diff options
Diffstat (limited to 'security/nss/tests/chains/scenarios/ocsp.cfg')
-rw-r--r-- | security/nss/tests/chains/scenarios/ocsp.cfg | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/security/nss/tests/chains/scenarios/ocsp.cfg b/security/nss/tests/chains/scenarios/ocsp.cfg new file mode 100644 index 000000000..cdfff89fe --- /dev/null +++ b/security/nss/tests/chains/scenarios/ocsp.cfg @@ -0,0 +1,177 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +scenario OCSP + +check_ocsp OCSPEE11OCSPCA1:d + +db OCSPRoot +import OCSPRoot:d:CT,C,C + +db OCSPCA1 +import_key OCSPCA1 + +crl OCSPCA1 + +revoke OCSPCA1 + serial 3 + +revoke OCSPCA1 + serial 4 + +testdb OCSPRoot + +#EE - OK, CA - OK +verify OCSPEE11OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result pass + +#EE - revoked, CA - OK +verify OCSPEE12OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - unknown +verify OCSPEE15OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + result pass + +#EE - unknown, requireFreshInfo +verify OCSPEE15OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - OK, CA - revoked, leaf, no fresh info +verify OCSPEE21OCSPCA2:d + cert OCSPCA2OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + result pass + +#EE - OK, CA - revoked, leaf, requireFreshInfo +verify OCSPEE21OCSPCA2:d + cert OCSPCA2OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - OK, CA - revoked, chain, requireFreshInfo +verify OCSPEE21OCSPCA2:d + cert OCSPCA2OCSPRoot:d + trust OCSPRoot + rev_type chain + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - OK, CA - unknown +verify OCSPEE31OCSPCA3:d + cert OCSPCA3OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + result pass + +#EE - OK, CA - unknown, requireFreshInfo +verify OCSPEE31OCSPCA3:d + cert OCSPCA3OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_flags requireFreshInfo + rev_mtype ocsp + result fail + +#EE - revoked, doNotUse +verify OCSPEE12OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags doNotUse + result pass + +#EE - revoked, forbidFetching +verify OCSPEE12OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags forbidFetching + result pass + +#EE - unknown status, failIfNoInfo +verify OCSPEE15OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags failIfNoInfo + result fail + +#EE - OK, CA - revoked, leaf, failIfNoInfo +verify OCSPEE21OCSPCA2:d + cert OCSPCA2OCSPRoot:d + trust OCSPRoot + rev_type leaf + rev_mtype ocsp + rev_mflags failIfNoInfo + result fail + +testdb OCSPCA1 + +#EE - OK on OCSP, revoked locally - should fail ?? +# two things about this test: crl is not imported into the db and +# cert 13 is not revoked by crl. +verify OCSPEE13OCSPCA1:d + cert OCSPCA1OCSPRoot:d + trust OCSPCA1 + rev_type leaf + rev_flags testLocalInfoFirst + rev_mtype ocsp + result pass + +db OCSPRoot1 +import OCSPRoot:d:CT,C,C + +verify OCSPEE23OCSPCA2:d + cert OCSPCA2OCSPRoot:d + trust OCSPRoot + rev_type chain + rev_mtype ocsp + rev_type leaf + rev_mtype ocsp + result fail + +db OCSPRoot2 +import OCSPRoot:d:T,, + +# bug 527438 +# expected result of this test is FAIL +verify OCSPEE23OCSPCA2:d + cert OCSPCA2OCSPRoot:d + trust OCSPRoot + rev_type chain + rev_mtype ocsp + rev_type leaf + rev_mtype ocsp + result pass + |