1# This Source Code Form is subject to the terms of the Mozilla Public
2# License, v. 2.0. If a copy of the MPL was not distributed with this
3# file, You can obtain one at http://mozilla.org/MPL/2.0/.
4
5scenario OCSP
6
7check_ocsp OCSPEE11OCSPCA1:d
8
9db OCSPRoot
10import OCSPRoot:d:CT,C,C
11
12db OCSPCA1
13import_key OCSPCA1
14
15crl OCSPCA1
16
17revoke OCSPCA1
18  serial 3
19
20revoke OCSPCA1
21  serial 4
22
23testdb OCSPRoot
24
25#EE - OK, CA - OK
26verify OCSPEE11OCSPCA1:d
27  cert OCSPCA1OCSPRoot:d
28  trust OCSPRoot
29  rev_type leaf
30  rev_flags requireFreshInfo
31  rev_mtype ocsp
32  result pass
33
34#EE - revoked, CA - OK
35verify OCSPEE12OCSPCA1:d
36  cert OCSPCA1OCSPRoot:d
37  trust OCSPRoot
38  rev_type leaf
39  rev_flags requireFreshInfo
40  rev_mtype ocsp
41  result fail
42
43#EE - unknown
44verify OCSPEE15OCSPCA1:d
45  cert OCSPCA1OCSPRoot:d
46  trust OCSPRoot
47  rev_type leaf
48  rev_mtype ocsp
49  result pass
50
51#EE - unknown, requireFreshInfo
52verify OCSPEE15OCSPCA1:d
53  cert OCSPCA1OCSPRoot:d
54  trust OCSPRoot
55  rev_type leaf
56  rev_flags requireFreshInfo
57  rev_mtype ocsp
58  result fail
59
60#EE - OK, CA - revoked, leaf, no fresh info
61verify OCSPEE21OCSPCA2:d
62  cert OCSPCA2OCSPRoot:d
63  trust OCSPRoot
64  rev_type leaf
65  rev_mtype ocsp
66  result pass
67
68#EE - OK, CA - revoked, leaf, requireFreshInfo
69verify OCSPEE21OCSPCA2:d
70  cert OCSPCA2OCSPRoot:d
71  trust OCSPRoot
72  rev_type leaf
73  rev_flags requireFreshInfo
74  rev_mtype ocsp
75  result fail
76
77#EE - OK, CA - revoked, chain, requireFreshInfo
78verify OCSPEE21OCSPCA2:d
79  cert OCSPCA2OCSPRoot:d
80  trust OCSPRoot
81  rev_type chain
82  rev_flags requireFreshInfo
83  rev_mtype ocsp
84  result fail
85
86#EE - OK, CA - unknown
87verify OCSPEE31OCSPCA3:d
88  cert OCSPCA3OCSPRoot:d
89  trust OCSPRoot
90  rev_type leaf
91  rev_mtype ocsp
92  result pass
93
94#EE - OK, CA - unknown, requireFreshInfo
95verify OCSPEE31OCSPCA3:d
96  cert OCSPCA3OCSPRoot:d
97  trust OCSPRoot
98  rev_type leaf
99  rev_flags requireFreshInfo
100  rev_mtype ocsp
101  result fail
102
103#EE - revoked, doNotUse
104verify OCSPEE12OCSPCA1:d
105  cert OCSPCA1OCSPRoot:d
106  trust OCSPRoot
107  rev_type leaf
108  rev_mtype ocsp
109  rev_mflags doNotUse
110  result pass
111
112#EE - revoked, forbidFetching
113verify OCSPEE12OCSPCA1:d
114  cert OCSPCA1OCSPRoot:d
115  trust OCSPRoot
116  rev_type leaf
117  rev_mtype ocsp
118  rev_mflags forbidFetching
119  result pass
120
121#EE - unknown status, failIfNoInfo
122verify OCSPEE15OCSPCA1:d
123  cert OCSPCA1OCSPRoot:d
124  trust OCSPRoot
125  rev_type leaf
126  rev_mtype ocsp
127  rev_mflags failIfNoInfo
128  result fail
129
130#EE - OK, CA - revoked, leaf, failIfNoInfo
131verify OCSPEE21OCSPCA2:d
132  cert OCSPCA2OCSPRoot:d
133  trust OCSPRoot
134  rev_type leaf
135  rev_mtype ocsp
136  rev_mflags failIfNoInfo
137  result fail
138
139testdb OCSPCA1
140
141#EE - OK on OCSP, revoked locally - should fail ??
142# two things about this test: crl is not imported into the db and
143# cert 13 is not revoked by crl.
144verify OCSPEE13OCSPCA1:d
145  cert OCSPCA1OCSPRoot:d
146  trust OCSPCA1
147  rev_type leaf
148  rev_flags testLocalInfoFirst
149  rev_mtype ocsp
150  result pass
151
152db OCSPRoot1
153import OCSPRoot:d:CT,C,C
154
155verify OCSPEE23OCSPCA2:d
156  cert OCSPCA2OCSPRoot:d
157  trust OCSPRoot
158  rev_type chain
159  rev_mtype ocsp
160  rev_type leaf
161  rev_mtype ocsp
162  result fail
163
164db OCSPRoot2
165import OCSPRoot:d:T,,
166
167# bug 527438
168# expected result of this test is FAIL
169verify OCSPEE23OCSPCA2:d
170  cert OCSPCA2OCSPRoot:d
171  trust OCSPRoot
172  rev_type chain
173  rev_mtype ocsp
174  rev_type leaf
175  rev_mtype ocsp
176  result pass
177
178