static void do_operation () { EST_CTX *ectx; unsigned char *pkcs7; int pkcs7_len = 0; int rv; char file_name[MAX_FILENAME_LEN]; unsigned char *new_client_cert; int retry_delay = 0; time_t retry_time = 0; char *operation; ectx = est_client_init(cacerts, cacerts_len, EST_CERT_FORMAT_PEM, client_manual_cert_verify); if (!ectx) { printf("\nUnable to initialize EST context. Aborting!!!\n"); exit(1); } rv = est_client_set_read_timeout(ectx, read_timeout); if (rv != EST_ERR_NONE) { printf("\nUnable to configure read timeout from server. Aborting!!!\n"); printf("EST error code %d (%s)\n", rv, EST_ERR_NUM_TO_STR(rv)); exit(1); } rv = est_client_set_auth(ectx, est_http_uid, est_http_pwd, client_cert, client_priv_key); if (rv != EST_ERR_NONE) { printf("\nUnable to configure client authentication. Aborting!!!\n"); printf("EST error code %d (%s)\n", rv, EST_ERR_NUM_TO_STR(rv)); exit(1); } if (srp) { rv = est_client_enable_srp(ectx, 1024, est_srp_uid, est_srp_pwd); if (rv != EST_ERR_NONE) { printf("\nUnable to enable SRP. Aborting!!!\n"); exit(1); } } if (token_auth_mode) { rv = est_client_set_auth_cred_cb(ectx, auth_credentials_token_cb); if (rv != EST_ERR_NONE) { printf("\nUnable to register token auth callback. Aborting!!!\n"); exit(1); } } est_client_set_server(ectx, est_server, est_port); if (getcert) { operation = "Get CA Cert"; rv = est_client_get_cacerts(ectx, &pkcs7_len); if (rv == EST_ERR_NONE) { if (verbose) { printf("\nGet CA Cert success\n"); } /* * allocate a buffer to retrieve the CA certs * and get them copied in */ pkcs7 = malloc(pkcs7_len); rv = est_client_copy_cacerts(ectx, pkcs7); /* * Dump the retrieved cert to stdout */ if (verbose) { dumpbin(pkcs7, pkcs7_len); } /* * Generate the output file name, which contains the thread ID * and iteration number. */ snprintf(file_name, MAX_FILENAME_LEN, "%s/cacert.pkcs7", out_dir); write_binary_file(file_name, pkcs7, pkcs7_len); free(pkcs7); } } if (enroll && getcsr) { operation = "Regular enrollment with server-defined attributes"; rv = regular_enroll_attempt(ectx); if (rv == EST_ERR_CA_ENROLL_RETRY) { /* * go get the retry period */ rv = est_client_copy_retry_after(ectx, &retry_delay, &retry_time); if (verbose) { printf("\nretry after period copy rv = %d " "Retry-After delay seconds = %d " "Retry-After delay time = %s\n", rv, retry_delay, ctime(&retry_time) ); } if (rv == EST_ERR_NONE) { retry_enroll_delay(retry_delay, retry_time); } /* * now that we're back, try to enroll again */ rv = regular_enroll_attempt(ectx); } } else if (enroll && !getcsr) { operation = "Simple enrollment without server-defined attributes"; rv = simple_enroll_attempt(ectx); if (rv == EST_ERR_CA_ENROLL_RETRY) { /* * go get the retry period */ rv = est_client_copy_retry_after(ectx, &retry_delay, &retry_time); if (verbose) { printf("\nretry after period copy rv = %d " "Retry-After delay seconds = %d " "Retry-After delay time = %s\n", rv, retry_delay, ctime(&retry_time) ); } if (rv == EST_ERR_NONE) { retry_enroll_delay(retry_delay, retry_time); } /* * now that we're back, try to enroll again */ rv = simple_enroll_attempt(ectx); } } else if (!enroll && getcsr) { operation = "Get CSR attribues"; rv = regular_csr_attempt(ectx); } /* Split reenroll from enroll to allow both messages to be sent */ if (reenroll) { operation = "Re-enrollment"; rv = est_client_reenroll(ectx, client_cert, &pkcs7_len, client_priv_key); if (verbose) { printf("\nreenroll rv = %d (%s) with pkcs7 length = %d\n", rv, EST_ERR_NUM_TO_STR(rv), pkcs7_len); } if (rv == EST_ERR_NONE) { /* * client library has obtained the new client certificate. * now retrieve it from the library */ new_client_cert = malloc(pkcs7_len); if (new_client_cert == NULL) { if (verbose) { printf("\nmalloc of destination buffer for reenroll cert failed\n"); } } rv = est_client_copy_enrolled_cert(ectx, new_client_cert); if (verbose) { printf("\nreenroll copy rv = %d\n", rv); } if (rv == EST_ERR_NONE) { /* * Enrollment copy worked, dump the pkcs7 cert to stdout */ if (verbose) { dumpbin(new_client_cert, pkcs7_len); } } /* * Generate the output file name, which contains the thread ID * and iteration number. */ snprintf(file_name, MAX_FILENAME_LEN, "%s/newcert", out_dir); save_cert(file_name, new_client_cert, pkcs7_len); free(new_client_cert); } } if (rv != EST_ERR_NONE) { /* * something went wrong. */ printf("\n%s failed with code %d (%s)\n", operation, rv, EST_ERR_NUM_TO_STR(rv)); } est_destroy(ectx); ERR_clear_error(); ERR_remove_thread_state(NULL); }
/* * Test2 - exercise the response variations triggered * by est_client_get_csrattrs() */ static void us896_test2(void) { EST_CTX *ctx; unsigned char *pkey = NULL; unsigned char *cacerts = NULL; int cacerts_len = 0; EST_ERROR rc = EST_ERR_NONE; unsigned char *retrieved_cacerts = NULL; int retrieved_cacerts_len = 0; EVP_PKEY *priv_key; SLEEP(1); LOG_FUNC_NM ; /* * Read in the CA certificates */ cacerts_len = read_binary_file(CLIENT_UT_CACERT, &cacerts); CU_ASSERT(cacerts_len > 0); /* * Read in the private key file */ priv_key = read_private_key(CLIENT_UT_PUBKEY); if (priv_key == NULL) { printf("\nError while reading private key file %s\n", CLIENT_UT_PUBKEY); return; } ctx = est_client_init(cacerts, cacerts_len, EST_CERT_FORMAT_PEM, client_manual_cert_verify); CU_ASSERT(ctx != NULL); rc = est_client_set_auth(ctx, "", "", NULL, priv_key); CU_ASSERT(rc == EST_ERR_NONE); est_client_set_server(ctx, US896_SERVER_IP, US896_SERVER_PORT, NULL); /* * issue the get ca certs request */ rc = est_client_get_cacerts(ctx, &retrieved_cacerts_len); /* * should be successful, and should have obtained a valid buffer * containing the CA certs */ CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(retrieved_cacerts_len > 0); retrieved_cacerts = malloc(retrieved_cacerts_len); rc = est_client_copy_cacerts(ctx, retrieved_cacerts); /* * output the retrieved ca certs and compare to what they should be */ if (retrieved_cacerts) { printf("\nRetrieved CA Certs buffer:\n %s\n", retrieved_cacerts); printf("Retrieved CA certs buffer length: %d\n", retrieved_cacerts_len); } free(retrieved_cacerts); /* * All of these are negative tests and require that code in the * EST server is modified such that it will allow bad/corrupted * attributes to be initialized so they can be sent to the client. */ #ifdef NEGATIVE_UNIT_TEST unsigned char *csr_data; int csr_len; /* clear callback */ if (est_set_csr_cb(ectx, NULL)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } rc = est_server_init_csrattrs(ectx, TEST_CORRUPT_ATTR1, strlen(TEST_CORRUPT_ATTR1)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc != EST_ERR_NONE); CU_ASSERT(csr_len == 0); CU_ASSERT(csr_data == NULL); rc = est_server_init_csrattrs(ectx, TEST_CORRUPT_ATTR2, strlen(TEST_CORRUPT_ATTR2)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc != EST_ERR_NONE); CU_ASSERT(csr_len == 0); CU_ASSERT(csr_data == NULL); rc = est_server_init_csrattrs(ectx, TEST_SHORT_ATTR, strlen(TEST_SHORT_ATTR)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc != EST_ERR_NONE); CU_ASSERT(csr_len == 0); CU_ASSERT(csr_data == NULL); rc = est_server_init_csrattrs(ectx, TEST_LONG_ATTR, strlen(TEST_LONG_ATTR)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc != EST_ERR_NONE); CU_ASSERT(csr_len == 0); CU_ASSERT(csr_data == NULL); #endif if (ctx) { est_destroy(ctx); } if (cacerts) { free(cacerts); } if (pkey) { free(pkey); } }
/* * est_proxy_retrieve_cacerts() issues a request to the server to obtain the * CA Certs chain to be used for Get CA Certs requests from clients. * The CA Cert chain returned from the server are passed back to the caller. * * It's the responsibility of the caller to free up this buffer. */ EST_ERROR est_proxy_retrieve_cacerts (EST_CTX *ctx, unsigned char **cacerts_rtn, int *cacerts_rtn_len) { EST_CTX *client_ctx; EST_ERROR rv; int rcvd_cacerts_len; unsigned char *rcvd_cacerts; if (ctx == NULL) { EST_LOG_ERR("Ctx not passed to %s", __FUNCTION__); return (EST_ERR_NO_CTX); } if (cacerts_rtn == NULL || cacerts_rtn_len == NULL) { EST_LOG_ERR("Ctx not passed to %s", __FUNCTION__); return (EST_ERR_INVALID_PARAMETERS); } *cacerts_rtn = NULL; *cacerts_rtn_len = 0; /* * Get the client context for this thread */ client_ctx = get_client_ctx(ctx); if (!client_ctx) { EST_LOG_ERR("Unable to obtain client context for proxy operation"); return (EST_ERR_NO_CTX); } rv = est_client_get_cacerts(client_ctx, &rcvd_cacerts_len); if (rv != EST_ERR_NONE) { EST_LOG_ERR("Unable to retrieve CA Certs from upstream server RC = %s", EST_ERR_NUM_TO_STR(rv)); return (rv); } /* * Allocate a buffer to retrieve the CA certs * and get them copied in */ rcvd_cacerts = malloc(rcvd_cacerts_len); if (rcvd_cacerts == NULL) { EST_LOG_ERR("Unable to malloc buffer for cacerts received from server"); return (EST_ERR_MALLOC); } rv = est_client_copy_cacerts(client_ctx, rcvd_cacerts); if (rv != EST_ERR_NONE) { EST_LOG_ERR("Unable to copy CA Certs from upstream server RC = %s", EST_ERR_NUM_TO_STR(rv)); free(rcvd_cacerts); return (rv); } /* * The retrieving of the CA certs through the normal client * interface causes the client to go back into an uninitialized state. * In this case though, we're getting it just for passing it back * to the downstream clients, so we're going to put this client * context back into the initialized state */ client_ctx->est_client_initialized = 1; *cacerts_rtn = rcvd_cacerts; *cacerts_rtn_len = rcvd_cacerts_len; return (EST_ERR_NONE); }
/* * Test2 - exercise the server side variations triggered * by est_client_get_csrattrs() */ static void us900_test2 (void) { EST_CTX *ctx; unsigned char *pkey = NULL; unsigned char *cacerts = NULL; int cacerts_len = 0; EST_ERROR rc = EST_ERR_NONE; unsigned char *retrieved_cacerts = NULL; int retrieved_cacerts_len = 0; EVP_PKEY *priv_key; int csr_len; unsigned char *csr_data = NULL; sleep(1); LOG_FUNC_NM; /* * Read in the CA certificates */ cacerts_len = read_binary_file(CLIENT_UT_CACERT, &cacerts); CU_ASSERT(cacerts_len > 0); /* * Read in the private key file */ priv_key = read_private_key(CLIENT_UT_PUBKEY); if (priv_key == NULL) { printf("\nError while reading private key file %s\n", CLIENT_UT_PUBKEY); return; } ctx = est_client_init(cacerts, cacerts_len, EST_CERT_FORMAT_PEM, client_manual_cert_verify); CU_ASSERT(ctx != NULL); rc = est_client_set_auth(ctx, "", "", NULL, priv_key); CU_ASSERT(rc == EST_ERR_NONE); est_client_set_server(ctx, US900_SERVER_IP, US900_SERVER_PORT); /* * issue the get ca certs request */ rc = est_client_get_cacerts(ctx, &retrieved_cacerts_len); /* * should be successful, and should have obtained a valid buffer * containing the CA certs */ CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(retrieved_cacerts_len > 0); retrieved_cacerts = malloc(retrieved_cacerts_len); rc = est_client_copy_cacerts(ctx, retrieved_cacerts); /* * output the retrieved ca certs and compare to what they should be */ if (retrieved_cacerts) { printf("\nRetrieved CA Certs buffer:\n %.*s\n", retrieved_cacerts_len, retrieved_cacerts); printf("Retrieved CA certs buffer length: %d\n", retrieved_cacerts_len); } free(retrieved_cacerts); /* clear callback */ if (est_set_csr_cb(ectx, NULL)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } /* clear csrattrs */ rc = est_server_init_csrattrs(ectx, NULL, 0); CU_ASSERT(rc == EST_ERR_NONE); /* should get 204 with no data */ rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == 0); CU_ASSERT(csr_data == NULL); /* Real base64 string - should pass */ rc = est_server_init_csrattrs(ectx, TEST_ATTR_POP, strlen(TEST_ATTR_POP)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR_POP)); CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *)csr_data, csr_len) == 0); if (est_set_csr_cb(ectx, &handle_corrupt_csrattrs_request)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } /* callback should supersede init csrattrs */ rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == 0); if (est_set_csr_cb(ectx, &handle_short_csrattrs_request)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } /* callback should supersede init csrattrs */ rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == 0); if (est_set_csr_cb(ectx, &handle_long_csrattrs_request)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } /* callback should supersede init csrattrs */ rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == 0); if (est_set_csr_cb(ectx, &handle_correct_csrattrs_request)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } /* callback should supersede init csrattrs */ rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR1)); CU_ASSERT(strncmp(TEST_ATTR1, (const char *)csr_data, csr_len) == 0); /* clear csrattrs */ rc = est_server_init_csrattrs(ectx, NULL, 0); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR1)); CU_ASSERT(strncmp(TEST_ATTR1, (const char *)csr_data, csr_len) == 0); /* clear callback */ if (est_set_csr_cb(ectx, NULL)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } /* Setting the smallest size */ rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR2)); CU_ASSERT(strncmp(TEST_ATTR2, (const char *)csr_data, csr_len) == 0); rc = est_server_init_csrattrs(ectx, TEST_ATTR3, strlen(TEST_ATTR3)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR3)); CU_ASSERT(strncmp(TEST_ATTR3, (const char *)csr_data, csr_len) == 0); /* clear csrattrs */ rc = est_server_init_csrattrs(ectx, NULL, 0); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == 0); rc = est_server_init_csrattrs(ectx, TEST_1024_NOPOP, strlen(TEST_1024_NOPOP)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_1024_NOPOP)); CU_ASSERT(strncmp(TEST_1024_NOPOP, (const char *)csr_data, csr_len) == 0); /* Enable PoP and test responses with PoP added */ st_enable_pop(); rc = est_server_init_csrattrs(ectx, TEST_ATTR_POP, strlen(TEST_ATTR_POP)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_data != NULL); CU_ASSERT(csr_len = 20); CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *)csr_data, csr_len) == 0); rc = est_server_init_csrattrs(ectx, TEST_1024_NOPOP, strlen(TEST_1024_NOPOP)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_1024_POP)); CU_ASSERT(strncmp(TEST_1024_POP, (const char *)csr_data, csr_len) == 0); /* Setting the size 122 */ rc = est_server_init_csrattrs(ectx, TEST_ATTR4_122, strlen(TEST_ATTR4_122)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR4_122POP)); CU_ASSERT(strncmp(TEST_ATTR4_122POP, (const char *)csr_data, csr_len) == 0); /* Setting the size 117 */ rc = est_server_init_csrattrs(ectx, TEST_ATTR5_117, strlen(TEST_ATTR5_117)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR5_117POP)); CU_ASSERT(strncmp(TEST_ATTR5_117POP, (const char *)csr_data, csr_len) == 0); /* Real base64 string needs PoP added - should pass */ rc = est_server_init_csrattrs(ectx, TEST_ATTR_NOPOP, strlen(TEST_ATTR_NOPOP)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOPPOP)); CU_ASSERT(strncmp(TEST_ATTR_NOPOPPOP, (const char *)csr_data, csr_len) == 0); /* Not a real base64 string - should fail */ rc = est_server_init_csrattrs(ectx, "US900 test1", 11); CU_ASSERT(rc != EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR_POP)); CU_ASSERT(strncmp(TEST_ATTR_POP, (const char *)csr_data, csr_len) == 0); /* Setting the smallest size */ rc = est_server_init_csrattrs(ectx, TEST_ATTR2, strlen(TEST_ATTR2)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR2_POP)); CU_ASSERT(strncmp(TEST_ATTR2_POP, (const char *)csr_data, csr_len) == 0); /* Setting the size 116 */ rc = est_server_init_csrattrs(ectx, TEST_ATTR6_116, strlen(TEST_ATTR6_116)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); /* Setting the size 244 */ rc = est_server_init_csrattrs(ectx, TEST_ATTR_244, strlen(TEST_ATTR_244)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); /* Setting the size 245 */ rc = est_server_init_csrattrs(ectx, TEST_ATTR_245, strlen(TEST_ATTR_245)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); /* Setting the size 250 */ rc = est_server_init_csrattrs(ectx, TEST_ATTR_250, strlen(TEST_ATTR_250)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR_250POP)); CU_ASSERT(strncmp(TEST_ATTR_250POP, (const char *)csr_data, csr_len) == 0); if (est_set_csr_cb(ectx, &handle_correct_csrattrs_request)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR1)); CU_ASSERT(strncmp(TEST_ATTR1, (const char *)csr_data, csr_len) == 0); if (est_set_csr_cb(ectx, &handle_nopop_csrattrs_request)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOPPOP)); CU_ASSERT(strncmp(TEST_ATTR_NOPOPPOP, (const char *)csr_data, csr_len) == 0); if (est_set_csr_cb(ectx, &handle_empty_csrattrs_request)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR2_POP)); CU_ASSERT(strncmp(TEST_ATTR2_POP, (const char *)csr_data, csr_len) == 0); /* disable PoP */ st_disable_pop(); /* clear callback */ if (est_set_csr_cb(ectx, NULL)) { printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n"); exit(1); } /* Real base64 string PoP should not be added - should pass */ rc = est_server_init_csrattrs(ectx, TEST_ATTR_NOPOP, strlen(TEST_ATTR_NOPOP)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ATTR_NOPOP)); CU_ASSERT(strncmp(TEST_ATTR_NOPOP, (const char *)csr_data, csr_len) == 0); /* All ASN.1 types supported by OpenSSL */ rc = est_server_init_csrattrs(ectx, TEST_ALL_ATTR, strlen(TEST_ALL_ATTR)); CU_ASSERT(rc == EST_ERR_NONE); rc = est_client_get_csrattrs(ctx, &csr_data, &csr_len); CU_ASSERT(rc == EST_ERR_NONE); CU_ASSERT(csr_len == strlen(TEST_ALL_ATTR)); CU_ASSERT(strncmp(TEST_ALL_ATTR, (const char *)csr_data, csr_len) == 0); rc = est_server_init_csrattrs(ectx, TEST_1025_NOPOP, strlen(TEST_1025_NOPOP)); CU_ASSERT(rc != EST_ERR_NONE); rc = est_server_init_csrattrs(ectx, TEST_LONG_ATTR, strlen(TEST_LONG_ATTR)); CU_ASSERT(rc != EST_ERR_NONE); if (ctx) { est_destroy(ctx); } if (cacerts) { free(cacerts); } if (pkey) { free(pkey); } }