1# This Source Code Form is subject to the terms of the Mozilla Public
2# License, v. 2.0. If a copy of the MPL was not distributed with this
3# file, You can obtain one at http://mozilla.org/MPL/2.0/.
4
5scenario OCSPD
6
7#root CA
8entity OCSPRoot
9  type Root
10  export_key
11
12#CA - OK
13entity OCSPCA1
14  type Intermediate
15  issuer OCSPRoot
16  serial 1
17  ocsp online
18  export_key
19
20#CA - revoked
21entity OCSPCA2
22  type Intermediate
23  issuer OCSPRoot
24  serial 2
25  ocsp online
26  export_key
27
28#CA - unknown status
29entity OCSPCA3
30  type Intermediate
31  issuer OCSPRoot
32  serial 3
33  ocsp offline
34  export_key
35
36#EE - OK
37entity OCSPEE11
38  type EE
39  issuer OCSPCA1
40  serial 1
41  ocsp online
42
43#EE - revoked on OCSP
44entity OCSPEE12
45  type EE
46  issuer OCSPCA1
47  serial 2
48  ocsp online
49
50#EE - revoked on CRL
51entity OCSPEE13
52  type EE
53  issuer OCSPCA1
54  serial 3
55  ocsp online
56
57#EE - revoked on OCSP and CRL
58entity OCSPEE14
59  type EE
60  issuer OCSPCA1
61  serial 4
62  ocsp online
63
64#EE - unknown status
65entity OCSPEE15
66  type EE
67  issuer OCSPCA1
68  serial 5
69  ocsp offline
70
71#EE - valid EE, revoked CA
72entity OCSPEE21
73  type EE
74  issuer OCSPCA2
75  serial 1
76  ocsp online
77
78#EE - revoked EE, revoked CA
79entity OCSPEE22
80  type EE
81  issuer OCSPCA2
82  serial 2
83  ocsp online
84
85#EE - revoked EE, CA pointing to invalid OCSP
86entity OCSPEE23
87  type EE
88  issuer OCSPCA2
89  serial 3
90  ocsp offline
91
92#EE - valid EE, CA pointing to invalid OCSP
93entity OCSPEE31
94  type EE
95  issuer OCSPCA3
96  serial 1
97  ocsp online
98
99#EE - revoked EE, CA pointing to invalid OCSP
100entity OCSPEE32
101  type EE
102  issuer OCSPCA3
103  serial 2
104  ocsp online
105
106#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
107entity OCSPEE33
108  type EE
109  issuer OCSPCA3
110  serial 3
111  ocsp offline
112
113crl OCSPRoot
114
115revoke OCSPRoot
116  serial 2
117
118crl OCSPCA1
119
120revoke OCSPCA1
121  serial 2
122
123revoke OCSPCA1
124  serial 4
125
126crl OCSPCA2
127
128revoke OCSPCA2
129  serial 2
130
131revoke OCSPCA2
132  serial 3
133
134crl OCSPCA3
135
136revoke OCSPCA3
137  serial 2
138
139revoke OCSPCA3
140  serial 3
141
142# Used for running a single OCSP server (httpserv) instance that can
143# handle multiple CAs, e.g.:
144# httpserv -p 8641 -d . -f dbpasswd \
145#   -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
146#   -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
147db Server
148import OCSPRoot::CT,C,C
149import_key OCSPRoot
150import_key OCSPCA1
151import_key OCSPCA2
152import_key OCSPCA3
153
154# A DB containing all certs, but no keys.
155# Useful for manual OCSP client testing, e.g.:
156# ocspclnt -d .  -S OCSPEE12OCSPCA1 -u s
157db Client
158import OCSPRoot::CT,C,C
159import OCSPCA1OCSPRoot::
160import OCSPCA2OCSPRoot::
161import OCSPCA3OCSPRoot::
162import OCSPEE11OCSPCA1::
163import OCSPEE12OCSPCA1::
164import OCSPEE13OCSPCA1::
165import OCSPEE14OCSPCA1::
166import OCSPEE15OCSPCA1::
167import OCSPEE21OCSPCA2::
168import OCSPEE22OCSPCA2::
169import OCSPEE23OCSPCA2::
170import OCSPEE31OCSPCA3::
171import OCSPEE32OCSPCA3::
172import OCSPEE33OCSPCA3::
173