1# 2# Test Software Update Apple Code Signing cert verification policy. 3# This used to be called the Code Signing POlicy; it was renamed on 8/15/06. 4# 5# The keychain CodeSignTest.keychain, in this directory, contains all the 6# keys and certs used to generate these test cases. Password is CodeSignTest. 7# 8globals 9allowUnverified = true 10crlNetFetchEnable = false 11certNetFetchEnable = false 12useSystemAnchors = false 13end 14 15test = "Full Code Signing verification success" 16cert = csLeaf.cer 17cert = csCA.cer 18root = csRoot.cer 19policy = swuSign 20end 21 22test = "DEVELOPMENT detection" 23cert = csDevLeaf.cer 24cert = csCA.cer 25root = csRoot.cer 26policy = swuSign 27error = APPLETP_CODE_SIGN_DEVELOPMENT 28certerror = 0:APPLETP_CODE_SIGN_DEVELOPMENT 29end 30 31test = "No ExtendedKeyUsage in Leaf" 32cert = csLeafNoEKU.cer 33cert = csCA.cer 34root = csRoot.cer 35policy = swuSign 36error = APPLETP_CS_NO_EXTENDED_KEY_USAGE 37certerror = 0:APPLETP_CS_NO_EXTENDED_KEY_USAGE 38end 39 40test = "Bad ExtendedKeyUsage in Leaf" 41cert = csLeafBadEKU.cer 42cert = csCA.cer 43root = csRoot.cer 44policy = swuSign 45error = APPLETP_INVALID_EXTENDED_KEY_USAGE 46certerror = 0:APPLETP_INVALID_EXTENDED_KEY_USAGE 47end 48 49test = "No ExtendedKeyUsage in Intermediate" 50cert = csLeafNoEKUinInt.cer 51cert = csCaNoEKU.cer 52root = csRoot.cer 53policy = swuSign 54error = APPLETP_CS_NO_EXTENDED_KEY_USAGE 55certerror = 1:APPLETP_CS_NO_EXTENDED_KEY_USAGE 56end 57 58test = "Bad ExtendedKeyUsage in Intermediate" 59cert = csLeafBadEKUinInt.cer 60cert = csCaBadEKU.cer 61root = csRoot.cer 62policy = swuSign 63error = APPLETP_INVALID_EXTENDED_KEY_USAGE 64certerror = 1:APPLETP_INVALID_EXTENDED_KEY_USAGE 65end 66 67test = "No BC in Intermediate" 68cert = csLeafNoBcInInt.cer 69cert = csCaNoBC.cer 70root = csRoot.cer 71policy = swuSign 72error = CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS 73certerror = 1:CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS 74end 75 76test = "Short Path" 77cert = csLeafShortPath.cer 78root = csRoot.cer 79policy = swuSign 80error = CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH 81end 82 83 84