cmp_http.c 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. /*
  2. * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <string.h>
  12. #include <stdio.h>
  13. #include <openssl/asn1t.h>
  14. #include <openssl/http.h>
  15. #include <openssl/cmp.h>
  16. #include "cmp_local.h"
  17. /* explicit #includes not strictly needed since implied by the above: */
  18. #include <ctype.h>
  19. #include <fcntl.h>
  20. #include <stdlib.h>
  21. #include <openssl/bio.h>
  22. #include <openssl/buffer.h>
  23. #include <openssl/err.h>
  24. static int keep_alive(int keep_alive, int body_type)
  25. {
  26. if (keep_alive != 0
  27. /*
  28. * Ask for persistent connection only if may need more round trips.
  29. * Do so even with disableConfirm because polling might be needed.
  30. */
  31. && body_type != OSSL_CMP_PKIBODY_IR
  32. && body_type != OSSL_CMP_PKIBODY_CR
  33. && body_type != OSSL_CMP_PKIBODY_P10CR
  34. && body_type != OSSL_CMP_PKIBODY_KUR
  35. && body_type != OSSL_CMP_PKIBODY_POLLREQ)
  36. keep_alive = 0;
  37. return keep_alive;
  38. }
  39. /*
  40. * Send the PKIMessage req and on success return the response, else NULL.
  41. */
  42. OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
  43. const OSSL_CMP_MSG *req)
  44. {
  45. char server_port[32] = { '\0' };
  46. STACK_OF(CONF_VALUE) *headers = NULL;
  47. const char content_type_pkix[] = "application/pkixcmp";
  48. int tls_used;
  49. const ASN1_ITEM *it = ASN1_ITEM_rptr(OSSL_CMP_MSG);
  50. BIO *req_mem, *rsp;
  51. OSSL_CMP_MSG *res = NULL;
  52. if (ctx == NULL || req == NULL) {
  53. ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
  54. return NULL;
  55. }
  56. if (!X509V3_add_value("Pragma", "no-cache", &headers))
  57. return NULL;
  58. if ((req_mem = ASN1_item_i2d_mem_bio(it, (const ASN1_VALUE *)req)) == NULL)
  59. goto err;
  60. if (ctx->serverPort != 0)
  61. BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort);
  62. tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL;
  63. if (ctx->http_ctx == NULL)
  64. ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s",
  65. ctx->server, server_port, tls_used ? " using TLS" : "");
  66. rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port,
  67. ctx->serverPath, tls_used,
  68. ctx->proxy, ctx->no_proxy,
  69. NULL /* bio */, NULL /* rbio */,
  70. ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx),
  71. 0 /* buf_size */, headers,
  72. content_type_pkix, req_mem,
  73. content_type_pkix, 1 /* expect_asn1 */,
  74. OSSL_HTTP_DEFAULT_MAX_RESP_LEN,
  75. ctx->msg_timeout,
  76. keep_alive(ctx->keep_alive, req->body->type));
  77. BIO_free(req_mem);
  78. res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL);
  79. BIO_free(rsp);
  80. if (ctx->http_ctx == NULL)
  81. ossl_cmp_debug(ctx, "disconnected from CMP server");
  82. /*
  83. * Note that on normal successful end of the transaction the connection
  84. * is not closed at this level, but this will be done by the CMP client
  85. * application via OSSL_CMP_CTX_free() or OSSL_CMP_CTX_reinit().
  86. */
  87. if (res != NULL)
  88. ossl_cmp_debug(ctx, "finished reading response from CMP server");
  89. err:
  90. sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
  91. return res;
  92. }