2
0

OSSL_CMP_SRV_CTX_new.pod 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196
  1. =pod
  2. =head1 NAME
  3. OSSL_CMP_SRV_process_request,
  4. OSSL_CMP_CTX_server_perform,
  5. OSSL_CMP_SRV_CTX_new,
  6. OSSL_CMP_SRV_CTX_free,
  7. OSSL_CMP_SRV_cert_request_cb_t,
  8. OSSL_CMP_SRV_rr_cb_t,
  9. OSSL_CMP_SRV_certConf_cb_t,
  10. OSSL_CMP_SRV_genm_cb_t,
  11. OSSL_CMP_SRV_error_cb_t,
  12. OSSL_CMP_SRV_pollReq_cb_t,
  13. OSSL_CMP_SRV_CTX_init,
  14. OSSL_CMP_SRV_delayed_delivery_cb_t,
  15. OSSL_CMP_SRV_clean_transaction_cb_t,
  16. OSSL_CMP_SRV_CTX_init_trans,
  17. OSSL_CMP_SRV_CTX_get0_cmp_ctx,
  18. OSSL_CMP_SRV_CTX_get0_custom_ctx,
  19. OSSL_CMP_SRV_CTX_set_send_unprotected_errors,
  20. OSSL_CMP_SRV_CTX_set_accept_unprotected,
  21. OSSL_CMP_SRV_CTX_set_accept_raverified,
  22. OSSL_CMP_SRV_CTX_set_grant_implicit_confirm
  23. - generic functions to set up and control a CMP server
  24. =head1 SYNOPSIS
  25. #include <openssl/cmp.h>
  26. OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
  27. const OSSL_CMP_MSG *req);
  28. OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
  29. const OSSL_CMP_MSG *req);
  30. OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
  31. void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
  32. typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)(
  33. OSSL_CMP_SRV_CTX *srv_ctx,
  34. const OSSL_CMP_MSG *req,
  35. int certReqId,
  36. const OSSL_CRMF_MSG *crm,
  37. const X509_REQ *p10cr,
  38. X509 **certOut,
  39. STACK_OF(X509) **chainOut,
  40. STACK_OF(X509) **caPubs);
  41. typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  42. const OSSL_CMP_MSG *req,
  43. const X509_NAME *issuer,
  44. const ASN1_INTEGER *serial);
  45. typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  46. const OSSL_CMP_MSG *req,
  47. STACK_OF(OSSL_CMP_ITAV) *in,
  48. STACK_OF(OSSL_CMP_ITAV) **out);
  49. typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  50. const OSSL_CMP_MSG *req,
  51. const OSSL_CMP_PKISI *statusInfo,
  52. const ASN1_INTEGER *errorCode,
  53. const OSSL_CMP_PKIFREETEXT *errorDetails);
  54. typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  55. const OSSL_CMP_MSG *req,
  56. int certReqId,
  57. const ASN1_OCTET_STRING *certHash,
  58. const OSSL_CMP_PKISI *si);
  59. typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  60. const OSSL_CMP_MSG *req,
  61. int certReqId,
  62. OSSL_CMP_MSG **certReq,
  63. int64_t *check_after);
  64. int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
  65. OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
  66. OSSL_CMP_SRV_rr_cb_t process_rr,
  67. OSSL_CMP_SRV_genm_cb_t process_genm,
  68. OSSL_CMP_SRV_error_cb_t process_error,
  69. OSSL_CMP_SRV_certConf_cb_t process_certConf,
  70. OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
  71. typedef int (*OSSL_CMP_SRV_delayed_delivery_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  72. const OSSL_CMP_MSG *req);
  73. typedef int (*OSSL_CMP_SRV_clean_transaction_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  74. const ASN1_OCTET_STRING *id);
  75. int OSSL_CMP_SRV_CTX_init_trans(OSSL_CMP_SRV_CTX *srv_ctx,
  76. OSSL_CMP_SRV_delayed_delivery_cb_t delay,
  77. OSSL_CMP_SRV_clean_transaction_cb_t clean);
  78. OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
  79. void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
  80. int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
  81. int val);
  82. int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
  83. int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
  84. int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
  85. int val);
  86. =head1 DESCRIPTION
  87. OSSL_CMP_SRV_process_request() implements the generic aspects of a CMP server.
  88. Its arguments are the B<OSSL_CMP_SRV_CTX> I<srv_ctx> and the CMP request message
  89. I<req>. It does the typical generic checks on I<req>, calls
  90. the respective callback function (if present) for more specific processing,
  91. and then assembles a result message, which may be a CMP error message.
  92. If after return of the function the expression
  93. I<OSSL_CMP_CTX_get_status(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx))> yields -1
  94. then the function has closed the current transaction,
  95. which may be due to normal successful end of the transaction or due to an error.
  96. OSSL_CMP_CTX_server_perform() is an interface to
  97. OSSL_CMP_SRV_process_request() that can be used by a CMP client
  98. in the same way as L<OSSL_CMP_MSG_http_perform(3)>.
  99. The B<OSSL_CMP_SRV_CTX> must be set as I<transfer_cb_arg> of I<client_ctx>.
  100. OSSL_CMP_SRV_CTX_new() creates and initializes an B<OSSL_CMP_SRV_CTX> structure
  101. associated with the library context I<libctx> and property query string
  102. I<propq>, both of which may be NULL to select the defaults.
  103. OSSL_CMP_SRV_CTX_free() deletes the given I<srv_ctx>.
  104. OSSL_CMP_SRV_CTX_init() sets in the given I<srv_ctx> a custom server context
  105. pointer as well as callback functions performing the specific processing of CMP
  106. certificate requests, revocation requests, certificate confirmation requests,
  107. general messages, error messages, and poll requests.
  108. All arguments except I<srv_ctx> may be NULL.
  109. If a callback for some message type is not given this means that the respective
  110. type of CMP message is not supported by the server.
  111. OSSL_CMP_SRV_CTX_init_trans() sets in I<srv_ctx> the optional callback
  112. functions for initiating delayed delivery and cleaning up a transaction.
  113. If the <delay> function is NULL then delivery of responses is never delayed.
  114. Otherwise I<delay> takes a custom server context and a request message as input.
  115. It must return 1 if delivery of the respective response shall be delayed,
  116. 0 if not, and -1 on error.
  117. If the <clean> function is NULL then no specific cleanup is performed.
  118. Otherwise I<clean> takes a custom server context and a transaction ID pointer
  119. as input, where the pointer is NULL in case a new transaction is being started
  120. and otherwise provides the ID of the transaction being terminated.
  121. The <clean> function should reset the respective portions of the state
  122. and free related memory.
  123. It must return 1 on success and 0 on error.
  124. OSSL_CMP_SRV_CTX_get0_cmp_ctx() returns the B<OSSL_CMP_CTX> from the I<srv_ctx>.
  125. OSSL_CMP_SRV_CTX_get0_custom_ctx() returns the custom server context from
  126. I<srv_ctx> that has been set using OSSL_CMP_SRV_CTX_init().
  127. OSSL_CMP_SRV_CTX_set_send_unprotected_errors() enables sending error messages
  128. and other forms of negative responses unprotected.
  129. OSSL_CMP_SRV_CTX_set_accept_unprotected() enables acceptance of requests
  130. without protection of with invalid protection.
  131. OSSL_CMP_SRV_CTX_set_accept_raverified() enables acceptance of ir/cr/kur
  132. messages with POPO 'RAVerified'.
  133. OSSL_CMP_SRV_CTX_set_grant_implicit_confirm() enables granting implicit
  134. confirmation of newly enrolled certificates if requested.
  135. =head1 NOTES
  136. CMP is defined in RFC 4210 (and CRMF in RFC 4211).
  137. So far the CMP server implementation is limited to one request per CMP message
  138. (and consequently to at most one response component per CMP message).
  139. =head1 RETURN VALUES
  140. OSSL_CMP_SRV_CTX_new() returns a B<OSSL_CMP_SRV_CTX> structure on success,
  141. NULL on error.
  142. OSSL_CMP_SRV_CTX_free() does not return a value.
  143. OSSL_CMP_SRV_CTX_get0_cmp_ctx() returns a B<OSSL_CMP_CTX> structure on success,
  144. NULL on error.
  145. OSSL_CMP_SRV_CTX_get0_custom_ctx() returns the custom server context
  146. that has been set using OSSL_CMP_SRV_CTX_init().
  147. All other functions return 1 on success, 0 on error.
  148. =head1 HISTORY
  149. The OpenSSL CMP support was added in OpenSSL 3.0.
  150. OSSL_CMP_SRV_CTX_init_trans()
  151. supporting delayed delivery of all types of response messages
  152. was added in OpenSSL 3.3.
  153. =head1 COPYRIGHT
  154. Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
  155. Licensed under the Apache License 2.0 (the "License"). You may not use
  156. this file except in compliance with the License. You can obtain a copy
  157. in the file LICENSE in the source distribution or at
  158. L<https://www.openssl.org/source/license.html>.
  159. =cut