diff options
Diffstat (limited to 'lib/public_key/test/pkits_SUITE.erl')
-rw-r--r-- | lib/public_key/test/pkits_SUITE.erl | 672 |
1 files changed, 425 insertions, 247 deletions
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl index a325a975e9..e59f299399 100644 --- a/lib/public_key/test/pkits_SUITE.erl +++ b/lib/public_key/test/pkits_SUITE.erl @@ -72,7 +72,8 @@ groups() -> [invalid_name_chain, whitespace_name_chain, capitalization_name_chain, uid_name_chain, attrib_name_chain, string_name_chain]}, {verifying_paths_with_self_issued_certificates, [], - [basic_valid, basic_invalid, crl_signing_valid, crl_signing_invalid]}, + [basic_valid, %%basic_invalid, + crl_signing_valid, crl_signing_invalid]}, %% {basic_certificate_revocation_tests, [], %% [missing_CRL, revoked_CA, revoked_peer, invalid_CRL_signature, %% invalid_CRL_issuer, invalid_CRL, valid_CRL, @@ -116,14 +117,12 @@ end_per_testcase(_Func, Config) -> Config. init_per_suite(Config) -> - {skip, "PKIX Conformance test certificates expired 14 of April 2011," - " new conformance test suite uses new format so skip until PKCS-12 support is implemented"}. - %% try crypto:start() of - %% ok -> - %% Config - %% catch _:_ -> - %% {skip, "Crypto did not start"} - %% end. + try crypto:start() of + ok -> + crypto_support_check(Config) + catch _:_ -> + {skip, "Crypto did not start"} + end. end_per_suite(_Config) -> application:stop(crypto). @@ -134,109 +133,109 @@ valid_rsa_signature(doc) -> valid_rsa_signature(suite) -> []; valid_rsa_signature(Config) when is_list(Config) -> - run([{ "4.1.1", "Valid Signatures Test1", ok}]). + run([{ "4.1.1", "Valid Certificate Path Test1 EE", ok}]). invalid_rsa_signature(doc) -> ["Test rsa signatur verification"]; invalid_rsa_signature(suite) -> []; invalid_rsa_signature(Config) when is_list(Config) -> - run([{ "4.1.2", "Invalid CA Signature Test2", {bad_cert,invalid_signature}}, - { "4.1.3", "Invalid EE Signature Test3", {bad_cert,invalid_signature}}]). + run([{ "4.1.2", "Invalid CA Signature Test2 EE", {bad_cert,invalid_signature}}, + { "4.1.3", "Invalid EE Signature Test3 EE", {bad_cert,invalid_signature}}]). valid_dsa_signature(doc) -> ["Test dsa signatur verification"]; valid_dsa_signature(suite) -> []; valid_dsa_signature(Config) when is_list(Config) -> - run([{ "4.1.4", "Valid DSA Signatures Test4", ok}, - { "4.1.5", "Valid DSA Parameter Inheritance Test5", ok}]). + run([{ "4.1.4", "Valid DSA Signatures Test4 EE", ok}, + { "4.1.5", "Valid DSA Parameter Inheritance Test5 EE", ok}]). invalid_dsa_signature(doc) -> ["Test dsa signatur verification"]; invalid_dsa_signature(suite) -> []; invalid_dsa_signature(Config) when is_list(Config) -> - run([{ "4.1.6", "Invalid DSA Signature Test6",{bad_cert,invalid_signature}}]). + run([{ "4.1.6", "Invalid DSA Signature Test6 EE",{bad_cert,invalid_signature}}]). %%----------------------------------------------------------------------------- not_before_invalid(doc) -> [""]; not_before_invalid(suite) -> []; not_before_invalid(Config) when is_list(Config) -> - run([{ "4.2.1", "Invalid CA notBefore Date Test1",{bad_cert, cert_expired}}, - { "4.2.2", "Invalid EE notBefore Date Test2",{bad_cert, cert_expired}}]). + run([{ "4.2.1", "Invalid CA notBefore Date Test1 EE",{bad_cert, cert_expired}}, + { "4.2.2", "Invalid EE notBefore Date Test2 EE",{bad_cert, cert_expired}}]). not_before_valid(doc) -> [""]; not_before_valid(suite) -> []; not_before_valid(Config) when is_list(Config) -> - run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", ok}, - { "4.2.4", "Valid GeneralizedTime notBefore Date Test4", ok}]). + run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3 EE", ok}, + { "4.2.4", "Valid GeneralizedTime notBefore Date Test4 EE", ok}]). not_after_invalid(doc) -> [""]; not_after_invalid(suite) -> []; not_after_invalid(Config) when is_list(Config) -> - run([{ "4.2.5", "Invalid CA notAfter Date Test5", {bad_cert, cert_expired}}, - { "4.2.6", "Invalid EE notAfter Date Test6", {bad_cert, cert_expired}}, - { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7",{bad_cert, cert_expired}}]). + run([{ "4.2.5", "Invalid CA notAfter Date Test5 EE", {bad_cert, cert_expired}}, + { "4.2.6", "Invalid EE notAfter Date Test6 EE", {bad_cert, cert_expired}}, + { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7 EE",{bad_cert, cert_expired}}]). not_after_valid(doc) -> [""]; not_after_valid(suite) -> []; not_after_valid(Config) when is_list(Config) -> - run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", ok}]). + run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8 EE", ok}]). %%----------------------------------------------------------------------------- invalid_name_chain(doc) -> [""]; invalid_name_chain(suite) -> []; invalid_name_chain(Config) when is_list(Config) -> - run([{ "4.3.1", "Invalid Name Chaining EE Test1", {bad_cert, invalid_issuer}}, - { "4.3.2", "Invalid Name Chaining Order Test2", {bad_cert, invalid_issuer}}]). + run([{ "4.3.1", "Invalid Name Chaining Test1 EE", {bad_cert, invalid_issuer}}, + { "4.3.2", "Invalid Name Chaining Order Test2 EE", {bad_cert, invalid_issuer}}]). whitespace_name_chain(doc) -> [""]; whitespace_name_chain(suite) -> []; whitespace_name_chain(Config) when is_list(Config) -> - run([{ "4.3.3", "Valid Name Chaining Whitespace Test3", ok}, - { "4.3.4", "Valid Name Chaining Whitespace Test4", ok}]). + run([{ "4.3.3", "Valid Name Chaining Whitespace Test3 EE", ok}, + { "4.3.4", "Valid Name Chaining Whitespace Test4 EE", ok}]). capitalization_name_chain(doc) -> [""]; capitalization_name_chain(suite) -> []; capitalization_name_chain(Config) when is_list(Config) -> - run([{ "4.3.5", "Valid Name Chaining Capitalization Test5",ok}]). + run([{ "4.3.5", "Valid Name Chaining Capitalization Test5 EE",ok}]). uid_name_chain(doc) -> [""]; uid_name_chain(suite) -> []; uid_name_chain(Config) when is_list(Config) -> - run([{ "4.3.6", "Valid Name Chaining UIDs Test6",ok}]). + run([{ "4.3.6", "Valid Name UIDs Test6 EE",ok}]). attrib_name_chain(doc) -> [""]; attrib_name_chain(suite) -> []; attrib_name_chain(Config) when is_list(Config) -> - run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", ok}, - { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", ok}]). + run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7 EE", ok}, + { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8 EE", ok}]). string_name_chain(doc) -> [""]; string_name_chain(suite) -> []; string_name_chain(Config) when is_list(Config) -> - run([{ "4.3.9", "Valid UTF8String Encoded Names Test9", ok}, - { "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", ok}, - { "4.3.11", "Valid UTF8String Case Insensitive Match Test11", ok}]). + run([{ "4.3.9", "Valid UTF8String Encoded Names Test9 EE", ok}, + %%{ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10 EE", ok}, + { "4.3.11", "Valid UTF8String Case Insensitive Match Test11 EE", ok}]). %%----------------------------------------------------------------------------- @@ -245,9 +244,9 @@ basic_valid(doc) -> basic_valid(suite) -> []; basic_valid(Config) when is_list(Config) -> - run([{ "4.5.1", "Valid Basic Self-Issued Old With New Test1", ok}, - { "4.5.3", "Valid Basic Self-Issued New With Old Test3", ok}, - { "4.5.4", "Valid Basic Self-Issued New With Old Test4", ok} + run([{ "4.5.1", "Valid Basic Self-Issued Old With New Test1 EE", ok}, + { "4.5.3", "Valid Basic Self-Issued New With Old Test3 EE", ok}, + { "4.5.4", "Valid Basic Self-Issued New With Old Test4 EE", ok} ]). basic_invalid(doc) -> @@ -255,9 +254,9 @@ basic_invalid(doc) -> basic_invalid(suite) -> []; basic_invalid(Config) when is_list(Config) -> - run([{"4.5.2", "Invalid Basic Self-Issued Old With New Test2", + run([{"4.5.2", "Invalid Basic Self-Issued Old With New Test2 EE", {bad_cert, {revoked, keyCompromise}}}, - {"4.5.5", "Invalid Basic Self-Issued New With Old Test5", + {"4.5.5", "Invalid Basic Self-Issued New With Old Test5 EE", {bad_cert, {revoked, keyCompromise}}} ]). @@ -266,16 +265,16 @@ crl_signing_valid(doc) -> crl_signing_valid(suite) -> []; crl_signing_valid(Config) when is_list(Config) -> - run([{ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", ok}]). + run([{ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6 EE", ok}]). crl_signing_invalid(doc) -> [""]; crl_signing_invalid(suite) -> []; crl_signing_invalid(Config) when is_list(Config) -> - run([{ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", - {bad_cert, {revoked, keyCompromise}}}, - { "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", + run([%% { "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7 EE", + %% {bad_cert, {revoked, keyCompromise}}}, + { "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8 EE", {bad_cert, invalid_key_usage}} ]). @@ -285,7 +284,7 @@ missing_CRL(doc) -> missing_CRL(suite) -> []; missing_CRL(Config) when is_list(Config) -> - run([{ "4.4.1", "Missing CRL Test1",{bad_cert, + run([{ "4.4.1", "Missing CRL Test1 EE",{bad_cert, revocation_status_undetermined}}]). revoked_CA(doc) -> @@ -293,7 +292,7 @@ revoked_CA(doc) -> revoked_CA(suite) -> []; revoked_CA(Config) when is_list(Config) -> - run([{ "4.4.2", "Invalid Revoked CA Test2", {bad_cert, + run([{ "4.4.2", "Invalid Revoked CA Test2 EE", {bad_cert, {revoked, keyCompromise}}}]). revoked_peer(doc) -> @@ -301,7 +300,7 @@ revoked_peer(doc) -> revoked_peer(suite) -> []; revoked_peer(Config) when is_list(Config) -> - run([{ "4.4.3", "Invalid Revoked EE Test3", {bad_cert, + run([{ "4.4.3", "Invalid Revoked EE Test3 EE", {bad_cert, {revoked, keyCompromise}}}]). invalid_CRL_signature(doc) -> @@ -309,7 +308,7 @@ invalid_CRL_signature(doc) -> invalid_CRL_signature(suite) -> []; invalid_CRL_signature(Config) when is_list(Config) -> - run([{ "4.4.4", "Invalid Bad CRL Signature Test4", + run([{ "4.4.4", "Invalid Bad CRL Signature Test4 EE", {bad_cert, revocation_status_undetermined}}]). invalid_CRL_issuer(doc) -> @@ -317,7 +316,7 @@ invalid_CRL_issuer(doc) -> invalid_CRL_issuer(suite) -> []; invalid_CRL_issuer(Config) when is_list(Config) -> - run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5", + run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5 EE", {bad_cert, revocation_status_undetermined}}). invalid_CRL(doc) -> @@ -325,7 +324,7 @@ invalid_CRL(doc) -> invalid_CRL(suite) -> []; invalid_CRL(Config) when is_list(Config) -> - run([{ "4.4.6", "Invalid Wrong CRL Test6", + run([{ "4.4.6", "Invalid Wrong CRL Test6 EE", {bad_cert, revocation_status_undetermined}}]). valid_CRL(doc) -> @@ -333,18 +332,18 @@ valid_CRL(doc) -> valid_CRL(suite) -> []; valid_CRL(Config) when is_list(Config) -> - run([{ "4.4.7", "Valid Two CRLs Test7", ok}]). + run([{ "4.4.7", "Valid Two CRLs Test7 EE", ok}]). unknown_CRL_extension(doc) -> [""]; unknown_CRL_extension(suite) -> []; unknown_CRL_extension(Config) when is_list(Config) -> - run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", + run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8 EE", {bad_cert, {revoked, keyCompromise}}}, - { "4.4.9", "Invalid Unknown CRL Extension Test9", + { "4.4.9", "Invalid Unknown CRL Extension Test9 EE", {bad_cert, {revoked, keyCompromise}}}, - { "4.4.10", "Invalid Unknown CRL Extension Test10", + { "4.4.10", "Invalid Unknown CRL Extension Test10 EE", {bad_cert, revocation_status_undetermined}}]). old_CRL(doc) -> @@ -352,9 +351,9 @@ old_CRL(doc) -> old_CRL(suite) -> []; old_CRL(Config) when is_list(Config) -> - run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11", + run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11 EE", {bad_cert, revocation_status_undetermined}}, - { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", + { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12 EE", {bad_cert, revocation_status_undetermined}}]). fresh_CRL(doc) -> @@ -362,7 +361,7 @@ fresh_CRL(doc) -> fresh_CRL(suite) -> []; fresh_CRL(Config) when is_list(Config) -> - run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", ok}]). + run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13 EE", ok}]). valid_serial(doc) -> [""]; @@ -370,9 +369,9 @@ valid_serial(suite) -> []; valid_serial(Config) when is_list(Config) -> run([ - { "4.4.14", "Valid Negative Serial Number Test14",ok}, - { "4.4.16", "Valid Long Serial Number Test16", ok}, - { "4.4.17", "Valid Long Serial Number Test17", ok} + { "4.4.14", "Valid Negative Serial Number Test14 EE",ok}, + { "4.4.16", "Valid Long Serial Number Test16 EE", ok}, + { "4.4.17", "Valid Long Serial Number Test17 EE", ok} ]). invalid_serial(doc) -> @@ -380,9 +379,9 @@ invalid_serial(doc) -> invalid_serial(suite) -> []; invalid_serial(Config) when is_list(Config) -> - run([{ "4.4.15", "Invalid Negative Serial Number Test15", + run([{ "4.4.15", "Invalid Negative Serial Number Test15 EE", {bad_cert, {revoked, keyCompromise}}}, - { "4.4.18", "Invalid Long Serial Number Test18", + { "4.4.18", "Invalid Long Serial Number Test18 EE", {bad_cert, {revoked, keyCompromise}}}]). valid_seperate_keys(doc) -> @@ -390,7 +389,7 @@ valid_seperate_keys(doc) -> valid_seperate_keys(suite) -> []; valid_seperate_keys(Config) when is_list(Config) -> - run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", ok}]). + run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19 EE", ok}]). invalid_separate_keys(doc) -> [""]; @@ -408,11 +407,11 @@ missing_basic_constraints(doc) -> missing_basic_constraints(suite) -> []; missing_basic_constraints(Config) when is_list(Config) -> - run([{ "4.6.1", "Invalid Missing basicConstraints Test1", + run([{ "4.6.1", "Invalid Missing basicConstraints Test1 EE", {bad_cert, missing_basic_constraint}}, - { "4.6.2", "Invalid cA False Test2", + { "4.6.2", "Invalid cA False Test2 EE", {bad_cert, missing_basic_constraint}}, - { "4.6.3", "Invalid cA False Test3", + { "4.6.3", "Invalid cA False Test3 EE", {bad_cert, missing_basic_constraint}}]). valid_basic_constraint(doc) -> @@ -420,20 +419,20 @@ valid_basic_constraint(doc) -> valid_basic_constraint(suite) -> []; valid_basic_constraint(Config) when is_list(Config) -> - run([{"4.6.4", "Valid basicConstraints Not Critical Test4", ok}]). + run([{"4.6.4", "Valid basicConstraints Not Critical Test4 EE", ok}]). invalid_path_constraints(doc) -> [""]; invalid_path_constraints(suite) -> []; invalid_path_constraints(Config) when is_list(Config) -> - run([{ "4.6.5", "Invalid pathLenConstraint Test5", {bad_cert, max_path_length_reached}}, - { "4.6.6", "Invalid pathLenConstraint Test6", {bad_cert, max_path_length_reached}}, - { "4.6.9", "Invalid pathLenConstraint Test9", {bad_cert, max_path_length_reached}}, - { "4.6.10", "Invalid pathLenConstraint Test10", {bad_cert, max_path_length_reached}}, - { "4.6.11", "Invalid pathLenConstraint Test11", {bad_cert, max_path_length_reached}}, - { "4.6.12", "Invalid pathLenConstraint Test12", {bad_cert, max_path_length_reached}}, - { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", + run([{ "4.6.5", "Invalid pathLenConstraint Test5 EE", {bad_cert, max_path_length_reached}}, + { "4.6.6", "Invalid pathLenConstraint Test6 EE", {bad_cert, max_path_length_reached}}, + { "4.6.9", "Invalid pathLenConstraint Test9 EE", {bad_cert, max_path_length_reached}}, + { "4.6.10", "Invalid pathLenConstraint Test10 EE", {bad_cert, max_path_length_reached}}, + { "4.6.11", "Invalid pathLenConstraint Test11 EE", {bad_cert, max_path_length_reached}}, + { "4.6.12", "Invalid pathLenConstraint Test12 EE", {bad_cert, max_path_length_reached}}, + { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16 EE", {bad_cert, max_path_length_reached}}]). valid_path_constraints(doc) -> @@ -441,12 +440,12 @@ valid_path_constraints(doc) -> valid_path_constraints(suite) -> []; valid_path_constraints(Config) when is_list(Config) -> - run([{ "4.6.7", "Valid pathLenConstraint Test7", ok}, - { "4.6.8", "Valid pathLenConstraint Test8", ok}, - { "4.6.13", "Valid pathLenConstraint Test13", ok}, - { "4.6.14", "Valid pathLenConstraint Test14", ok}, - { "4.6.15", "Valid Self-Issued pathLenConstraint Test15", ok}, - { "4.6.17", "Valid Self-Issued pathLenConstraint Test17", ok}]). + run([{ "4.6.7", "Valid pathLenConstraint Test7 EE", ok}, + { "4.6.8", "Valid pathLenConstraint Test8 EE", ok}, + { "4.6.13", "Valid pathLenConstraint Test13 EE", ok}, + { "4.6.14", "Valid pathLenConstraint Test14 EE", ok}, + { "4.6.15", "Valid Self-Issued pathLenConstraint Test15 EE", ok}, + { "4.6.17", "Valid Self-Issued pathLenConstraint Test17 EE", ok}]). %%----------------------------------------------------------------------------- invalid_key_usage(doc) -> @@ -454,14 +453,14 @@ invalid_key_usage(doc) -> invalid_key_usage(suite) -> []; invalid_key_usage(Config) when is_list(Config) -> - run([{ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", + run([{ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1 EE", {bad_cert,invalid_key_usage} }, - { "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", - {bad_cert,invalid_key_usage}}, - { "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", - {bad_cert, revocation_status_undetermined}}, - { "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", - {bad_cert, revocation_status_undetermined}} + { "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2 EE", + {bad_cert,invalid_key_usage}} + %% { "4.7.4", "Invalid keyUsage Critical cRLSign False Test4 EE", + %% {bad_cert, revocation_status_undetermined}}, + %% { "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5 EE", + %% {bad_cert, revocation_status_undetermined}} ]). valid_key_usage(doc) -> @@ -469,7 +468,7 @@ valid_key_usage(doc) -> valid_key_usage(suite) -> []; valid_key_usage(Config) when is_list(Config) -> - run([{ "4.7.3", "Valid keyUsage Not Critical Test3", ok}]). + run([{ "4.7.3", "Valid keyUsage Not Critical Test3 EE", ok}]). %%----------------------------------------------------------------------------- certificate_policies(doc) -> [""]; @@ -503,32 +502,32 @@ valid_DN_name_constraints(doc) -> valid_DN_name_constraints(suite) -> []; valid_DN_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.1", "Valid DN nameConstraints Test1", ok}, - { "4.13.4", "Valid DN nameConstraints Test4", ok}, - { "4.13.5", "Valid DN nameConstraints Test5", ok}, - { "4.13.6", "Valid DN nameConstraints Test6", ok}, - { "4.13.11", "Valid DN nameConstraints Test11", ok}, - { "4.13.14", "Valid DN nameConstraints Test14", ok}, - { "4.13.18", "Valid DN nameConstraints Test18", ok}, - { "4.13.19", "Valid Self-Issued DN nameConstraints Test19", ok}]). + run([{ "4.13.1", "Valid DN nameConstraints Test1 EE", ok}, + { "4.13.4", "Valid DN nameConstraints Test4 EE", ok}, + { "4.13.5", "Valid DN nameConstraints Test5 EE", ok}, + { "4.13.6", "Valid DN nameConstraints Test6 EE", ok}, + { "4.13.11", "Valid DN nameConstraints Test11 EE", ok}, + { "4.13.14", "Valid DN nameConstraints Test14 EE", ok}, + { "4.13.18", "Valid DN nameConstraints Test18 EE", ok}, + { "4.13.19", "Valid DN nameConstraints Test19 EE", ok}]). invalid_DN_name_constraints(doc) -> [""]; invalid_DN_name_constraints(suite) -> []; invalid_DN_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.2", "Invalid DN nameConstraints Test2", {bad_cert, name_not_permitted}}, - { "4.13.3", "Invalid DN nameConstraints Test3", {bad_cert, name_not_permitted}}, - { "4.13.7", "Invalid DN nameConstraints Test7", {bad_cert, name_not_permitted}}, - { "4.13.8", "Invalid DN nameConstraints Test8", {bad_cert, name_not_permitted}}, - { "4.13.9", "Invalid DN nameConstraints Test9", {bad_cert, name_not_permitted}}, - { "4.13.10", "Invalid DN nameConstraints Test10",{bad_cert, name_not_permitted}}, - { "4.13.12", "Invalid DN nameConstraints Test12",{bad_cert, name_not_permitted}}, - { "4.13.13", "Invalid DN nameConstraints Test13",{bad_cert, name_not_permitted}}, - { "4.13.15", "Invalid DN nameConstraints Test15",{bad_cert, name_not_permitted}}, - { "4.13.16", "Invalid DN nameConstraints Test16",{bad_cert, name_not_permitted}}, - { "4.13.17", "Invalid DN nameConstraints Test17",{bad_cert, name_not_permitted}}, - { "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", + run([{ "4.13.2", "Invalid DN nameConstraints Test2 EE", {bad_cert, name_not_permitted}}, + { "4.13.3", "Invalid DN nameConstraints Test3 EE", {bad_cert, name_not_permitted}}, + { "4.13.7", "Invalid DN nameConstraints Test7 EE", {bad_cert, name_not_permitted}}, + { "4.13.8", "Invalid DN nameConstraints Test8 EE", {bad_cert, name_not_permitted}}, + { "4.13.9", "Invalid DN nameConstraints Test9 EE", {bad_cert, name_not_permitted}}, + { "4.13.10", "Invalid DN nameConstraints Test10 EE",{bad_cert, name_not_permitted}}, + { "4.13.12", "Invalid DN nameConstraints Test12 EE",{bad_cert, name_not_permitted}}, + { "4.13.13", "Invalid DN nameConstraints Test13 EE",{bad_cert, name_not_permitted}}, + { "4.13.15", "Invalid DN nameConstraints Test15 EE",{bad_cert, name_not_permitted}}, + { "4.13.16", "Invalid DN nameConstraints Test16 EE",{bad_cert, name_not_permitted}}, + { "4.13.17", "Invalid DN nameConstraints Test17 EE",{bad_cert, name_not_permitted}}, + { "4.13.20", "Invalid DN nameConstraints Test20 EE", {bad_cert, name_not_permitted}}]). valid_rfc822_name_constraints(doc) -> @@ -536,9 +535,9 @@ valid_rfc822_name_constraints(doc) -> valid_rfc822_name_constraints(suite) -> []; valid_rfc822_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.21", "Valid RFC822 nameConstraints Test21", ok}, - { "4.13.23", "Valid RFC822 nameConstraints Test23", ok}, - { "4.13.25", "Valid RFC822 nameConstraints Test25", ok}]). + run([{ "4.13.21", "Valid RFC822 nameConstraints Test21 EE", ok}, + { "4.13.23", "Valid RFC822 nameConstraints Test23 EE", ok}, + { "4.13.25", "Valid RFC822 nameConstraints Test25 EE", ok}]). invalid_rfc822_name_constraints(doc) -> @@ -546,11 +545,11 @@ invalid_rfc822_name_constraints(doc) -> invalid_rfc822_name_constraints(suite) -> []; invalid_rfc822_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22", + run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22 EE", {bad_cert, name_not_permitted}}, - { "4.13.24", "Invalid RFC822 nameConstraints Test24", + { "4.13.24", "Invalid RFC822 nameConstraints Test24 EE", {bad_cert, name_not_permitted}}, - { "4.13.26", "Invalid RFC822 nameConstraints Test26", + { "4.13.26", "Invalid RFC822 nameConstraints Test26 EE", {bad_cert, name_not_permitted}}]). valid_DN_and_rfc822_name_constraints(doc) -> @@ -558,16 +557,16 @@ valid_DN_and_rfc822_name_constraints(doc) -> valid_DN_and_rfc822_name_constraints(suite) -> []; valid_DN_and_rfc822_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", ok}]). + run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27 EE", ok}]). invalid_DN_and_rfc822_name_constraints(doc) -> [""]; invalid_DN_and_rfc822_name_constraints(suite) -> []; invalid_DN_and_rfc822_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", + run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28 EE", {bad_cert, name_not_permitted}}, - { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", + { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29 EE", {bad_cert, name_not_permitted}}]). valid_dns_name_constraints(doc) -> @@ -575,33 +574,33 @@ valid_dns_name_constraints(doc) -> valid_dns_name_constraints(suite) -> []; valid_dns_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.30", "Valid DNS nameConstraints Test30", ok}, - { "4.13.32", "Valid DNS nameConstraints Test32", ok}]). + run([{ "4.13.30", "Valid DNS nameConstraints Test30 EE", ok}, + { "4.13.32", "Valid DNS nameConstraints Test32 EE", ok}]). invalid_dns_name_constraints(doc) -> [""]; invalid_dns_name_constraints(suite) -> []; invalid_dns_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.31", "Invalid DNS nameConstraints Test31", {bad_cert, name_not_permitted}}, - { "4.13.33", "Invalid DNS nameConstraints Test33", {bad_cert, name_not_permitted}}, - { "4.13.38", "Invalid DNS nameConstraints Test38", {bad_cert, name_not_permitted}}]). + run([{ "4.13.31", "Invalid DNS nameConstraints Test31 EE", {bad_cert, name_not_permitted}}, + { "4.13.33", "Invalid DNS nameConstraints Test33 EE", {bad_cert, name_not_permitted}}, + { "4.13.38", "Invalid DNS nameConstraints Test38 EE", {bad_cert, name_not_permitted}}]). valid_uri_name_constraints(doc) -> [""]; valid_uri_name_constraints(suite) -> []; valid_uri_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.34", "Valid URI nameConstraints Test34", ok}, - { "4.13.36", "Valid URI nameConstraints Test36", ok}]). + run([{ "4.13.34", "Valid URI nameConstraints Test34 EE", ok}, + { "4.13.36", "Valid URI nameConstraints Test36 EE", ok}]). invalid_uri_name_constraints(doc) -> [""]; invalid_uri_name_constraints(suite) -> []; invalid_uri_name_constraints(Config) when is_list(Config) -> - run([{ "4.13.35", "Invalid URI nameConstraints Test35",{bad_cert, name_not_permitted}}, - { "4.13.37", "Invalid URI nameConstraints Test37",{bad_cert, name_not_permitted}}]). + run([{ "4.13.35", "Invalid URI nameConstraints Test35 EE",{bad_cert, name_not_permitted}}, + { "4.13.37", "Invalid URI nameConstraints Test37 EE",{bad_cert, name_not_permitted}}]). %%----------------------------------------------------------------------------- delta_without_crl(doc) -> @@ -609,20 +608,20 @@ delta_without_crl(doc) -> delta_without_crl(suite) -> []; delta_without_crl(Config) when is_list(Config) -> - run([{ "4.15.1", "Invalid deltaCRLIndicator No Base Test1",{bad_cert, + run([{ "4.15.1", "Invalid deltaCRLIndicator No Base Test1 EE",{bad_cert, revocation_status_undetermined}}, - {"4.15.10", "Invalid delta-CRL Test10", {bad_cert, - revocation_status_undetermined}}]). + {"4.15.10", "Invalid delta-CRL Test10 EE", {bad_cert, + revocation_status_undetermined}}]). valid_delta_crls(doc) -> [""]; valid_delta_crls(suite) -> []; valid_delta_crls(Config) when is_list(Config) -> - run([{ "4.15.2", "Valid delta-CRL Test2", ok}, - { "4.15.5", "Valid delta-CRL Test5", ok}, - { "4.15.7", "Valid delta-CRL Test7", ok}, - { "4.15.8", "Valid delta-CRL Test8", ok} + run([{ "4.15.2", "Valid delta-CRL Test2 EE", ok}, + { "4.15.5", "Valid delta-CRL Test5 EE", ok}, + { "4.15.7", "Valid delta-CRL Test7 EE", ok}, + { "4.15.8", "Valid delta-CRL Test8 EE", ok} ]). invalid_delta_crls(doc) -> @@ -630,10 +629,10 @@ invalid_delta_crls(doc) -> invalid_delta_crls(suite) -> []; invalid_delta_crls(Config) when is_list(Config) -> - run([{ "4.15.3", "Invalid delta-CRL Test3", {bad_cert,{revoked, keyCompromise}}}, - { "4.15.4", "Invalid delta-CRL Test4", {bad_cert,{revoked, keyCompromise}}}, - { "4.15.6", "Invalid delta-CRL Test6", {bad_cert,{revoked, keyCompromise}}}, - { "4.15.9", "Invalid delta-CRL Test9", {bad_cert,{revoked, keyCompromise}}}]). + run([{ "4.15.3", "Invalid delta-CRL Test3 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.15.4", "Invalid delta-CRL Test4 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.15.6", "Invalid delta-CRL Test6 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.15.9", "Invalid delta-CRL Test9 EE", {bad_cert,{revoked, keyCompromise}}}]). %%----------------------------------------------------------------------------- @@ -642,10 +641,10 @@ valid_distribution_points(doc) -> valid_distribution_points(suite) -> []; valid_distribution_points(Config) when is_list(Config) -> - run([{ "4.14.1", "Valid distributionPoint Test1", ok}, - { "4.14.4", "Valid distributionPoint Test4", ok}, - { "4.14.5", "Valid distributionPoint Test5", ok}, - { "4.14.7", "Valid distributionPoint Test7", ok} + run([{ "4.14.1", "Valid distributionPoint Test1 EE", ok}, + { "4.14.4", "Valid distributionPoint Test4 EE", ok}, + { "4.14.5", "Valid distributionPoint Test5 EE", ok}, + { "4.14.7", "Valid distributionPoint Test7 EE", ok} ]). valid_distribution_points_no_issuing_distribution_point(doc) -> @@ -661,13 +660,13 @@ invalid_distribution_points(doc) -> invalid_distribution_points(suite) -> []; invalid_distribution_points(Config) when is_list(Config) -> - run([{ "4.14.2", "Invalid distributionPoint Test2", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.3", "Invalid distributionPoint Test3", {bad_cert, + run([{ "4.14.2", "Invalid distributionPoint Test2 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.14.3", "Invalid distributionPoint Test3 EE", {bad_cert, revocation_status_undetermined}}, - { "4.14.6", "Invalid distributionPoint Test6", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.8", "Invalid distributionPoint Test8", {bad_cert, + { "4.14.6", "Invalid distributionPoint Test6 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.14.8", "Invalid distributionPoint Test8 EE", {bad_cert, revocation_status_undetermined}}, - { "4.14.9", "Invalid distributionPoint Test9", {bad_cert, + { "4.14.9", "Invalid distributionPoint Test9 EE", {bad_cert, revocation_status_undetermined}} ]). @@ -676,7 +675,7 @@ valid_only_contains(doc) -> valid_only_contains(suite) -> []; valid_only_contains(Config) when is_list(Config) -> - run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13", ok}]). + run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13 EE", ok}]). invalid_only_contains(doc) -> @@ -684,11 +683,11 @@ invalid_only_contains(doc) -> invalid_only_contains(suite) -> []; invalid_only_contains(Config) when is_list(Config) -> - run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", + run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11 EE", {bad_cert, revocation_status_undetermined}}, - { "4.14.12", "Invalid onlyContainsCACerts CRL Test12", + { "4.14.12", "Invalid onlyContainsCACerts CRL Test12 EE", {bad_cert, revocation_status_undetermined}}, - { "4.14.14", "Invalid onlyContainsAttributeCerts Test14", + { "4.14.14", "Invalid onlyContainsAttributeCerts Test14 EE", {bad_cert, revocation_status_undetermined}} ]). @@ -697,8 +696,8 @@ valid_only_some_reasons(doc) -> valid_only_some_reasons(suite) -> []; valid_only_some_reasons(Config) when is_list(Config) -> - run([{ "4.14.18", "Valid onlySomeReasons Test18", ok}, - { "4.14.19", "Valid onlySomeReasons Test19", ok} + run([{ "4.14.18", "Valid onlySomeReasons Test18 EE", ok}, + { "4.14.19", "Valid onlySomeReasons Test19 EE", ok} ]). invalid_only_some_reasons(doc) -> @@ -706,15 +705,15 @@ invalid_only_some_reasons(doc) -> invalid_only_some_reasons(suite) -> []; invalid_only_some_reasons(Config) when is_list(Config) -> - run([{ "4.14.15", "Invalid onlySomeReasons Test15", + run([{ "4.14.15", "Invalid onlySomeReasons Test15 EE", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.16", "Invalid onlySomeReasons Test16", + { "4.14.16", "Invalid onlySomeReasons Test16 EE", {bad_cert,{revoked, certificateHold}}}, - { "4.14.17", "Invalid onlySomeReasons Test17", + { "4.14.17", "Invalid onlySomeReasons Test17 EE", {bad_cert, revocation_status_undetermined}}, - { "4.14.20", "Invalid onlySomeReasons Test20", + { "4.14.20", "Invalid onlySomeReasons Test20 EE", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.21", "Invalid onlySomeReasons Test21", + { "4.14.21", "Invalid onlySomeReasons Test21 EE", {bad_cert,{revoked, affiliationChanged}}} ]). @@ -723,9 +722,9 @@ valid_indirect_crl(doc) -> valid_indirect_crl(suite) -> []; valid_indirect_crl(Config) when is_list(Config) -> - run([{ "4.14.22", "Valid IDP with indirectCRL Test22", ok}, - { "4.14.24", "Valid IDP with indirectCRL Test24", ok}, - { "4.14.25", "Valid IDP with indirectCRL Test25", ok} + run([{ "4.14.22", "Valid IDP with indirectCRL Test22 EE", ok}, + { "4.14.24", "Valid IDP with indirectCRL Test24 EE", ok}, + { "4.14.25", "Valid IDP with indirectCRL Test25 EE", ok} ]). invalid_indirect_crl(doc) -> @@ -733,9 +732,9 @@ invalid_indirect_crl(doc) -> invalid_indirect_crl(suite) -> []; invalid_indirect_crl(Config) when is_list(Config) -> - run([{ "4.14.23", "Invalid IDP with indirectCRL Test23", + run([{ "4.14.23", "Invalid IDP with indirectCRL Test23 EE", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.26", "Invalid IDP with indirectCRL Test26", + { "4.14.26", "Invalid IDP with indirectCRL Test26 EE", {bad_cert, revocation_status_undetermined}} ]). @@ -744,9 +743,9 @@ valid_crl_issuer(doc) -> valid_crl_issuer(suite) -> []; valid_crl_issuer(Config) when is_list(Config) -> - run([{ "4.14.28", "Valid cRLIssuer Test28", ok}%%, - %%{ "4.14.29", "Valid cRLIssuer Test29", ok}, - %%{ "4.14.33", "Valid cRLIssuer Test33", ok} + run([{ "4.14.28", "Valid cRLIssuer Test28 EE", ok}%%, + %%{ "4.14.29", "Valid cRLIssuer Test29 EE", ok}, + %%{ "4.14.33", "Valid cRLIssuer Test33 EE", ok} ]). invalid_crl_issuer(doc) -> @@ -755,11 +754,11 @@ invalid_crl_issuer(suite) -> []; invalid_crl_issuer(Config) when is_list(Config) -> run([ - { "4.14.27", "Invalid cRLIssuer Test27", {bad_cert, revocation_status_undetermined}}, - { "4.14.31", "Invalid cRLIssuer Test31", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.32", "Invalid cRLIssuer Test32", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.34", "Invalid cRLIssuer Test34", {bad_cert,{revoked, keyCompromise}}}, - { "4.14.35", "Invalid cRLIssuer Test35", {bad_cert, revocation_status_undetermined}} + { "4.14.27", "Invalid cRLIssuer Test27 EE", {bad_cert, revocation_status_undetermined}}, + { "4.14.31", "Invalid cRLIssuer Test31 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.14.32", "Invalid cRLIssuer Test32 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.14.34", "Invalid cRLIssuer Test34 EE", {bad_cert,{revoked, keyCompromise}}}, + { "4.14.35", "Invalid cRLIssuer Test35 EE", {bad_cert, revocation_status_undetermined}} ]). @@ -780,7 +779,7 @@ unknown_critical_extension(doc) -> unknown_critical_extension(suite) -> []; unknown_critical_extension(Config) when is_list(Config) -> - run([{ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", + run([{ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2 EE", {bad_cert,unknown_critical_extension}}]). unknown_not_critical_extension(doc) -> @@ -788,16 +787,18 @@ unknown_not_critical_extension(doc) -> unknown_not_critical_extension(suite) -> []; unknown_not_critical_extension(Config) when is_list(Config) -> - run([{ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", ok}]). + run([{ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1 EE", ok}]). %%----------------------------------------------------------------------------- run(Tests) -> - File = file(?CERTS,"TrustAnchorRootCertificate.crt"), - {ok, TA} = file:read_file(File), + [TA] = read_certs("Trust Anchor Root Certificate"), run(Tests, TA). run({Chap, Test, Result}, TA) -> - CertChain = sort_chain(read_certs(Test),TA, [], false, Chap), + CertChain = cas(Chap) ++ read_certs(Test), + lists:foreach(fun(C) -> + io:format("CERT: ~p~n", [public_key:pkix_decode_cert(C, otp)]) + end, CertChain), Options = path_validation_options(TA, Chap,Test), try public_key:pkix_path_validation(TA, CertChain, Options) of {Result, _} -> ok; @@ -1134,6 +1135,7 @@ read_crls(Test) -> [CRL || {'CertificateList', CRL, not_encrypted} <- Ders]. test_file(Test) -> + io:format("TEST: ~p~n", [Test]), file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem"). file(Sub,File) -> @@ -1150,79 +1152,246 @@ file(Sub,File) -> end, AbsFile. -sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.3"-> - [CA, Entity, Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap), - [CA, Self, Entity]; -sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.4"; - Chap == "4.5.5" -> - [CA, Entity, _Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap), - [CA, Entity]; - -sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.24"; - Chap == "4.14.25"; - Chap == "4.14.26"; - Chap == "4.14.27"; - Chap == "4.14.31"; - Chap == "4.14.32"; - Chap == "4.14.33" -> - [_OtherCA, Entity, CA] = do_sort_chain(Certs, TA, Acc, Bool, Chap), - [CA, Entity]; - -sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.28"; - Chap == "4.14.29" -> - [CA, _OtherCA, Entity] = do_sort_chain(Certs, TA, Acc, Bool, Chap), - [CA, Entity]; - - -sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.33" -> - [Entity, CA, _OtherCA] = do_sort_chain(Certs, TA, Acc, Bool, Chap), - [CA, Entity]; - - -sort_chain(Certs, TA, Acc, Bool, Chap) -> - do_sort_chain(Certs, TA, Acc, Bool, Chap). - -do_sort_chain([First], TA, Try, Found, Chap) when Chap == "4.5.6"; - Chap == "4.5.7"; - Chap == "4.4.19"; - Chap == "4.4.20"; - Chap == "4.4.21"-> - case public_key:pkix_is_issuer(First,TA) of - true -> - [First|do_sort_chain([],First,Try,true, Chap)]; - false -> - do_sort_chain([],TA,[First|Try],Found, Chap) - end; -do_sort_chain([First|Certs], TA, Try, Found, Chap) when Chap == "4.5.6"; - Chap == "4.5.7"; - Chap == "4.4.19"; - Chap == "4.4.20"; - Chap == "4.4.21"-> -%% case check_extension_cert_signer(public_key:pkix_decode_cert(First, otp)) of -%% true -> - case public_key:pkix_is_issuer(First,TA) of - true -> - [First|do_sort_chain(Certs,First,Try,true, Chap)]; - false -> - do_sort_chain(Certs,TA,[First|Try],Found, Chap) - end; -%% false -> -%% do_sort_chain(Certs, TA, Try, Found, Chap) -%% end; - -do_sort_chain([First|Certs], TA, Try, Found, Chap) -> - case public_key:pkix_is_issuer(First,TA) of - true -> - [First|do_sort_chain(Certs,First,Try,true, Chap)]; - false -> - do_sort_chain(Certs,TA,[First|Try],Found, Chap) - end; - -do_sort_chain([], _, [],_, _) -> []; -do_sort_chain([], Valid, Check, true, Chap) -> - do_sort_chain(lists:reverse(Check), Valid, [], false, Chap); -do_sort_chain([], _Valid, Check, false, _) -> - Check. +cas(Chap) -> + CAS = intermidiate_cas(Chap), + lists:foldl(fun([], Acc) -> + Acc; + (CA, Acc) -> + [CACert] = read_certs(CA), + [CACert | Acc] + end, [], CAS). + +intermidiate_cas(Chap) when Chap == "4.1.1"; + Chap == "4.1.3"; + Chap == "4.2.2"; + Chap == "4.2.3"; + Chap == "4.2.4"; + Chap == "4.2.6"; + Chap == "4.2.7"; + Chap == "4.2.8"; + Chap == "4.3.1"; + Chap == "4.3.3"; + Chap == "4.3.4"; + Chap == "4.3.5"; + Chap == "4.4.3" + -> + ["Good CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.1.2" -> + ["Bad Signed CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.1.4"; + Chap == "4.1.6" -> + ["DSA CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.1.5" -> + ["DSA Parameters Inherited CA Cert", "DSA CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.2.1"; + Chap == "4.2.5" -> + ["Bad notBefore Date CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.16.1"; + Chap == "4.16.2" -> + ["Trust Anchor Root Certificate"]; + +intermidiate_cas(Chap) when Chap == "4.3.2" -> + ["Name Ordering CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.34"; + Chap == "4.13.35" -> + ["nameConstraints URI1 CA Cert"]; +intermidiate_cas(Chap) when Chap == "4.13.36"; + Chap == "4.13.37" -> + ["nameConstraints URI2 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.30"; + Chap == "4.13.31"; + Chap == "4.13.38" + -> + ["nameConstraints DNS1 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.32"; + Chap == "4.13.33" -> + ["nameConstraints DNS2 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.27"; + Chap == "4.13.28"; + Chap == "4.13.29" -> + ["nameConstraints DN1 subCA3 Cert", + "nameConstraints DN1 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.21"; + Chap == "4.13.22" -> + ["nameConstraints RFC822 CA1 Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.23"; + Chap == "4.13.24" -> + ["nameConstraints RFC822 CA2 Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.25"; + Chap == "4.13.26" -> + ["nameConstraints RFC822 CA3 Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.1" -> + ["Missing basicConstraints CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.2" -> + ["basicConstraints Critical cA False CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.3" -> + ["basicConstraints Not Critical cA False CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.5.2"; + Chap == "4.5.5" -> + ["Basic Self-Issued New Key CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.5.1" -> + ["Basic Self-Issued New Key OldWithNew CA Cert", "Basic Self-Issued New Key CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.5.3" -> + ["Basic Self-Issued Old Key NewWithOld CA Cert", "Basic Self-Issued Old Key CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.5.4" -> + ["Basic Self-Issued Old Key CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.1"; + Chap == "4.13.2"; + Chap == "4.13.3"; + Chap == "4.13.4"; + Chap == "4.13.20" + -> + ["nameConstraints DN1 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.5" -> + ["nameConstraints DN2 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.6"; + Chap == "4.13.7" -> + ["nameConstraints DN3 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.8"; + Chap == "4.13.9" -> + ["nameConstraints DN4 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.10"; + Chap == "4.13.11" -> + ["nameConstraints DN5 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.12" -> + ["nameConstraints DN1 subCA1 Cert", + "nameConstraints DN1 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.13"; + Chap == "4.13.14" -> + ["nameConstraints DN1 subCA2 Cert", + "nameConstraints DN1 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.15"; + Chap == "4.13.16" -> + ["nameConstraints DN3 subCA1 Cert", + "nameConstraints DN3 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.17"; + Chap == "4.13.18" -> + ["nameConstraints DN3 subCA2 Cert", + "nameConstraints DN3 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.13.19" -> + ["nameConstraints DN1 Self-Issued CA Cert", + "nameConstraints DN1 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.5.6" -> + ["Basic Self-Issued CRL Signing Key CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.7.1"; + Chap == "4.7.4" -> + ["keyUsage Critical keyCertSign False CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.7.2"; + Chap == "4.7.5" -> + ["keyUsage Not Critical keyCertSign False CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.7.3" -> + ["keyUsage Not Critical CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.3.7" -> + ["RFC3280 Mandatory Attribute Types CA Cert"]; +intermidiate_cas(Chap) when Chap == "4.3.8" -> + ["RFC3280 Optional Attribute Types CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.3.6" -> + ["UIDCACert"]; + +intermidiate_cas(Chap) when Chap == "4.6.4" -> + ["basicConstraints Not Critical CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.1.26" -> + ["nameConstraints RFC822 CA3 Cert"]; + +intermidiate_cas(Chap) when Chap == "4.3.9" -> + ["UTF8String Encoded Names CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.3.10" -> + ["Rollover from PrintableString to UTF8String CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.3.11" -> + ["UTF8String Case Insensitive Match CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.7"; + Chap == "4.6.8" + -> + ["pathLenConstraint0 CA Cert"]; +intermidiate_cas(Chap) when Chap == "4.6.13" -> + [ "pathLenConstraint6 subsubsubCA41X Cert", + "pathLenConstraint6 subsubCA41 Cert", + "pathLenConstraint6 subCA4 Cert", + "pathLenConstraint6 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.14" -> + [ "pathLenConstraint6 subsubsubCA41X Cert", + "pathLenConstraint6 subsubCA41 Cert", + "pathLenConstraint6 subCA4 Cert", + "pathLenConstraint6 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.15" -> + [ "pathLenConstraint0 Self-Issued CA Cert", + "pathLenConstraint0 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.17" -> + ["pathLenConstraint1 Self-Issued subCA Cert", + "pathLenConstraint1 subCA Cert", + "pathLenConstraint1 Self-Issued CA Cert", + "pathLenConstraint1 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.5"; + Chap == "4.6.6" -> + ["pathLenConstraint0 subCA Cert", + "pathLenConstraint0 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.9"; + Chap == "4.6.10" -> + ["pathLenConstraint6 subsubCA00 Cert", + "pathLenConstraint6 subCA0 Cert", + "pathLenConstraint6 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.11"; + Chap == "4.6.12" -> + ["pathLenConstraint6 subsubsubCA11X Cert", + "pathLenConstraint6 subsubCA11 Cert", + "pathLenConstraint6 subCA1 Cert", + "pathLenConstraint6 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.6.16" -> + ["pathLenConstraint0 subCA2 Cert", + "pathLenConstraint0 Self-Issued CA Cert", + "pathLenConstraint0 CA Cert"]; + +intermidiate_cas(Chap) when Chap == "4.5.7"; + Chap == "4.5.8" + -> + ["Basic Self-Issued CRL Signing Key CRL Cert", + "Basic Self-Issued CRL Signing Key CA Cert"]. error(Format, Args, File0, Line) -> File = filename:basename(File0), @@ -1340,3 +1509,12 @@ inhibit_any_policy() -> {"4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 }, {"4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", ok}, {"4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 }]. + +crypto_support_check(Config) -> + try crypto:sha256(<<"Test">>) of + _ -> + Config + catch error:notsup -> + crypto:stop(), + {skip, "To old version of openssl"} + end. |