diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-18 20:49:07 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-18 20:49:07 +0000 |
| commit | eaaa5d3be6f88068a80a99740e196d26d05bae45 (patch) | |
| tree | 380dca268d53725da2abd9e52111c5a43ae41b65 | |
| parent | 18a0f8521446706ac0bba00fc0369a1499547fd9 (diff) | |
Bug 668100 - DRM storage cert has OCSP signing extended key usage
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1742 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
3 files changed, 88 insertions, 61 deletions
diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg index de226b630..d5da9f599 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg @@ -10,62 +10,77 @@ input.i1.class_id=certReqInputImpl input.i2.class_id=submitterInfoInputImpl output.list=o1 output.o1.class_id=certOutputImpl -policyset.list=ocspCertSet -policyset.ocspCertSet.list=1,2,3,4,5,6,8,9 -policyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl -policyset.ocspCertSet.1.constraint.name=Subject Name Constraint -policyset.ocspCertSet.1.constraint.params.pattern=CN=.* -policyset.ocspCertSet.1.constraint.params.accept=true -policyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl -policyset.ocspCertSet.1.default.name=Subject Name Default -policyset.ocspCertSet.1.default.params.name= -policyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl -policyset.ocspCertSet.2.constraint.name=Validity Constraint -policyset.ocspCertSet.2.constraint.params.range=720 -policyset.ocspCertSet.2.constraint.params.notBeforeCheck=false -policyset.ocspCertSet.2.constraint.params.notAfterCheck=false -policyset.ocspCertSet.2.default.class_id=validityDefaultImpl -policyset.ocspCertSet.2.default.name=Validity Default -policyset.ocspCertSet.2.default.params.range=720 -policyset.ocspCertSet.2.default.params.startTime=0 -policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl -policyset.ocspCertSet.3.constraint.name=Key Constraint -policyset.ocspCertSet.3.constraint.params.keyType=- -policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 -policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl -policyset.ocspCertSet.3.default.name=Key Default -policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl -policyset.ocspCertSet.4.constraint.name=No Constraint -policyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl -policyset.ocspCertSet.4.default.name=Authority Key Identifier Default -policyset.ocspCertSet.5.constraint.class_id=noConstraintImpl -policyset.ocspCertSet.5.constraint.name=No Constraint -policyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl -policyset.ocspCertSet.5.default.name=AIA Extension Default -policyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true -policyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName -policyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0= -policyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 -policyset.ocspCertSet.5.default.params.authInfoAccessCritical=false -policyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1 -policyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl -policyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension -policyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false -policyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 -policyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl -policyset.ocspCertSet.6.default.name=Extended Key Usage Default -policyset.ocspCertSet.6.default.params.exKeyUsageCritical=false -policyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 -policyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl -policyset.ocspCertSet.8.constraint.name=No Constraint -policyset.ocspCertSet.8.constraint.params.extCritical=false -policyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5 -policyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl -policyset.ocspCertSet.8.default.name=OCSP No Check Extension -policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false -policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl -policyset.ocspCertSet.9.constraint.name=No Constraint -policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC -policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl -policyset.ocspCertSet.9.default.name=Signing Alg -policyset.ocspCertSet.9.default.params.signingAlg=- +policyset.list=drmStorageCertSet +policyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9 +policyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint +policyset.drmStorageCertSet.1.constraint.params.pattern=CN=.* +policyset.drmStorageCertSet.1.constraint.params.accept=true +policyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.drmStorageCertSet.1.default.name=Subject Name Default +policyset.drmStorageCertSet.1.default.params.name= +policyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl +policyset.drmStorageCertSet.2.constraint.name=Validity Constraint +policyset.drmStorageCertSet.2.constraint.params.range=720 +policyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false +policyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false +policyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl +policyset.drmStorageCertSet.2.default.name=Validity Default +policyset.drmStorageCertSet.2.default.params.range=720 +policyset.drmStorageCertSet.2.default.params.startTime=0 +policyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl +policyset.drmStorageCertSet.3.constraint.name=Key Constraint +policyset.drmStorageCertSet.3.constraint.params.keyType=- +policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl +policyset.drmStorageCertSet.3.default.name=Key Default +policyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl +policyset.drmStorageCertSet.4.constraint.name=No Constraint +policyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default +policyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl +policyset.drmStorageCertSet.5.constraint.name=No Constraint +policyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.drmStorageCertSet.5.default.name=AIA Extension Default +policyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false +policyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true +policyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.drmStorageCertSet.6.default.name=Key Usage Default +policyset.drmStorageCertSet.6.default.params.keyUsageCritical=true +policyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false +policyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl +policyset.drmStorageCertSet.7.constraint.name=No Constraint +policyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default +policyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false +policyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 +policyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.drmStorageCertSet.9.constraint.name=No Constraint +policyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC +policyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.drmStorageCertSet.9.default.name=Signing Alg +policyset.drmStorageCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg index 1faa61004..538c76071 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg @@ -11,7 +11,7 @@ input.i2.class_id=submitterInfoInputImpl output.list=o1 output.o1.class_id=certOutputImpl policyset.list=transportCertSet -policyset.transportCertSet.list=1,2,3,4,5,6,8 +policyset.transportCertSet.list=1,2,3,4,5,6,7,8 policyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.transportCertSet.1.constraint.name=Subject Name Constraint policyset.transportCertSet.1.constraint.params.pattern=CN=.* @@ -72,6 +72,12 @@ policyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false policyset.transportCertSet.6.default.params.keyUsageCrlSign=false policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.transportCertSet.7.constraint.class_id=noConstraintImpl +policyset.transportCertSet.7.constraint.name=No Constraint +policyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.transportCertSet.7.default.name=Extended Key Usage Extension Default +policyset.transportCertSet.7.default.params.exKeyUsageCritical=false +policyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.transportCertSet.8.constraint.name=No Constraint policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC diff --git a/pki/base/ca/shared/profiles/ca/caTransportCert.cfg b/pki/base/ca/shared/profiles/ca/caTransportCert.cfg index 44968e391..466e2b313 100644 --- a/pki/base/ca/shared/profiles/ca/caTransportCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caTransportCert.cfg @@ -10,7 +10,7 @@ input.i2.class_id=submitterInfoInputImpl output.list=o1 output.o1.class_id=certOutputImpl policyset.list=transportCertSet -policyset.transportCertSet.list=1,2,3,4,5,6,8 +policyset.transportCertSet.list=1,2,3,4,5,6,7,8 policyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.transportCertSet.1.constraint.name=Subject Name Constraint policyset.transportCertSet.1.constraint.params.pattern=CN=.* @@ -71,6 +71,12 @@ policyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false policyset.transportCertSet.6.default.params.keyUsageCrlSign=false policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.transportCertSet.7.constraint.class_id=noConstraintImpl +policyset.transportCertSet.7.constraint.name=No Constraint +policyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.transportCertSet.7.default.name=Extended Key Usage Extension Default +policyset.transportCertSet.7.default.params.exKeyUsageCritical=false +policyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.transportCertSet.8.constraint.name=No Constraint policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC |