summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorRobert Relyea <rrelyea@redhat.com>2018-11-09 15:42:43 -0800
committerRobert Relyea <rrelyea@redhat.com>2018-11-09 15:42:43 -0800
commit9dcbb13974272886b6e1499b092166aed6016bd4 (patch)
tree263fd459dff9a2154e8bfcc6e954eb4d4749467d /tests
parent34805e5f374fb05deb2f4c04549904ade45bfdd6 (diff)
downloadnss-hg-9dcbb13974272886b6e1499b092166aed6016bd4.tar.gz
# Bug 1252891 Implement certUsageIPSec as defined in RFC 4945
Patch by Kai r=rrelyea
Diffstat (limited to 'tests')
-rwxr-xr-xtests/chains/chains.sh14
-rw-r--r--tests/chains/scenarios/ipsec.cfg61
-rw-r--r--tests/chains/scenarios/scenarios1
3 files changed, 76 insertions, 0 deletions
diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh
index 62d961a29..32c7ef54c 100755
--- a/tests/chains/chains.sh
+++ b/tests/chains/chains.sh
@@ -352,6 +352,12 @@ create_cert_req()
-1
y
"
+ else
+ CA_FLAG="-2"
+ EXT_DATA="n
+-1
+y
+"
fi
process_crldp
@@ -1258,6 +1264,12 @@ process_scenario()
rm ${AIA_FILES}
}
+# process ipsec.cfg separately
+chains_ipsec()
+{
+ process_scenario "ipsec.cfg"
+}
+
# process ocspd.cfg separately
chains_ocspd()
{
@@ -1279,6 +1291,7 @@ chains_main()
do
[ `echo ${LINE} | cut -b 1` != "#" ] || continue
+ [ ${LINE} != 'ipsec.cfg' ] || continue
[ ${LINE} != 'ocspd.cfg' ] || continue
[ ${LINE} != 'method.cfg' ] || continue
@@ -1292,6 +1305,7 @@ chains_init
VERIFY_CLASSIC_ENGINE_TOO=
chains_ocspd
VERIFY_CLASSIC_ENGINE_TOO=1
+chains_ipsec
chains_run_httpserv get
chains_method
chains_stop_httpserv
diff --git a/tests/chains/scenarios/ipsec.cfg b/tests/chains/scenarios/ipsec.cfg
new file mode 100644
index 000000000..811bf9c09
--- /dev/null
+++ b/tests/chains/scenarios/ipsec.cfg
@@ -0,0 +1,61 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario IPsec
+
+entity Root
+ type Root
+
+entity CA1
+ type Intermediate
+ issuer Root
+
+entity NoKU
+ type EE
+ issuer CA1
+
+entity DigSig
+ type EE
+ issuer CA1
+ ku digitalSignature
+
+entity NonRep
+ type EE
+ issuer CA1
+ ku nonRepudiation
+
+entity DigSigNonRepAndExtra
+ type EE
+ issuer CA1
+ ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
+
+entity NoMatch
+ type EE
+ issuer CA1
+ ku keyEncipherment,dataEncipherment,keyAgreement
+
+db All
+
+import Root::C,,
+import CA1:Root:
+
+verify NoKU:CA1
+ usage 12
+ result pass
+
+verify DigSig:CA1
+ usage 12
+ result pass
+
+verify NonRep:CA1
+ usage 12
+ result pass
+
+verify DigSigNonRepAndExtra:CA1
+ usage 12
+ result pass
+
+verify NoMatch:CA1
+ usage 12
+ result fail
diff --git a/tests/chains/scenarios/scenarios b/tests/chains/scenarios/scenarios
index d26c3f92e..4eafd9c8d 100644
--- a/tests/chains/scenarios/scenarios
+++ b/tests/chains/scenarios/scenarios
@@ -22,3 +22,4 @@ ocsp.cfg
crldp.cfg
trustanchors.cfg
nameconstraints.cfg
+ipsec.cfg