Path: blob/main/crypto/openssl/apps/lib/cmp_mock_srv.c
34878 views
/*1* Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.2* Copyright Siemens AG 2018-20203*4* Licensed under the Apache License 2.0 (the "License"). You may not use5* this file except in compliance with the License. You can obtain a copy6* in the file LICENSE in the source distribution or atf7* https://www.openssl.org/source/license.html8*/910#include "apps.h"11#include "cmp_mock_srv.h"1213#include <openssl/cmp.h>14#include <openssl/err.h>15#include <openssl/cmperr.h>1617/* the context for the CMP mock server */18typedef struct {19X509 *refCert; /* cert to expect for oldCertID in kur/rr msg */20X509 *certOut; /* certificate to be returned in cp/ip/kup msg */21EVP_PKEY *keyOut; /* Private key to be returned for central keygen */22X509_CRL *crlOut; /* CRL to be returned in genp for crls */23STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */24STACK_OF(X509) *caPubsOut; /* used in caPubs of ip and in caCerts of genp */25X509 *newWithNew; /* to return in newWithNew of rootKeyUpdate */26X509 *newWithOld; /* to return in newWithOld of rootKeyUpdate */27X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */28OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */29int sendError; /* send error response on given request type */30OSSL_CMP_MSG *req; /* original request message during polling */31int pollCount; /* number of polls before actual cert response */32int curr_pollCount; /* number of polls so far for current request */33int checkAfterTime; /* time the client should wait between polling */34} mock_srv_ctx;3536static void mock_srv_ctx_free(mock_srv_ctx *ctx)37{38if (ctx == NULL)39return;4041OSSL_CMP_PKISI_free(ctx->statusOut);42X509_free(ctx->refCert);43X509_free(ctx->certOut);44OSSL_STACK_OF_X509_free(ctx->chainOut);45OSSL_STACK_OF_X509_free(ctx->caPubsOut);46OSSL_CMP_MSG_free(ctx->req);47OPENSSL_free(ctx);48}4950static mock_srv_ctx *mock_srv_ctx_new(void)51{52mock_srv_ctx *ctx = OPENSSL_zalloc(sizeof(mock_srv_ctx));5354if (ctx == NULL)55goto err;5657if ((ctx->statusOut = OSSL_CMP_PKISI_new()) == NULL)58goto err;5960ctx->sendError = -1;6162/* all other elements are initialized to 0 or NULL, respectively */63return ctx;64err:65mock_srv_ctx_free(ctx);66return NULL;67}6869#define DEFINE_OSSL_SET1_CERT(FIELD) \70int ossl_cmp_mock_srv_set1_##FIELD(OSSL_CMP_SRV_CTX *srv_ctx, \71X509 *cert) \72{ \73mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); \74\75if (ctx == NULL) { \76ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \77return 0; \78} \79if (cert == NULL || X509_up_ref(cert)) { \80X509_free(ctx->FIELD); \81ctx->FIELD = cert; \82return 1; \83} \84return 0; \85}8687DEFINE_OSSL_SET1_CERT(refCert)88DEFINE_OSSL_SET1_CERT(certOut)8990int ossl_cmp_mock_srv_set1_keyOut(OSSL_CMP_SRV_CTX *srv_ctx, EVP_PKEY *pkey)91{92mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);9394if (ctx == NULL) {95ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);96return 0;97}98if (pkey != NULL && !EVP_PKEY_up_ref(pkey))99return 0;100EVP_PKEY_free(ctx->keyOut);101ctx->keyOut = pkey;102return 1;103}104105int ossl_cmp_mock_srv_set1_crlOut(OSSL_CMP_SRV_CTX *srv_ctx,106X509_CRL *crl)107{108mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);109110if (ctx == NULL) {111ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);112return 0;113}114if (crl != NULL && !X509_CRL_up_ref(crl))115return 0;116X509_CRL_free(ctx->crlOut);117ctx->crlOut = crl;118return 1;119}120121int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,122STACK_OF(X509) *chain)123{124mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);125STACK_OF(X509) *chain_copy = NULL;126127if (ctx == NULL) {128ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);129return 0;130}131if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL)132return 0;133OSSL_STACK_OF_X509_free(ctx->chainOut);134ctx->chainOut = chain_copy;135return 1;136}137138int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,139STACK_OF(X509) *caPubs)140{141mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);142STACK_OF(X509) *caPubs_copy = NULL;143144if (ctx == NULL) {145ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);146return 0;147}148if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL)149return 0;150OSSL_STACK_OF_X509_free(ctx->caPubsOut);151ctx->caPubsOut = caPubs_copy;152return 1;153}154155DEFINE_OSSL_SET1_CERT(newWithNew)156DEFINE_OSSL_SET1_CERT(newWithOld)157DEFINE_OSSL_SET1_CERT(oldWithNew)158159int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,160int fail_info, const char *text)161{162mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);163OSSL_CMP_PKISI *si;164165if (ctx == NULL) {166ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);167return 0;168}169if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, text)) == NULL)170return 0;171OSSL_CMP_PKISI_free(ctx->statusOut);172ctx->statusOut = si;173return 1;174}175176int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)177{178mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);179180if (ctx == NULL) {181ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);182return 0;183}184/* might check bodytype, but this would require exporting all body types */185ctx->sendError = bodytype;186return 1;187}188189int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count)190{191mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);192193if (ctx == NULL) {194ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);195return 0;196}197if (count < 0) {198ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);199return 0;200}201ctx->pollCount = count;202return 1;203}204205int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec)206{207mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);208209if (ctx == NULL) {210ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);211return 0;212}213ctx->checkAfterTime = sec;214return 1;215}216217/* determine whether to delay response to (non-polling) request */218static int delayed_delivery(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req)219{220mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);221int req_type = OSSL_CMP_MSG_get_bodytype(req);222223if (ctx == NULL || req == NULL) {224ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);225return -1;226}227228/*229* For ir/cr/p10cr/kur delayed delivery is handled separately in230* process_cert_request231*/232if (req_type == OSSL_CMP_IR233|| req_type == OSSL_CMP_CR234|| req_type == OSSL_CMP_P10CR235|| req_type == OSSL_CMP_KUR236/* Client may use error to abort the ongoing polling */237|| req_type == OSSL_CMP_ERROR)238return 0;239240if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {241/* start polling */242if ((ctx->req = OSSL_CMP_MSG_dup(req)) == NULL)243return -1;244return 1;245}246return 0;247}248249/* check for matching reference cert components, as far as given */250static int refcert_cmp(const X509 *refcert,251const X509_NAME *issuer, const ASN1_INTEGER *serial)252{253const X509_NAME *ref_issuer;254const ASN1_INTEGER *ref_serial;255256if (refcert == NULL)257return 1;258ref_issuer = X509_get_issuer_name(refcert);259ref_serial = X509_get0_serialNumber(refcert);260return (ref_issuer == NULL || X509_NAME_cmp(issuer, ref_issuer) == 0)261&& (ref_serial == NULL || ASN1_INTEGER_cmp(serial, ref_serial) == 0);262}263264/* reset the state that belongs to a transaction */265static int clean_transaction(OSSL_CMP_SRV_CTX *srv_ctx,266ossl_unused const ASN1_OCTET_STRING *id)267{268mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);269270if (ctx == NULL) {271ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);272return 0;273}274275ctx->curr_pollCount = 0;276OSSL_CMP_MSG_free(ctx->req);277ctx->req = NULL;278return 1;279}280281static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,282const OSSL_CMP_MSG *cert_req,283ossl_unused int certReqId,284const OSSL_CRMF_MSG *crm,285const X509_REQ *p10cr,286X509 **certOut,287STACK_OF(X509) **chainOut,288STACK_OF(X509) **caPubs)289{290mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);291int bodytype, central_keygen;292OSSL_CMP_PKISI *si = NULL;293EVP_PKEY *keyOut = NULL;294295if (ctx == NULL || cert_req == NULL296|| certOut == NULL || chainOut == NULL || caPubs == NULL) {297ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);298return NULL;299}300bodytype = OSSL_CMP_MSG_get_bodytype(cert_req);301if (ctx->sendError == 1 || ctx->sendError == bodytype) {302ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);303return NULL;304}305306*certOut = NULL;307*chainOut = NULL;308*caPubs = NULL;309310if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {311/* start polling */312if ((ctx->req = OSSL_CMP_MSG_dup(cert_req)) == NULL)313return NULL;314return OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_waiting, 0, NULL);315}316if (ctx->curr_pollCount >= ctx->pollCount)317/* give final response after polling */318ctx->curr_pollCount = 0;319320/* accept cert profile for cr messages only with the configured name */321if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_CR) {322STACK_OF(OSSL_CMP_ITAV) *itavs =323OSSL_CMP_HDR_get0_geninfo_ITAVs(OSSL_CMP_MSG_get0_header(cert_req));324int i;325326for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {327OSSL_CMP_ITAV *itav = sk_OSSL_CMP_ITAV_value(itavs, i);328ASN1_OBJECT *obj = OSSL_CMP_ITAV_get0_type(itav);329STACK_OF(ASN1_UTF8STRING) *strs;330ASN1_UTF8STRING *str;331const char *data;332333if (OBJ_obj2nid(obj) == NID_id_it_certProfile) {334if (!OSSL_CMP_ITAV_get0_certProfile(itav, &strs))335return NULL;336if (sk_ASN1_UTF8STRING_num(strs) < 1) {337ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);338return NULL;339}340str = sk_ASN1_UTF8STRING_value(strs, 0);341if (str == NULL342|| (data =343(const char *)ASN1_STRING_get0_data(str)) == NULL) {344ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);345return NULL;346}347if (strcmp(data, "profile1") != 0) {348ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);349return NULL;350}351break;352}353}354}355356/* accept cert update request only for the reference cert, if given */357if (bodytype == OSSL_CMP_KUR358&& crm != NULL /* thus not p10cr */ && ctx->refCert != NULL) {359const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm);360361if (cid == NULL) {362ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID);363return NULL;364}365if (!refcert_cmp(ctx->refCert,366OSSL_CRMF_CERTID_get0_issuer(cid),367OSSL_CRMF_CERTID_get0_serialNumber(cid))) {368ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID);369return NULL;370}371}372373if (ctx->certOut != NULL374&& (*certOut = X509_dup(ctx->certOut)) == NULL)375/* Should return a cert produced from request template, see FR #16054 */376goto err;377378central_keygen = OSSL_CRMF_MSG_centralkeygen_requested(crm, p10cr);379if (central_keygen < 0)380goto err;381if (central_keygen == 1382&& (ctx->keyOut == NULL383|| (keyOut = EVP_PKEY_dup(ctx->keyOut)) == NULL384|| !OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx),3851 /* priv */, keyOut))) {386EVP_PKEY_free(keyOut);387goto err;388}389/*390* Note that this uses newPkey to return the private key391* and does not check whether the 'popo' field is absent.392*/393394if (ctx->chainOut != NULL395&& (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)396goto err;397if (ctx->caPubsOut != NULL /* OSSL_CMP_PKIBODY_IP not visible here */398&& (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL)399goto err;400if (ctx->statusOut != NULL401&& (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL)402goto err;403return si;404405err:406X509_free(*certOut);407*certOut = NULL;408OSSL_STACK_OF_X509_free(*chainOut);409*chainOut = NULL;410OSSL_STACK_OF_X509_free(*caPubs);411*caPubs = NULL;412return NULL;413}414415static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,416const OSSL_CMP_MSG *rr,417const X509_NAME *issuer,418const ASN1_INTEGER *serial)419{420mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);421422if (ctx == NULL || rr == NULL) {423ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);424return NULL;425}426if (ctx->sendError == 1427|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {428ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);429return NULL;430}431432/* allow any RR derived from CSR which does not include issuer and serial */433if ((issuer != NULL || serial != NULL)434/* accept revocation only for the reference cert, if given */435&& !refcert_cmp(ctx->refCert, issuer, serial)) {436ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED,437"wrong certificate to revoke");438return NULL;439}440return OSSL_CMP_PKISI_dup(ctx->statusOut);441}442443/* return -1 for error, 0 for no update available */444static int check_client_crl(const STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList,445const X509_CRL *crl)446{447OSSL_CMP_CRLSTATUS *crlstatus;448DIST_POINT_NAME *dpn = NULL;449GENERAL_NAMES *issuer = NULL;450ASN1_TIME *thisupd = NULL;451452if (sk_OSSL_CMP_CRLSTATUS_num(crlStatusList) != 1) {453ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CRLSTATUSLIST);454return -1;455}456if (crl == NULL)457return 0;458459crlstatus = sk_OSSL_CMP_CRLSTATUS_value(crlStatusList, 0);460if (!OSSL_CMP_CRLSTATUS_get0(crlstatus, &dpn, &issuer, &thisupd))461return -1;462463if (issuer != NULL) {464GENERAL_NAME *gn = sk_GENERAL_NAME_value(issuer, 0);465466if (gn != NULL && gn->type == GEN_DIRNAME) {467X509_NAME *gen_name = gn->d.dirn;468469if (X509_NAME_cmp(gen_name, X509_CRL_get_issuer(crl)) != 0) {470ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_CRL_ISSUER);471return -1;472}473} else {474ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);475return -1; /* error according to RFC 9483 section 4.3.4 */476}477}478479return thisupd == NULL480|| ASN1_TIME_compare(thisupd, X509_CRL_get0_lastUpdate(crl)) < 0;481}482483static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,484const OSSL_CMP_ITAV *req)485{486OSSL_CMP_ITAV *rsp = NULL;487488switch (req_nid) {489case NID_id_it_caCerts:490rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut);491break;492case NID_id_it_rootCaCert:493{494X509 *rootcacert = NULL;495496if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))497return NULL;498499if (rootcacert != NULL500&& X509_NAME_cmp(X509_get_subject_name(rootcacert),501X509_get_subject_name(ctx->newWithNew)) != 0)502/* The subjects do not match */503rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);504else505rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,506ctx->newWithOld,507ctx->oldWithNew);508}509break;510case NID_id_it_crlStatusList:511{512STACK_OF(OSSL_CMP_CRLSTATUS) *crlstatuslist = NULL;513int res = 0;514515if (!OSSL_CMP_ITAV_get0_crlStatusList(req, &crlstatuslist))516return NULL;517518res = check_client_crl(crlstatuslist, ctx->crlOut);519if (res < 0)520rsp = NULL;521else522rsp = OSSL_CMP_ITAV_new_crls(res == 0 ? NULL : ctx->crlOut);523}524break;525case NID_id_it_certReqTemplate:526{527OSSL_CRMF_CERTTEMPLATE *reqtemp;528OSSL_CMP_ATAVS *keyspec = NULL;529X509_ALGOR *keyalg = NULL;530OSSL_CMP_ATAV *rsakeylen, *eckeyalg;531int ok = 0;532533if ((reqtemp = OSSL_CRMF_CERTTEMPLATE_new()) == NULL)534return NULL;535536if (!OSSL_CRMF_CERTTEMPLATE_fill(reqtemp, NULL, NULL,537X509_get_issuer_name(ctx->refCert),538NULL))539goto crt_err;540541if ((keyalg = X509_ALGOR_new()) == NULL)542goto crt_err;543544(void)X509_ALGOR_set0(keyalg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),545V_ASN1_UNDEF, NULL); /* cannot fail */546547eckeyalg = OSSL_CMP_ATAV_new_algId(keyalg);548rsakeylen = OSSL_CMP_ATAV_new_rsaKeyLen(4096);549ok = OSSL_CMP_ATAV_push1(&keyspec, eckeyalg)550&& OSSL_CMP_ATAV_push1(&keyspec, rsakeylen);551OSSL_CMP_ATAV_free(eckeyalg);552OSSL_CMP_ATAV_free(rsakeylen);553X509_ALGOR_free(keyalg);554555if (!ok)556goto crt_err;557558rsp = OSSL_CMP_ITAV_new0_certReqTemplate(reqtemp, keyspec);559return rsp;560561crt_err:562OSSL_CRMF_CERTTEMPLATE_free(reqtemp);563OSSL_CMP_ATAVS_free(keyspec);564return NULL;565}566break;567default:568rsp = OSSL_CMP_ITAV_dup(req);569}570return rsp;571}572573static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,574const OSSL_CMP_MSG *genm,575const STACK_OF(OSSL_CMP_ITAV) *in,576STACK_OF(OSSL_CMP_ITAV) **out)577{578mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);579580if (ctx == NULL || genm == NULL || in == NULL || out == NULL) {581ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);582return 0;583}584if (ctx->sendError == 1585|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)586|| sk_OSSL_CMP_ITAV_num(in) > 1) {587ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);588return 0;589}590if (sk_OSSL_CMP_ITAV_num(in) == 1) {591OSSL_CMP_ITAV *req = sk_OSSL_CMP_ITAV_value(in, 0), *rsp;592ASN1_OBJECT *obj = OSSL_CMP_ITAV_get0_type(req);593594if ((*out = sk_OSSL_CMP_ITAV_new_reserve(NULL, 1)) == NULL)595return 0;596rsp = process_genm_itav(ctx, OBJ_obj2nid(obj), req);597if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))598return 1;599sk_OSSL_CMP_ITAV_free(*out);600return 0;601}602603*out = sk_OSSL_CMP_ITAV_deep_copy(in, OSSL_CMP_ITAV_dup,604OSSL_CMP_ITAV_free);605return *out != NULL;606}607608static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,609const OSSL_CMP_PKISI *statusInfo,610const ASN1_INTEGER *errorCode,611const OSSL_CMP_PKIFREETEXT *errorDetails)612{613mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);614char buf[OSSL_CMP_PKISI_BUFLEN];615char *sibuf;616int i;617618if (ctx == NULL || error == NULL) {619ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);620return;621}622623BIO_printf(bio_err, "mock server received error:\n");624625if (statusInfo == NULL) {626BIO_printf(bio_err, "pkiStatusInfo absent\n");627} else {628sibuf = OSSL_CMP_snprint_PKIStatusInfo(statusInfo, buf, sizeof(buf));629BIO_printf(bio_err, "pkiStatusInfo: %s\n",630sibuf != NULL ? sibuf: "<invalid>");631}632633if (errorCode == NULL)634BIO_printf(bio_err, "errorCode absent\n");635else636BIO_printf(bio_err, "errorCode: %ld\n", ASN1_INTEGER_get(errorCode));637638if (sk_ASN1_UTF8STRING_num(errorDetails) <= 0) {639BIO_printf(bio_err, "errorDetails absent\n");640} else {641BIO_printf(bio_err, "errorDetails: ");642for (i = 0; i < sk_ASN1_UTF8STRING_num(errorDetails); i++) {643if (i > 0)644BIO_printf(bio_err, ", ");645ASN1_STRING_print_ex(bio_err,646sk_ASN1_UTF8STRING_value(errorDetails, i),647ASN1_STRFLGS_ESC_QUOTE);648}649BIO_printf(bio_err, "\n");650}651}652653static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,654const OSSL_CMP_MSG *certConf,655ossl_unused int certReqId,656const ASN1_OCTET_STRING *certHash,657const OSSL_CMP_PKISI *si)658{659mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);660ASN1_OCTET_STRING *digest;661662if (ctx == NULL || certConf == NULL || certHash == NULL) {663ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);664return 0;665}666if (ctx->sendError == 1667|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)668|| ctx->certOut == NULL) {669ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);670return 0;671}672673if ((digest = X509_digest_sig(ctx->certOut, NULL, NULL)) == NULL)674return 0;675if (ASN1_OCTET_STRING_cmp(certHash, digest) != 0) {676ASN1_OCTET_STRING_free(digest);677ERR_raise(ERR_LIB_CMP, CMP_R_CERTHASH_UNMATCHED);678return 0;679}680ASN1_OCTET_STRING_free(digest);681return 1;682}683684/* return 0 on failure, 1 on success, setting *req or otherwise *check_after */685static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,686const OSSL_CMP_MSG *pollReq,687ossl_unused int certReqId,688OSSL_CMP_MSG **req, int64_t *check_after)689{690mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);691692if (req != NULL)693*req = NULL;694if (ctx == NULL || pollReq == NULL695|| req == NULL || check_after == NULL) {696ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);697return 0;698}699700if (ctx->sendError == 1701|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {702ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);703return 0;704}705if (ctx->req == NULL) { /* not currently in polling mode */706ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_POLLREQ);707return 0;708}709710if (++ctx->curr_pollCount >= ctx->pollCount) {711/* end polling */712*req = ctx->req;713ctx->req = NULL;714*check_after = 0;715} else {716*check_after = ctx->checkAfterTime;717}718return 1;719}720721OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)722{723OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq);724mock_srv_ctx *ctx = mock_srv_ctx_new();725726if (srv_ctx != NULL && ctx != NULL727&& OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request,728process_rr, process_genm, process_error,729process_certConf, process_pollReq)730&& OSSL_CMP_SRV_CTX_init_trans(srv_ctx,731delayed_delivery, clean_transaction))732return srv_ctx;733734mock_srv_ctx_free(ctx);735OSSL_CMP_SRV_CTX_free(srv_ctx);736return NULL;737}738739void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx)740{741if (srv_ctx != NULL)742mock_srv_ctx_free(OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx));743OSSL_CMP_SRV_CTX_free(srv_ctx);744}745746747