1e1051a39Sopenharmony_ci#! /usr/bin/env perl 2e1051a39Sopenharmony_ci# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci# Perl utility to run PKITS tests for RFC3280 compliance. 10e1051a39Sopenharmony_ci 11e1051a39Sopenharmony_cimy $ossl_path; 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ciif ( -f "../apps/openssl" ) { 14e1051a39Sopenharmony_ci $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; 15e1051a39Sopenharmony_ci} 16e1051a39Sopenharmony_cielsif ( -f "..\\out32dll\\openssl.exe" ) { 17e1051a39Sopenharmony_ci $ossl_path = "..\\out32dll\\openssl.exe"; 18e1051a39Sopenharmony_ci} 19e1051a39Sopenharmony_cielsif ( -f "..\\out32\\openssl.exe" ) { 20e1051a39Sopenharmony_ci $ossl_path = "..\\out32\\openssl.exe"; 21e1051a39Sopenharmony_ci} 22e1051a39Sopenharmony_cielse { 23e1051a39Sopenharmony_ci die "Can't find OpenSSL executable"; 24e1051a39Sopenharmony_ci} 25e1051a39Sopenharmony_ci 26e1051a39Sopenharmony_cimy $pkitsdir = "pkits/smime"; 27e1051a39Sopenharmony_cimy $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; 28e1051a39Sopenharmony_ci 29e1051a39Sopenharmony_cidie "Can't find PKITS test data" if !-d $pkitsdir; 30e1051a39Sopenharmony_ci 31e1051a39Sopenharmony_cimy $nist1 = "2.16.840.1.101.3.2.1.48.1"; 32e1051a39Sopenharmony_cimy $nist2 = "2.16.840.1.101.3.2.1.48.2"; 33e1051a39Sopenharmony_cimy $nist3 = "2.16.840.1.101.3.2.1.48.3"; 34e1051a39Sopenharmony_cimy $nist4 = "2.16.840.1.101.3.2.1.48.4"; 35e1051a39Sopenharmony_cimy $nist5 = "2.16.840.1.101.3.2.1.48.5"; 36e1051a39Sopenharmony_cimy $nist6 = "2.16.840.1.101.3.2.1.48.6"; 37e1051a39Sopenharmony_ci 38e1051a39Sopenharmony_cimy $apolicy = "X509v3 Any Policy"; 39e1051a39Sopenharmony_ci 40e1051a39Sopenharmony_ci# This table contains the chapter headings of the accompanying PKITS 41e1051a39Sopenharmony_ci# document. They provide useful informational output and their names 42e1051a39Sopenharmony_ci# can be converted into the filename to test. 43e1051a39Sopenharmony_ci 44e1051a39Sopenharmony_cimy @testlists = ( 45e1051a39Sopenharmony_ci [ "4.1", "Signature Verification" ], 46e1051a39Sopenharmony_ci [ "4.1.1", "Valid Signatures Test1", 0 ], 47e1051a39Sopenharmony_ci [ "4.1.2", "Invalid CA Signature Test2", 7 ], 48e1051a39Sopenharmony_ci [ "4.1.3", "Invalid EE Signature Test3", 7 ], 49e1051a39Sopenharmony_ci [ "4.1.4", "Valid DSA Signatures Test4", 0 ], 50e1051a39Sopenharmony_ci [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], 51e1051a39Sopenharmony_ci [ "4.1.6", "Invalid DSA Signature Test6", 7 ], 52e1051a39Sopenharmony_ci [ "4.2", "Validity Periods" ], 53e1051a39Sopenharmony_ci [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], 54e1051a39Sopenharmony_ci [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], 55e1051a39Sopenharmony_ci [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], 56e1051a39Sopenharmony_ci [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], 57e1051a39Sopenharmony_ci [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], 58e1051a39Sopenharmony_ci [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], 59e1051a39Sopenharmony_ci [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], 60e1051a39Sopenharmony_ci [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], 61e1051a39Sopenharmony_ci [ "4.3", "Verifying Name Chaining" ], 62e1051a39Sopenharmony_ci [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], 63e1051a39Sopenharmony_ci [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], 64e1051a39Sopenharmony_ci [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], 65e1051a39Sopenharmony_ci [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], 66e1051a39Sopenharmony_ci [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], 67e1051a39Sopenharmony_ci [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], 68e1051a39Sopenharmony_ci [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], 69e1051a39Sopenharmony_ci [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], 70e1051a39Sopenharmony_ci [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], 71e1051a39Sopenharmony_ci [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], 72e1051a39Sopenharmony_ci [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], 73e1051a39Sopenharmony_ci [ "4.4", "Basic Certificate Revocation Tests" ], 74e1051a39Sopenharmony_ci [ "4.4.1", "Missing CRL Test1", 3 ], 75e1051a39Sopenharmony_ci [ "4.4.2", "Invalid Revoked CA Test2", 23 ], 76e1051a39Sopenharmony_ci [ "4.4.3", "Invalid Revoked EE Test3", 23 ], 77e1051a39Sopenharmony_ci [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], 78e1051a39Sopenharmony_ci [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], 79e1051a39Sopenharmony_ci [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], 80e1051a39Sopenharmony_ci [ "4.4.7", "Valid Two CRLs Test7", 0 ], 81e1051a39Sopenharmony_ci 82e1051a39Sopenharmony_ci # The test document suggests these should return certificate revoked... 83e1051a39Sopenharmony_ci # Subsequent discussion has concluded they should not due to unhandle 84e1051a39Sopenharmony_ci # critical CRL extensions. 85e1051a39Sopenharmony_ci [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], 86e1051a39Sopenharmony_ci [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], 87e1051a39Sopenharmony_ci 88e1051a39Sopenharmony_ci [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], 89e1051a39Sopenharmony_ci [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], 90e1051a39Sopenharmony_ci [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], 91e1051a39Sopenharmony_ci [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], 92e1051a39Sopenharmony_ci [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], 93e1051a39Sopenharmony_ci [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], 94e1051a39Sopenharmony_ci [ "4.4.16", "Valid Long Serial Number Test16", 0 ], 95e1051a39Sopenharmony_ci [ "4.4.17", "Valid Long Serial Number Test17", 0 ], 96e1051a39Sopenharmony_ci [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], 97e1051a39Sopenharmony_ci [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], 98e1051a39Sopenharmony_ci [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], 99e1051a39Sopenharmony_ci 100e1051a39Sopenharmony_ci # CRL path is revoked so get a CRL path validation error 101e1051a39Sopenharmony_ci [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], 102e1051a39Sopenharmony_ci [ "4.5", "Verifying Paths with Self-Issued Certificates" ], 103e1051a39Sopenharmony_ci [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], 104e1051a39Sopenharmony_ci [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], 105e1051a39Sopenharmony_ci [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], 106e1051a39Sopenharmony_ci [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], 107e1051a39Sopenharmony_ci [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], 108e1051a39Sopenharmony_ci [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], 109e1051a39Sopenharmony_ci [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], 110e1051a39Sopenharmony_ci [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], 111e1051a39Sopenharmony_ci [ "4.6", "Verifying Basic Constraints" ], 112e1051a39Sopenharmony_ci [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], 113e1051a39Sopenharmony_ci [ "4.6.2", "Invalid cA False Test2", 24 ], 114e1051a39Sopenharmony_ci [ "4.6.3", "Invalid cA False Test3", 24 ], 115e1051a39Sopenharmony_ci [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], 116e1051a39Sopenharmony_ci [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], 117e1051a39Sopenharmony_ci [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], 118e1051a39Sopenharmony_ci [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], 119e1051a39Sopenharmony_ci [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], 120e1051a39Sopenharmony_ci [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], 121e1051a39Sopenharmony_ci [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], 122e1051a39Sopenharmony_ci [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], 123e1051a39Sopenharmony_ci [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], 124e1051a39Sopenharmony_ci [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], 125e1051a39Sopenharmony_ci [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], 126e1051a39Sopenharmony_ci [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], 127e1051a39Sopenharmony_ci [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], 128e1051a39Sopenharmony_ci [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], 129e1051a39Sopenharmony_ci [ "4.7", "Key Usage" ], 130e1051a39Sopenharmony_ci [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], 131e1051a39Sopenharmony_ci [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], 132e1051a39Sopenharmony_ci [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], 133e1051a39Sopenharmony_ci [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], 134e1051a39Sopenharmony_ci [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], 135e1051a39Sopenharmony_ci 136e1051a39Sopenharmony_ci # Certificate policy tests need special handling. They can have several 137e1051a39Sopenharmony_ci # sub tests and we need to check the outputs are correct. 138e1051a39Sopenharmony_ci 139e1051a39Sopenharmony_ci [ "4.8", "Certificate Policies" ], 140e1051a39Sopenharmony_ci [ 141e1051a39Sopenharmony_ci "4.8.1.1", 142e1051a39Sopenharmony_ci "All Certificates Same Policy Test1", 143e1051a39Sopenharmony_ci "-policy anyPolicy -explicit_policy", 144e1051a39Sopenharmony_ci "True", $nist1, $nist1, 0 145e1051a39Sopenharmony_ci ], 146e1051a39Sopenharmony_ci [ 147e1051a39Sopenharmony_ci "4.8.1.2", 148e1051a39Sopenharmony_ci "All Certificates Same Policy Test1", 149e1051a39Sopenharmony_ci "-policy $nist1 -explicit_policy", 150e1051a39Sopenharmony_ci "True", $nist1, $nist1, 0 151e1051a39Sopenharmony_ci ], 152e1051a39Sopenharmony_ci [ 153e1051a39Sopenharmony_ci "4.8.1.3", 154e1051a39Sopenharmony_ci "All Certificates Same Policy Test1", 155e1051a39Sopenharmony_ci "-policy $nist2 -explicit_policy", 156e1051a39Sopenharmony_ci "True", $nist1, "<empty>", 43 157e1051a39Sopenharmony_ci ], 158e1051a39Sopenharmony_ci [ 159e1051a39Sopenharmony_ci "4.8.1.4", 160e1051a39Sopenharmony_ci "All Certificates Same Policy Test1", 161e1051a39Sopenharmony_ci "-policy $nist1 -policy $nist2 -explicit_policy", 162e1051a39Sopenharmony_ci "True", $nist1, $nist1, 0 163e1051a39Sopenharmony_ci ], 164e1051a39Sopenharmony_ci [ 165e1051a39Sopenharmony_ci "4.8.2.1", 166e1051a39Sopenharmony_ci "All Certificates No Policies Test2", 167e1051a39Sopenharmony_ci "-policy anyPolicy", 168e1051a39Sopenharmony_ci "False", "<empty>", "<empty>", 0 169e1051a39Sopenharmony_ci ], 170e1051a39Sopenharmony_ci [ 171e1051a39Sopenharmony_ci "4.8.2.2", 172e1051a39Sopenharmony_ci "All Certificates No Policies Test2", 173e1051a39Sopenharmony_ci "-policy anyPolicy -explicit_policy", 174e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 175e1051a39Sopenharmony_ci ], 176e1051a39Sopenharmony_ci [ 177e1051a39Sopenharmony_ci "4.8.3.1", 178e1051a39Sopenharmony_ci "Different Policies Test3", 179e1051a39Sopenharmony_ci "-policy anyPolicy", 180e1051a39Sopenharmony_ci "False", "<empty>", "<empty>", 0 181e1051a39Sopenharmony_ci ], 182e1051a39Sopenharmony_ci [ 183e1051a39Sopenharmony_ci "4.8.3.2", 184e1051a39Sopenharmony_ci "Different Policies Test3", 185e1051a39Sopenharmony_ci "-policy anyPolicy -explicit_policy", 186e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 187e1051a39Sopenharmony_ci ], 188e1051a39Sopenharmony_ci [ 189e1051a39Sopenharmony_ci "4.8.3.3", 190e1051a39Sopenharmony_ci "Different Policies Test3", 191e1051a39Sopenharmony_ci "-policy $nist1 -policy $nist2 -explicit_policy", 192e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 193e1051a39Sopenharmony_ci ], 194e1051a39Sopenharmony_ci 195e1051a39Sopenharmony_ci [ 196e1051a39Sopenharmony_ci "4.8.4", 197e1051a39Sopenharmony_ci "Different Policies Test4", 198e1051a39Sopenharmony_ci "-policy anyPolicy", 199e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 200e1051a39Sopenharmony_ci ], 201e1051a39Sopenharmony_ci [ 202e1051a39Sopenharmony_ci "4.8.5", 203e1051a39Sopenharmony_ci "Different Policies Test5", 204e1051a39Sopenharmony_ci "-policy anyPolicy", 205e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 206e1051a39Sopenharmony_ci ], 207e1051a39Sopenharmony_ci [ 208e1051a39Sopenharmony_ci "4.8.6.1", 209e1051a39Sopenharmony_ci "Overlapping Policies Test6", 210e1051a39Sopenharmony_ci "-policy anyPolicy", 211e1051a39Sopenharmony_ci "True", $nist1, $nist1, 0 212e1051a39Sopenharmony_ci ], 213e1051a39Sopenharmony_ci [ 214e1051a39Sopenharmony_ci "4.8.6.2", 215e1051a39Sopenharmony_ci "Overlapping Policies Test6", 216e1051a39Sopenharmony_ci "-policy $nist1", 217e1051a39Sopenharmony_ci "True", $nist1, $nist1, 0 218e1051a39Sopenharmony_ci ], 219e1051a39Sopenharmony_ci [ 220e1051a39Sopenharmony_ci "4.8.6.3", 221e1051a39Sopenharmony_ci "Overlapping Policies Test6", 222e1051a39Sopenharmony_ci "-policy $nist2", 223e1051a39Sopenharmony_ci "True", $nist1, "<empty>", 43 224e1051a39Sopenharmony_ci ], 225e1051a39Sopenharmony_ci [ 226e1051a39Sopenharmony_ci "4.8.7", 227e1051a39Sopenharmony_ci "Different Policies Test7", 228e1051a39Sopenharmony_ci "-policy anyPolicy", 229e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 230e1051a39Sopenharmony_ci ], 231e1051a39Sopenharmony_ci [ 232e1051a39Sopenharmony_ci "4.8.8", 233e1051a39Sopenharmony_ci "Different Policies Test8", 234e1051a39Sopenharmony_ci "-policy anyPolicy", 235e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 236e1051a39Sopenharmony_ci ], 237e1051a39Sopenharmony_ci [ 238e1051a39Sopenharmony_ci "4.8.9", 239e1051a39Sopenharmony_ci "Different Policies Test9", 240e1051a39Sopenharmony_ci "-policy anyPolicy", 241e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 242e1051a39Sopenharmony_ci ], 243e1051a39Sopenharmony_ci [ 244e1051a39Sopenharmony_ci "4.8.10.1", 245e1051a39Sopenharmony_ci "All Certificates Same Policies Test10", 246e1051a39Sopenharmony_ci "-policy $nist1", 247e1051a39Sopenharmony_ci "True", "$nist1:$nist2", "$nist1", 0 248e1051a39Sopenharmony_ci ], 249e1051a39Sopenharmony_ci [ 250e1051a39Sopenharmony_ci "4.8.10.2", 251e1051a39Sopenharmony_ci "All Certificates Same Policies Test10", 252e1051a39Sopenharmony_ci "-policy $nist2", 253e1051a39Sopenharmony_ci "True", "$nist1:$nist2", "$nist2", 0 254e1051a39Sopenharmony_ci ], 255e1051a39Sopenharmony_ci [ 256e1051a39Sopenharmony_ci "4.8.10.3", 257e1051a39Sopenharmony_ci "All Certificates Same Policies Test10", 258e1051a39Sopenharmony_ci "-policy anyPolicy", 259e1051a39Sopenharmony_ci "True", "$nist1:$nist2", "$nist1:$nist2", 0 260e1051a39Sopenharmony_ci ], 261e1051a39Sopenharmony_ci [ 262e1051a39Sopenharmony_ci "4.8.11.1", 263e1051a39Sopenharmony_ci "All Certificates AnyPolicy Test11", 264e1051a39Sopenharmony_ci "-policy anyPolicy", 265e1051a39Sopenharmony_ci "True", "$apolicy", "$apolicy", 0 266e1051a39Sopenharmony_ci ], 267e1051a39Sopenharmony_ci [ 268e1051a39Sopenharmony_ci "4.8.11.2", 269e1051a39Sopenharmony_ci "All Certificates AnyPolicy Test11", 270e1051a39Sopenharmony_ci "-policy $nist1", 271e1051a39Sopenharmony_ci "True", "$apolicy", "$nist1", 0 272e1051a39Sopenharmony_ci ], 273e1051a39Sopenharmony_ci [ 274e1051a39Sopenharmony_ci "4.8.12", 275e1051a39Sopenharmony_ci "Different Policies Test12", 276e1051a39Sopenharmony_ci "-policy anyPolicy", 277e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 278e1051a39Sopenharmony_ci ], 279e1051a39Sopenharmony_ci [ 280e1051a39Sopenharmony_ci "4.8.13.1", 281e1051a39Sopenharmony_ci "All Certificates Same Policies Test13", 282e1051a39Sopenharmony_ci "-policy $nist1", 283e1051a39Sopenharmony_ci "True", "$nist1:$nist2:$nist3", "$nist1", 0 284e1051a39Sopenharmony_ci ], 285e1051a39Sopenharmony_ci [ 286e1051a39Sopenharmony_ci "4.8.13.2", 287e1051a39Sopenharmony_ci "All Certificates Same Policies Test13", 288e1051a39Sopenharmony_ci "-policy $nist2", 289e1051a39Sopenharmony_ci "True", "$nist1:$nist2:$nist3", "$nist2", 0 290e1051a39Sopenharmony_ci ], 291e1051a39Sopenharmony_ci [ 292e1051a39Sopenharmony_ci "4.8.13.3", 293e1051a39Sopenharmony_ci "All Certificates Same Policies Test13", 294e1051a39Sopenharmony_ci "-policy $nist3", 295e1051a39Sopenharmony_ci "True", "$nist1:$nist2:$nist3", "$nist3", 0 296e1051a39Sopenharmony_ci ], 297e1051a39Sopenharmony_ci [ 298e1051a39Sopenharmony_ci "4.8.14.1", "AnyPolicy Test14", 299e1051a39Sopenharmony_ci "-policy $nist1", "True", 300e1051a39Sopenharmony_ci "$nist1", "$nist1", 301e1051a39Sopenharmony_ci 0 302e1051a39Sopenharmony_ci ], 303e1051a39Sopenharmony_ci [ 304e1051a39Sopenharmony_ci "4.8.14.2", "AnyPolicy Test14", 305e1051a39Sopenharmony_ci "-policy $nist2", "True", 306e1051a39Sopenharmony_ci "$nist1", "<empty>", 307e1051a39Sopenharmony_ci 43 308e1051a39Sopenharmony_ci ], 309e1051a39Sopenharmony_ci [ 310e1051a39Sopenharmony_ci "4.8.15", 311e1051a39Sopenharmony_ci "User Notice Qualifier Test15", 312e1051a39Sopenharmony_ci "-policy anyPolicy", 313e1051a39Sopenharmony_ci "False", "$nist1", "$nist1", 0 314e1051a39Sopenharmony_ci ], 315e1051a39Sopenharmony_ci [ 316e1051a39Sopenharmony_ci "4.8.16", 317e1051a39Sopenharmony_ci "User Notice Qualifier Test16", 318e1051a39Sopenharmony_ci "-policy anyPolicy", 319e1051a39Sopenharmony_ci "False", "$nist1", "$nist1", 0 320e1051a39Sopenharmony_ci ], 321e1051a39Sopenharmony_ci [ 322e1051a39Sopenharmony_ci "4.8.17", 323e1051a39Sopenharmony_ci "User Notice Qualifier Test17", 324e1051a39Sopenharmony_ci "-policy anyPolicy", 325e1051a39Sopenharmony_ci "False", "$nist1", "$nist1", 0 326e1051a39Sopenharmony_ci ], 327e1051a39Sopenharmony_ci [ 328e1051a39Sopenharmony_ci "4.8.18.1", 329e1051a39Sopenharmony_ci "User Notice Qualifier Test18", 330e1051a39Sopenharmony_ci "-policy $nist1", 331e1051a39Sopenharmony_ci "True", "$nist1:$nist2", "$nist1", 0 332e1051a39Sopenharmony_ci ], 333e1051a39Sopenharmony_ci [ 334e1051a39Sopenharmony_ci "4.8.18.2", 335e1051a39Sopenharmony_ci "User Notice Qualifier Test18", 336e1051a39Sopenharmony_ci "-policy $nist2", 337e1051a39Sopenharmony_ci "True", "$nist1:$nist2", "$nist2", 0 338e1051a39Sopenharmony_ci ], 339e1051a39Sopenharmony_ci [ 340e1051a39Sopenharmony_ci "4.8.19", 341e1051a39Sopenharmony_ci "User Notice Qualifier Test19", 342e1051a39Sopenharmony_ci "-policy anyPolicy", 343e1051a39Sopenharmony_ci "False", "$nist1", "$nist1", 0 344e1051a39Sopenharmony_ci ], 345e1051a39Sopenharmony_ci [ 346e1051a39Sopenharmony_ci "4.8.20", 347e1051a39Sopenharmony_ci "CPS Pointer Qualifier Test20", 348e1051a39Sopenharmony_ci "-policy anyPolicy -explicit_policy", 349e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 350e1051a39Sopenharmony_ci ], 351e1051a39Sopenharmony_ci [ "4.9", "Require Explicit Policy" ], 352e1051a39Sopenharmony_ci [ 353e1051a39Sopenharmony_ci "4.9.1", 354e1051a39Sopenharmony_ci "Valid RequireExplicitPolicy Test1", 355e1051a39Sopenharmony_ci "-policy anyPolicy", 356e1051a39Sopenharmony_ci "False", "<empty>", "<empty>", 0 357e1051a39Sopenharmony_ci ], 358e1051a39Sopenharmony_ci [ 359e1051a39Sopenharmony_ci "4.9.2", 360e1051a39Sopenharmony_ci "Valid RequireExplicitPolicy Test2", 361e1051a39Sopenharmony_ci "-policy anyPolicy", 362e1051a39Sopenharmony_ci "False", "<empty>", "<empty>", 0 363e1051a39Sopenharmony_ci ], 364e1051a39Sopenharmony_ci [ 365e1051a39Sopenharmony_ci "4.9.3", 366e1051a39Sopenharmony_ci "Invalid RequireExplicitPolicy Test3", 367e1051a39Sopenharmony_ci "-policy anyPolicy", 368e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 369e1051a39Sopenharmony_ci ], 370e1051a39Sopenharmony_ci [ 371e1051a39Sopenharmony_ci "4.9.4", 372e1051a39Sopenharmony_ci "Valid RequireExplicitPolicy Test4", 373e1051a39Sopenharmony_ci "-policy anyPolicy", 374e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 375e1051a39Sopenharmony_ci ], 376e1051a39Sopenharmony_ci [ 377e1051a39Sopenharmony_ci "4.9.5", 378e1051a39Sopenharmony_ci "Invalid RequireExplicitPolicy Test5", 379e1051a39Sopenharmony_ci "-policy anyPolicy", 380e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 381e1051a39Sopenharmony_ci ], 382e1051a39Sopenharmony_ci [ 383e1051a39Sopenharmony_ci "4.9.6", 384e1051a39Sopenharmony_ci "Valid Self-Issued requireExplicitPolicy Test6", 385e1051a39Sopenharmony_ci "-policy anyPolicy", 386e1051a39Sopenharmony_ci "False", "<empty>", "<empty>", 0 387e1051a39Sopenharmony_ci ], 388e1051a39Sopenharmony_ci [ 389e1051a39Sopenharmony_ci "4.9.7", 390e1051a39Sopenharmony_ci "Invalid Self-Issued requireExplicitPolicy Test7", 391e1051a39Sopenharmony_ci "-policy anyPolicy", 392e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 393e1051a39Sopenharmony_ci ], 394e1051a39Sopenharmony_ci [ 395e1051a39Sopenharmony_ci "4.9.8", 396e1051a39Sopenharmony_ci "Invalid Self-Issued requireExplicitPolicy Test8", 397e1051a39Sopenharmony_ci "-policy anyPolicy", 398e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 399e1051a39Sopenharmony_ci ], 400e1051a39Sopenharmony_ci [ "4.10", "Policy Mappings" ], 401e1051a39Sopenharmony_ci [ 402e1051a39Sopenharmony_ci "4.10.1.1", 403e1051a39Sopenharmony_ci "Valid Policy Mapping Test1", 404e1051a39Sopenharmony_ci "-policy $nist1", 405e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 406e1051a39Sopenharmony_ci ], 407e1051a39Sopenharmony_ci [ 408e1051a39Sopenharmony_ci "4.10.1.2", 409e1051a39Sopenharmony_ci "Valid Policy Mapping Test1", 410e1051a39Sopenharmony_ci "-policy $nist2", 411e1051a39Sopenharmony_ci "True", "$nist1", "<empty>", 43 412e1051a39Sopenharmony_ci ], 413e1051a39Sopenharmony_ci [ 414e1051a39Sopenharmony_ci "4.10.1.3", 415e1051a39Sopenharmony_ci "Valid Policy Mapping Test1", 416e1051a39Sopenharmony_ci "-policy anyPolicy -inhibit_map", 417e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 418e1051a39Sopenharmony_ci ], 419e1051a39Sopenharmony_ci [ 420e1051a39Sopenharmony_ci "4.10.2.1", 421e1051a39Sopenharmony_ci "Invalid Policy Mapping Test2", 422e1051a39Sopenharmony_ci "-policy anyPolicy", 423e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 424e1051a39Sopenharmony_ci ], 425e1051a39Sopenharmony_ci [ 426e1051a39Sopenharmony_ci "4.10.2.2", 427e1051a39Sopenharmony_ci "Invalid Policy Mapping Test2", 428e1051a39Sopenharmony_ci "-policy anyPolicy -inhibit_map", 429e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 430e1051a39Sopenharmony_ci ], 431e1051a39Sopenharmony_ci [ 432e1051a39Sopenharmony_ci "4.10.3.1", 433e1051a39Sopenharmony_ci "Valid Policy Mapping Test3", 434e1051a39Sopenharmony_ci "-policy $nist1", 435e1051a39Sopenharmony_ci "True", "$nist2", "<empty>", 43 436e1051a39Sopenharmony_ci ], 437e1051a39Sopenharmony_ci [ 438e1051a39Sopenharmony_ci "4.10.3.2", 439e1051a39Sopenharmony_ci "Valid Policy Mapping Test3", 440e1051a39Sopenharmony_ci "-policy $nist2", 441e1051a39Sopenharmony_ci "True", "$nist2", "$nist2", 0 442e1051a39Sopenharmony_ci ], 443e1051a39Sopenharmony_ci [ 444e1051a39Sopenharmony_ci "4.10.4", 445e1051a39Sopenharmony_ci "Invalid Policy Mapping Test4", 446e1051a39Sopenharmony_ci "-policy anyPolicy", 447e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 448e1051a39Sopenharmony_ci ], 449e1051a39Sopenharmony_ci [ 450e1051a39Sopenharmony_ci "4.10.5.1", 451e1051a39Sopenharmony_ci "Valid Policy Mapping Test5", 452e1051a39Sopenharmony_ci "-policy $nist1", 453e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 454e1051a39Sopenharmony_ci ], 455e1051a39Sopenharmony_ci [ 456e1051a39Sopenharmony_ci "4.10.5.2", 457e1051a39Sopenharmony_ci "Valid Policy Mapping Test5", 458e1051a39Sopenharmony_ci "-policy $nist6", 459e1051a39Sopenharmony_ci "True", "$nist1", "<empty>", 43 460e1051a39Sopenharmony_ci ], 461e1051a39Sopenharmony_ci [ 462e1051a39Sopenharmony_ci "4.10.6.1", 463e1051a39Sopenharmony_ci "Valid Policy Mapping Test6", 464e1051a39Sopenharmony_ci "-policy $nist1", 465e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 466e1051a39Sopenharmony_ci ], 467e1051a39Sopenharmony_ci [ 468e1051a39Sopenharmony_ci "4.10.6.2", 469e1051a39Sopenharmony_ci "Valid Policy Mapping Test6", 470e1051a39Sopenharmony_ci "-policy $nist6", 471e1051a39Sopenharmony_ci "True", "$nist1", "<empty>", 43 472e1051a39Sopenharmony_ci ], 473e1051a39Sopenharmony_ci [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], 474e1051a39Sopenharmony_ci [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], 475e1051a39Sopenharmony_ci [ 476e1051a39Sopenharmony_ci "4.10.9", 477e1051a39Sopenharmony_ci "Valid Policy Mapping Test9", 478e1051a39Sopenharmony_ci "-policy anyPolicy", 479e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 480e1051a39Sopenharmony_ci ], 481e1051a39Sopenharmony_ci [ 482e1051a39Sopenharmony_ci "4.10.10", 483e1051a39Sopenharmony_ci "Invalid Policy Mapping Test10", 484e1051a39Sopenharmony_ci "-policy anyPolicy", 485e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 486e1051a39Sopenharmony_ci ], 487e1051a39Sopenharmony_ci [ 488e1051a39Sopenharmony_ci "4.10.11", 489e1051a39Sopenharmony_ci "Valid Policy Mapping Test11", 490e1051a39Sopenharmony_ci "-policy anyPolicy", 491e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 492e1051a39Sopenharmony_ci ], 493e1051a39Sopenharmony_ci 494e1051a39Sopenharmony_ci # TODO: check notice display 495e1051a39Sopenharmony_ci [ 496e1051a39Sopenharmony_ci "4.10.12.1", 497e1051a39Sopenharmony_ci "Valid Policy Mapping Test12", 498e1051a39Sopenharmony_ci "-policy $nist1", 499e1051a39Sopenharmony_ci "True", "$nist1:$nist2", "$nist1", 0 500e1051a39Sopenharmony_ci ], 501e1051a39Sopenharmony_ci 502e1051a39Sopenharmony_ci # TODO: check notice display 503e1051a39Sopenharmony_ci [ 504e1051a39Sopenharmony_ci "4.10.12.2", 505e1051a39Sopenharmony_ci "Valid Policy Mapping Test12", 506e1051a39Sopenharmony_ci "-policy $nist2", 507e1051a39Sopenharmony_ci "True", "$nist1:$nist2", "$nist2", 0 508e1051a39Sopenharmony_ci ], 509e1051a39Sopenharmony_ci [ 510e1051a39Sopenharmony_ci "4.10.13", 511e1051a39Sopenharmony_ci "Valid Policy Mapping Test13", 512e1051a39Sopenharmony_ci "-policy anyPolicy", 513e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 514e1051a39Sopenharmony_ci ], 515e1051a39Sopenharmony_ci 516e1051a39Sopenharmony_ci # TODO: check notice display 517e1051a39Sopenharmony_ci [ 518e1051a39Sopenharmony_ci "4.10.14", 519e1051a39Sopenharmony_ci "Valid Policy Mapping Test14", 520e1051a39Sopenharmony_ci "-policy anyPolicy", 521e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 522e1051a39Sopenharmony_ci ], 523e1051a39Sopenharmony_ci [ "4.11", "Inhibit Policy Mapping" ], 524e1051a39Sopenharmony_ci [ 525e1051a39Sopenharmony_ci "4.11.1", 526e1051a39Sopenharmony_ci "Invalid inhibitPolicyMapping Test1", 527e1051a39Sopenharmony_ci "-policy anyPolicy", 528e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 529e1051a39Sopenharmony_ci ], 530e1051a39Sopenharmony_ci [ 531e1051a39Sopenharmony_ci "4.11.2", 532e1051a39Sopenharmony_ci "Valid inhibitPolicyMapping Test2", 533e1051a39Sopenharmony_ci "-policy anyPolicy", 534e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 535e1051a39Sopenharmony_ci ], 536e1051a39Sopenharmony_ci [ 537e1051a39Sopenharmony_ci "4.11.3", 538e1051a39Sopenharmony_ci "Invalid inhibitPolicyMapping Test3", 539e1051a39Sopenharmony_ci "-policy anyPolicy", 540e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 541e1051a39Sopenharmony_ci ], 542e1051a39Sopenharmony_ci [ 543e1051a39Sopenharmony_ci "4.11.4", 544e1051a39Sopenharmony_ci "Valid inhibitPolicyMapping Test4", 545e1051a39Sopenharmony_ci "-policy anyPolicy", 546e1051a39Sopenharmony_ci "True", "$nist2", "$nist2", 0 547e1051a39Sopenharmony_ci ], 548e1051a39Sopenharmony_ci [ 549e1051a39Sopenharmony_ci "4.11.5", 550e1051a39Sopenharmony_ci "Invalid inhibitPolicyMapping Test5", 551e1051a39Sopenharmony_ci "-policy anyPolicy", 552e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 553e1051a39Sopenharmony_ci ], 554e1051a39Sopenharmony_ci [ 555e1051a39Sopenharmony_ci "4.11.6", 556e1051a39Sopenharmony_ci "Invalid inhibitPolicyMapping Test6", 557e1051a39Sopenharmony_ci "-policy anyPolicy", 558e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 559e1051a39Sopenharmony_ci ], 560e1051a39Sopenharmony_ci [ 561e1051a39Sopenharmony_ci "4.11.7", 562e1051a39Sopenharmony_ci "Valid Self-Issued inhibitPolicyMapping Test7", 563e1051a39Sopenharmony_ci "-policy anyPolicy", 564e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 565e1051a39Sopenharmony_ci ], 566e1051a39Sopenharmony_ci [ 567e1051a39Sopenharmony_ci "4.11.8", 568e1051a39Sopenharmony_ci "Invalid Self-Issued inhibitPolicyMapping Test8", 569e1051a39Sopenharmony_ci "-policy anyPolicy", 570e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 571e1051a39Sopenharmony_ci ], 572e1051a39Sopenharmony_ci [ 573e1051a39Sopenharmony_ci "4.11.9", 574e1051a39Sopenharmony_ci "Invalid Self-Issued inhibitPolicyMapping Test9", 575e1051a39Sopenharmony_ci "-policy anyPolicy", 576e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 577e1051a39Sopenharmony_ci ], 578e1051a39Sopenharmony_ci [ 579e1051a39Sopenharmony_ci "4.11.10", 580e1051a39Sopenharmony_ci "Invalid Self-Issued inhibitPolicyMapping Test10", 581e1051a39Sopenharmony_ci "-policy anyPolicy", 582e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 583e1051a39Sopenharmony_ci ], 584e1051a39Sopenharmony_ci [ 585e1051a39Sopenharmony_ci "4.11.11", 586e1051a39Sopenharmony_ci "Invalid Self-Issued inhibitPolicyMapping Test11", 587e1051a39Sopenharmony_ci "-policy anyPolicy", 588e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 589e1051a39Sopenharmony_ci ], 590e1051a39Sopenharmony_ci [ "4.12", "Inhibit Any Policy" ], 591e1051a39Sopenharmony_ci [ 592e1051a39Sopenharmony_ci "4.12.1", 593e1051a39Sopenharmony_ci "Invalid inhibitAnyPolicy Test1", 594e1051a39Sopenharmony_ci "-policy anyPolicy", 595e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 596e1051a39Sopenharmony_ci ], 597e1051a39Sopenharmony_ci [ 598e1051a39Sopenharmony_ci "4.12.2", 599e1051a39Sopenharmony_ci "Valid inhibitAnyPolicy Test2", 600e1051a39Sopenharmony_ci "-policy anyPolicy", 601e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 602e1051a39Sopenharmony_ci ], 603e1051a39Sopenharmony_ci [ 604e1051a39Sopenharmony_ci "4.12.3.1", 605e1051a39Sopenharmony_ci "inhibitAnyPolicy Test3", 606e1051a39Sopenharmony_ci "-policy anyPolicy", 607e1051a39Sopenharmony_ci "True", "$nist1", "$nist1", 0 608e1051a39Sopenharmony_ci ], 609e1051a39Sopenharmony_ci [ 610e1051a39Sopenharmony_ci "4.12.3.2", 611e1051a39Sopenharmony_ci "inhibitAnyPolicy Test3", 612e1051a39Sopenharmony_ci "-policy anyPolicy -inhibit_any", 613e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 614e1051a39Sopenharmony_ci ], 615e1051a39Sopenharmony_ci [ 616e1051a39Sopenharmony_ci "4.12.4", 617e1051a39Sopenharmony_ci "Invalid inhibitAnyPolicy Test4", 618e1051a39Sopenharmony_ci "-policy anyPolicy", 619e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 620e1051a39Sopenharmony_ci ], 621e1051a39Sopenharmony_ci [ 622e1051a39Sopenharmony_ci "4.12.5", 623e1051a39Sopenharmony_ci "Invalid inhibitAnyPolicy Test5", 624e1051a39Sopenharmony_ci "-policy anyPolicy", 625e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 626e1051a39Sopenharmony_ci ], 627e1051a39Sopenharmony_ci [ 628e1051a39Sopenharmony_ci "4.12.6", 629e1051a39Sopenharmony_ci "Invalid inhibitAnyPolicy Test6", 630e1051a39Sopenharmony_ci "-policy anyPolicy", 631e1051a39Sopenharmony_ci "True", "<empty>", "<empty>", 43 632e1051a39Sopenharmony_ci ], 633e1051a39Sopenharmony_ci [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], 634e1051a39Sopenharmony_ci [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], 635e1051a39Sopenharmony_ci [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], 636e1051a39Sopenharmony_ci [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], 637e1051a39Sopenharmony_ci [ "4.13", "Name Constraints" ], 638e1051a39Sopenharmony_ci [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], 639e1051a39Sopenharmony_ci [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], 640e1051a39Sopenharmony_ci [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], 641e1051a39Sopenharmony_ci [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], 642e1051a39Sopenharmony_ci [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], 643e1051a39Sopenharmony_ci [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], 644e1051a39Sopenharmony_ci [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], 645e1051a39Sopenharmony_ci [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], 646e1051a39Sopenharmony_ci [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], 647e1051a39Sopenharmony_ci [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], 648e1051a39Sopenharmony_ci [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], 649e1051a39Sopenharmony_ci [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], 650e1051a39Sopenharmony_ci [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], 651e1051a39Sopenharmony_ci [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], 652e1051a39Sopenharmony_ci [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], 653e1051a39Sopenharmony_ci [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], 654e1051a39Sopenharmony_ci [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], 655e1051a39Sopenharmony_ci [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], 656e1051a39Sopenharmony_ci [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], 657e1051a39Sopenharmony_ci [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], 658e1051a39Sopenharmony_ci [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], 659e1051a39Sopenharmony_ci [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], 660e1051a39Sopenharmony_ci [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], 661e1051a39Sopenharmony_ci [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], 662e1051a39Sopenharmony_ci [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], 663e1051a39Sopenharmony_ci [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], 664e1051a39Sopenharmony_ci [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], 665e1051a39Sopenharmony_ci [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], 666e1051a39Sopenharmony_ci [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], 667e1051a39Sopenharmony_ci [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], 668e1051a39Sopenharmony_ci [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], 669e1051a39Sopenharmony_ci [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], 670e1051a39Sopenharmony_ci [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], 671e1051a39Sopenharmony_ci [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], 672e1051a39Sopenharmony_ci [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], 673e1051a39Sopenharmony_ci [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], 674e1051a39Sopenharmony_ci [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], 675e1051a39Sopenharmony_ci [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], 676e1051a39Sopenharmony_ci [ "4.14", "Distribution Points" ], 677e1051a39Sopenharmony_ci [ "4.14.1", "Valid distributionPoint Test1", 0 ], 678e1051a39Sopenharmony_ci [ "4.14.2", "Invalid distributionPoint Test2", 23 ], 679e1051a39Sopenharmony_ci [ "4.14.3", "Invalid distributionPoint Test3", 44 ], 680e1051a39Sopenharmony_ci [ "4.14.4", "Valid distributionPoint Test4", 0 ], 681e1051a39Sopenharmony_ci [ "4.14.5", "Valid distributionPoint Test5", 0 ], 682e1051a39Sopenharmony_ci [ "4.14.6", "Invalid distributionPoint Test6", 23 ], 683e1051a39Sopenharmony_ci [ "4.14.7", "Valid distributionPoint Test7", 0 ], 684e1051a39Sopenharmony_ci [ "4.14.8", "Invalid distributionPoint Test8", 44 ], 685e1051a39Sopenharmony_ci [ "4.14.9", "Invalid distributionPoint Test9", 44 ], 686e1051a39Sopenharmony_ci [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], 687e1051a39Sopenharmony_ci [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], 688e1051a39Sopenharmony_ci [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], 689e1051a39Sopenharmony_ci [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], 690e1051a39Sopenharmony_ci [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], 691e1051a39Sopenharmony_ci [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], 692e1051a39Sopenharmony_ci [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], 693e1051a39Sopenharmony_ci [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], 694e1051a39Sopenharmony_ci [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], 695e1051a39Sopenharmony_ci [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], 696e1051a39Sopenharmony_ci [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], 697e1051a39Sopenharmony_ci [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], 698e1051a39Sopenharmony_ci [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], 699e1051a39Sopenharmony_ci [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], 700e1051a39Sopenharmony_ci [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], 701e1051a39Sopenharmony_ci [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], 702e1051a39Sopenharmony_ci [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], 703e1051a39Sopenharmony_ci [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], 704e1051a39Sopenharmony_ci [ "4.14.28", "Valid cRLIssuer Test28", 0 ], 705e1051a39Sopenharmony_ci [ "4.14.29", "Valid cRLIssuer Test29", 0 ], 706e1051a39Sopenharmony_ci 707e1051a39Sopenharmony_ci # Although this test is valid it has a circular dependency. As a result 708e1051a39Sopenharmony_ci # an attempt is made to recursively checks a CRL path and rejected due to 709e1051a39Sopenharmony_ci # a CRL path validation error. PKITS notes suggest this test does not 710e1051a39Sopenharmony_ci # need to be run due to this issue. 711e1051a39Sopenharmony_ci [ "4.14.30", "Valid cRLIssuer Test30", 54 ], 712e1051a39Sopenharmony_ci [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], 713e1051a39Sopenharmony_ci [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], 714e1051a39Sopenharmony_ci [ "4.14.33", "Valid cRLIssuer Test33", 0 ], 715e1051a39Sopenharmony_ci [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], 716e1051a39Sopenharmony_ci [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], 717e1051a39Sopenharmony_ci [ "4.15", "Delta-CRLs" ], 718e1051a39Sopenharmony_ci [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], 719e1051a39Sopenharmony_ci [ "4.15.2", "Valid delta-CRL Test2", 0 ], 720e1051a39Sopenharmony_ci [ "4.15.3", "Invalid delta-CRL Test3", 23 ], 721e1051a39Sopenharmony_ci [ "4.15.4", "Invalid delta-CRL Test4", 23 ], 722e1051a39Sopenharmony_ci [ "4.15.5", "Valid delta-CRL Test5", 0 ], 723e1051a39Sopenharmony_ci [ "4.15.6", "Invalid delta-CRL Test6", 23 ], 724e1051a39Sopenharmony_ci [ "4.15.7", "Valid delta-CRL Test7", 0 ], 725e1051a39Sopenharmony_ci [ "4.15.8", "Valid delta-CRL Test8", 0 ], 726e1051a39Sopenharmony_ci [ "4.15.9", "Invalid delta-CRL Test9", 23 ], 727e1051a39Sopenharmony_ci [ "4.15.10", "Invalid delta-CRL Test10", 12 ], 728e1051a39Sopenharmony_ci [ "4.16", "Private Certificate Extensions" ], 729e1051a39Sopenharmony_ci [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], 730e1051a39Sopenharmony_ci [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], 731e1051a39Sopenharmony_ci); 732e1051a39Sopenharmony_ci 733e1051a39Sopenharmony_ci 734e1051a39Sopenharmony_cimy $verbose = 1; 735e1051a39Sopenharmony_ci 736e1051a39Sopenharmony_cimy $numtest = 0; 737e1051a39Sopenharmony_cimy $numfail = 0; 738e1051a39Sopenharmony_ci 739e1051a39Sopenharmony_cimy $ossl = "ossl/apps/openssl"; 740e1051a39Sopenharmony_ci 741e1051a39Sopenharmony_cimy $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; 742e1051a39Sopenharmony_ci$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; 743e1051a39Sopenharmony_ci 744e1051a39Sopenharmony_ci# Check for expiry of trust anchor 745e1051a39Sopenharmony_cisystem "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; 746e1051a39Sopenharmony_ciif ($? == 256) 747e1051a39Sopenharmony_ci { 748e1051a39Sopenharmony_ci print STDERR "WARNING: using older expired data\n"; 749e1051a39Sopenharmony_ci $ossl_cmd .= "-attime 1291940972 "; 750e1051a39Sopenharmony_ci } 751e1051a39Sopenharmony_ci 752e1051a39Sopenharmony_ci$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; 753e1051a39Sopenharmony_ci 754e1051a39Sopenharmony_cisystem "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; 755e1051a39Sopenharmony_ci 756e1051a39Sopenharmony_cidie "Can't create trust anchor file" if $?; 757e1051a39Sopenharmony_ci 758e1051a39Sopenharmony_ciprint "Running PKITS tests:\n" if $verbose; 759e1051a39Sopenharmony_ci 760e1051a39Sopenharmony_ciforeach (@testlists) { 761e1051a39Sopenharmony_ci my $argnum = @$_; 762e1051a39Sopenharmony_ci if ( $argnum == 2 ) { 763e1051a39Sopenharmony_ci my ( $tnum, $title ) = @$_; 764e1051a39Sopenharmony_ci print "$tnum $title\n" if $verbose; 765e1051a39Sopenharmony_ci } 766e1051a39Sopenharmony_ci elsif ( $argnum == 3 ) { 767e1051a39Sopenharmony_ci my ( $tnum, $title, $exp_ret ) = @$_; 768e1051a39Sopenharmony_ci my $filename = $title; 769e1051a39Sopenharmony_ci $exp_ret += 32 if $exp_ret; 770e1051a39Sopenharmony_ci $filename =~ tr/ -//d; 771e1051a39Sopenharmony_ci $filename = "Signed${filename}.eml"; 772e1051a39Sopenharmony_ci if ( !-f "$pkitsdir/$filename" ) { 773e1051a39Sopenharmony_ci print "\"$filename\" not found\n"; 774e1051a39Sopenharmony_ci } 775e1051a39Sopenharmony_ci else { 776e1051a39Sopenharmony_ci my $ret; 777e1051a39Sopenharmony_ci my $test_fail = 0; 778e1051a39Sopenharmony_ci my $errmsg = ""; 779e1051a39Sopenharmony_ci my $cmd = $ossl_cmd; 780e1051a39Sopenharmony_ci $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; 781e1051a39Sopenharmony_ci my $cmdout = `$cmd`; 782e1051a39Sopenharmony_ci $ret = $? >> 8; 783e1051a39Sopenharmony_ci if ( $? & 0xff ) { 784e1051a39Sopenharmony_ci $errmsg .= "Abnormal OpenSSL termination\n"; 785e1051a39Sopenharmony_ci $test_fail = 1; 786e1051a39Sopenharmony_ci } 787e1051a39Sopenharmony_ci if ( $exp_ret != $ret ) { 788e1051a39Sopenharmony_ci $errmsg .= "Return code:$ret, "; 789e1051a39Sopenharmony_ci $errmsg .= "expected $exp_ret\n"; 790e1051a39Sopenharmony_ci $test_fail = 1; 791e1051a39Sopenharmony_ci } 792e1051a39Sopenharmony_ci if ($test_fail) { 793e1051a39Sopenharmony_ci print "$tnum $title : Failed!\n"; 794e1051a39Sopenharmony_ci print "Filename: $pkitsdir/$filename\n"; 795e1051a39Sopenharmony_ci print $errmsg; 796e1051a39Sopenharmony_ci print "Command output:\n$cmdout\n"; 797e1051a39Sopenharmony_ci $numfail++; 798e1051a39Sopenharmony_ci } 799e1051a39Sopenharmony_ci $numtest++; 800e1051a39Sopenharmony_ci } 801e1051a39Sopenharmony_ci } 802e1051a39Sopenharmony_ci elsif ( $argnum == 7 ) { 803e1051a39Sopenharmony_ci my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) 804e1051a39Sopenharmony_ci = @$_; 805e1051a39Sopenharmony_ci my $filename = $title; 806e1051a39Sopenharmony_ci $exp_ret += 32 if $exp_ret; 807e1051a39Sopenharmony_ci $filename =~ tr/ -//d; 808e1051a39Sopenharmony_ci $filename = "Signed${filename}.eml"; 809e1051a39Sopenharmony_ci if ( !-f "$pkitsdir/$filename" ) { 810e1051a39Sopenharmony_ci print "\"$filename\" not found\n"; 811e1051a39Sopenharmony_ci } 812e1051a39Sopenharmony_ci else { 813e1051a39Sopenharmony_ci my $ret; 814e1051a39Sopenharmony_ci my $cmdout = ""; 815e1051a39Sopenharmony_ci my $errmsg = ""; 816e1051a39Sopenharmony_ci my $epol = ""; 817e1051a39Sopenharmony_ci my $aset = ""; 818e1051a39Sopenharmony_ci my $uset = ""; 819e1051a39Sopenharmony_ci my $pol = -1; 820e1051a39Sopenharmony_ci my $test_fail = 0; 821e1051a39Sopenharmony_ci my $cmd = $ossl_cmd; 822e1051a39Sopenharmony_ci $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; 823e1051a39Sopenharmony_ci @oparr = `$cmd`; 824e1051a39Sopenharmony_ci $ret = $? >> 8; 825e1051a39Sopenharmony_ci 826e1051a39Sopenharmony_ci if ( $? & 0xff ) { 827e1051a39Sopenharmony_ci $errmsg .= "Abnormal OpenSSL termination\n"; 828e1051a39Sopenharmony_ci $test_fail = 1; 829e1051a39Sopenharmony_ci } 830e1051a39Sopenharmony_ci foreach (@oparr) { 831e1051a39Sopenharmony_ci my $test_failed = 0; 832e1051a39Sopenharmony_ci $cmdout .= $_; 833e1051a39Sopenharmony_ci if (/^Require explicit Policy: (.*)$/) { 834e1051a39Sopenharmony_ci $epol = $1; 835e1051a39Sopenharmony_ci } 836e1051a39Sopenharmony_ci if (/^Authority Policies/) { 837e1051a39Sopenharmony_ci if (/empty/) { 838e1051a39Sopenharmony_ci $aset = "<empty>"; 839e1051a39Sopenharmony_ci } 840e1051a39Sopenharmony_ci else { 841e1051a39Sopenharmony_ci $pol = 1; 842e1051a39Sopenharmony_ci } 843e1051a39Sopenharmony_ci } 844e1051a39Sopenharmony_ci $test_fail = 1 if (/leak/i); 845e1051a39Sopenharmony_ci if (/^User Policies/) { 846e1051a39Sopenharmony_ci if (/empty/) { 847e1051a39Sopenharmony_ci $uset = "<empty>"; 848e1051a39Sopenharmony_ci } 849e1051a39Sopenharmony_ci else { 850e1051a39Sopenharmony_ci $pol = 2; 851e1051a39Sopenharmony_ci } 852e1051a39Sopenharmony_ci } 853e1051a39Sopenharmony_ci if (/\s+Policy: (.*)$/) { 854e1051a39Sopenharmony_ci if ( $pol == 1 ) { 855e1051a39Sopenharmony_ci $aset .= ":" if $aset ne ""; 856e1051a39Sopenharmony_ci $aset .= $1; 857e1051a39Sopenharmony_ci } 858e1051a39Sopenharmony_ci elsif ( $pol == 2 ) { 859e1051a39Sopenharmony_ci $uset .= ":" if $uset ne ""; 860e1051a39Sopenharmony_ci $uset .= $1; 861e1051a39Sopenharmony_ci } 862e1051a39Sopenharmony_ci } 863e1051a39Sopenharmony_ci } 864e1051a39Sopenharmony_ci 865e1051a39Sopenharmony_ci if ( $epol ne $exp_epol ) { 866e1051a39Sopenharmony_ci $errmsg .= "Explicit policy:$epol, "; 867e1051a39Sopenharmony_ci $errmsg .= "expected $exp_epol\n"; 868e1051a39Sopenharmony_ci $test_fail = 1; 869e1051a39Sopenharmony_ci } 870e1051a39Sopenharmony_ci if ( $aset ne $exp_aset ) { 871e1051a39Sopenharmony_ci $errmsg .= "Authority policy set :$aset, "; 872e1051a39Sopenharmony_ci $errmsg .= "expected $exp_aset\n"; 873e1051a39Sopenharmony_ci $test_fail = 1; 874e1051a39Sopenharmony_ci } 875e1051a39Sopenharmony_ci if ( $uset ne $exp_uset ) { 876e1051a39Sopenharmony_ci $errmsg .= "User policy set :$uset, "; 877e1051a39Sopenharmony_ci $errmsg .= "expected $exp_uset\n"; 878e1051a39Sopenharmony_ci $test_fail = 1; 879e1051a39Sopenharmony_ci } 880e1051a39Sopenharmony_ci 881e1051a39Sopenharmony_ci if ( $exp_ret != $ret ) { 882e1051a39Sopenharmony_ci print "Return code:$ret, expected $exp_ret\n"; 883e1051a39Sopenharmony_ci $test_fail = 1; 884e1051a39Sopenharmony_ci } 885e1051a39Sopenharmony_ci 886e1051a39Sopenharmony_ci if ($test_fail) { 887e1051a39Sopenharmony_ci print "$tnum $title : Failed!\n"; 888e1051a39Sopenharmony_ci print "Filename: $pkitsdir/$filename\n"; 889e1051a39Sopenharmony_ci print "Command output:\n$cmdout\n"; 890e1051a39Sopenharmony_ci $numfail++; 891e1051a39Sopenharmony_ci } 892e1051a39Sopenharmony_ci $numtest++; 893e1051a39Sopenharmony_ci } 894e1051a39Sopenharmony_ci } 895e1051a39Sopenharmony_ci} 896e1051a39Sopenharmony_ci 897e1051a39Sopenharmony_ciif ($numfail) { 898e1051a39Sopenharmony_ci print "$numfail tests failed out of $numtest\n"; 899e1051a39Sopenharmony_ci} 900e1051a39Sopenharmony_cielse { 901e1051a39Sopenharmony_ci print "All Tests Successful.\n"; 902e1051a39Sopenharmony_ci} 903e1051a39Sopenharmony_ci 904e1051a39Sopenharmony_ciunlink "pkitsta.pem"; 905e1051a39Sopenharmony_ci 906