cmp_client_test.c: add tests for errors reported by server on subsequent requests in a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

1 files changed, 48 insertions, 15 deletions

diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 81a7537f03..160d1f1f56 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -126,6 +126,7 @@ static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture)
     X509 *res = OSSL_CMP_exec_certreq(ctx, fixture->req_type, NULL);
     int status = OSSL_CMP_CTX_get_status(ctx);
 
+    OSSL_CMP_CTX_print_errors(ctx);
     if (!TEST_int_eq(status, fixture->expected)
         && !(fixture->expected == OSSL_CMP_PKISTATUS_waiting
              && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans)))
@@ -173,7 +174,7 @@ static int test_exec_RR_ses_receive_error(void)
                                      OSSL_CMP_PKISTATUS_rejection,
                                      OSSL_CMP_CTX_FAILINFO_signerNotTrusted,
                                      "test string");
-    ossl_cmp_mock_srv_set_send_error(fixture->srv_ctx, 1);
+    ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, OSSL_CMP_PKIBODY_RR);
     fixture->expected = OSSL_CMP_PKISTATUS_rejection;
     EXECUTE_TEST(execute_exec_RR_ses_test, tear_down);
     return result;
@@ -224,27 +225,31 @@ static int test_exec_IR_ses_poll_total_timeout(void)
                                  OSSL_CMP_PKISTATUS_waiting);
 }
 
-static int test_exec_CR_ses(int implicit_confirm, int granted)
+static int test_exec_CR_ses(int implicit_confirm, int granted, int reject)
 {
     SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
     fixture->req_type = OSSL_CMP_CR;
-    fixture->expected = OSSL_CMP_PKISTATUS_accepted;
     OSSL_CMP_CTX_set_option(fixture->cmp_ctx,
                             OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm);
     OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, granted);
+    ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx,
+                                    reject ? OSSL_CMP_PKIBODY_CERTCONF : -1);
+    fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection
+        : OSSL_CMP_PKISTATUS_accepted;
     EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
     return result;
 }
 
 static int test_exec_CR_ses_explicit_confirm(void)
 {
-    return test_exec_CR_ses(0, 0);
+    return test_exec_CR_ses(0, 0, 0)
+        && test_exec_CR_ses(0, 0, 1 /* reject */);
 }
 
 static int test_exec_CR_ses_implicit_confirm(void)
 {
-    return test_exec_CR_ses(1, 0)
-        && test_exec_CR_ses(1, 1);
+    return test_exec_CR_ses(1, 0, 0)
+        && test_exec_CR_ses(1, 1 /* granted */, 0);
 }
 
 static int test_exec_KUR_ses(int transfer_error)
@@ -269,23 +274,50 @@ static int test_exec_KUR_ses_transfer_error(void)
     return test_exec_KUR_ses(1);
 }
 
-static int test_exec_P10CR_ses(void)
+static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
+                            const char **txt)
+{
+    int *reject = OSSL_CMP_CTX_get_certConf_cb_arg(ctx);
+
+    if (*reject) {
+        *txt = "not to my taste";
+        fail_info = OSSL_CMP_PKIFAILUREINFO_badCertTemplate;
+    }
+    return fail_info;
+}
+
+static int test_exec_P10CR_ses(int reject)
 {
-    X509_REQ *req = NULL;
+    OSSL_CMP_CTX *ctx;
+    X509_REQ *csr = NULL;
 
     SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
     fixture->req_type = OSSL_CMP_P10CR;
-    fixture->expected = OSSL_CMP_PKISTATUS_accepted;
-    if (!TEST_ptr(req = load_csr_der(pkcs10_f, libctx))
-            || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) {
+    fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection
+        : OSSL_CMP_PKISTATUS_accepted;
+    ctx = fixture->cmp_ctx;
+    if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx))
+        || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, csr))
+        || !TEST_true(OSSL_CMP_CTX_set_certConf_cb(ctx, test_certConf_cb))
+        || !TEST_true(OSSL_CMP_CTX_set_certConf_cb_arg(ctx, &reject))) {
         tear_down(fixture);
         fixture = NULL;
     }
-    X509_REQ_free(req);
+    X509_REQ_free(csr);
     EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
     return result;
 }
 
+static int test_exec_P10CR_ses_ok(void)
+{
+    return test_exec_P10CR_ses(0);
+}
+
+static int test_exec_P10CR_ses_reject(void)
+{
+    return test_exec_P10CR_ses(1);
+}
+
 static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture)
 {
     OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
@@ -319,7 +351,7 @@ static int execute_try_certreq_poll_abort_test(CMP_SES_TEST_FIXTURE *fixture)
 {
     OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
     int check_after;
-    const int CHECK_AFTER = INT_MAX;
+    const int CHECK_AFTER = 99;
     const int TYPE = OSSL_CMP_CR;
 
     ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3);
@@ -328,7 +360,7 @@ static int execute_try_certreq_poll_abort_test(CMP_SES_TEST_FIXTURE *fixture)
         && check_after == CHECK_AFTER
         && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL)
         && TEST_int_eq(fixture->expected,
-                       OSSL_CMP_try_certreq(ctx, -1, NULL, NULL))
+                       OSSL_CMP_try_certreq(ctx, -1 /* abort */, NULL, NULL))
         && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(fixture->cmp_ctx), NULL);
 }
 
@@ -463,7 +495,8 @@ int setup_tests(void)
     ADD_TEST(test_exec_IR_ses_poll_total_timeout);
     ADD_TEST(test_exec_KUR_ses_ok);
     ADD_TEST(test_exec_KUR_ses_transfer_error);
-    ADD_TEST(test_exec_P10CR_ses);
+    ADD_TEST(test_exec_P10CR_ses_ok);
+    ADD_TEST(test_exec_P10CR_ses_reject);
     ADD_TEST(test_try_certreq_poll);
     ADD_TEST(test_try_certreq_poll_abort);
     ADD_TEST(test_exec_GENM_ses_ok);