RetroZilla/security/nss/tests/chains/scenarios/ocspd.cfg

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

scenario OCSPD

#root CA
entity OCSPRoot
  type Root
  export_key

#CA - OK
entity OCSPCA1
  type Intermediate
  issuer OCSPRoot
  serial 1
  ocsp online
  export_key

#CA - revoked
entity OCSPCA2
  type Intermediate
  issuer OCSPRoot
  serial 2
  ocsp online
  export_key

#CA - unknown status
entity OCSPCA3
  type Intermediate
  issuer OCSPRoot
  serial 3
  ocsp offline
  export_key

#EE - OK
entity OCSPEE11
  type EE
  issuer OCSPCA1
  serial 1
  ocsp online

#EE - revoked on OCSP
entity OCSPEE12
  type EE
  issuer OCSPCA1
  serial 2
  ocsp online

#EE - revoked on CRL
entity OCSPEE13
  type EE
  issuer OCSPCA1
  serial 3
  ocsp online

#EE - revoked on OCSP and CRL
entity OCSPEE14
  type EE
  issuer OCSPCA1
  serial 4
  ocsp online

#EE - unknown status
entity OCSPEE15
  type EE
  issuer OCSPCA1
  serial 5
  ocsp offline

#EE - valid EE, revoked CA
entity OCSPEE21
  type EE
  issuer OCSPCA2
  serial 1
  ocsp online

#EE - revoked EE, revoked CA
entity OCSPEE22
  type EE 
  issuer OCSPCA2 
  serial 2
  ocsp online

#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE23
  type EE 
  issuer OCSPCA2 
  serial 3
  ocsp offline

#EE - valid EE, CA pointing to invalid OCSP
entity OCSPEE31
  type EE
  issuer OCSPCA3
  serial 1
  ocsp online

#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE32
  type EE 
  issuer OCSPCA3 
  serial 2
  ocsp online

#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
entity OCSPEE33
  type EE 
  issuer OCSPCA3 
  serial 3
  ocsp offline

crl OCSPRoot

revoke OCSPRoot
  serial 2

crl OCSPCA1

revoke OCSPCA1
  serial 2

revoke OCSPCA1
  serial 4

crl OCSPCA2

revoke OCSPCA2
  serial 2

revoke OCSPCA2
  serial 3

crl OCSPCA3

revoke OCSPCA3
  serial 2

revoke OCSPCA3
  serial 3

# Used for running a single OCSP server (httpserv) instance that can
# handle multiple CAs, e.g.:
# httpserv -p 8641 -d . -f dbpasswd \
#   -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
#   -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
db Server
import OCSPRoot::CT,C,C
import_key OCSPRoot
import_key OCSPCA1
import_key OCSPCA2
import_key OCSPCA3

# A DB containing all certs, but no keys.
# Useful for manual OCSP client testing, e.g.:
# ocspclnt -d .  -S OCSPEE12OCSPCA1 -u s
db Client
import OCSPRoot::CT,C,C
import OCSPCA1OCSPRoot::
import OCSPCA2OCSPRoot::
import OCSPCA3OCSPRoot::
import OCSPEE11OCSPCA1::
import OCSPEE12OCSPCA1::
import OCSPEE13OCSPCA1::
import OCSPEE14OCSPCA1::
import OCSPEE15OCSPCA1::
import OCSPEE21OCSPCA2::
import OCSPEE22OCSPCA2::
import OCSPEE23OCSPCA2::
import OCSPEE31OCSPCA3::
import OCSPEE32OCSPCA3::
import OCSPEE33OCSPCA3::
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`# This Source Code Form is subject to the terms of the Mozilla Public`
			`# License, v. 2.0. If a copy of the MPL was not distributed with this`
			`# file, You can obtain one at http://mozilla.org/MPL/2.0/.`

first commit 2015-10-21 05:03:22 +02:00			`scenario OCSPD`

			`#root CA`
			`entity OCSPRoot`
			`type Root`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`export_key`
first commit 2015-10-21 05:03:22 +02:00
			`#CA - OK`
			`entity OCSPCA1`
			`type Intermediate`
			`issuer OCSPRoot`
			`serial 1`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`
			`export_key`
first commit 2015-10-21 05:03:22 +02:00
			`#CA - revoked`
			`entity OCSPCA2`
			`type Intermediate`
			`issuer OCSPRoot`
			`serial 2`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`
			`export_key`
first commit 2015-10-21 05:03:22 +02:00
			`#CA - unknown status`
			`entity OCSPCA3`
			`type Intermediate`
			`issuer OCSPRoot`
			`serial 3`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp offline`
			`export_key`
first commit 2015-10-21 05:03:22 +02:00
			`#EE - OK`
			`entity OCSPEE11`
			`type EE`
			`issuer OCSPCA1`
			`serial 1`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`
first commit 2015-10-21 05:03:22 +02:00
			`#EE - revoked on OCSP`
			`entity OCSPEE12`
			`type EE`
			`issuer OCSPCA1`
			`serial 2`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`
first commit 2015-10-21 05:03:22 +02:00
			`#EE - revoked on CRL`
			`entity OCSPEE13`
			`type EE`
			`issuer OCSPCA1`
			`serial 3`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`
first commit 2015-10-21 05:03:22 +02:00
			`#EE - revoked on OCSP and CRL`
			`entity OCSPEE14`
			`type EE`
			`issuer OCSPCA1`
			`serial 4`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`
first commit 2015-10-21 05:03:22 +02:00
			`#EE - unknown status`
			`entity OCSPEE15`
			`type EE`
			`issuer OCSPCA1`
			`serial 5`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp offline`
first commit 2015-10-21 05:03:22 +02:00
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`#EE - valid EE, revoked CA`
first commit 2015-10-21 05:03:22 +02:00			`entity OCSPEE21`
			`type EE`
			`issuer OCSPCA2`
			`serial 1`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`

			`#EE - revoked EE, revoked CA`
			`entity OCSPEE22`
			`type EE`
			`issuer OCSPCA2`
			`serial 2`
			`ocsp online`

			`#EE - revoked EE, CA pointing to invalid OCSP`
			`entity OCSPEE23`
			`type EE`
			`issuer OCSPCA2`
			`serial 3`
			`ocsp offline`
first commit 2015-10-21 05:03:22 +02:00
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`#EE - valid EE, CA pointing to invalid OCSP`
first commit 2015-10-21 05:03:22 +02:00			`entity OCSPEE31`
			`type EE`
			`issuer OCSPCA3`
			`serial 1`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ocsp online`

			`#EE - revoked EE, CA pointing to invalid OCSP`
			`entity OCSPEE32`
			`type EE`
			`issuer OCSPCA3`
			`serial 2`
			`ocsp online`

			`#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP`
			`entity OCSPEE33`
			`type EE`
			`issuer OCSPCA3`
			`serial 3`
			`ocsp offline`
first commit 2015-10-21 05:03:22 +02:00
			`crl OCSPRoot`

			`revoke OCSPRoot`
			`serial 2`

			`crl OCSPCA1`

			`revoke OCSPCA1`
			`serial 2`

			`revoke OCSPCA1`
			`serial 4`

			`crl OCSPCA2`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00
			`revoke OCSPCA2`
			`serial 2`

			`revoke OCSPCA2`
			`serial 3`

first commit 2015-10-21 05:03:22 +02:00			`crl OCSPCA3`

NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`revoke OCSPCA3`
			`serial 2`

			`revoke OCSPCA3`
			`serial 3`

			`# Used for running a single OCSP server (httpserv) instance that can`
			`# handle multiple CAs, e.g.:`
			`# httpserv -p 8641 -d . -f dbpasswd \`
			`# -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \`
			`# -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl`
			`db Server`
			`import OCSPRoot::CT,C,C`
			`import_key OCSPRoot`
			`import_key OCSPCA1`
			`import_key OCSPCA2`
			`import_key OCSPCA3`

			`# A DB containing all certs, but no keys.`
			`# Useful for manual OCSP client testing, e.g.:`
			`# ocspclnt -d . -S OCSPEE12OCSPCA1 -u s`
			`db Client`
			`import OCSPRoot::CT,C,C`
			`import OCSPCA1OCSPRoot::`
			`import OCSPCA2OCSPRoot::`
			`import OCSPCA3OCSPRoot::`
			`import OCSPEE11OCSPCA1::`
			`import OCSPEE12OCSPCA1::`
			`import OCSPEE13OCSPCA1::`
			`import OCSPEE14OCSPCA1::`
			`import OCSPEE15OCSPCA1::`
			`import OCSPEE21OCSPCA2::`
			`import OCSPEE22OCSPCA2::`
			`import OCSPEE23OCSPCA2::`
			`import OCSPEE31OCSPCA3::`
			`import OCSPEE32OCSPCA3::`
			`import OCSPEE33OCSPCA3::`