diff options
Diffstat (limited to 'mozilla/security/nss/tests/chains/scenarios')
20 files changed, 2798 insertions, 0 deletions
diff --git a/mozilla/security/nss/tests/chains/scenarios/aia.cfg b/mozilla/security/nss/tests/chains/scenarios/aia.cfg new file mode 100644 index 0000000..000e000 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/aia.cfg @@ -0,0 +1,67 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario AIA + +entity Root + type Root + +entity CA1 + type Intermediate + issuer Root + +entity CA2 + type Intermediate + issuer CA1 + aia CA1:Root + +entity User + type EE + issuer CA2 + +testdb User + +verify User:CA2 + cert CA2:CA1 + trust Root: + result fail + +verify User:CA2 + cert CA2:CA1 + trust Root: + fetch + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/anypolicy.cfg b/mozilla/security/nss/tests/chains/scenarios/anypolicy.cfg new file mode 100644 index 0000000..c6a989f --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/anypolicy.cfg @@ -0,0 +1,109 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario AnyPolicy + +entity RootCA + type Root + +entity CA1 + type Intermediate + issuer RootCA + policy any + +entity CA2 + type Intermediate + issuer CA1 + policy OID.1.0 + inhibit 0 + +entity CA3 + type Intermediate + issuer CA1 + policy OID.1.0 + +entity User1 + type EE + issuer CA2 + policy OID.1.0 + +entity User2 + type EE + issuer CA2 + policy any + +entity User3 + type EE + issuer CA3 + policy any + +db All + +import RootCA:: +import CA1:RootCA: +import CA2:CA1: +import CA3:CA1: + +verify User1:CA2 + trust RootCA + policy OID.1.0 + result pass + +verify User1:CA2 + trust RootCA + policy OID.2.0 + result fail + +verify User2:CA2 + trust RootCA + policy OID.1.0 + result fail + +verify User2:CA2 + trust RootCA + policy OID.2.0 + result fail + +verify User3:CA3 + trust RootCA + policy OID.1.0 + result pass + +verify User3:CA3 + trust RootCA + policy OID.2.0 + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/anypolicywithlevel.cfg b/mozilla/security/nss/tests/chains/scenarios/anypolicywithlevel.cfg new file mode 100644 index 0000000..d5e5d57 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/anypolicywithlevel.cfg @@ -0,0 +1,431 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario AnyPolicyWithLevel + +entity RootCA + type Root + +entity CA1 + type Intermediate + issuer RootCA + policy any + inhibit 1 + +entity CA12 + type Intermediate + issuer CA1 + policy any + +entity CA13 + type Intermediate + issuer CA12 + policy OID.1.0 + +entity EE1 + type EE + issuer CA13 + policy OID.1.0 + +entity CA22 + type Intermediate + issuer CA1 + policy any + +entity CA23 + type Intermediate + issuer CA22 + policy any + +entity EE2 + type EE + issuer CA23 + policy OID.1.0 + +entity CA32 + type Intermediate + issuer CA1 + policy any + inhibit 1 + +entity CA33 + type Intermediate + issuer CA32 + policy any + +entity EE3 + type EE + issuer CA33 + policy OID.1.0 + +entity CA42 + type Intermediate + issuer CA1 + policy any + policy OID.1.0 + +entity CA43 + type Intermediate + issuer CA42 + policy any + policy OID.1.0 + +entity EE4 + type EE + issuer CA43 + policy OID.1.0 + +entity CA52 + type Intermediate + issuer CA1 + policy any + policy OID.1.0 + +entity CA53 + type Intermediate + issuer CA52 + policy any + +entity EE5 + type EE + issuer CA53 + policy OID.1.0 + +entity CA61 + type Intermediate + issuer RootCA + policy any + inhibit 5 + +entity CA62 + type Intermediate + issuer CA61 + policy any + +entity EE62 + type EE + issuer CA62 + policy OID.1.0 + +entity CA63 + type Intermediate + issuer CA62 + policy any + +entity EE63 + type EE + issuer CA63 + policy OID.1.0 + +entity CA64 + type Intermediate + issuer CA63 + policy any + +entity EE64 + type EE + issuer CA64 + policy OID.1.0 + +entity CA65 + type Intermediate + issuer CA64 + policy any + +entity EE65 + type EE + issuer CA65 + policy OID.1.0 + +entity CA66 + type Intermediate + issuer CA65 + policy any + +entity EE66 + type EE + issuer CA66 + policy OID.1.0 + +entity CA67 + type Intermediate + issuer CA66 + policy any + +entity EE67 + type EE + issuer CA67 + policy OID.1.0 + +db All + +verify EE1:CA13 + cert RootCA: + cert CA1:RootCA + cert CA12:CA1 + cert CA13:CA12 + trust RootCA: + policy OID.1.0 + result pass + +verify EE1:CA13 + cert RootCA: + cert CA1:RootCA + cert CA12:CA1 + cert CA13:CA12 + trust RootCA: + policy OID.2.0 + result fail + +verify EE1:CA13 + cert RootCA: + cert CA1:RootCA + cert CA12:CA1 + cert CA13:CA12 + trust RootCA: + policy OID.2.5.29.32.0 + result pass + +verify EE2:CA23 + cert RootCA: + cert CA1:RootCA + cert CA22:CA1 + cert CA23:CA22 + trust RootCA: + policy OID.1.0 + result fail + +verify EE2:CA23 + cert RootCA: + cert CA1:RootCA + cert CA22:CA1 + cert CA23:CA22 + trust RootCA: + policy OID.2.0 + result fail + +verify EE2:CA23 + cert RootCA: + cert CA1:RootCA + cert CA22:CA1 + cert CA23:CA22 + trust RootCA: + policy OID.2.5.29.32.0 + result fail + +verify EE2:CA23 + cert RootCA: + cert CA1:RootCA + cert CA22:CA1 + cert CA23:CA22 + trust RootCA: + result pass + +verify EE3:CA33 + cert RootCA: + cert CA1:RootCA + cert CA32:CA1 + cert CA33:CA32 + trust RootCA: + policy OID.1.0 + result fail + +verify EE3:CA33 + cert RootCA: + cert CA1:RootCA + cert CA32:CA1 + cert CA33:CA32 + trust RootCA: + policy OID.2.0 + result fail + +verify EE3:CA33 + cert RootCA: + cert CA1:RootCA + cert CA32:CA1 + cert CA33:CA32 + trust RootCA: + policy OID.2.5.29.32.0 + result fail + +verify EE3:CA33 + cert RootCA: + cert CA1:RootCA + cert CA32:CA1 + cert CA33:CA32 + trust RootCA: + result pass + +verify EE4:CA43 + cert RootCA: + cert CA1:RootCA + cert CA42:CA1 + cert CA43:CA42 + trust RootCA: + policy OID.1.0 + result pass + +verify EE4:CA43 + cert RootCA: + cert CA1:RootCA + cert CA42:CA1 + cert CA43:CA42 + trust RootCA: + policy OID.2.0 + result fail + +verify EE4:CA43 + cert RootCA: + cert CA1:RootCA + cert CA42:CA1 + cert CA43:CA42 + trust RootCA: + policy OID.2.5.29.32.0 + result pass + +verify EE5:CA53 + cert RootCA: + cert CA1:RootCA + cert CA52:CA1 + cert CA53:CA52 + trust RootCA: + policy OID.1.0 + result fail + +verify EE5:CA53 + cert RootCA: + cert CA1:RootCA + cert CA52:CA1 + cert CA53:CA52 + trust RootCA: + policy OID.2.0 + result fail + +verify EE5:CA53 + cert RootCA: + cert CA1:RootCA + cert CA52:CA1 + cert CA53:CA52 + trust RootCA: + policy OID.2.5.29.32.0 + result fail + +verify EE5:CA53 + cert RootCA: + cert CA1:RootCA + cert CA52:CA1 + cert CA53:CA52 + trust RootCA: + result pass + +verify EE62:CA62 + cert RootCA: + cert CA61:RootCA + cert CA62:CA61 + cert CA63:CA62 + cert CA64:CA63 + cert CA65:CA64 + cert CA66:CA65 + cert CA67:CA66 + trust RootCA: + policy OID.1.0 + result pass + +verify EE63:CA63 + cert RootCA: + cert CA61:RootCA + cert CA62:CA61 + cert CA63:CA62 + cert CA64:CA63 + cert CA65:CA64 + cert CA66:CA65 + cert CA67:CA66 + trust RootCA: + policy OID.1.0 + result pass + +verify EE64:CA64 + cert RootCA: + cert CA61:RootCA + cert CA62:CA61 + cert CA63:CA62 + cert CA64:CA63 + cert CA65:CA64 + cert CA66:CA65 + cert CA67:CA66 + trust RootCA: + policy OID.1.0 + result pass + +verify EE65:CA65 + cert RootCA: + cert CA61:RootCA + cert CA62:CA61 + cert CA63:CA62 + cert CA64:CA63 + cert CA65:CA64 + cert CA66:CA65 + cert CA67:CA66 + trust RootCA: + policy OID.1.0 + result pass + +verify EE66:CA66 + cert RootCA: + cert CA61:RootCA + cert CA62:CA61 + cert CA63:CA62 + cert CA64:CA63 + cert CA65:CA64 + cert CA66:CA65 + cert CA67:CA66 + trust RootCA: + policy OID.1.0 + result pass + +verify EE67:CA67 + cert RootCA: + cert CA61:RootCA + cert CA62:CA61 + cert CA63:CA62 + cert CA64:CA63 + cert CA65:CA64 + cert CA66:CA65 + cert CA67:CA66 + trust RootCA: + policy OID.1.0 + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/bridge.cfg b/mozilla/security/nss/tests/chains/scenarios/bridge.cfg new file mode 100644 index 0000000..172b1a0 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/bridge.cfg @@ -0,0 +1,138 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario Bridge + +entity Army + type Root + +entity Navy + type Root + +entity Bridge + type Bridge + issuer Army + issuer Navy + +entity User + type EE + issuer Bridge + +db All + +import Army:: +import Navy:: + +verify User:Bridge + cert Bridge:Navy + trust Navy + result pass + +verify User:Bridge + cert Bridge:Army + trust Army + result pass + +verify User:Bridge + cert Bridge:Navy + trust Army + result fail + +import Bridge:Army: +import Bridge:Navy: + +verify User:Bridge + trust Army + result pass + +verify User:Bridge + trust Navy + result pass + +db ArmyOnly + +import Army::C,, + +verify User:Bridge + result fail + +verify User:Bridge + cert Bridge:Navy + result fail + +verify User:Bridge + cert Bridge:Navy + cert Navy: + result fail + +verify User:Bridge + cert Bridge:Navy + cert Navy: + trust Navy: + result pass + +verify User:Bridge + cert Bridge:Navy + trust Navy: + result pass + +db NavyOnly + +import Navy::C,, + +verify User:Bridge + result fail + +verify User:Bridge + cert Bridge:Army + result fail + +verify User:Bridge + cert Bridge:Army + cert Army: + result fail + +verify User:Bridge + cert Bridge:Army + cert Army: + trust Army: + result pass + +verify User:Bridge + cert Bridge:Army + trust Army: + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/bridgewithaia.cfg b/mozilla/security/nss/tests/chains/scenarios/bridgewithaia.cfg new file mode 100644 index 0000000..94a634f --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/bridgewithaia.cfg @@ -0,0 +1,86 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario BridgeWithAIA + +entity Army + type Root + +entity Navy + type Root + +entity Bridge + type Bridge + issuer Army + issuer Navy + +entity CA1 + type Intermediate + issuer Bridge + aia Bridge + +entity EE1 + type EE + issuer CA1 + +testdb EE1 + +verify EE1:CA1 + cert CA1:Bridge + trust Army: + result fail + +verify EE1:CA1 + cert CA1:Bridge + trust Army: + fetch +# should pass, bug 435314 +# temporary result - test fails only with dbm cert db + result dbm:fail all:pass + +verify EE1:CA1 + cert CA1:Bridge + trust Navy: + fetch + result pass + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:Army + trust Navy: + fetch + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/bridgewithhalfaia.cfg b/mozilla/security/nss/tests/chains/scenarios/bridgewithhalfaia.cfg new file mode 100644 index 0000000..5d1a7ee --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/bridgewithhalfaia.cfg @@ -0,0 +1,121 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario BridgeWithHalfAIA + +entity Army + type Root + +entity Navy + type Root + +entity Bridge + type Bridge + issuer Army + issuer Navy + +entity CA1 + type Intermediate + issuer Bridge + aia Bridge + +entity EE1 + type EE + issuer CA1 + +entity CA2 + type Intermediate + issuer Bridge + aia Bridge:Navy + +entity EE2 + type EE + issuer CA2 + +testdb EE1 + +verify EE1:CA1 + cert CA1:Bridge + trust Army: + result fail + +verify EE1:CA1 + cert CA1:Bridge + trust Army: + fetch +# should pass, bug 435314 +# temporary result - test fails only with dbm cert db + result dbm:fail all:pass + +verify EE1:CA1 + cert CA1:Bridge + trust Navy: + fetch + result pass + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:Army + trust Navy: + fetch + result pass + +verify EE2:CA2 + cert Bridge:Army + trust Army: + fetch + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:Army + trust Army: + fetch + result pass + +verify EE2:CA2 + cert CA2:Bridge + trust Navy: + fetch + result pass + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:Army + trust Navy: + fetch + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/bridgewithpolicyextensionandmapping.cfg b/mozilla/security/nss/tests/chains/scenarios/bridgewithpolicyextensionandmapping.cfg new file mode 100644 index 0000000..cd5cd52 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/bridgewithpolicyextensionandmapping.cfg @@ -0,0 +1,219 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario BridgeWithPolicyExtensionAndMapping + +entity Army + type Root + +entity Navy + type Root + +entity CAArmy + type Intermediate + issuer Army + policy OID.1.0 + policy OID.1.1 + +entity CANavy + type Intermediate + issuer Navy + policy OID.2.0 + policy OID.2.1 + +entity Bridge + type Bridge + issuer CAArmy + policy OID.1.0 + policy OID.1.1 + mapping OID.1.1:OID.2.1 + issuer CANavy + policy OID.2.0 + policy OID.2.1 + mapping OID.2.1:OID.1.1 + +entity CA1 + type Intermediate + issuer Bridge + policy OID.1.1 + policy OID.2.1 + +entity CA2 + type Intermediate + issuer Bridge + policy OID.1.0 + policy OID.2.0 + +entity EE1 + type EE + issuer CA1 + policy OID.2.1 + +entity EE2 + type EE + issuer CA2 + policy OID.2.0 + +testdb + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.1.0 + result fail + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.1.1 + result pass + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.2.0 + result fail + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.2.1 + result fail + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.1.0 + result fail + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.1.1 + result fail + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.2.0 + result fail + +verify EE1:CA1 + cert CA1:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.2.1 + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.1.0 + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.1.1 + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.2.0 + result pass + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CANavy + cert CANavy:Navy + trust Navy: + policy OID.2.1 + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.1.0 + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.1.1 + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.2.0 + result fail + +verify EE2:CA2 + cert CA2:Bridge + cert Bridge:CAArmy + cert CAArmy:Army + trust Army: + policy OID.2.1 + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/crldp.cfg b/mozilla/security/nss/tests/chains/scenarios/crldp.cfg new file mode 100644 index 0000000..a86b18a --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/crldp.cfg @@ -0,0 +1,137 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario CRLDP + +entity Root + type Root + +entity CA0 + type Intermediate + issuer Root + +entity CA1 + type Intermediate + crldp CA0 + issuer CA0 + serial 10 + aia CA0:Root + +entity EE11 + type EE + crldp CA0 + issuer CA1 + +entity CA2 + type Intermediate + crldp CA0 + issuer CA0 + serial 20 + aia CA0:Root + +entity EE21 + type EE + issuer CA2 + +entity EE1 + type EE + crldp CA0 + issuer CA0 + serial 30 + aia CA0:Root + +entity EE2 + type EE + crldp CA0 + issuer CA0 + serial 40 + aia CA0:Root + +crl Root +crl CA0 +crl CA1 +crl CA2 + +revoke CA0 + serial 20 + +revoke CA0 + serial 40 + +copycrl CA0 + +db All + +import Root::CTu,CTu,CTu + +# intermediate CA - OK, EE - OK +verify EE11:CA1 + cert CA1:CA0 + trust Root: + fetch + rev_type chain + rev_flags requireFreshInfo + rev_mtype crl + result pass + +# intermediate CA - revoked, EE - OK +verify EE21:CA2 + cert CA2:CA0 + trust Root: + fetch + rev_type chain + rev_flags requireFreshInfo + rev_mtype crl + result fail + +# direct EE - OK +verify EE1:CA0 + trust Root: + fetch + rev_type leaf + rev_flags requireFreshInfo + rev_mtype crl + result pass + +# direct EE - revoked +verify EE2:CA0 + trust Root: + fetch + rev_type leaf + rev_flags requireFreshInfo + rev_mtype crl + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/dsa.cfg b/mozilla/security/nss/tests/chains/scenarios/dsa.cfg new file mode 100644 index 0000000..6348a2a --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/dsa.cfg @@ -0,0 +1,104 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario DSA + +entity Root + type Root + ctype dsa + +entity CA1 + type Intermediate + issuer Root + ctype dsa + +entity EE1 + type EE + issuer CA1 + ctype dsa + +entity CA2 + type Intermediate + issuer Root + ctype dsa + +entity EE2 + type EE + issuer CA2 + ctype rsa + +entity CA3 + type Intermediate + issuer Root + ctype rsa + +entity EE3 + type EE + issuer CA3 + ctype dsa + +entity CA4 + type Intermediate + issuer Root + ctype rsa + +entity EE4 + type EE + issuer CA4 + ctype rsa + +db All + +verify EE1:CA1 + cert CA1:Root + trust Root: + result pass + +verify EE2:CA2 + cert CA2:Root + trust Root: + result pass + +verify EE3:CA3 + cert CA3:Root + trust Root: + result pass + +verify EE4:CA4 + cert CA4:Root + trust Root: + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/explicitPolicy.cfg b/mozilla/security/nss/tests/chains/scenarios/explicitPolicy.cfg new file mode 100644 index 0000000..4b6ea22 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/explicitPolicy.cfg @@ -0,0 +1,110 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario explicitPolicy + +entity Root + type Root + +entity nonEVCA + type Intermediate + issuer Root + +entity EVCA + type Intermediate + issuer Root + policy OID.1.0 + +entity otherEVCA + type Intermediate + issuer Root + policy OID.2.0 + +entity validEV + type EE + issuer EVCA + policy OID.1.0 + +entity invalidEV + type EE + issuer nonEVCA + policy OID.1.0 + +entity wrongEVOID + type EE + issuer otherEVCA + policy OID.1.0 + +db All + +verify validEV:EVCA + cert EVCA:Root + cert Root: + trust Root: + policy OID.1.0 + result pass + +verify invalidEV:nonEVCA + cert nonEVCA:Root + cert Root: + trust Root: + policy OID.1.0 + result fail + +verify wrongEVOID:otherEVCA + cert otherEVCA:Root + cert Root: + trust Root: + policy OID.1.0 + result fail + +import Root::C,C,C + +verify validEV:EVCA + cert EVCA:Root + policy OID.1.0 + result pass + +verify invalidEV:nonEVCA + cert nonEVCA:Root + policy OID.1.0 + result fail + +verify wrongEVOID:otherEVCA + cert otherEVCA:Root + policy OID.1.0 + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/extension.cfg b/mozilla/security/nss/tests/chains/scenarios/extension.cfg new file mode 100644 index 0000000..bc476fe --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/extension.cfg @@ -0,0 +1,134 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario Extension + +entity Root + type Root + +entity CA1 + type Intermediate + issuer Root + policy OID.1.0 + +entity CA2 + type Intermediate + issuer CA1 + policy OID.1.0 + +entity User + type EE + issuer CA2 + policy OID.1.0 + +db All + +verify User:CA2 + cert CA2:CA1 + cert CA1:Root + cert Root: + trust Root: + policy OID.1.0 + result pass + +verify User:CA2 + cert CA2:CA1 + cert CA1:Root + cert Root: + trust Root: + policy OID.2.0 + result fail + +verify User:CA2 + cert CA2:CA1 + cert CA1:Root + trust CA1:Root + policy OID.1.0 + result pass + +verify User:CA2 + cert CA2:CA1 + cert CA1:Root + trust CA1:Root + policy OID.2.0 + result fail + +verify User:CA2 + cert CA2:CA1 + trust CA2:CA1 + policy OID.1.0 + result pass + +verify User:CA2 + cert CA2:CA1 + trust CA2:CA1 + policy OID.2.0 + result fail + +import Root:: +import CA1:Root: +import CA2:CA1: + +verify User:CA2 + trust Root + policy OID.1.0 + result pass + +verify User:CA2 + trust Root + policy OID.2.0 + result fail + +verify User:CA2 + trust CA1 + policy OID.1.0 + result pass + +verify User:CA2 + trust CA1 + policy OID.2.0 + result fail + +verify User:CA2 + trust CA2 + policy OID.1.0 + result pass + +verify User:CA2 + trust CA2 + policy OID.2.0 + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/extension2.cfg b/mozilla/security/nss/tests/chains/scenarios/extension2.cfg new file mode 100644 index 0000000..0de74a8 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/extension2.cfg @@ -0,0 +1,172 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario Extension2 + +entity Root + type Root + +entity CA1 + type Intermediate + issuer Root + policy OID.1.0 + policy OID.2.0 + +entity CA2 + type Intermediate + issuer CA1 + policy OID.1.0 + policy OID.2.0 + +entity User1 + type EE + issuer CA2 + policy OID.1.0 + +entity User2 + type EE + issuer CA2 + policy OID.1.0 + policy OID.2.0 + +db All + +verify User1:CA2 + cert CA2:CA1 + cert CA1:Root + cert Root: + trust Root: + policy OID.1.0 + result pass + +verify User1:CA2 + cert CA2:CA1 + cert CA1:Root + cert Root: + trust Root: + policy OID.2.0 + result fail + +verify User1:CA2 + cert CA2:CA1 + cert CA1:Root + trust CA1:Root + policy OID.1.0 + result pass + +verify User1:CA2 + cert CA2:CA1 + cert CA1:Root + trust CA1:Root + policy OID.2.0 + result fail + +verify User1:CA2 + cert CA2:CA1 + trust CA2:CA1 + policy OID.1.0 + result pass + +verify User1:CA2 + cert CA2:CA1 + trust CA2:CA1 + policy OID.2.0 + result fail + +import Root:: +import CA1:Root: +import CA2:CA1: + +verify User1:CA2 + trust Root + policy OID.1.0 + result pass + +verify User1:CA2 + trust Root + policy OID.2.0 + result fail + +verify User1:CA2 + trust CA1 + policy OID.1.0 + result pass + +verify User1:CA2 + trust CA1 + policy OID.2.0 + result fail + +verify User1:CA2 + trust CA2 + policy OID.1.0 + result pass + +verify User1:CA2 + trust CA2 + policy OID.2.0 + result fail + +verify User2:CA2 + trust Root + policy OID.1.0 + result pass + +verify User2:CA2 + trust Root + policy OID.2.0 + result pass + +verify User2:CA2 + trust CA1 + policy OID.1.0 + result pass + +verify User2:CA2 + trust CA1 + policy OID.2.0 + result pass + +verify User2:CA2 + trust CA2 + policy OID.1.0 + result pass + +verify User2:CA2 + trust CA2 + policy OID.2.0 + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/mapping.cfg b/mozilla/security/nss/tests/chains/scenarios/mapping.cfg new file mode 100644 index 0000000..ab58ee5 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/mapping.cfg @@ -0,0 +1,95 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario Mapping + +entity Root + type Root + +entity CA1 + type Intermediate + issuer Root + policy OID.1.0 + mapping OID.1.0:OID.1.1 + +entity CA2 + type Intermediate + issuer CA1 + policy OID.1.1 + +entity User + type EE + issuer CA2 + policy OID.1.1 + +db All + +import Root:: +import CA1:Root: +import CA2:CA1: + +verify User:CA2 + trust Root + policy OID.1.0 +# should fail, bug 430859 + result pass + +verify User:CA2 + trust Root + policy OID.1.1 +# should pass, bug 430859 + result fail + +verify User:CA2 + trust CA1 + policy OID.1.0 + result fail + +verify User:CA2 + trust CA1 + policy OID.1.1 + result pass + +verify User:CA2 + trust CA2 + policy OID.1.0 + result fail + +verify User:CA2 + trust CA2 + policy OID.1.1 + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/mapping2.cfg b/mozilla/security/nss/tests/chains/scenarios/mapping2.cfg new file mode 100644 index 0000000..6f99c87 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/mapping2.cfg @@ -0,0 +1,103 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario Mapping2 + +entity Root + type Root + +entity CA1 + type Intermediate + issuer Root + policy OID.1.0 + +entity CA2 + type Intermediate + issuer CA1 + policy OID.1.0 + mapping OID.1.0:OID.1.1 + +entity CA3 + type Intermediate + issuer CA2 + policy OID.1.1 + +entity User + type EE + issuer CA3 + policy OID.1.1 + +db All + +import Root:: +import CA1:Root: +import CA2:CA1: +import CA3:CA2: + +verify User:CA3 + trust Root + policy OID.1.0 +# should fail, bug 430859 + result pass + +verify User:CA3 + trust Root + policy OID.1.1 +# should pass, bug 430859 + result fail + +verify User:CA3 + trust CA1 + policy OID.1.0 +# should fail, bug 430859 + result pass + +verify User:CA3 + trust CA1 + policy OID.1.1 +# should pass, bug 430859 + result fail + +verify User:CA3 + trust CA2 + policy OID.1.0 + result fail + +verify User:CA3 + trust CA2 + policy OID.1.1 + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/megabridge_3_2.cfg b/mozilla/security/nss/tests/chains/scenarios/megabridge_3_2.cfg new file mode 100644 index 0000000..08268cb --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/megabridge_3_2.cfg @@ -0,0 +1,162 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario MegaBridge_3_2 + +entity Root1 + type Root + +entity Root2 + type Root + +entity Root3 + type Root + +entity Root4 + type Root + +entity Root5 + type Root + +entity Root6 + type Root + +entity Root7 + type Root + +entity Root8 + type Root + +entity Root9 + type Root + +entity Bridge11 + type Bridge + issuer Root1 + issuer Root2 + issuer Root3 + +entity Bridge12 + type Bridge + issuer Root4 + issuer Root5 + issuer Root6 + +entity Bridge13 + type Bridge + issuer Root7 + issuer Root8 + issuer Root9 + +entity Bridge21 + type Bridge + issuer Bridge11 + issuer Bridge12 + issuer Bridge13 + +entity CA1 + type Intermediate + issuer Bridge21 + +entity EE1 + type EE + issuer CA1 + +testdb EE1 + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge11 + cert Bridge11:Root1 + trust Root1: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge11 + cert Bridge11:Root2 + trust Root2: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge11 + cert Bridge11:Root3 + trust Root3: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge12 + cert Bridge12:Root4 + trust Root4: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge12 + cert Bridge12:Root5 + trust Root5: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge12 + cert Bridge12:Root6 + trust Root6: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge13 + cert Bridge13:Root7 + trust Root7: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge13 + cert Bridge13:Root8 + trust Root8: + result pass + +verify EE1:CA1 + cert CA1:Bridge21 + cert Bridge21:Bridge13 + cert Bridge13:Root9 + trust Root9: + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/ocsp.cfg b/mozilla/security/nss/tests/chains/scenarios/ocsp.cfg new file mode 100644 index 0000000..f70f8b6 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/ocsp.cfg @@ -0,0 +1,209 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario OCSP + +check_ocsp OCSPEE11:x + +db OCSPRoot +import OCSPRoot:x:CT,C,C + +db OCSPCA1 +import_key OCSPCA1 + +crl OCSPCA1 + +revoke OCSPCA1 + serial 3 + +revoke OCSPCA1 + serial 4 + +testdb OCSPRoot + +#EE - OK, CA - OK +verify OCSPEE11:x + cert OCSPCA1:x + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result pass + +#EE - revoked, CA - OK +verify OCSPEE12:x + cert OCSPCA1:x + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - unknown +verify OCSPEE15:x + cert OCSPCA1:x + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + result pass + +#EE - unknown, requireFreshInfo +verify OCSPEE15:x + cert OCSPCA1:x + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - OK, CA - revoked, leaf, no fresh info +verify OCSPEE21:x + cert OCSPCA2:x + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + result pass + +#EE - OK, CA - revoked, leaf, requireFreshInfo +verify OCSPEE21:x + cert OCSPCA2:x + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - OK, CA - revoked, chain, requireFreshInfo +verify OCSPEE21:x + cert OCSPCA2:x + trust OCSPRoot + rev_type chain + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - OK, CA - unknown +verify OCSPEE31:x + cert OCSPCA3:x + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + result pass + +#EE - OK, CA - unknown, requireFreshInfo +verify OCSPEE31:x + cert OCSPCA3:x + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - revoked, doNotUse +verify OCSPEE12:x + cert OCSPCA1:x + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags doNotUse + result pass + +#EE - revoked, forbidFetching +verify OCSPEE12:x + cert OCSPCA1:x + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags forbidFetching + result pass + +#EE - unknown status, failIfNoInfo +verify OCSPEE15:x + cert OCSPCA1:x + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags failIfNoInfo + result fail + +#EE - OK, CA - revoked, leaf, failIfNoInfo +verify OCSPEE21:x + cert OCSPCA2:x + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags failIfNoInfo + result fail + +testdb OCSPCA1 + +#EE - OK on OCSP, revoked locally - should fail ?? +# two things about this test: crl is not imported into the db and +# cert 13 is not revoked by crl. +verify OCSPEE13:x + cert OCSPCA1:x + trust OCSPCA1 + rev_type leaf + rev_flags testLocalInfoFirst + rev_mtype ocsp + result pass + +db OCSPRoot1 +import OCSPRoot:x:CT,C,C + +verify OCSPEE23:x + cert OCSPCA2:x + trust OCSPRoot + rev_type chain + rev_mtype ocsp + rev_type leaf + rev_mtype ocsp + result fail + +db OCSPRoot2 +import OCSPRoot:x:T,, + +# bug 527438 +# expected result of this test is FAIL +verify OCSPEE23:x + cert OCSPCA2:x + trust OCSPRoot + rev_type chain + rev_mtype ocsp + rev_type leaf + rev_mtype ocsp + result pass + diff --git a/mozilla/security/nss/tests/chains/scenarios/ocspd.cfg b/mozilla/security/nss/tests/chains/scenarios/ocspd.cfg new file mode 100644 index 0000000..c089405 --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/ocspd.cfg @@ -0,0 +1,169 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario OCSPD + +#root CA +entity OCSPRoot + type Root + +#CA - OK +entity OCSPCA1 + type Intermediate + issuer OCSPRoot + serial 1 + ocsp 2600 + +#CA - revoked +entity OCSPCA2 + type Intermediate + issuer OCSPRoot + serial 2 + ocsp 2600 + +#CA - unknown status +entity OCSPCA3 + type Intermediate + issuer OCSPRoot + serial 3 + ocsp 2599 + +#EE - OK +entity OCSPEE11 + type EE + issuer OCSPCA1 + serial 1 + ocsp 2601 + +#EE - revoked on OCSP +entity OCSPEE12 + type EE + issuer OCSPCA1 + serial 2 + ocsp 2601 + +#EE - revoked on CRL +entity OCSPEE13 + type EE + issuer OCSPCA1 + serial 3 + ocsp 2601 + +#EE - revoked on OCSP and CRL +entity OCSPEE14 + type EE + issuer OCSPCA1 + serial 4 + ocsp 2601 + +#EE - unknown status +entity OCSPEE15 + type EE + issuer OCSPCA1 + serial 5 + ocsp 2599 + +#EE - valid EE, revoked CA +entity OCSPEE21 + type EE + issuer OCSPCA2 + serial 1 + ocsp 2602 + +#EE - revoked EE, revoked CA +entity OCSPEE22 + type EE + issuer OCSPCA2 + serial 2 + ocsp 2602 + +#EE - revoked EE, CA pointing to invalid OCSP +entity OCSPEE23 + type EE + issuer OCSPCA2 + serial 3 + ocsp 2599 + +#EE - valid EE, CA pointing to invalid OCSP +entity OCSPEE31 + type EE + issuer OCSPCA3 + serial 1 + ocsp 2603 + +#EE - revoked EE, CA pointing to invalid OCSP +entity OCSPEE32 + type EE + issuer OCSPCA3 + serial 2 + ocsp 2603 + +#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP +entity OCSPEE33 + type EE + issuer OCSPCA3 + serial 3 + ocsp 2599 + +crl OCSPRoot + +revoke OCSPRoot + serial 2 + +crl OCSPCA1 + +revoke OCSPCA1 + serial 2 + +revoke OCSPCA1 + serial 4 + +crl OCSPCA2 + +revoke OCSPCA2 + serial 2 + +revoke OCSPCA2 + serial 3 + +crl OCSPCA3 + +revoke OCSPCA3 + serial 2 + +revoke OCSPCA3 + serial 3 + diff --git a/mozilla/security/nss/tests/chains/scenarios/realcerts.cfg b/mozilla/security/nss/tests/chains/scenarios/realcerts.cfg new file mode 100644 index 0000000..124befb --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/realcerts.cfg @@ -0,0 +1,61 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario RealCerts + +db All + +import TestCA.ca:x:CT,C,C +import TestUser50:x: +import TestUser51:x: +import PayPalRootCA:x:CT,C,C +import PayPalICA:x: +import PayPalEE:x: +import BrAirWaysBadSig:x: + +verify TestUser50:x + result pass + +verify TestUser51:x + result pass + +verify PayPalEE:x + policy OID.2.16.840.1.113733.1.7.23.6 + result pass + +verify BrAirWaysBadSig:x + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/revoc.cfg b/mozilla/security/nss/tests/chains/scenarios/revoc.cfg new file mode 100644 index 0000000..6e6ea8e --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/revoc.cfg @@ -0,0 +1,118 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +scenario Revocation + +entity Root + type Root + serial 10 + +entity CA0 + type Intermediate + issuer Root + serial 11 + +entity CA1 + type Intermediate + issuer CA0 + serial 12 + +entity EE11 + type EE + issuer CA1 + serial 13 + +entity EE12 + type EE + issuer CA1 + serial 14 + +entity CA2 + type Intermediate + issuer CA0 + serial 15 + +entity EE21 + type EE + issuer CA2 + serial 16 + +crl Root +crl CA0 +crl CA1 +crl CA2 + +revoke CA1 + serial 14 + +revoke CA0 + serial 15 + +db All + +import Root::CTu,CTu,CTu +import CA0:Root: +import CA1:CA0: +import CA2:CA0: + +# EE11 - not revoked +verify EE11:CA1 + trust Root: + rev_type leaf + rev_mtype crl + result pass + +# EE12 - revoked +verify EE12:CA1 + trust Root: + rev_type leaf + rev_mtype crl + result fail + +# EE11 - CA1 not revoked +verify EE11:CA1 + trust Root: + rev_type chain + rev_mtype crl + result pass + +# EE21 - CA2 revoked +verify EE21:CA2 + trust Root: + rev_type chain + rev_mtype crl + result fail + diff --git a/mozilla/security/nss/tests/chains/scenarios/scenarios b/mozilla/security/nss/tests/chains/scenarios/scenarios new file mode 100644 index 0000000..f3cd2be --- /dev/null +++ b/mozilla/security/nss/tests/chains/scenarios/scenarios @@ -0,0 +1,53 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Network Security Services (NSS) +# +# The Initial Developer of the Original Code is Sun Microsystems, Inc. +# Portions created by the Initial Developer are Copyright (C) 2009 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +bridge.cfg +megabridge_3_2.cfg +extension.cfg +extension2.cfg +anypolicy.cfg +anypolicywithlevel.cfg +explicitPolicy.cfg +mapping.cfg +mapping2.cfg +aia.cfg +bridgewithaia.cfg +bridgewithhalfaia.cfg +bridgewithpolicyextensionandmapping.cfg +realcerts.cfg +dsa.cfg +revoc.cfg +ocsp.cfg +crldp.cfg |