nss-3.73/nss/tests/chains/scenarios/ipsec.cfg - manifest_repos/nss - Git at Google

 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

 scenario IPsec

 entity Root
   type Root

 entity CA1
   type Intermediate
   issuer Root

 entity NoKU
   type EE
   issuer CA1

 entity DigSig
   type EE
   issuer CA1
     ku digitalSignature

 entity NonRep
   type EE
   issuer CA1
     ku nonRepudiation

 entity DigSigNonRepAndExtra
   type EE
   issuer CA1
     ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement

 entity NoMatch
   type EE
   issuer CA1
     ku keyEncipherment,dataEncipherment,keyAgreement

 entity NonCriticalServerAuthEKU
   type EE
   issuer CA1
     eku serverAuth

 entity NonIPSECEKU
   type EE
   issuer CA1
     eku codeSigning

 entity CriticalServerAuthEKU
   type EE
   issuer CA1
     ku digitalSignature
     eku critical,serverAuth

 entity EKUIPsecIKE
   type EE
   issuer CA1
     ku digitalSignature
     eku critical,ipsecIKE

 entity EKUIPsecIKEEnd
   type EE
   issuer CA1
     ku digitalSignature
     eku ipsecIKEEnd

 entity EKUIPsecIKEIntermediate
   type EE
   issuer CA1
     ku digitalSignature
     eku codeSigning,serverAuth,ipsecIKEIntermediate

 entity EKUAny
   type EE
   issuer CA1
     ku digitalSignature
     eku x509Any

 entity EKUEmail
   type EE
   issuer CA1
     ku digitalSignature
     eku emailProtection

 entity EKUIPsecUser
   type EE
   issuer CA1
     ku digitalSignature
     eku ipsecUser

 db All

 import Root::C,,
 import CA1:Root:

 verify NoKU:CA1
   usage 12
   result pass

 verify DigSig:CA1
   usage 12
   result pass

 verify NonRep:CA1
   usage 12
   result pass

 verify DigSigNonRepAndExtra:CA1
   usage 12
   result pass

 verify NoMatch:CA1
   usage 12
   result fail

 verify NonIPSECEKU:CA1
   usage 12
   result fail

 verify NonCriticalServerAuthEKU:CA1
   usage 12
   result pass

 verify CriticalServerAuthEKU:CA1
   usage 12
   result pass

 verify EKUIPsecIKE:CA1
   usage 12
   result pass

 verify EKUIPsecIKEEnd:CA1
   usage 12
   result pass

 verify EKUIPsecIKEIntermediate:CA1
   usage 12
   result pass

 verify EKUAny:CA1
   usage 12
   result pass

 verify EKUEmail:CA1
   usage 12
   result pass

 verify EKUIPsecUser:CA1
   usage 12
   result pass
	# This Source Code Form is subject to the terms of the Mozilla Public
	# License, v. 2.0. If a copy of the MPL was not distributed with this
	# file, You can obtain one at http://mozilla.org/MPL/2.0/.

	scenario IPsec

	entity Root
	type Root

	entity CA1
	type Intermediate
	issuer Root

	entity NoKU
	type EE
	issuer CA1

	entity DigSig
	type EE
	issuer CA1
	ku digitalSignature

	entity NonRep
	type EE
	issuer CA1
	ku nonRepudiation

	entity DigSigNonRepAndExtra
	type EE
	issuer CA1
	ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement

	entity NoMatch
	type EE
	issuer CA1
	ku keyEncipherment,dataEncipherment,keyAgreement

	entity NonCriticalServerAuthEKU
	type EE
	issuer CA1
	eku serverAuth

	entity NonIPSECEKU
	type EE
	issuer CA1
	eku codeSigning

	entity CriticalServerAuthEKU
	type EE
	issuer CA1
	ku digitalSignature
	eku critical,serverAuth

	entity EKUIPsecIKE
	type EE
	issuer CA1
	ku digitalSignature
	eku critical,ipsecIKE

	entity EKUIPsecIKEEnd
	type EE
	issuer CA1
	ku digitalSignature
	eku ipsecIKEEnd

	entity EKUIPsecIKEIntermediate
	type EE
	issuer CA1
	ku digitalSignature
	eku codeSigning,serverAuth,ipsecIKEIntermediate

	entity EKUAny
	type EE
	issuer CA1
	ku digitalSignature
	eku x509Any

	entity EKUEmail
	type EE
	issuer CA1
	ku digitalSignature
	eku emailProtection

	entity EKUIPsecUser
	type EE
	issuer CA1
	ku digitalSignature
	eku ipsecUser

	db All

	import Root::C,,
	import CA1:Root:

	verify NoKU:CA1
	usage 12
	result pass

	verify DigSig:CA1
	usage 12
	result pass

	verify NonRep:CA1
	usage 12
	result pass

	verify DigSigNonRepAndExtra:CA1
	usage 12
	result pass

	verify NoMatch:CA1
	usage 12
	result fail

	verify NonIPSECEKU:CA1
	usage 12
	result fail

	verify NonCriticalServerAuthEKU:CA1
	usage 12
	result pass

	verify CriticalServerAuthEKU:CA1
	usage 12
	result pass

	verify EKUIPsecIKE:CA1
	usage 12
	result pass

	verify EKUIPsecIKEEnd:CA1
	usage 12
	result pass

	verify EKUIPsecIKEIntermediate:CA1
	usage 12
	result pass

	verify EKUAny:CA1
	usage 12
	result pass

	verify EKUEmail:CA1
	usage 12
	result pass

	verify EKUIPsecUser:CA1
	usage 12
	result pass