michael@0: # This Source Code Form is subject to the terms of the Mozilla Public michael@0: # License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: # file, You can obtain one at http://mozilla.org/MPL/2.0/. michael@0: michael@0: scenario OCSP michael@0: michael@0: check_ocsp OCSPEE11OCSPCA1:d michael@0: michael@0: db OCSPRoot michael@0: import OCSPRoot:d:CT,C,C michael@0: michael@0: db OCSPCA1 michael@0: import_key OCSPCA1 michael@0: michael@0: crl OCSPCA1 michael@0: michael@0: revoke OCSPCA1 michael@0: serial 3 michael@0: michael@0: revoke OCSPCA1 michael@0: serial 4 michael@0: michael@0: testdb OCSPRoot michael@0: michael@0: #EE - OK, CA - OK michael@0: verify OCSPEE11OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_flags requireFreshInfo michael@0: rev_mtype ocsp michael@0: result pass michael@0: michael@0: #EE - revoked, CA - OK michael@0: verify OCSPEE12OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_flags requireFreshInfo michael@0: rev_mtype ocsp michael@0: result fail michael@0: michael@0: #EE - unknown michael@0: verify OCSPEE15OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: result pass michael@0: michael@0: #EE - unknown, requireFreshInfo michael@0: verify OCSPEE15OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_flags requireFreshInfo michael@0: rev_mtype ocsp michael@0: result fail michael@0: michael@0: #EE - OK, CA - revoked, leaf, no fresh info michael@0: verify OCSPEE21OCSPCA2:d michael@0: cert OCSPCA2OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: result pass michael@0: michael@0: #EE - OK, CA - revoked, leaf, requireFreshInfo michael@0: verify OCSPEE21OCSPCA2:d michael@0: cert OCSPCA2OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_flags requireFreshInfo michael@0: rev_mtype ocsp michael@0: result fail michael@0: michael@0: #EE - OK, CA - revoked, chain, requireFreshInfo michael@0: verify OCSPEE21OCSPCA2:d michael@0: cert OCSPCA2OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type chain michael@0: rev_flags requireFreshInfo michael@0: rev_mtype ocsp michael@0: result fail michael@0: michael@0: #EE - OK, CA - unknown michael@0: verify OCSPEE31OCSPCA3:d michael@0: cert OCSPCA3OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: result pass michael@0: michael@0: #EE - OK, CA - unknown, requireFreshInfo michael@0: verify OCSPEE31OCSPCA3:d michael@0: cert OCSPCA3OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_flags requireFreshInfo michael@0: rev_mtype ocsp michael@0: result fail michael@0: michael@0: #EE - revoked, doNotUse michael@0: verify OCSPEE12OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: rev_mflags doNotUse michael@0: result pass michael@0: michael@0: #EE - revoked, forbidFetching michael@0: verify OCSPEE12OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: rev_mflags forbidFetching michael@0: result pass michael@0: michael@0: #EE - unknown status, failIfNoInfo michael@0: verify OCSPEE15OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: rev_mflags failIfNoInfo michael@0: result fail michael@0: michael@0: #EE - OK, CA - revoked, leaf, failIfNoInfo michael@0: verify OCSPEE21OCSPCA2:d michael@0: cert OCSPCA2OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: rev_mflags failIfNoInfo michael@0: result fail michael@0: michael@0: testdb OCSPCA1 michael@0: michael@0: #EE - OK on OCSP, revoked locally - should fail ?? michael@0: # two things about this test: crl is not imported into the db and michael@0: # cert 13 is not revoked by crl. michael@0: verify OCSPEE13OCSPCA1:d michael@0: cert OCSPCA1OCSPRoot:d michael@0: trust OCSPCA1 michael@0: rev_type leaf michael@0: rev_flags testLocalInfoFirst michael@0: rev_mtype ocsp michael@0: result pass michael@0: michael@0: db OCSPRoot1 michael@0: import OCSPRoot:d:CT,C,C michael@0: michael@0: verify OCSPEE23OCSPCA2:d michael@0: cert OCSPCA2OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type chain michael@0: rev_mtype ocsp michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: result fail michael@0: michael@0: db OCSPRoot2 michael@0: import OCSPRoot:d:T,, michael@0: michael@0: # bug 527438 michael@0: # expected result of this test is FAIL michael@0: verify OCSPEE23OCSPCA2:d michael@0: cert OCSPCA2OCSPRoot:d michael@0: trust OCSPRoot michael@0: rev_type chain michael@0: rev_mtype ocsp michael@0: rev_type leaf michael@0: rev_mtype ocsp michael@0: result pass michael@0: