| # This Source Code Form is subject to the terms of the Mozilla Public |
| # License, v. 2.0. If a copy of the MPL was not distributed with this |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| |
| scenario IPsec |
| |
| entity Root |
| type Root |
| |
| entity CA1 |
| type Intermediate |
| issuer Root |
| |
| entity NoKU |
| type EE |
| issuer CA1 |
| |
| entity DigSig |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| |
| entity NonRep |
| type EE |
| issuer CA1 |
| ku nonRepudiation |
| |
| entity DigSigNonRepAndExtra |
| type EE |
| issuer CA1 |
| ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement |
| |
| entity NoMatch |
| type EE |
| issuer CA1 |
| ku keyEncipherment,dataEncipherment,keyAgreement |
| |
| entity NonCriticalServerAuthEKU |
| type EE |
| issuer CA1 |
| eku serverAuth |
| |
| entity NonIPSECEKU |
| type EE |
| issuer CA1 |
| eku codeSigning |
| |
| entity CriticalServerAuthEKU |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| eku critical,serverAuth |
| |
| entity EKUIPsecIKE |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| eku critical,ipsecIKE |
| |
| entity EKUIPsecIKEEnd |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| eku ipsecIKEEnd |
| |
| entity EKUIPsecIKEIntermediate |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| eku codeSigning,serverAuth,ipsecIKEIntermediate |
| |
| entity EKUAny |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| eku x509Any |
| |
| entity EKUEmail |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| eku emailProtection |
| |
| entity EKUIPsecUser |
| type EE |
| issuer CA1 |
| ku digitalSignature |
| eku ipsecUser |
| |
| db All |
| |
| import Root::C,, |
| import CA1:Root: |
| |
| verify NoKU:CA1 |
| usage 12 |
| result pass |
| |
| verify DigSig:CA1 |
| usage 12 |
| result pass |
| |
| verify NonRep:CA1 |
| usage 12 |
| result pass |
| |
| verify DigSigNonRepAndExtra:CA1 |
| usage 12 |
| result pass |
| |
| verify NoMatch:CA1 |
| usage 12 |
| result fail |
| |
| verify NonIPSECEKU:CA1 |
| usage 12 |
| result fail |
| |
| verify NonCriticalServerAuthEKU:CA1 |
| usage 12 |
| result pass |
| |
| verify CriticalServerAuthEKU:CA1 |
| usage 12 |
| result pass |
| |
| verify EKUIPsecIKE:CA1 |
| usage 12 |
| result pass |
| |
| verify EKUIPsecIKEEnd:CA1 |
| usage 12 |
| result pass |
| |
| verify EKUIPsecIKEIntermediate:CA1 |
| usage 12 |
| result pass |
| |
| verify EKUAny:CA1 |
| usage 12 |
| result pass |
| |
| verify EKUEmail:CA1 |
| usage 12 |
| result pass |
| |
| verify EKUIPsecUser:CA1 |
| usage 12 |
| result pass |