1# 2# Test Apple Resource Signing cert verification policy 3# 4globals 5allowUnverified = true 6crlNetFetchEnable = false 7certNetFetchEnable = false 8useSystemAnchors = false 9end 10 11test = "Full Resource Signing verification success" 12cert = leaf.cer 13cert = intermediate.cer 14root = root.cer 15policy = resourceSign 16verifyTime = 20061031000000 17end 18 19test = "No ExtendedKeyUsage in Leaf" 20cert = leafNoEKU.cer 21cert = intermediate.cer 22root = root.cer 23policy = resourceSign 24verifyTime = 20061031000000 25error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 26certerror = 0:CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 27end 28 29test = "Bad ExtendedKeyUsage in Leaf" 30cert = leafBadEKU.cer 31cert = intermediate.cer 32root = root.cer 33policy = resourceSign 34verifyTime = 20061031000000 35error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 36certerror = 0:CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE 37end 38 39test = "Bad KeyUsage in Leaf" 40cert = leafBadKU.cer 41cert = intermediate.cer 42root = root.cer 43policy = resourceSign 44verifyTime = 20061031000000 45error = TP_VERIFY_ACTION_FAILED 46certerror = 0:APPLETP_INVALID_KEY_USAGE 47end 48 49 50 51 52