diff options
Diffstat (limited to 'CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestEKUCerts/TestEKUParsingIssuingCA.ini')
| -rw-r--r-- | CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestEKUCerts/TestEKUParsingIssuingCA.ini | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestEKUCerts/TestEKUParsingIssuingCA.ini b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestEKUCerts/TestEKUParsingIssuingCA.ini new file mode 100644 index 0000000000..8576783473 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestEKUCerts/TestEKUParsingIssuingCA.ini @@ -0,0 +1,45 @@ +[Version]
+Signature="$Windows NT$
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; 2.5.29.19 == Basic Constraints for CA
+[Strings]
+szOID_BASIC_CONSTRAINTS2 = "2.5.29.19"
+
+[EnhancedKeyUsageExtension]
+OID = 1.3.6.1.4.1.311.76.9.21.1
+
+[NewRequest]
+Subject = "CN=TestEKUParsingIssuingCA"
+Exportable = true
+KeyLength = 256
+HashAlgorithm = sha256
+KeyUsage = "CERT_KEY_CERT_SIGN_KEY_USAGE"
+KeyUsageProperty = "NCRYPT_ALLOW_SIGNING_FLAG"
+MachineKeySet = True
+RequestType = cert
+ValidityPeriodUnits = 20
+ValidityPeriod = Years
+ProviderName = "Microsoft Software Key Storage Provider"
+KeyAlgorithm = "ECDSA_P256"
+
+
+[Extensions]
+%szOID_BASIC_CONSTRAINTS2% = "{text}"
+ _continue_ = "ca=True"
+
+Critical=%szOID_BASIC_CONSTRAINTS2%
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; This extension is so the this CA is only allowed to
+; issue end-entity certs.
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[BasicConstraintsExtension]
+PathLength=0
+
+;
+; Surface Firmware Signing EKU
+;
+[Extensions]
+ 2.5.29.37 = "{text}"
+ _continue_ = "1.3.6.1.4.1.311.76.9.21.1"
+
|