1# 2# Test for NISCC Parasitic key bearing certs. 3# This version runs with stock key size limits. 4# 5globals 6allowUnverified = true 7crlNetFetchEnable = false 8certNetFetchEnable = false 9useSystemAnchors = false 10end 11 12test = "locally generated 6K keys" 13cert = ssSubjCert.der 14root = ssRootCert.der 15# leaf cert has a bad public key 16verifyTime = 20060726000000 17error = CSSMERR_TP_INVALID_CERTIFICATE 18end 19 20test = "test1, uee8k" 21cert = uee8k.pem 22cert = shintca.pem 23root = shroot.pem 24# leaf cert has a bad public key 25verifyTime = 20060726000000 26error = CSSMERR_TP_INVALID_CERTIFICATE 27end 28 29test = "test1, uee16k.pem" 30cert = uee16k.pem 31cert = shintca.pem 32root = shroot.pem 33# leaf cert has a bad public key 34verifyTime = 20060726000000 35error = CSSMERR_TP_INVALID_CERTIFICATE 36end 37 38test = "test2a, huge pkint8k.pem CA" 39cert = eepkint1.pem 40cert = pkint8k.pem 41root = shroot.pem 42# leaf cert OK but subsequent certs have too-large keys 43verifyTime = 20060726000000 44error = CSSMERR_TP_NOT_TRUSTED 45end 46 47test = "test2a, bad pkint8k.pem CA, wrong root" 48cert = eepkint1.pem 49cert = pkint8k.pem 50root = root.pem 51verifyTime = 20060726000000 52error = CSSMERR_TP_NOT_TRUSTED 53end 54 55test = "test2b, huge pkint16k.pem CA" 56cert = eepkint2.pem 57cert = pkint16k.pem 58root = shroot.pem 59# leaf cert OK but subsequent certs have too-large keys 60verifyTime = 20060726000000 61error = CSSMERR_TP_NOT_TRUSTED 62end 63 64test = "test2b, bad pkint16k.pem CA, wrong root" 65cert = eepkint2.pem 66cert = pkint16k.pem 67root = root.pem 68verifyTime = 20060726000000 69error = CSSMERR_TP_NOT_TRUSTED 70end 71