1 /*
2 * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <string.h>
13 #include <stdio.h>
14
15 #include <openssl/asn1t.h>
16 #include <openssl/http.h>
17 #include "internal/sockets.h"
18
19 #include <openssl/cmp.h>
20 #include "cmp_local.h"
21
22 /* explicit #includes not strictly needed since implied by the above: */
23 #include <ctype.h>
24 #include <fcntl.h>
25 #include <stdlib.h>
26 #include <openssl/bio.h>
27 #include <openssl/buffer.h>
28 #include <openssl/cmp.h>
29 #include <openssl/err.h>
30
keep_alive(int keep_alive,int body_type)31 static int keep_alive(int keep_alive, int body_type)
32 {
33 if (keep_alive != 0
34 /*
35 * Ask for persistent connection only if may need more round trips.
36 * Do so even with disableConfirm because polling might be needed.
37 */
38 && body_type != OSSL_CMP_PKIBODY_IR
39 && body_type != OSSL_CMP_PKIBODY_CR
40 && body_type != OSSL_CMP_PKIBODY_P10CR
41 && body_type != OSSL_CMP_PKIBODY_KUR
42 && body_type != OSSL_CMP_PKIBODY_POLLREQ)
43 keep_alive = 0;
44 return keep_alive;
45 }
46
47 /*
48 * Send the PKIMessage req and on success return the response, else NULL.
49 * Any previous error queue entries will likely be removed by ERR_clear_error().
50 */
OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX * ctx,const OSSL_CMP_MSG * req)51 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
52 const OSSL_CMP_MSG *req)
53 {
54 char server_port[32] = { '\0' };
55 STACK_OF(CONF_VALUE) *headers = NULL;
56 const char content_type_pkix[] = "application/pkixcmp";
57 int tls_used;
58 const ASN1_ITEM *it = ASN1_ITEM_rptr(OSSL_CMP_MSG);
59 BIO *req_mem, *rsp;
60 OSSL_CMP_MSG *res = NULL;
61
62 if (ctx == NULL || req == NULL) {
63 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
64 return NULL;
65 }
66
67 if (!X509V3_add_value("Pragma", "no-cache", &headers))
68 return NULL;
69 if ((req_mem = ASN1_item_i2d_mem_bio(it, (const ASN1_VALUE *)req)) == NULL)
70 goto err;
71
72 if (ctx->serverPort != 0)
73 BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort);
74 tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL;
75 if (ctx->http_ctx == NULL)
76 ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s",
77 ctx->server, server_port, tls_used ? " using TLS" : "");
78
79 rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port,
80 ctx->serverPath, tls_used,
81 ctx->proxy, ctx->no_proxy,
82 NULL /* bio */, NULL /* rbio */,
83 ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx),
84 0 /* buf_size */, headers,
85 content_type_pkix, req_mem,
86 content_type_pkix, 1 /* expect_asn1 */,
87 OSSL_HTTP_DEFAULT_MAX_RESP_LEN,
88 ctx->msg_timeout,
89 keep_alive(ctx->keep_alive, req->body->type));
90 BIO_free(req_mem);
91 res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL);
92 BIO_free(rsp);
93
94 if (ctx->http_ctx == NULL)
95 ossl_cmp_debug(ctx, "disconnected from CMP server");
96 /*
97 * Note that on normal successful end of the transaction the connection
98 * is not closed at this level, but this will be done by the CMP client
99 * application via OSSL_CMP_CTX_free() or OSSL_CMP_CTX_reinit().
100 */
101 if (res != NULL)
102 ossl_cmp_debug(ctx, "finished reading response from CMP server");
103 err:
104 sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
105 return res;
106 }
107