# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

scenario OCSPD

#root CA
entity OCSPRoot
  type Root
  export_key

#CA - OK
entity OCSPCA1
  type Intermediate
  issuer OCSPRoot
  serial 1
  ocsp online
  export_key

#CA - revoked
entity OCSPCA2
  type Intermediate
  issuer OCSPRoot
  serial 2
  ocsp online
  export_key

#CA - unknown status
entity OCSPCA3
  type Intermediate
  issuer OCSPRoot
  serial 3
  ocsp offline
  export_key

#EE - OK
entity OCSPEE11
  type EE
  issuer OCSPCA1
  serial 1
  ocsp online

#EE - revoked on OCSP
entity OCSPEE12
  type EE
  issuer OCSPCA1
  serial 2
  ocsp online

#EE - revoked on CRL
entity OCSPEE13
  type EE
  issuer OCSPCA1
  serial 3
  ocsp online

#EE - revoked on OCSP and CRL
entity OCSPEE14
  type EE
  issuer OCSPCA1
  serial 4
  ocsp online

#EE - unknown status
entity OCSPEE15
  type EE
  issuer OCSPCA1
  serial 5
  ocsp offline

#EE - valid EE, revoked CA
entity OCSPEE21
  type EE
  issuer OCSPCA2
  serial 1
  ocsp online

#EE - revoked EE, revoked CA
entity OCSPEE22
  type EE 
  issuer OCSPCA2 
  serial 2
  ocsp online

#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE23
  type EE 
  issuer OCSPCA2 
  serial 3
  ocsp offline

#EE - valid EE, CA pointing to invalid OCSP
entity OCSPEE31
  type EE
  issuer OCSPCA3
  serial 1
  ocsp online

#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE32
  type EE 
  issuer OCSPCA3 
  serial 2
  ocsp online

#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
entity OCSPEE33
  type EE 
  issuer OCSPCA3 
  serial 3
  ocsp offline

crl OCSPRoot

revoke OCSPRoot
  serial 2

crl OCSPCA1

revoke OCSPCA1
  serial 2

revoke OCSPCA1
  serial 4

crl OCSPCA2

revoke OCSPCA2
  serial 2

revoke OCSPCA2
  serial 3

crl OCSPCA3

revoke OCSPCA3
  serial 2

revoke OCSPCA3
  serial 3

# Used for running a single OCSP server (httpserv) instance that can
# handle multiple CAs, e.g.:
# httpserv -p 8641 -d . -f dbpasswd \
#   -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
#   -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
db Server
import OCSPRoot::CT,C,C
import_key OCSPRoot
import_key OCSPCA1
import_key OCSPCA2
import_key OCSPCA3

# A DB containing all certs, but no keys.
# Useful for manual OCSP client testing, e.g.:
# ocspclnt -d .  -S OCSPEE12OCSPCA1 -u s
db Client
import OCSPRoot::CT,C,C
import OCSPCA1OCSPRoot::
import OCSPCA2OCSPRoot::
import OCSPCA3OCSPRoot::
import OCSPEE11OCSPCA1::
import OCSPEE12OCSPCA1::
import OCSPEE13OCSPCA1::
import OCSPEE14OCSPCA1::
import OCSPEE15OCSPCA1::
import OCSPEE21OCSPCA2::
import OCSPEE22OCSPCA2::
import OCSPEE23OCSPCA2::
import OCSPEE31OCSPCA3::
import OCSPEE32OCSPCA3::
import OCSPEE33OCSPCA3::