nss-3.41/nss/tests/chains/scenarios/ocspd.cfg - manifest_repos/nss - Git at Google

 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

 scenario OCSPD

 #root CA
 entity OCSPRoot
   type Root
   export_key

 #CA - OK
 entity OCSPCA1
   type Intermediate
   issuer OCSPRoot
   serial 1
   ocsp online
   export_key

 #CA - revoked
 entity OCSPCA2
   type Intermediate
   issuer OCSPRoot
   serial 2
   ocsp online
   export_key

 #CA - unknown status
 entity OCSPCA3
   type Intermediate
   issuer OCSPRoot
   serial 3
   ocsp offline
   export_key

 #EE - OK
 entity OCSPEE11
   type EE
   issuer OCSPCA1
   serial 1
   ocsp online

 #EE - revoked on OCSP
 entity OCSPEE12
   type EE
   issuer OCSPCA1
   serial 2
   ocsp online

 #EE - revoked on CRL
 entity OCSPEE13
   type EE
   issuer OCSPCA1
   serial 3
   ocsp online

 #EE - revoked on OCSP and CRL
 entity OCSPEE14
   type EE
   issuer OCSPCA1
   serial 4
   ocsp online

 #EE - unknown status
 entity OCSPEE15
   type EE
   issuer OCSPCA1
   serial 5
   ocsp offline

 #EE - valid EE, revoked CA
 entity OCSPEE21
   type EE
   issuer OCSPCA2
   serial 1
   ocsp online

 #EE - revoked EE, revoked CA
 entity OCSPEE22
   type EE
   issuer OCSPCA2
   serial 2
   ocsp online

 #EE - revoked EE, CA pointing to invalid OCSP
 entity OCSPEE23
   type EE
   issuer OCSPCA2
   serial 3
   ocsp offline

 #EE - valid EE, CA pointing to invalid OCSP
 entity OCSPEE31
   type EE
   issuer OCSPCA3
   serial 1
   ocsp online

 #EE - revoked EE, CA pointing to invalid OCSP
 entity OCSPEE32
   type EE
   issuer OCSPCA3
   serial 2
   ocsp online

 #EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
 entity OCSPEE33
   type EE
   issuer OCSPCA3
   serial 3
   ocsp offline

 crl OCSPRoot

 revoke OCSPRoot
   serial 2

 crl OCSPCA1

 revoke OCSPCA1
   serial 2

 revoke OCSPCA1
   serial 4

 crl OCSPCA2

 revoke OCSPCA2
   serial 2

 revoke OCSPCA2
   serial 3

 crl OCSPCA3

 revoke OCSPCA3
   serial 2

 revoke OCSPCA3
   serial 3

 # Used for running a single OCSP server (httpserv) instance that can
 # handle multiple CAs, e.g.:
 # httpserv -p 8641 -d . -f dbpasswd \
 #   -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
 #   -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
 db Server
 import OCSPRoot::CT,C,C
 import_key OCSPRoot
 import_key OCSPCA1
 import_key OCSPCA2
 import_key OCSPCA3

 # A DB containing all certs, but no keys.
 # Useful for manual OCSP client testing, e.g.:
 # ocspclnt -d .  -S OCSPEE12OCSPCA1 -u s
 db Client
 import OCSPRoot::CT,C,C
 import OCSPCA1OCSPRoot::
 import OCSPCA2OCSPRoot::
 import OCSPCA3OCSPRoot::
 import OCSPEE11OCSPCA1::
 import OCSPEE12OCSPCA1::
 import OCSPEE13OCSPCA1::
 import OCSPEE14OCSPCA1::
 import OCSPEE15OCSPCA1::
 import OCSPEE21OCSPCA2::
 import OCSPEE22OCSPCA2::
 import OCSPEE23OCSPCA2::
 import OCSPEE31OCSPCA3::
 import OCSPEE32OCSPCA3::
 import OCSPEE33OCSPCA3::
	# This Source Code Form is subject to the terms of the Mozilla Public
	# License, v. 2.0. If a copy of the MPL was not distributed with this
	# file, You can obtain one at http://mozilla.org/MPL/2.0/.

	scenario OCSPD

	#root CA
	entity OCSPRoot
	type Root
	export_key

	#CA - OK
	entity OCSPCA1
	type Intermediate
	issuer OCSPRoot
	serial 1
	ocsp online
	export_key

	#CA - revoked
	entity OCSPCA2
	type Intermediate
	issuer OCSPRoot
	serial 2
	ocsp online
	export_key

	#CA - unknown status
	entity OCSPCA3
	type Intermediate
	issuer OCSPRoot
	serial 3
	ocsp offline
	export_key

	#EE - OK
	entity OCSPEE11
	type EE
	issuer OCSPCA1
	serial 1
	ocsp online

	#EE - revoked on OCSP
	entity OCSPEE12
	type EE
	issuer OCSPCA1
	serial 2
	ocsp online

	#EE - revoked on CRL
	entity OCSPEE13
	type EE
	issuer OCSPCA1
	serial 3
	ocsp online

	#EE - revoked on OCSP and CRL
	entity OCSPEE14
	type EE
	issuer OCSPCA1
	serial 4
	ocsp online

	#EE - unknown status
	entity OCSPEE15
	type EE
	issuer OCSPCA1
	serial 5
	ocsp offline

	#EE - valid EE, revoked CA
	entity OCSPEE21
	type EE
	issuer OCSPCA2
	serial 1
	ocsp online

	#EE - revoked EE, revoked CA
	entity OCSPEE22
	type EE
	issuer OCSPCA2
	serial 2
	ocsp online

	#EE - revoked EE, CA pointing to invalid OCSP
	entity OCSPEE23
	type EE
	issuer OCSPCA2
	serial 3
	ocsp offline

	#EE - valid EE, CA pointing to invalid OCSP
	entity OCSPEE31
	type EE
	issuer OCSPCA3
	serial 1
	ocsp online

	#EE - revoked EE, CA pointing to invalid OCSP
	entity OCSPEE32
	type EE
	issuer OCSPCA3
	serial 2
	ocsp online

	#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
	entity OCSPEE33
	type EE
	issuer OCSPCA3
	serial 3
	ocsp offline

	crl OCSPRoot

	revoke OCSPRoot
	serial 2

	crl OCSPCA1

	revoke OCSPCA1
	serial 2

	revoke OCSPCA1
	serial 4

	crl OCSPCA2

	revoke OCSPCA2
	serial 2

	revoke OCSPCA2
	serial 3

	crl OCSPCA3

	revoke OCSPCA3
	serial 2

	revoke OCSPCA3
	serial 3

	# Used for running a single OCSP server (httpserv) instance that can
	# handle multiple CAs, e.g.:
	# httpserv -p 8641 -d . -f dbpasswd \
	# -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
	# -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
	db Server
	import OCSPRoot::CT,C,C
	import_key OCSPRoot
	import_key OCSPCA1
	import_key OCSPCA2
	import_key OCSPCA3

	# A DB containing all certs, but no keys.
	# Useful for manual OCSP client testing, e.g.:
	# ocspclnt -d . -S OCSPEE12OCSPCA1 -u s
	db Client
	import OCSPRoot::CT,C,C
	import OCSPCA1OCSPRoot::
	import OCSPCA2OCSPRoot::
	import OCSPCA3OCSPRoot::
	import OCSPEE11OCSPCA1::
	import OCSPEE12OCSPCA1::
	import OCSPEE13OCSPCA1::
	import OCSPEE14OCSPCA1::
	import OCSPEE15OCSPCA1::
	import OCSPEE21OCSPCA2::
	import OCSPEE22OCSPCA2::
	import OCSPEE23OCSPCA2::
	import OCSPEE31OCSPCA3::
	import OCSPEE32OCSPCA3::
	import OCSPEE33OCSPCA3::