#include <openssl/cmp.h>
#include <openssl/err.h>
#include <openssl/cmperr.h>
-
+
/* the context for the CMP mock server */
typedef struct
{
STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
STACK_OF(X509) *caPubsOut; /* certs to return in caPubs field of ip msg */
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
- int sendError; /* send error response also on valid requests */
+ int sendError; /* send error response on given request type */
OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */
int pollCount; /* number of polls before actual cert response */
int curr_pollCount; /* number of polls so far for current request */
if ((ctx->statusOut = OSSL_CMP_PKISI_new()) == NULL)
goto err;
- ctx->sendError = 0;
+ ctx->sendError = -1;
/* all other elements are initialized to 0 or NULL, respectively */
return ctx;
return 1;
}
-int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val)
+int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- ctx->sendError = val != 0;
+ /* might check bodytype, but this would require exporting all body types */
+ ctx->sendError = bodytype;
return 1;
}
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
- if (ctx->sendError) {
+ if (ctx->sendError == 1
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(cert_req)) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return NULL;
}
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
- if (ctx->sendError || ctx->certOut == NULL) {
+ if (ctx->certOut == NULL || ctx->sendError == 1
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return NULL;
}
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (sk_OSSL_CMP_ITAV_num(in) > 1 || ctx->sendError) {
+ if (ctx->sendError == 1
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
+ || sk_OSSL_CMP_ITAV_num(in) > 1) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (ctx->sendError || ctx->certOut == NULL) {
+ if (ctx->sendError == 1
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
+ || ctx->certOut == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (ctx->sendError) {
+ if (ctx->sendError == 1
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
*certReq = NULL;
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
ossl_cmp_mock_srv_set1_chainOut,
ossl_cmp_mock_srv_set1_caPubsOut,
ossl_cmp_mock_srv_set_statusInfo,
-ossl_cmp_mock_srv_set_send_error,
+ossl_cmp_mock_srv_set_sendError,
ossl_cmp_mock_srv_set_pollCount,
ossl_cmp_mock_srv_set_checkAfterTime
- functions used for testing with CMP mock server
STACK_OF(X509) *caPubs);
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
int fail_info, const char *text);
- int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val);
+ int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
ossl_cmp_mock_srv_set_statusInfo() sets the status info to be returned.
-ossl_cmp_mock_srv_set_send_error() enables enforcement of error responses.
+ossl_cmp_mock_srv_set_sendError() enables enforcement of error responses
+for requests of the given I<bodytype>, or for all requests if I<bodytype> is 1.
+A I<bodytype> of -1 can be used to disable this feature, which is the default.
ossl_cmp_mock_srv_set_pollCount() sets the number of polls before cert response.
X509 *res = OSSL_CMP_exec_certreq(ctx, fixture->req_type, NULL);
int status = OSSL_CMP_CTX_get_status(ctx);
+ OSSL_CMP_CTX_print_errors(ctx);
if (!TEST_int_eq(status, fixture->expected)
&& !(fixture->expected == OSSL_CMP_PKISTATUS_waiting
&& TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans)))
OSSL_CMP_PKISTATUS_rejection,
OSSL_CMP_CTX_FAILINFO_signerNotTrusted,
"test string");
- ossl_cmp_mock_srv_set_send_error(fixture->srv_ctx, 1);
+ ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, OSSL_CMP_PKIBODY_RR);
fixture->expected = OSSL_CMP_PKISTATUS_rejection;
EXECUTE_TEST(execute_exec_RR_ses_test, tear_down);
return result;
OSSL_CMP_PKISTATUS_waiting);
}
-static int test_exec_CR_ses(int implicit_confirm, int granted)
+static int test_exec_CR_ses(int implicit_confirm, int granted, int reject)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->req_type = OSSL_CMP_CR;
- fixture->expected = OSSL_CMP_PKISTATUS_accepted;
OSSL_CMP_CTX_set_option(fixture->cmp_ctx,
OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm);
OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, granted);
+ ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx,
+ reject ? OSSL_CMP_PKIBODY_CERTCONF : -1);
+ fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection
+ : OSSL_CMP_PKISTATUS_accepted;
EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
return result;
}
static int test_exec_CR_ses_explicit_confirm(void)
{
- return test_exec_CR_ses(0, 0);
+ return test_exec_CR_ses(0, 0, 0)
+ && test_exec_CR_ses(0, 0, 1 /* reject */);
}
static int test_exec_CR_ses_implicit_confirm(void)
{
- return test_exec_CR_ses(1, 0)
- && test_exec_CR_ses(1, 1);
+ return test_exec_CR_ses(1, 0, 0)
+ && test_exec_CR_ses(1, 1 /* granted */, 0);
}
static int test_exec_KUR_ses(int transfer_error)
return test_exec_KUR_ses(1);
}
-static int test_exec_P10CR_ses(void)
+static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
+ const char **txt)
+{
+ int *reject = OSSL_CMP_CTX_get_certConf_cb_arg(ctx);
+
+ if (*reject) {
+ *txt = "not to my taste";
+ fail_info = OSSL_CMP_PKIFAILUREINFO_badCertTemplate;
+ }
+ return fail_info;
+}
+
+static int test_exec_P10CR_ses(int reject)
{
- X509_REQ *req = NULL;
+ OSSL_CMP_CTX *ctx;
+ X509_REQ *csr = NULL;
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->req_type = OSSL_CMP_P10CR;
- fixture->expected = OSSL_CMP_PKISTATUS_accepted;
- if (!TEST_ptr(req = load_csr_der(pkcs10_f, libctx))
- || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) {
+ fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection
+ : OSSL_CMP_PKISTATUS_accepted;
+ ctx = fixture->cmp_ctx;
+ if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx))
+ || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, csr))
+ || !TEST_true(OSSL_CMP_CTX_set_certConf_cb(ctx, test_certConf_cb))
+ || !TEST_true(OSSL_CMP_CTX_set_certConf_cb_arg(ctx, &reject))) {
tear_down(fixture);
fixture = NULL;
}
- X509_REQ_free(req);
+ X509_REQ_free(csr);
EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
return result;
}
+static int test_exec_P10CR_ses_ok(void)
+{
+ return test_exec_P10CR_ses(0);
+}
+
+static int test_exec_P10CR_ses_reject(void)
+{
+ return test_exec_P10CR_ses(1);
+}
+
static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture)
{
OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
{
OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
int check_after;
- const int CHECK_AFTER = INT_MAX;
+ const int CHECK_AFTER = 99;
const int TYPE = OSSL_CMP_CR;
ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3);
&& check_after == CHECK_AFTER
&& TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL)
&& TEST_int_eq(fixture->expected,
- OSSL_CMP_try_certreq(ctx, -1, NULL, NULL))
+ OSSL_CMP_try_certreq(ctx, -1 /* abort */, NULL, NULL))
&& TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(fixture->cmp_ctx), NULL);
}
ADD_TEST(test_exec_IR_ses_poll_total_timeout);
ADD_TEST(test_exec_KUR_ses_ok);
ADD_TEST(test_exec_KUR_ses_transfer_error);
- ADD_TEST(test_exec_P10CR_ses);
+ ADD_TEST(test_exec_P10CR_ses_ok);
+ ADD_TEST(test_exec_P10CR_ses_reject);
ADD_TEST(test_try_certreq_poll);
ADD_TEST(test_try_certreq_poll_abort);
ADD_TEST(test_exec_GENM_ses_ok);
projects / openssl.git / commitdiff