1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
scenario IPsec
entity Root
type Root
entity CA1
type Intermediate
issuer Root
entity NoKU
type EE
issuer CA1
entity DigSig
type EE
issuer CA1
ku digitalSignature
entity NonRep
type EE
issuer CA1
ku nonRepudiation
entity DigSigNonRepAndExtra
type EE
issuer CA1
ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
entity NoMatch
type EE
issuer CA1
ku keyEncipherment,dataEncipherment,keyAgreement
entity NonCriticalServerAuthEKU
type EE
issuer CA1
eku serverAuth
entity NonIPSECEKU
type EE
issuer CA1
eku codeSigning
entity CriticalServerAuthEKU
type EE
issuer CA1
ku digitalSignature
eku critical,serverAuth
entity EKUIPsecIKE
type EE
issuer CA1
ku digitalSignature
eku critical,ipsecIKE
entity EKUIPsecIKEEnd
type EE
issuer CA1
ku digitalSignature
eku ipsecIKEEnd
entity EKUIPsecIKEIntermediate
type EE
issuer CA1
ku digitalSignature
eku codeSigning,serverAuth,ipsecIKEIntermediate
entity EKUAny
type EE
issuer CA1
ku digitalSignature
eku x509Any
entity EKUEmail
type EE
issuer CA1
ku digitalSignature
eku emailProtection
entity EKUIPsecUser
type EE
issuer CA1
ku digitalSignature
eku ipsecUser
db All
import Root::C,,
import CA1:Root:
verify NoKU:CA1
usage 12
result pass
verify DigSig:CA1
usage 12
result pass
verify NonRep:CA1
usage 12
result pass
verify DigSigNonRepAndExtra:CA1
usage 12
result pass
verify NoMatch:CA1
usage 12
result fail
verify NonIPSECEKU:CA1
usage 12
result fail
verify NonCriticalServerAuthEKU:CA1
usage 12
result pass
verify CriticalServerAuthEKU:CA1
usage 12
result pass
verify EKUIPsecIKE:CA1
usage 12
result pass
verify EKUIPsecIKEEnd:CA1
usage 12
result pass
verify EKUIPsecIKEIntermediate:CA1
usage 12
result pass
verify EKUAny:CA1
usage 12
result pass
verify EKUEmail:CA1
usage 12
result pass
verify EKUIPsecUser:CA1
usage 12
result pass
|