summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/chains/scenarios/ipsec.cfg
blob: 8c1ef3994d80f14077c687940301a21e49e27d58 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

scenario IPsec

entity Root
  type Root

entity CA1
  type Intermediate
  issuer Root 

entity NoKU
  type EE
  issuer CA1

entity DigSig
  type EE
  issuer CA1
    ku digitalSignature

entity NonRep
  type EE
  issuer CA1
    ku nonRepudiation

entity DigSigNonRepAndExtra
  type EE
  issuer CA1
    ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement

entity NoMatch
  type EE
  issuer CA1
    ku keyEncipherment,dataEncipherment,keyAgreement

entity NonCriticalServerAuthEKU
  type EE
  issuer CA1
    eku serverAuth

entity NonIPSECEKU
  type EE
  issuer CA1
    eku codeSigning

entity CriticalServerAuthEKU
  type EE
  issuer CA1
    ku digitalSignature
    eku critical,serverAuth

entity EKUIPsecIKE
  type EE
  issuer CA1
    ku digitalSignature
    eku critical,ipsecIKE

entity EKUIPsecIKEEnd
  type EE
  issuer CA1
    ku digitalSignature
    eku ipsecIKEEnd

entity EKUIPsecIKEIntermediate
  type EE
  issuer CA1
    ku digitalSignature
    eku codeSigning,serverAuth,ipsecIKEIntermediate

entity EKUAny
  type EE
  issuer CA1
    ku digitalSignature
    eku x509Any

entity EKUEmail
  type EE
  issuer CA1
    ku digitalSignature
    eku emailProtection

entity EKUIPsecUser
  type EE
  issuer CA1
    ku digitalSignature
    eku ipsecUser

db All

import Root::C,,
import CA1:Root:

verify NoKU:CA1
  usage 12
  result pass

verify DigSig:CA1
  usage 12
  result pass

verify NonRep:CA1
  usage 12
  result pass

verify DigSigNonRepAndExtra:CA1
  usage 12
  result pass

verify NoMatch:CA1
  usage 12
  result fail

verify NonIPSECEKU:CA1
  usage 12
  result fail

verify NonCriticalServerAuthEKU:CA1
  usage 12
  result pass

verify CriticalServerAuthEKU:CA1
  usage 12
  result pass

verify EKUIPsecIKE:CA1
  usage 12
  result pass

verify EKUIPsecIKEEnd:CA1
  usage 12
  result pass

verify EKUIPsecIKEIntermediate:CA1
  usage 12
  result pass

verify EKUAny:CA1
  usage 12
  result pass

verify EKUEmail:CA1
  usage 12
  result pass

verify EKUIPsecUser:CA1
  usage 12
  result pass