1# 2# Test Code Signing and Package Signing policies. 3# This used to be called the Code Signing POlicy; it was renamed on 8/15/06. 4# 5globals 6allowUnverified = true 7crlNetFetchEnable = false 8certNetFetchEnable = false 9useSystemAnchors = false 10end 11 12### policy = CSSMOID_APPLE_TP_CODE_SIGNING ### 13 14test = "Apple Code Signing success" 15cert = CodeSignLeaf.cer 16root = CodeSignRoot.cer 17policy = codeSign 18end 19 20test = "Apple Code Signing, no EKU, expect fail" 21cert = NoEKULeaf.cer 22root = CodeSignRoot.cer 23policy = codeSign 24error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 25end 26 27test = "Apple Code Signing, wrong EKU, expect fail" 28cert = BadCodeSignLeaf.cer 29root = CodeSignRoot.cer 30policy = codeSign 31error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 32end 33 34### policy = CSSMOID_APPLE_TP_PACKAGE_SIGNING ### 35 36test = "Package Signing success" 37cert = CodeSignLeaf.cer 38root = CodeSignRoot.cer 39policy = pkgSign 40end 41 42test = "Package Signing, no EKU, expect fail" 43cert = NoEKULeaf.cer 44root = CodeSignRoot.cer 45policy = pkgSign 46error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 47end 48 49test = "Package Signing, wrong EKU, expect fail" 50cert = BadCodeSignLeaf.cer 51root = CodeSignRoot.cer 52policy = pkgSign 53error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 54end 55