spec/fixtures/config_test_various.yaml in r509-0.8.1 vs spec/fixtures/config_test_various.yaml in r509-0.9

@@ -1,100 +1,137 @@
 pkcs12_ca: {
-    ca_cert: {
-        pkcs12: "test_ca.p12",
-        password: "r509"
-    }
+  ca_cert: {
+    pkcs12: "test_ca.p12",
+    password: "r509"
+  }
 }
 pkcs12_key_ca: {
-    ca_cert: {
-        pkcs12: "test_ca.p12",
-        password: "r509",
-        key: "test_ca.cer"
-    }
+  ca_cert: {
+    pkcs12: "test_ca.p12",
+    password: "r509",
+    key: "test_ca.cer"
+  }
 }
 pkcs12_cert_ca: {
-    ca_cert: {
-        pkcs12: "test_ca.p12",
-        password: "r509",
-        cert: "test_ca.cer"
-    }
+  ca_cert: {
+    pkcs12: "test_ca.p12",
+    password: "r509",
+    cert: "test_ca.cer"
+  }
 }
 pkcs12_engine_ca: {
-    ca_cert: {
-        pkcs12: "test_ca.p12",
-        password: "r509",
-        engine: "chil",
-        key_name: "r509_key"
-    }
+  ca_cert: {
+    pkcs12: "test_ca.p12",
+    password: "r509",
+    engine: "chil",
+    key_name: "r509_key"
+  }
 }
 cert_no_key_ca: {
-    ca_cert: {
-        cert: "test_ca.cer"
-    }
+  ca_cert: {
+    cert: "test_ca.cer"
+  }
 }
 missing_key_identifier_ca: {
-    ca_cert: {
-        cert: 'missing_key_identifier_ca.cer',
-        key: 'missing_key_identifier_ca.key'
-    },
-    message_digest: 'SHA1', #SHA1, SHA256, SHA512 supported. MD5 too, but you really shouldn't use that unless you have a good reason
-    profiles: {
-        server: {
-            basic_constraints: "CA:FALSE",
-            key_usage: [digitalSignature,keyEncipherment],
-            extended_key_usage: [serverAuth],
-            certificate_policies: [ [ "policyIdentifier=2.16.840.1.9999999999.3.0"], [ "policyIdentifier=2.16.840.1.9999999999.1.2.3.4.1", "CPS.1=http://example.com/cps"] ]
-        }
+  ca_cert: {
+    cert: 'missing_key_identifier_ca.cer',
+    key: 'missing_key_identifier_ca.key'
+  },
+  message_digest: 'SHA1',
+  profiles: {
+    server: {
+      basic_constraints: { "ca" : false },
+      key_usage: [digitalSignature,keyEncipherment],
+      extended_key_usage: [serverAuth],
     }
+  }
 }
 multi_policy_ca: {
-    ca_cert: {
-        cert: 'test_ca.cer',
-        key: 'test_ca.key'
-    },
-    message_digest: 'SHA1', #SHA1, SHA256, SHA512 supported. MD5 too, but you really shouldn't use that unless you have a good reason
-    profiles: {
-        server: {
-            basic_constraints: "CA:FALSE",
-            key_usage: [digitalSignature,keyEncipherment],
-            extended_key_usage: [serverAuth],
-            certificate_policies: [ [ "policyIdentifier=2.16.840.1.9999999999.3.0"], [ "policyIdentifier=2.16.840.1.9999999999.1.2.3.4.1", "CPS.1=http://example.com/cps"] ]
+  ca_cert: {
+    cert: 'test_ca.cer',
+    key: 'test_ca.key'
+  },
+  message_digest: 'SHA1',
+  profiles: {
+    server: {
+      basic_constraints: { "ca" : false },
+      key_usage: [digitalSignature,keyEncipherment],
+      extended_key_usage: [serverAuth],
+      certificate_policies: [
+        { policy_identifier: "2.16.840.1.99999.21.234",
+          cps_uris: ["http://example.com/cps","http://haha.com"],
+          user_notices: [ { explicit_text: "this is a great thing", organization: "my org", notice_numbers: "1,2,3" } ]
+        },
+        { policy_identifier: "2.16.840.1.99999.21.235",
+          cps_uris: ["http://example.com/cps2"],
+          user_notices: [ { explicit_text: "this is a bad thing", organization: "another org", notice_numbers: "3,2,1" },{ explicit_text: "another user notice"} ]
         }
+      ]
     }
+  }
 }
 ocsp_delegate_ca: {
-    ca_cert: {
-        cert: 'test_ca.cer'
-    },
-    ocsp_cert: {
-        cert: 'test_ca_ocsp.cer',
-        key: 'test_ca_ocsp.key'
-    }
+  ca_cert: {
+    cert: 'test_ca.cer'
+  },
+  ocsp_cert: {
+    cert: 'test_ca_ocsp.cer',
+    key: 'test_ca_ocsp.key'
+  }
 }
 ocsp_chain_ca: {
-    ca_cert: {
-        cert: 'test_ca.cer'
-    },
-    ocsp_cert: {
-        cert: 'test_ca_ocsp.cer',
-        key: 'test_ca_ocsp.key'
-    },
-    ocsp_chain: 'test_ca_ocsp_chain.txt'
+  ca_cert: {
+    cert: 'test_ca.cer'
+  },
+  ocsp_cert: {
+    cert: 'test_ca_ocsp.cer',
+    key: 'test_ca_ocsp.key'
+  },
+  ocsp_chain: 'test_ca_ocsp_chain.txt'
 }
 ocsp_pkcs12_ca: {
-    ca_cert: {
-        cert: 'test_ca.cer'
-    },
-    ocsp_cert: {
-        pkcs12: 'test_ca_ocsp.p12',
-        password: 'r509'
-    }
+  ca_cert: {
+    cert: 'test_ca.cer'
+  },
+  ocsp_cert: {
+    pkcs12: 'test_ca_ocsp.p12',
+    password: 'r509'
+  }
 }
 ocsp_engine_ca: {
-    ca_cert: {
-        cert: 'test_ca.cer'
-    },
-    ocsp_cert: {
-        cert: 'test_ca_ocsp.cer',
-        engine: 'chil'
+  ca_cert: {
+    cert: 'test_ca.cer'
+  },
+  ocsp_cert: {
+    cert: 'test_ca_ocsp.cer',
+    engine: 'chil'
+  }
+}
+all_eku_ca: {
+  ca_cert: {
+    cert: 'test_ca.cer',
+    key: 'test_ca.key'
+  },
+  message_digest: 'SHA1',
+  profiles: {
+    smorgasbord: {
+      basic_constraints: { "ca" : false },
+      key_usage: [digitalSignature,keyEncipherment],
+      extended_key_usage: [serverAuth,clientAuth,codeSigning,emailProtection,OCSPSigning,timeStamping],
     }
+  }
+}
+ocsp_no_check_ca: {
+  ca_cert: {
+    cert: 'test_ca.cer',
+    key: 'test_ca.key'
+  },
+  message_digest: 'SHA1',
+  profiles: {
+    ocsp_no_check_delegate: {
+      basic_constraints: { "ca" : false },
+      key_usage: [digitalSignature],
+      extended_key_usage: [OCSPSigning],
+      ocsp_no_check: true
+    }
+  }
 }