RetroZilla/security/nss/tests/chains/scenarios/crldp.cfg

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

scenario CRLDP

entity Root
  type Root

entity CA0
  type Intermediate
  issuer Root

entity CA1
  type Intermediate
  crldp CA0
  issuer CA0
  serial 10
    aia CA0:Root

entity EE11
  type EE
  crldp CA0
  issuer CA1

entity CA2
  type Intermediate
  crldp CA0
  issuer CA0
  serial 20
    aia CA0:Root

entity EE21
  type EE
  issuer CA2

entity EE1
  type EE
  crldp CA0
  issuer CA0
  serial 30
    aia CA0:Root

entity EE2
  type EE
  crldp CA0
  issuer CA0
  serial 40
    aia CA0:Root

crl Root
crl CA0
crl CA1
crl CA2

revoke CA0
  serial 20

revoke CA0
  serial 40

copycrl CA0

db All

import Root::CTu,CTu,CTu

# intermediate CA - OK, EE - OK
verify EE11:CA1
  cert CA1:CA0
  trust Root:
  fetch
  rev_type chain
  rev_flags requireFreshInfo
  rev_mtype crl
  result pass

# intermediate CA - revoked, EE - OK
verify EE21:CA2
  cert CA2:CA0
  trust Root:
  fetch
  rev_type chain
  rev_flags requireFreshInfo
  rev_mtype crl
  result fail

# direct EE - OK 
verify EE1:CA0
  trust Root:
  fetch
  rev_type leaf
  rev_flags requireFreshInfo
  rev_mtype crl
  result pass

# direct EE - revoked
verify EE2:CA0
  trust Root:
  fetch
  rev_type leaf
  rev_flags requireFreshInfo
  rev_mtype crl
  result fail
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`# This Source Code Form is subject to the terms of the Mozilla Public`
			`# License, v. 2.0. If a copy of the MPL was not distributed with this`
			`# file, You can obtain one at http://mozilla.org/MPL/2.0/.`

			`scenario CRLDP`

			`entity Root`
			`type Root`

			`entity CA0`
			`type Intermediate`
			`issuer Root`

			`entity CA1`
			`type Intermediate`
			`crldp CA0`
			`issuer CA0`
			`serial 10`
			`aia CA0:Root`

			`entity EE11`
			`type EE`
			`crldp CA0`
			`issuer CA1`

			`entity CA2`
			`type Intermediate`
			`crldp CA0`
			`issuer CA0`
			`serial 20`
			`aia CA0:Root`

			`entity EE21`
			`type EE`
			`issuer CA2`

			`entity EE1`
			`type EE`
			`crldp CA0`
			`issuer CA0`
			`serial 30`
			`aia CA0:Root`

			`entity EE2`
			`type EE`
			`crldp CA0`
			`issuer CA0`
			`serial 40`
			`aia CA0:Root`

			`crl Root`
			`crl CA0`
			`crl CA1`
			`crl CA2`

			`revoke CA0`
			`serial 20`

			`revoke CA0`
			`serial 40`

			`copycrl CA0`

			`db All`

			`import Root::CTu,CTu,CTu`

			`# intermediate CA - OK, EE - OK`
			`verify EE11:CA1`
			`cert CA1:CA0`
			`trust Root:`
			`fetch`
			`rev_type chain`
			`rev_flags requireFreshInfo`
			`rev_mtype crl`
			`result pass`

			`# intermediate CA - revoked, EE - OK`
			`verify EE21:CA2`
			`cert CA2:CA0`
			`trust Root:`
			`fetch`
			`rev_type chain`
			`rev_flags requireFreshInfo`
			`rev_mtype crl`
			`result fail`

			`# direct EE - OK`
			`verify EE1:CA0`
			`trust Root:`
			`fetch`
			`rev_type leaf`
			`rev_flags requireFreshInfo`
			`rev_mtype crl`
			`result pass`

			`# direct EE - revoked`
			`verify EE2:CA0`
			`trust Root:`
			`fetch`
			`rev_type leaf`
			`rev_flags requireFreshInfo`
			`rev_mtype crl`
			`result fail`