1# 2# Test for NISCC Parasitic key bearing certs, with the RSAMaxKeySize set to > 16k. 3# The easy way to set this is via the cspxutils/keySizePref program; compile it and 4# run it like this as root: 5# 6# keySizePref set keysize 20000 7# 8globals 9allowUnverified = true 10crlNetFetchEnable = false 11certNetFetchEnable = false 12useSystemAnchors = false 13end 14 15test = "locally generated 6K keys" 16cert = ssSubjCert.der 17root = ssRootCert.der 18verifyTime = 20060726000000 19end 20 21test = "test1, uee8k" 22cert = uee8k.pem 23cert = shintca.pem 24root = shroot.pem 25verifyTime = 20060726000000 26# bad public exponent 27error = CSSMERR_TP_INVALID_CERTIFICATE 28end 29 30test = "test1, uee16k.pem" 31cert = uee16k.pem 32cert = shintca.pem 33root = shroot.pem 34verifyTime = 20060726000000 35# bad public exponent 36error = CSSMERR_TP_INVALID_CERTIFICATE 37end 38 39test = "test2a, huge pkint8k.pem CA" 40cert = eepkint1.pem 41cert = pkint8k.pem 42root = shroot.pem 43verifyTime = 20060726000000 44# leaf is OK, other certs have pub exponent too large 45error = CSSMERR_TP_NOT_TRUSTED 46end 47 48test = "test2a, bad pkint8k.pem CA, wrong root" 49cert = eepkint1.pem 50cert = pkint8k.pem 51root = root.pem 52verifyTime = 20060726000000 53error = CSSMERR_TP_NOT_TRUSTED 54end 55 56test = "test2b, huge pkint16k.pem CA" 57cert = eepkint2.pem 58cert = pkint16k.pem 59root = shroot.pem 60verifyTime = 20060726000000 61# leaf is OK, other certs have pub exponent too large 62error = CSSMERR_TP_NOT_TRUSTED 63end 64 65test = "test2b, bad pkint16k.pem CA, wrong root" 66cert = eepkint2.pem 67cert = pkint16k.pem 68root = root.pem 69verifyTime = 20060726000000 70error = CSSMERR_TP_NOT_TRUSTED 71end 72