# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

scenario OCSP

check_ocsp OCSPEE11OCSPCA1:d

db OCSPRoot
import OCSPRoot:d:CT,C,C

db OCSPCA1
import_key OCSPCA1

crl OCSPCA1

revoke OCSPCA1
  serial 3

revoke OCSPCA1
  serial 4 

testdb OCSPRoot

#EE - OK, CA - OK
verify OCSPEE11OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_flags requireFreshInfo
  rev_mtype ocsp
  result pass

#EE - revoked, CA - OK
verify OCSPEE12OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_flags requireFreshInfo
  rev_mtype ocsp
  result fail

#EE - unknown 
verify OCSPEE15OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_mtype ocsp
  result pass

#EE - unknown, requireFreshInfo
verify OCSPEE15OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_flags requireFreshInfo
  rev_mtype ocsp
  result fail

#EE - OK, CA - revoked, leaf, no fresh info
verify OCSPEE21OCSPCA2:d
  cert OCSPCA2OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_mtype ocsp
  result pass

#EE - OK, CA - revoked, leaf, requireFreshInfo
verify OCSPEE21OCSPCA2:d
  cert OCSPCA2OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_flags requireFreshInfo
  rev_mtype ocsp
  result fail

#EE - OK, CA - revoked, chain, requireFreshInfo
verify OCSPEE21OCSPCA2:d
  cert OCSPCA2OCSPRoot:d
  trust OCSPRoot
  rev_type chain
  rev_flags requireFreshInfo
  rev_mtype ocsp
  result fail

#EE - OK, CA - unknown
verify OCSPEE31OCSPCA3:d
  cert OCSPCA3OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_mtype ocsp
  result pass

#EE - OK, CA - unknown, requireFreshInfo
verify OCSPEE31OCSPCA3:d
  cert OCSPCA3OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_flags requireFreshInfo
  rev_mtype ocsp
  result fail

#EE - revoked, doNotUse
verify OCSPEE12OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_mtype ocsp
  rev_mflags doNotUse
  result pass

#EE - revoked, forbidFetching
verify OCSPEE12OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_mtype ocsp
  rev_mflags forbidFetching
  result pass

#EE - unknown status, failIfNoInfo
verify OCSPEE15OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_mtype ocsp
  rev_mflags failIfNoInfo
  result fail

#EE - OK, CA - revoked, leaf, failIfNoInfo
verify OCSPEE21OCSPCA2:d
  cert OCSPCA2OCSPRoot:d
  trust OCSPRoot
  rev_type leaf
  rev_mtype ocsp
  rev_mflags failIfNoInfo
  result fail

testdb OCSPCA1

#EE - OK on OCSP, revoked locally - should fail ??
# two things about this test: crl is not imported into the db and
# cert 13 is not revoked by crl.
verify OCSPEE13OCSPCA1:d
  cert OCSPCA1OCSPRoot:d
  trust OCSPCA1
  rev_type leaf
  rev_flags testLocalInfoFirst
  rev_mtype ocsp
  result pass

db OCSPRoot1
import OCSPRoot:d:CT,C,C

verify OCSPEE23OCSPCA2:d
  cert OCSPCA2OCSPRoot:d
  trust OCSPRoot
  rev_type chain
  rev_mtype ocsp
  rev_type leaf
  rev_mtype ocsp
  result fail

db OCSPRoot2
import OCSPRoot:d:T,,

# bug 527438
# expected result of this test is FAIL
verify OCSPEE23OCSPCA2:d
  cert OCSPCA2OCSPRoot:d
  trust OCSPRoot
  rev_type chain
  rev_mtype ocsp
  rev_type leaf
  rev_mtype ocsp
  result pass