summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/chains/scenarios/ocsp.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/tests/chains/scenarios/ocsp.cfg')
-rw-r--r--security/nss/tests/chains/scenarios/ocsp.cfg177
1 files changed, 177 insertions, 0 deletions
diff --git a/security/nss/tests/chains/scenarios/ocsp.cfg b/security/nss/tests/chains/scenarios/ocsp.cfg
new file mode 100644
index 000000000..cdfff89fe
--- /dev/null
+++ b/security/nss/tests/chains/scenarios/ocsp.cfg
@@ -0,0 +1,177 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario OCSP
+
+check_ocsp OCSPEE11OCSPCA1:d
+
+db OCSPRoot
+import OCSPRoot:d:CT,C,C
+
+db OCSPCA1
+import_key OCSPCA1
+
+crl OCSPCA1
+
+revoke OCSPCA1
+ serial 3
+
+revoke OCSPCA1
+ serial 4
+
+testdb OCSPRoot
+
+#EE - OK, CA - OK
+verify OCSPEE11OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_flags requireFreshInfo
+ rev_mtype ocsp
+ result pass
+
+#EE - revoked, CA - OK
+verify OCSPEE12OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_flags requireFreshInfo
+ rev_mtype ocsp
+ result fail
+
+#EE - unknown
+verify OCSPEE15OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_mtype ocsp
+ result pass
+
+#EE - unknown, requireFreshInfo
+verify OCSPEE15OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_flags requireFreshInfo
+ rev_mtype ocsp
+ result fail
+
+#EE - OK, CA - revoked, leaf, no fresh info
+verify OCSPEE21OCSPCA2:d
+ cert OCSPCA2OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_mtype ocsp
+ result pass
+
+#EE - OK, CA - revoked, leaf, requireFreshInfo
+verify OCSPEE21OCSPCA2:d
+ cert OCSPCA2OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_flags requireFreshInfo
+ rev_mtype ocsp
+ result fail
+
+#EE - OK, CA - revoked, chain, requireFreshInfo
+verify OCSPEE21OCSPCA2:d
+ cert OCSPCA2OCSPRoot:d
+ trust OCSPRoot
+ rev_type chain
+ rev_flags requireFreshInfo
+ rev_mtype ocsp
+ result fail
+
+#EE - OK, CA - unknown
+verify OCSPEE31OCSPCA3:d
+ cert OCSPCA3OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_mtype ocsp
+ result pass
+
+#EE - OK, CA - unknown, requireFreshInfo
+verify OCSPEE31OCSPCA3:d
+ cert OCSPCA3OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_flags requireFreshInfo
+ rev_mtype ocsp
+ result fail
+
+#EE - revoked, doNotUse
+verify OCSPEE12OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_mtype ocsp
+ rev_mflags doNotUse
+ result pass
+
+#EE - revoked, forbidFetching
+verify OCSPEE12OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_mtype ocsp
+ rev_mflags forbidFetching
+ result pass
+
+#EE - unknown status, failIfNoInfo
+verify OCSPEE15OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_mtype ocsp
+ rev_mflags failIfNoInfo
+ result fail
+
+#EE - OK, CA - revoked, leaf, failIfNoInfo
+verify OCSPEE21OCSPCA2:d
+ cert OCSPCA2OCSPRoot:d
+ trust OCSPRoot
+ rev_type leaf
+ rev_mtype ocsp
+ rev_mflags failIfNoInfo
+ result fail
+
+testdb OCSPCA1
+
+#EE - OK on OCSP, revoked locally - should fail ??
+# two things about this test: crl is not imported into the db and
+# cert 13 is not revoked by crl.
+verify OCSPEE13OCSPCA1:d
+ cert OCSPCA1OCSPRoot:d
+ trust OCSPCA1
+ rev_type leaf
+ rev_flags testLocalInfoFirst
+ rev_mtype ocsp
+ result pass
+
+db OCSPRoot1
+import OCSPRoot:d:CT,C,C
+
+verify OCSPEE23OCSPCA2:d
+ cert OCSPCA2OCSPRoot:d
+ trust OCSPRoot
+ rev_type chain
+ rev_mtype ocsp
+ rev_type leaf
+ rev_mtype ocsp
+ result fail
+
+db OCSPRoot2
+import OCSPRoot:d:T,,
+
+# bug 527438
+# expected result of this test is FAIL
+verify OCSPEE23OCSPCA2:d
+ cert OCSPCA2OCSPRoot:d
+ trust OCSPRoot
+ rev_type chain
+ rev_mtype ocsp
+ rev_type leaf
+ rev_mtype ocsp
+ result pass
+