{ 1391 break_table "NIST PKITS Section 4.11: Inhibit Policy Mapping" 1392 1393 VFY_ACTION="Invalid inhibitPolicyMapping Test1"; log_banner 1394 certImportn inhibitPolicyMapping0CACert 1395 crlImportn inhibitPolicyMapping0CACRL.crl 1396 certImportn inhibitPolicyMapping0subCACert 1397 crlImportn inhibitPolicyMapping0subCACRL.crl 1398 pkitsn $certs/InvalidinhibitPolicyMappingTest1EE.crt \ 1399 $certs/inhibitPolicyMapping0CACert.crt \ 1400 $certs/inhibitPolicyMapping0subCACert.crt 1401 restore_db 1402 1403 VFY_ACTION="Valid inhibitPolicyMapping Test2"; log_banner 1404 certImportn inhibitPolicyMapping1P12CACert 1405 crlImportn inhibitPolicyMapping1P12CACRL.crl 1406 certImportn inhibitPolicyMapping1P12subCACert 1407 crlImportn inhibitPolicyMapping1P12subCACRL.crl 1408 pkits $certs/ValidinhibitPolicyMappingTest2EE.crt \ 1409 $certs/inhibitPolicyMapping1P12CACert.crt \ 1410 $certs/inhibitPolicyMapping1P12subCACert.crt 1411 restore_db 1412 1413 VFY_ACTION="Invalid inhibitPolicyMapping Test3"; log_banner 1414 certImportn inhibitPolicyMapping1P12CACert 1415 crlImportn inhibitPolicyMapping1P12CACRL.crl 1416 certImportn inhibitPolicyMapping1P12subCACert 1417 crlImportn inhibitPolicyMapping1P12subCACRL.crl 1418 certImportn inhibitPolicyMapping1P12subsubCACert 1419 crlImportn inhibitPolicyMapping1P12subsubCACRL.crl 1420 pkitsn $certs/InvalidinhibitPolicyMappingTest3EE.crt \ 1421 $certs/inhibitPolicyMapping1P12subsubCACert.crt \ 1422 $certs/inhibitPolicyMapping1P12subCACert.crt \ 1423 $certs/inhibitPolicyMapping1P12CACert.crt 1424 restore_db 1425 1426 VFY_ACTION="Valid inhibitPolicyMapping Test4"; log_banner 1427 certImportn inhibitPolicyMapping1P12CACert 1428 crlImportn inhibitPolicyMapping1P12CACRL.crl 1429 certImportn inhibitPolicyMapping1P12subCACert 1430 crlImportn inhibitPolicyMapping1P12subCACRL.crl 1431 certImportn inhibitPolicyMapping1P12subsubCACert 1432 crlImportn inhibitPolicyMapping1P12subsubCACRL.crl 1433 pkits $certs/ValidinhibitPolicyMappingTest4EE.crt \ 1434 $certs/inhibitPolicyMapping1P12CACert.crt \ 1435 $certs/inhibitPolicyMapping1P12subCACert.crt 1436 restore_db 1437 1438 VFY_ACTION="Invalid inhibitPolicyMapping Test5"; log_banner 1439 certImportn inhibitPolicyMapping5CACert 1440 crlImportn inhibitPolicyMapping5CACRL.crl 1441 certImportn inhibitPolicyMapping5subCACert 1442 crlImportn inhibitPolicyMapping5subCACRL.crl 1443 certImport inhibitPolicyMapping5subsubCACert 1444 crlImport inhibitPolicyMapping5subsubCACRL.crl 1445 pkitsn $certs/InvalidinhibitPolicyMappingTest5EE.crt \ 1446 $certs/inhibitPolicyMapping5subsubCACert.crt \ 1447 $certs/inhibitPolicyMapping5subCACert.crt \ 1448 $certs/inhibitPolicyMapping5CACert.crt 1449 restore_db 1450 1451 VFY_ACTION="Invalid inhibitPolicyMapping Test6"; log_banner 1452 certImportn inhibitPolicyMapping1P12CACert 1453 crlImportn inhibitPolicyMapping1P12CACRL.crl 1454 certImportn inhibitPolicyMapping1P12subCAIPM5Cert 1455 crlImportn inhibitPolicyMapping1P12subCAIPM5CRL.crl 1456 certImport inhibitPolicyMapping1P12subsubCAIPM5Cert 1457 crlImportn inhibitPolicyMapping1P12subsubCAIPM5CRL.crl 1458 pkitsn $certs/InvalidinhibitPolicyMappingTest6EE.crt \ 1459 $certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt \ 1460 $certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt \ 1461 $certs/inhibitPolicyMapping1P12CACert.crt 1462 restore_db 1463 1464 VFY_ACTION="Valid Self-Issued inhibitPolicyMapping Test7"; log_banner 1465 certImportn inhibitPolicyMapping1P1CACert 1466 crlImportn inhibitPolicyMapping1P1CACRL.crl 1467 certImportn inhibitPolicyMapping1P1subCACert 1468 crlImportn inhibitPolicyMapping1P1subCACRL.crl 1469 pkits $certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt \ 1470 $certs/inhibitPolicyMapping1P1subCACert.crt \ 1471 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \ 1472 $certs/inhibitPolicyMapping1P1CACert.crt 1473 restore_db 1474 1475 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test8"; log_banner 1476 certImportn inhibitPolicyMapping1P1CACert 1477 crlImportn inhibitPolicyMapping1P1CACRL.crl 1478 certImportn inhibitPolicyMapping1P1subCACert 1479 crlImportn inhibitPolicyMapping1P1subCACRL.crl 1480 certImport inhibitPolicyMapping1P1subsubCACert 1481 crlImportn inhibitPolicyMapping1P1subsubCACRL.crl 1482 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt \ 1483 $certs/inhibitPolicyMapping1P1subsubCACert.crt \ 1484 $certs/inhibitPolicyMapping1P1subCACert.crt \ 1485 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \ 1486 $certs/inhibitPolicyMapping1P1CACert.crt 1487 restore_db 1488 1489 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test9"; log_banner 1490 certImportn inhibitPolicyMapping1P1CACert 1491 crlImportn inhibitPolicyMapping1P1CACRL.crl 1492 certImportn inhibitPolicyMapping1P1subCACert 1493 crlImportn inhibitPolicyMapping1P1subCACRL.crl 1494 certImportn inhibitPolicyMapping1P1subsubCACert 1495 crlImportn inhibitPolicyMapping1P1subsubCACRL.crl 1496 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt \ 1497 $certs/inhibitPolicyMapping1P1subsubCACert.crt \ 1498 $certs/inhibitPolicyMapping1P1subCACert.crt \ 1499 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \ 1500 $certs/inhibitPolicyMapping1P1CACert.crt 1501 restore_db 1502 1503 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test10"; log_banner 1504 certImportn inhibitPolicyMapping1P1CACert 1505 crlImportn inhibitPolicyMapping1P1CACRL.crl 1506 certImportn inhibitPolicyMapping1P1subCACert 1507 crlImportn inhibitPolicyMapping1P1subCACRL.crl 1508 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt \ 1509 $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \ 1510 $certs/inhibitPolicyMapping1P1subCACert.crt \ 1511 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \ 1512 $certs/inhibitPolicyMapping1P1CACert.crt 1513 restore_db 1514 1515 VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test11"; log_banner 1516 certImportn inhibitPolicyMapping1P1CACert 1517 crlImportn inhibitPolicyMapping1P1CACRL.crl 1518 certImportn inhibitPolicyMapping1P1subCACert 1519 crlImportn inhibitPolicyMapping1P1subCACRL.crl 1520 pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt \ 1521 $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \ 1522 $certs/inhibitPolicyMapping1P1subCACert.crt \ 1523 $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \ 1524 $certs/inhibitPolicyMapping1P1CACert.crt 1525 restore_db 1526} 1527 1528 1529pkits_InhibitAnyPolicy() 1530{ 1531 break_table "NIST PKITS Section 4.12: Inhibit Any Policy" 1532 1533 VFY_ACTION="Invalid inhibitAnyPolicy Test1"; log_banner 1534 certImportn inhibitAnyPolicy0CACert 1535 crlImportn inhibitAnyPolicy0CACRL.crl 1536 pkitsn $certs/InvalidinhibitAnyPolicyTest1EE.crt \ 1537 $certs/inhibitAnyPolicy0CACert.crt 1538 restore_db 1539 1540 VFY_ACTION="Valid inhibitAnyPolicy Test2"; log_banner 1541 certImportn inhibitAnyPolicy0CACert 1542 crlImportn inhibitAnyPolicy0CACRL.crl 1543 pkits $certs/ValidinhibitAnyPolicyTest2EE.crt \ 1544 $certs/inhibitAnyPolicy0CACert.crt 1545 restore_db 1546 1547 VFY_ACTION="inhibitAnyPolicy Test3"; log_banner 1548 certImportn inhibitAnyPolicy1CACert 1549 crlImportn inhibitAnyPolicy1CACRL.crl 1550 certImport inhibitAnyPolicy1subCA1Cert 1551 crlImport inhibitAnyPolicy1subCA1CRL.crl 1552 pkits $certs/inhibitAnyPolicyTest3EE.crt \ 1553 $certs/inhibitAnyPolicy1CACert.crt \ 1554 $certs/inhibitAnyPolicy1subCA1Cert.crt 1555 restore_db 1556 1557 VFY_ACTION="Invalid inhibitAnyPolicy Test4"; log_banner 1558 certImportn inhibitAnyPolicy1CACert 1559 crlImportn inhibitAnyPolicy1CACRL.crl 1560 certImport inhibitAnyPolicy1subCA1Cert 1561 crlImport inhibitAnyPolicy1subCA1CRL.crl 1562 pkitsn $certs/InvalidinhibitAnyPolicyTest4EE.crt \ 1563 $certs/inhibitAnyPolicy1CACert.crt \ 1564 $certs/inhibitAnyPolicy1subCA1Cert.crt 1565 restore_db 1566 1567 VFY_ACTION="Invalid inhibitAnyPolicy Test5"; log_banner 1568 certImportn inhibitAnyPolicy5CACert 1569 crlImportn inhibitAnyPolicy5CACRL.crl 1570 certImportn inhibitAnyPolicy5subCACert 1571 crlImportn inhibitAnyPolicy5subCACRL.crl 1572 certImport inhibitAnyPolicy5subsubCACert 1573 crlImport inhibitAnyPolicy5subsubCACRL.crl 1574 pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \ 1575 $certs/inhibitAnyPolicy5CACert.crt \ 1576 $certs/inhibitAnyPolicy5subCACert.crt \ 1577 $certs/inhibitAnyPolicy5subsubCACert.crt 1578 restore_db 1579 1580 VFY_ACTION="Invalid inhibitAnyPolicy Test6"; log_banner 1581 certImportn inhibitAnyPolicy1CACert 1582 crlImportn inhibitAnyPolicy1CACRL.crl 1583 certImportn inhibitAnyPolicy1subCAIAP5Cert 1584 crlImportn inhibitAnyPolicy1subCAIAP5CRL.crl 1585 pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \ 1586 $certs/inhibitAnyPolicy1CACert.crt \ 1587 $certs/inhibitAnyPolicy5subCACert.crt \ 1588 $certs/inhibitAnyPolicy5subsubCACert.crt 1589 restore_db 1590 1591 VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test7"; log_banner 1592 certImportn inhibitAnyPolicy1CACert 1593 crlImportn inhibitAnyPolicy1CACRL.crl 1594 certImport inhibitAnyPolicy1subCA2Cert 1595 crlImport inhibitAnyPolicy1subCA2CRL.crl 1596 pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt \ 1597 $certs/inhibitAnyPolicy1CACert.crt \ 1598 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \ 1599 $certs/inhibitAnyPolicy1subCA2Cert.crt 1600 restore_db 1601 1602 VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test8"; log_banner 1603 certImportn inhibitAnyPolicy1CACert 1604 crlImportn inhibitAnyPolicy1CACRL.crl 1605 certImport inhibitAnyPolicy1subCA2Cert 1606 crlImport inhibitAnyPolicy1subCA2CRL.crl 1607 certImport inhibitAnyPolicy1subsubCA2Cert 1608 crlImport inhibitAnyPolicy1subsubCA2CRL.crl 1609 pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt \ 1610 $certs/inhibitAnyPolicy1CACert.crt \ 1611 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \ 1612 $certs/inhibitAnyPolicy1subCA2Cert.crt \ 1613 $certs/inhibitAnyPolicy1subsubCA2Cert.crt 1614 restore_db 1615 1616 VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test9"; log_banner 1617 certImportn inhibitAnyPolicy1CACert 1618 crlImportn inhibitAnyPolicy1CACRL.crl 1619 certImport inhibitAnyPolicy1subCA2Cert 1620 crlImport inhibitAnyPolicy1subCA2CRL.crl 1621 pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt \ 1622 $certs/inhibitAnyPolicy1CACert.crt \ 1623 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \ 1624 $certs/inhibitAnyPolicy1subCA2Cert.crt \ 1625 $certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt 1626 restore_db 1627 1628 VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test10"; log_banner 1629 certImportn inhibitAnyPolicy1CACert 1630 crlImportn inhibitAnyPolicy1CACRL.crl 1631 certImport inhibitAnyPolicy1subCA2Cert 1632 crlImport inhibitAnyPolicy1subCA2CRL.crl 1633 pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt \ 1634 $certs/inhibitAnyPolicy1CACert.crt \ 1635 $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \ 1636 $certs/inhibitAnyPolicy1subCA2Cert.crt 1637 restore_db 1638} 1639 1640 1641pkits_NameConstraints() 1642{ 1643 break_table "NIST PKITS Section 4.13: Name Constraints" 1644 1645 VFY_ACTION="Valid DN nameConstraints Test1"; log_banner 1646 certImport nameConstraintsDN1CACert 1647 crlImport nameConstraintsDN1CACRL.crl 1648 pkits $certs/ValidDNnameConstraintsTest1EE.crt \ 1649 $certs/nameConstraintsDN1CACert.crt 1650 restore_db 1651 1652 VFY_ACTION="Invalid DN nameConstraints Test2"; log_banner 1653 certImport nameConstraintsDN1CACert 1654 crlImport nameConstraintsDN1CACRL.crl 1655 pkitsn $certs/InvalidDNnameConstraintsTest2EE.crt \ 1656 $certs/nameConstraintsDN1CACert.crt 1657 restore_db 1658 1659 VFY_ACTION="Invalid DN nameConstraints Test3"; log_banner 1660 certImport nameConstraintsDN1CACert 1661 crlImport nameConstraintsDN1CACRL.crl 1662 pkitsn $certs/InvalidDNnameConstraintsTest3EE.crt \ 1663 $certs/nameConstraintsDN1CACert.crt 1664 restore_db 1665 1666 VFY_ACTION="Valid DN nameConstraints Test4"; log_banner 1667 certImport nameConstraintsDN1CACert 1668 crlImport nameConstraintsDN1CACRL.crl 1669 pkits $certs/ValidDNnameConstraintsTest4EE.crt \ 1670 $certs/nameConstraintsDN1CACert.crt 1671 restore_db 1672 1673 VFY_ACTION="Valid DN nameConstraints Test5"; log_banner 1674 certImport nameConstraintsDN2CACert 1675 crlImport nameConstraintsDN2CACRL.crl 1676 pkits $certs/ValidDNnameConstraintsTest5EE.crt \ 1677 $certs/nameConstraintsDN2CACert.crt 1678 restore_db 1679 1680 VFY_ACTION="Valid DN nameConstraints Test6"; log_banner 1681 certImport nameConstraintsDN3CACert 1682 crlImport nameConstraintsDN3CACRL.crl 1683 pkits $certs/ValidDNnameConstraintsTest6EE.crt \ 1684 $certs/nameConstraintsDN3CACert.crt 1685 restore_db 1686 1687 VFY_ACTION="Invalid DN nameConstraints Test7"; log_banner 1688 certImport nameConstraintsDN3CACert 1689 crlImport nameConstraintsDN3CACRL.crl 1690 pkitsn $certs/InvalidDNnameConstraintsTest7EE.crt \ 1691 $certs/nameConstraintsDN3CACert.crt 1692 restore_db 1693 1694 VFY_ACTION="Invalid DN nameConstraints Test8"; log_banner 1695 certImport nameConstraintsDN4CACert 1696 crlImport nameConstraintsDN4CACRL.crl 1697 pkitsn $certs/InvalidDNnameConstraintsTest8EE.crt \ 1698 $certs/nameConstraintsDN4CACert.crt 1699 restore_db 1700 1701 VFY_ACTION="Invalid DN nameConstraints Test9"; log_banner 1702 certImport nameConstraintsDN4CACert 1703 crlImport nameConstraintsDN4CACRL.crl 1704 pkitsn $certs/InvalidDNnameConstraintsTest9EE.crt \ 1705 $certs/nameConstraintsDN4CACert.crt 1706 restore_db 1707 1708 VFY_ACTION="Invalid DN nameConstraints Test10"; log_banner 1709 certImport nameConstraintsDN5CACert 1710 crlImport nameConstraintsDN5CACRL.crl 1711 pkitsn $certs/InvalidDNnameConstraintsTest10EE.crt \ 1712 $certs/nameConstraintsDN5CACert.crt 1713 restore_db 1714 1715 VFY_ACTION="Valid DN nameConstraints Test11"; log_banner 1716 certImport nameConstraintsDN5CACert 1717 crlImport nameConstraintsDN5CACRL.crl 1718 pkits $certs/ValidDNnameConstraintsTest11EE.crt \ 1719 $certs/nameConstraintsDN5CACert.crt 1720 restore_db 1721 1722 VFY_ACTION="Invalid DN nameConstraints Test12"; log_banner 1723 certImport nameConstraintsDN1CACert 1724 crlImport nameConstraintsDN1CACRL.crl 1725 certImport nameConstraintsDN1subCA1Cert 1726 crlImport nameConstraintsDN1subCA1CRL.crl 1727 pkitsn $certs/InvalidDNnameConstraintsTest12EE.crt \ 1728 $certs/nameConstraintsDN1subCA1Cert.crt \ 1729 $certs/nameConstraintsDN1CACert.crt 1730 restore_db 1731 1732 VFY_ACTION="Invalid DN nameConstraints Test13"; log_banner 1733 certImport nameConstraintsDN1CACert 1734 crlImport nameConstraintsDN1CACRL.crl 1735 certImport nameConstraintsDN1subCA2Cert 1736 crlImport nameConstraintsDN1subCA2CRL.crl 1737 pkitsn $certs/InvalidDNnameConstraintsTest13EE.crt \ 1738 $certs/nameConstraintsDN1subCA2Cert.crt \ 1739 $certs/nameConstraintsDN1CACert.crt 1740 restore_db 1741 1742 VFY_ACTION="Valid DN nameConstraints Test14"; log_banner 1743 certImport nameConstraintsDN1CACert 1744 crlImport nameConstraintsDN1CACRL.crl 1745 certImport nameConstraintsDN1subCA2Cert 1746 crlImport nameConstraintsDN1subCA2CRL.crl 1747 pkits $certs/ValidDNnameConstraintsTest14EE.crt \ 1748 $certs/nameConstraintsDN1subCA2Cert.crt \ 1749 $certs/nameConstraintsDN1CACert.crt 1750 restore_db 1751 1752 VFY_ACTION="Invalid DN nameConstraints Test15"; log_banner 1753 certImport nameConstraintsDN3CACert 1754 crlImport nameConstraintsDN3CACRL.crl 1755 certImport nameConstraintsDN3subCA1Cert 1756 crlImport nameConstraintsDN3subCA1CRL.crl 1757 pkitsn $certs/InvalidDNnameConstraintsTest15EE.crt \ 1758 $certs/nameConstraintsDN3subCA1Cert.crt \ 1759 $certs/nameConstraintsDN3CACert.crt 1760 restore_db 1761 1762 VFY_ACTION="Invalid DN nameConstraints Test16"; log_banner 1763 certImport nameConstraintsDN3CACert 1764 crlImport nameConstraintsDN3CACRL.crl 1765 certImport nameConstraintsDN3subCA1Cert 1766 crlImport nameConstraintsDN3subCA1CRL.crl 1767 pkitsn $certs/InvalidDNnameConstraintsTest16EE.crt \ 1768 $certs/nameConstraintsDN3subCA1Cert.crt \ 1769 $certs/nameConstraintsDN3CACert.crt 1770 restore_db 1771 1772 VFY_ACTION="Invalid DN nameConstraints Test17"; log_banner 1773 certImport nameConstraintsDN3CACert 1774 crlImport nameConstraintsDN3CACRL.crl 1775 certImport nameConstraintsDN3subCA2Cert 1776 crlImport nameConstraintsDN3subCA2CRL.crl 1777 pkitsn $certs/InvalidDNnameConstraintsTest17EE.crt \ 1778 $certs/nameConstraintsDN3subCA2Cert.crt \ 1779 $certs/nameConstraintsDN3CACert.crt 1780 restore_db 1781 1782 VFY_ACTION="Valid DN nameConstraints Test18"; log_banner 1783 certImport nameConstraintsDN3CACert 1784 crlImport nameConstraintsDN3CACRL.crl 1785 certImport nameConstraintsDN3subCA2Cert 1786 crlImport nameConstraintsDN3subCA2CRL.crl 1787 pkits $certs/ValidDNnameConstraintsTest18EE.crt \ 1788 $certs/nameConstraintsDN3subCA2Cert.crt \ 1789 $certs/nameConstraintsDN3CACert.crt 1790 restore_db 1791 1792### bug 232737 ### 1793if [ -n "${KNOWN_BUG}" ]; then 1794 VFY_ACTION="Valid Self-Issued DN nameConstraints Test19"; log_banner 1795 certImport nameConstraintsDN1CACert 1796 crlImport nameConstraintsDN1CACRL.crl 1797 pkits $certs/ValidDNnameConstraintsTest19EE.crt \ 1798 $certs/nameConstraintsDN1SelfIssuedCACert.crt \ 1799 $certs/nameConstraintsDN1CACert.crt 1800 restore_db 1801fi 1802 1803 VFY_ACTION="Invalid Self-Issued DN nameConstraints Test20"; log_banner 1804 certImport nameConstraintsDN1CACert 1805 crlImport nameConstraintsDN1CACRL.crl 1806 pkitsn $certs/InvalidDNnameConstraintsTest20EE.crt \ 1807 $certs/nameConstraintsDN1CACert.crt 1808 restore_db 1809 1810 VFY_ACTION="Valid RFC822 nameConstraints Test21"; log_banner 1811 certImport nameConstraintsRFC822CA1Cert 1812 crlImport nameConstraintsRFC822CA1CRL.crl 1813 pkits $certs/ValidRFC822nameConstraintsTest21EE.crt \ 1814 $certs/nameConstraintsRFC822CA1Cert.crt 1815 restore_db 1816 1817 VFY_ACTION="Invalid RFC822 nameConstraints Test22"; log_banner 1818 certImport nameConstraintsRFC822CA1Cert 1819 crlImport nameConstraintsRFC822CA1CRL.crl 1820 pkitsn $certs/InvalidRFC822nameConstraintsTest22EE.crt \ 1821 $certs/nameConstraintsRFC822CA1Cert.crt 1822 restore_db 1823 1824 VFY_ACTION="Valid RFC822 nameConstraints Test23"; log_banner 1825 certImport nameConstraintsRFC822CA2Cert 1826 crlImport nameConstraintsRFC822CA2CRL.crl 1827 pkits $certs/ValidRFC822nameConstraintsTest23EE.crt \ 1828 $certs/nameConstraintsRFC822CA2Cert.crt 1829 restore_db 1830 1831 VFY_ACTION="Invalid RFC822 nameConstraints Test24"; log_banner 1832 certImport nameConstraintsRFC822CA2Cert 1833 crlImport nameConstraintsRFC822CA2CRL.crl 1834 pkitsn $certs/InvalidRFC822nameConstraintsTest24EE.crt \ 1835 $certs/nameConstraintsRFC822CA2Cert.crt 1836 restore_db 1837 1838 VFY_ACTION="Valid RFC822 nameConstraints Test25"; log_banner 1839 certImport nameConstraintsRFC822CA3Cert 1840 crlImport nameConstraintsRFC822CA3CRL.crl 1841 pkits $certs/ValidRFC822nameConstraintsTest25EE.crt \ 1842 $certs/nameConstraintsRFC822CA3Cert.crt 1843 restore_db 1844 1845 VFY_ACTION="Invalid RFC822 nameConstraints Test26"; log_banner 1846 certImport nameConstraintsRFC822CA3Cert 1847 crlImport nameConstraintsRFC822CA3CRL.crl 1848 pkitsn $certs/InvalidRFC822nameConstraintsTest26EE.crt \ 1849 $certs/nameConstraintsRFC822CA3Cert.crt 1850 restore_db 1851 1852 VFY_ACTION="Valid DN and RFC822 nameConstraints Test27"; log_banner 1853 certImport nameConstraintsDN1CACert 1854 crlImport nameConstraintsDN1CACRL.crl 1855 certImport nameConstraintsDN1subCA3Cert 1856 crlImport nameConstraintsDN1subCA3CRL.crl 1857 pkits $certs/ValidDNandRFC822nameConstraintsTest27EE.crt \ 1858 $certs/nameConstraintsDN1subCA3Cert.crt \ 1859 $certs/nameConstraintsDN1CACert.crt 1860 restore_db 1861 1862 VFY_ACTION="Invalid DN and RFC822 nameConstraints Test28"; log_banner 1863 certImport nameConstraintsDN1CACert 1864 crlImport nameConstraintsDN1CACRL.crl 1865 certImport nameConstraintsDN1subCA3Cert 1866 crlImport nameConstraintsDN1subCA3CRL.crl 1867 pkitsn $certs/InvalidDNandRFC822nameConstraintsTest28EE.crt \ 1868 $certs/nameConstraintsDN1subCA3Cert.crt \ 1869 $certs/nameConstraintsDN1CACert.crt 1870 restore_db 1871 1872 VFY_ACTION="Invalid DN and RFC822 nameConstraints Test29"; log_banner 1873 certImport nameConstraintsDN1CACert 1874 crlImport nameConstraintsDN1CACRL.crl 1875 certImport nameConstraintsDN1subCA3Cert 1876 crlImport nameConstraintsDN1subCA3CRL.crl 1877 pkitsn $certs/InvalidDNandRFC822nameConstraintsTest29EE.crt \ 1878 $certs/nameConstraintsDN1subCA3Cert.crt \ 1879 $certs/nameConstraintsDN1CACert.crt 1880 restore_db 1881 1882 VFY_ACTION="Valid DNS nameConstraints Test30"; log_banner 1883 certImport nameConstraintsDNS1CACert 1884 crlImport nameConstraintsDNS1CACRL.crl 1885 pkits $certs/ValidDNSnameConstraintsTest30EE.crt \ 1886 $certs/nameConstraintsDNS1CACert.crt 1887 restore_db 1888 1889 VFY_ACTION="Invalid DNS nameConstraints Test31"; log_banner 1890 certImport nameConstraintsDNS1CACert 1891 crlImport nameConstraintsDNS1CACRL.crl 1892 pkitsn $certs/InvalidDNSnameConstraintsTest31EE.crt \ 1893 $certs/nameConstraintsDNS1CACert.crt 1894 restore_db 1895 1896 VFY_ACTION="Valid DNS nameConstraints Test32"; log_banner 1897 certImport nameConstraintsDNS2CACert 1898 crlImport nameConstraintsDNS2CACRL.crl 1899 pkits $certs/ValidDNSnameConstraintsTest32EE.crt \ 1900 $certs/nameConstraintsDNS2CACert.crt 1901 restore_db 1902 1903 VFY_ACTION="Invalid DNS nameConstraints Test33"; log_banner 1904 certImport nameConstraintsDNS2CACert 1905 crlImport nameConstraintsDNS2CACRL.crl 1906 pkitsn $certs/InvalidDNSnameConstraintsTest33EE.crt \ 1907 $certs/nameConstraintsDNS2CACert.crt 1908 restore_db 1909 1910 VFY_ACTION="Valid URI nameConstraints Test34"; log_banner 1911 certImport nameConstraintsURI1CACert 1912 crlImport nameConstraintsURI1CACRL.crl 1913 pkits $certs/ValidURInameConstraintsTest34EE.crt \ 1914 $certs/nameConstraintsURI1CACert.crt 1915 restore_db 1916 1917 VFY_ACTION="Invalid URI nameConstraints Test35"; log_banner 1918 certImport nameConstraintsURI1CACert 1919 crlImport nameConstraintsURI1CACRL.crl 1920 pkitsn $certs/InvalidURInameConstraintsTest35EE.crt \ 1921 $certs/nameConstraintsURI1CACert.crt 1922 restore_db 1923 1924 VFY_ACTION="Valid URI nameConstraints Test36"; log_banner 1925 certImport nameConstraintsURI2CACert 1926 crlImport nameConstraintsURI2CACRL.crl 1927 pkits $certs/ValidURInameConstraintsTest36EE.crt \ 1928 $certs/nameConstraintsURI2CACert.crt 1929 restore_db 1930 1931 VFY_ACTION="Invalid URI nameConstraints Test37"; log_banner 1932 certImport nameConstraintsURI2CACert 1933 crlImport nameConstraintsURI2CACRL.crl 1934 pkitsn $certs/InvalidURInameConstraintsTest37EE.crt \ 1935 $certs/nameConstraintsURI2CACert.crt 1936 restore_db 1937 1938 VFY_ACTION="Invalid DNS nameConstraints Test38"; log_banner 1939 certImport nameConstraintsDNS1CACert 1940 crlImport nameConstraintsDNS1CACRL.crl 1941 pkitsn $certs/InvalidDNSnameConstraintsTest38EE.crt \ 1942 $certs/nameConstraintsDNS1CACert.crt 1943 restore_db 1944} 1945 1946pkits_PvtCertExtensions() 1947{ 1948 break_table "NIST PKITS Section 4.16: Private Certificate Extensions" 1949 1950 VFY_ACTION="Valid Unknown Not Critical Certificate Extension Test1"; log_banner 1951 pkits $certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt 1952 1953 VFY_ACTION="Invalid Unknown Critical Certificate Extension Test2"; log_banner 1954 pkitsn $certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt 1955} 1956 1957############################## pkits_cleanup ########################### 1958# local shell function to finish this script (no exit since it might be 1959# sourced) 1960######################################################################## 1961pkits_cleanup() 1962{ 1963 html "</TABLE><BR>" 1964 cd ${QADIR} 1965 . common/cleanup.sh 1966} 1967 1968 1969################################## main ################################ 1970pkits_init 1971pkits_SignatureVerification | tee -a $PKITS_LOG 1972pkits_ValidityPeriods | tee -a $PKITS_LOG 1973pkits_NameChaining | tee -a $PKITS_LOG 1974pkits_BasicCertRevocation | tee -a $PKITS_LOG 1975pkits_PathVerificWithSelfIssuedCerts | tee -a $PKITS_LOG 1976pkits_BasicConstraints | tee -a $PKITS_LOG 1977pkits_KeyUsage | tee -a $PKITS_LOG 1978if [ -n "$NSS_PKITS_POLICIES" ]; then 1979 pkits_CertificatePolicies | tee -a $PKITS_LOG 1980 pkits_RequireExplicitPolicy | tee -a $PKITS_LOG 1981 pkits_PolicyMappings | tee -a $PKITS_LOG 1982 pkits_InhibitPolicyMapping | tee -a $PKITS_LOG 1983 pkits_InhibitAnyPolicy | tee -a $PKITS_LOG 1984fi 1985pkits_NameConstraints | tee -a $PKITS_LOG 1986pkits_PvtCertExtensions | tee -a $PKITS_LOG 1987pkits_cleanup 1988 1989