123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670 |
- /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright Siemens AG 2018-2020
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or atf
- * https://www.openssl.org/source/license.html
- */
- #include "apps.h"
- #include "cmp_mock_srv.h"
- #include <openssl/cmp.h>
- #include <openssl/err.h>
- #include <openssl/cmperr.h>
- /* the context for the CMP mock server */
- typedef struct
- {
- X509 *refCert; /* cert to expect for oldCertID in kur/rr msg */
- X509 *certOut; /* certificate to be returned in cp/ip/kup msg */
- X509_CRL *crlOut; /* CRL to be returned in genp for crls */
- STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
- STACK_OF(X509) *caPubsOut; /* used in caPubs of ip and in caCerts of genp */
- X509 *newWithNew; /* to return in newWithNew of rootKeyUpdate */
- X509 *newWithOld; /* to return in newWithOld of rootKeyUpdate */
- X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */
- OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
- int sendError; /* send error response on given request type */
- OSSL_CMP_MSG *req; /* original request message during polling */
- int pollCount; /* number of polls before actual cert response */
- int curr_pollCount; /* number of polls so far for current request */
- int checkAfterTime; /* time the client should wait between polling */
- } mock_srv_ctx;
- static void mock_srv_ctx_free(mock_srv_ctx *ctx)
- {
- if (ctx == NULL)
- return;
- OSSL_CMP_PKISI_free(ctx->statusOut);
- X509_free(ctx->refCert);
- X509_free(ctx->certOut);
- OSSL_STACK_OF_X509_free(ctx->chainOut);
- OSSL_STACK_OF_X509_free(ctx->caPubsOut);
- OSSL_CMP_MSG_free(ctx->req);
- OPENSSL_free(ctx);
- }
- static mock_srv_ctx *mock_srv_ctx_new(void)
- {
- mock_srv_ctx *ctx = OPENSSL_zalloc(sizeof(mock_srv_ctx));
- if (ctx == NULL)
- goto err;
- if ((ctx->statusOut = OSSL_CMP_PKISI_new()) == NULL)
- goto err;
- ctx->sendError = -1;
- /* all other elements are initialized to 0 or NULL, respectively */
- return ctx;
- err:
- mock_srv_ctx_free(ctx);
- return NULL;
- }
- #define DEFINE_OSSL_SET1_CERT(FIELD) \
- int ossl_cmp_mock_srv_set1_##FIELD(OSSL_CMP_SRV_CTX *srv_ctx, \
- X509 *cert) \
- { \
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); \
- \
- if (ctx == NULL) { \
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
- return 0; \
- } \
- if (cert == NULL || X509_up_ref(cert)) { \
- X509_free(ctx->FIELD); \
- ctx->FIELD = cert; \
- return 1; \
- } \
- return 0; \
- }
- DEFINE_OSSL_SET1_CERT(refCert)
- DEFINE_OSSL_SET1_CERT(certOut)
- int ossl_cmp_mock_srv_set1_crlOut(OSSL_CMP_SRV_CTX *srv_ctx,
- X509_CRL *crl)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if (crl != NULL && !X509_CRL_up_ref(crl))
- return 0;
- X509_CRL_free(ctx->crlOut);
- ctx->crlOut = crl;
- return 1;
- }
- int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *chain)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- STACK_OF(X509) *chain_copy = NULL;
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL)
- return 0;
- OSSL_STACK_OF_X509_free(ctx->chainOut);
- ctx->chainOut = chain_copy;
- return 1;
- }
- int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *caPubs)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- STACK_OF(X509) *caPubs_copy = NULL;
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL)
- return 0;
- OSSL_STACK_OF_X509_free(ctx->caPubsOut);
- ctx->caPubsOut = caPubs_copy;
- return 1;
- }
- DEFINE_OSSL_SET1_CERT(newWithNew)
- DEFINE_OSSL_SET1_CERT(newWithOld)
- DEFINE_OSSL_SET1_CERT(oldWithNew)
- int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
- int fail_info, const char *text)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- OSSL_CMP_PKISI *si;
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, text)) == NULL)
- return 0;
- OSSL_CMP_PKISI_free(ctx->statusOut);
- ctx->statusOut = si;
- return 1;
- }
- int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- /* might check bodytype, but this would require exporting all body types */
- ctx->sendError = bodytype;
- return 1;
- }
- int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if (count < 0) {
- ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
- return 0;
- }
- ctx->pollCount = count;
- return 1;
- }
- int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- ctx->checkAfterTime = sec;
- return 1;
- }
- /* determine whether to delay response to (non-polling) request */
- static int delayed_delivery(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- int req_type = OSSL_CMP_MSG_get_bodytype(req);
- if (ctx == NULL || req == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return -1;
- }
- /*
- * For ir/cr/p10cr/kur delayed delivery is handled separately in
- * process_cert_request
- */
- if (req_type == OSSL_CMP_IR
- || req_type == OSSL_CMP_CR
- || req_type == OSSL_CMP_P10CR
- || req_type == OSSL_CMP_KUR
- /* Client may use error to abort the ongoing polling */
- || req_type == OSSL_CMP_ERROR)
- return 0;
- if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {
- /* start polling */
- if ((ctx->req = OSSL_CMP_MSG_dup(req)) == NULL)
- return -1;
- return 1;
- }
- return 0;
- }
- /* check for matching reference cert components, as far as given */
- static int refcert_cmp(const X509 *refcert,
- const X509_NAME *issuer, const ASN1_INTEGER *serial)
- {
- const X509_NAME *ref_issuer;
- const ASN1_INTEGER *ref_serial;
- if (refcert == NULL)
- return 1;
- ref_issuer = X509_get_issuer_name(refcert);
- ref_serial = X509_get0_serialNumber(refcert);
- return (ref_issuer == NULL || X509_NAME_cmp(issuer, ref_issuer) == 0)
- && (ref_serial == NULL || ASN1_INTEGER_cmp(serial, ref_serial) == 0);
- }
- /* reset the state that belongs to a transaction */
- static int clean_transaction(OSSL_CMP_SRV_CTX *srv_ctx,
- ossl_unused const ASN1_OCTET_STRING *id)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- ctx->curr_pollCount = 0;
- OSSL_CMP_MSG_free(ctx->req);
- ctx->req = NULL;
- return 1;
- }
- static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *cert_req,
- ossl_unused int certReqId,
- const OSSL_CRMF_MSG *crm,
- const X509_REQ *p10cr,
- X509 **certOut,
- STACK_OF(X509) **chainOut,
- STACK_OF(X509) **caPubs)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- int bodytype;
- OSSL_CMP_PKISI *si = NULL;
- if (ctx == NULL || cert_req == NULL
- || certOut == NULL || chainOut == NULL || caPubs == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return NULL;
- }
- bodytype = OSSL_CMP_MSG_get_bodytype(cert_req);
- if (ctx->sendError == 1 || ctx->sendError == bodytype) {
- ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
- return NULL;
- }
- *certOut = NULL;
- *chainOut = NULL;
- *caPubs = NULL;
- if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {
- /* start polling */
- if ((ctx->req = OSSL_CMP_MSG_dup(cert_req)) == NULL)
- return NULL;
- return OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_waiting, 0, NULL);
- }
- if (ctx->curr_pollCount >= ctx->pollCount)
- /* give final response after polling */
- ctx->curr_pollCount = 0;
- /* accept cert profile for cr messages only with the configured name */
- if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_CR) {
- STACK_OF(OSSL_CMP_ITAV) *itavs =
- OSSL_CMP_HDR_get0_geninfo_ITAVs(OSSL_CMP_MSG_get0_header(cert_req));
- int i;
- for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
- OSSL_CMP_ITAV *itav = sk_OSSL_CMP_ITAV_value(itavs, i);
- ASN1_OBJECT *obj = OSSL_CMP_ITAV_get0_type(itav);
- STACK_OF(ASN1_UTF8STRING) *strs;
- ASN1_UTF8STRING *str;
- const char *data;
- if (OBJ_obj2nid(obj) == NID_id_it_certProfile) {
- if (!OSSL_CMP_ITAV_get0_certProfile(itav, &strs))
- return NULL;
- if (sk_ASN1_UTF8STRING_num(strs) < 1) {
- ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);
- return NULL;
- }
- str = sk_ASN1_UTF8STRING_value(strs, 0);
- if (str == NULL
- || (data =
- (const char *)ASN1_STRING_get0_data(str)) == NULL) {
- ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
- return NULL;
- }
- if (strcmp(data, "profile1") != 0) {
- ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);
- return NULL;
- }
- break;
- }
- }
- }
- /* accept cert update request only for the reference cert, if given */
- if (bodytype == OSSL_CMP_KUR
- && crm != NULL /* thus not p10cr */ && ctx->refCert != NULL) {
- const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm);
- if (cid == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID);
- return NULL;
- }
- if (!refcert_cmp(ctx->refCert,
- OSSL_CRMF_CERTID_get0_issuer(cid),
- OSSL_CRMF_CERTID_get0_serialNumber(cid))) {
- ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID);
- return NULL;
- }
- }
- if (ctx->certOut != NULL
- && (*certOut = X509_dup(ctx->certOut)) == NULL)
- /* Should return a cert produced from request template, see FR #16054 */
- goto err;
- if (ctx->chainOut != NULL
- && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)
- goto err;
- if (ctx->caPubsOut != NULL /* OSSL_CMP_PKIBODY_IP not visible here */
- && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL)
- goto err;
- if (ctx->statusOut != NULL
- && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL)
- goto err;
- return si;
- err:
- X509_free(*certOut);
- *certOut = NULL;
- OSSL_STACK_OF_X509_free(*chainOut);
- *chainOut = NULL;
- OSSL_STACK_OF_X509_free(*caPubs);
- *caPubs = NULL;
- return NULL;
- }
- static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *rr,
- const X509_NAME *issuer,
- const ASN1_INTEGER *serial)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (ctx == NULL || rr == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return NULL;
- }
- if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
- ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
- return NULL;
- }
- /* allow any RR derived from CSR which does not include issuer and serial */
- if ((issuer != NULL || serial != NULL)
- /* accept revocation only for the reference cert, if given */
- && !refcert_cmp(ctx->refCert, issuer, serial)) {
- ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED,
- "wrong certificate to revoke");
- return NULL;
- }
- return OSSL_CMP_PKISI_dup(ctx->statusOut);
- }
- /* return -1 for error, 0 for no update available */
- static int check_client_crl(const STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList,
- const X509_CRL *crl)
- {
- OSSL_CMP_CRLSTATUS *crlstatus;
- DIST_POINT_NAME *dpn = NULL;
- GENERAL_NAMES *issuer = NULL;
- ASN1_TIME *thisupd = NULL;
- if (sk_OSSL_CMP_CRLSTATUS_num(crlStatusList) != 1) {
- ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CRLSTATUSLIST);
- return -1;
- }
- if (crl == NULL)
- return 0;
- crlstatus = sk_OSSL_CMP_CRLSTATUS_value(crlStatusList, 0);
- if (!OSSL_CMP_CRLSTATUS_get0(crlstatus, &dpn, &issuer, &thisupd))
- return -1;
- if (issuer != NULL) {
- GENERAL_NAME *gn = sk_GENERAL_NAME_value(issuer, 0);
- if (gn != NULL && gn->type == GEN_DIRNAME) {
- X509_NAME *gen_name = gn->d.dirn;
- if (X509_NAME_cmp(gen_name, X509_CRL_get_issuer(crl)) != 0) {
- ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_CRL_ISSUER);
- return -1;
- }
- } else {
- ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
- return -1; /* error according to RFC 9483 section 4.3.4 */
- }
- }
- return thisupd == NULL
- || ASN1_TIME_compare(thisupd, X509_CRL_get0_lastUpdate(crl)) < 0;
- }
- static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,
- const OSSL_CMP_ITAV *req)
- {
- OSSL_CMP_ITAV *rsp;
- switch (req_nid) {
- case NID_id_it_caCerts:
- rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut);
- break;
- case NID_id_it_rootCaCert:
- {
- X509 *rootcacert = NULL;
- if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))
- return NULL;
- if (rootcacert != NULL
- && X509_NAME_cmp(X509_get_subject_name(rootcacert),
- X509_get_subject_name(ctx->newWithNew)) != 0)
- /* The subjects do not match */
- rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);
- else
- rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
- ctx->newWithOld,
- ctx->oldWithNew);
- }
- break;
- case NID_id_it_crlStatusList:
- {
- STACK_OF(OSSL_CMP_CRLSTATUS) *crlstatuslist = NULL;
- int res = 0;
- if (!OSSL_CMP_ITAV_get0_crlStatusList(req, &crlstatuslist))
- return NULL;
- res = check_client_crl(crlstatuslist, ctx->crlOut);
- if (res < 0)
- rsp = NULL;
- else
- rsp = OSSL_CMP_ITAV_new_crls(res == 0 ? NULL : ctx->crlOut);
- }
- break;
- default:
- rsp = OSSL_CMP_ITAV_dup(req);
- }
- return rsp;
- }
- static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *genm,
- const STACK_OF(OSSL_CMP_ITAV) *in,
- STACK_OF(OSSL_CMP_ITAV) **out)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (ctx == NULL || genm == NULL || in == NULL || out == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
- || sk_OSSL_CMP_ITAV_num(in) > 1) {
- ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
- return 0;
- }
- if (sk_OSSL_CMP_ITAV_num(in) == 1) {
- OSSL_CMP_ITAV *req = sk_OSSL_CMP_ITAV_value(in, 0), *rsp;
- ASN1_OBJECT *obj = OSSL_CMP_ITAV_get0_type(req);
- if ((*out = sk_OSSL_CMP_ITAV_new_reserve(NULL, 1)) == NULL)
- return 0;
- rsp = process_genm_itav(ctx, OBJ_obj2nid(obj), req);
- if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))
- return 1;
- sk_OSSL_CMP_ITAV_free(*out);
- return 0;
- }
- *out = sk_OSSL_CMP_ITAV_deep_copy(in, OSSL_CMP_ITAV_dup,
- OSSL_CMP_ITAV_free);
- return *out != NULL;
- }
- static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
- const OSSL_CMP_PKISI *statusInfo,
- const ASN1_INTEGER *errorCode,
- const OSSL_CMP_PKIFREETEXT *errorDetails)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- char buf[OSSL_CMP_PKISI_BUFLEN];
- char *sibuf;
- int i;
- if (ctx == NULL || error == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return;
- }
- BIO_printf(bio_err, "mock server received error:\n");
- if (statusInfo == NULL) {
- BIO_printf(bio_err, "pkiStatusInfo absent\n");
- } else {
- sibuf = OSSL_CMP_snprint_PKIStatusInfo(statusInfo, buf, sizeof(buf));
- BIO_printf(bio_err, "pkiStatusInfo: %s\n",
- sibuf != NULL ? sibuf: "<invalid>");
- }
- if (errorCode == NULL)
- BIO_printf(bio_err, "errorCode absent\n");
- else
- BIO_printf(bio_err, "errorCode: %ld\n", ASN1_INTEGER_get(errorCode));
- if (sk_ASN1_UTF8STRING_num(errorDetails) <= 0) {
- BIO_printf(bio_err, "errorDetails absent\n");
- } else {
- BIO_printf(bio_err, "errorDetails: ");
- for (i = 0; i < sk_ASN1_UTF8STRING_num(errorDetails); i++) {
- if (i > 0)
- BIO_printf(bio_err, ", ");
- ASN1_STRING_print_ex(bio_err,
- sk_ASN1_UTF8STRING_value(errorDetails, i),
- ASN1_STRFLGS_ESC_QUOTE);
- }
- BIO_printf(bio_err, "\n");
- }
- }
- static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *certConf,
- ossl_unused int certReqId,
- const ASN1_OCTET_STRING *certHash,
- const OSSL_CMP_PKISI *si)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- ASN1_OCTET_STRING *digest;
- if (ctx == NULL || certConf == NULL || certHash == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
- || ctx->certOut == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
- return 0;
- }
- if ((digest = X509_digest_sig(ctx->certOut, NULL, NULL)) == NULL)
- return 0;
- if (ASN1_OCTET_STRING_cmp(certHash, digest) != 0) {
- ASN1_OCTET_STRING_free(digest);
- ERR_raise(ERR_LIB_CMP, CMP_R_CERTHASH_UNMATCHED);
- return 0;
- }
- ASN1_OCTET_STRING_free(digest);
- return 1;
- }
- /* return 0 on failure, 1 on success, setting *req or otherwise *check_after */
- static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *pollReq,
- ossl_unused int certReqId,
- OSSL_CMP_MSG **req, int64_t *check_after)
- {
- mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
- if (req != NULL)
- *req = NULL;
- if (ctx == NULL || pollReq == NULL
- || req == NULL || check_after == NULL) {
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
- ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
- return 0;
- }
- if (ctx->req == NULL) { /* not currently in polling mode */
- ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_POLLREQ);
- return 0;
- }
- if (++ctx->curr_pollCount >= ctx->pollCount) {
- /* end polling */
- *req = ctx->req;
- ctx->req = NULL;
- *check_after = 0;
- } else {
- *check_after = ctx->checkAfterTime;
- }
- return 1;
- }
- OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)
- {
- OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq);
- mock_srv_ctx *ctx = mock_srv_ctx_new();
- if (srv_ctx != NULL && ctx != NULL
- && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request,
- process_rr, process_genm, process_error,
- process_certConf, process_pollReq)
- && OSSL_CMP_SRV_CTX_init_trans(srv_ctx,
- delayed_delivery, clean_transaction))
- return srv_ctx;
- mock_srv_ctx_free(ctx);
- OSSL_CMP_SRV_CTX_free(srv_ctx);
- return NULL;
- }
- void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx)
- {
- if (srv_ctx != NULL)
- mock_srv_ctx_free(OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx));
- OSSL_CMP_SRV_CTX_free(srv_ctx);
- }
|