ssl, public_key: trace config

5 files changed, 102 insertions, 5 deletions

diff --git a/lib/public_key/src/pubkey_ocsp.erl b/lib/public_key/src/pubkey_ocsp.erl
index b627a74e6a..f923eae78e 100644
--- a/lib/public_key/src/pubkey_ocsp.erl
+++ b/lib/public_key/src/pubkey_ocsp.erl
@@ -28,6 +28,8 @@
          ocsp_status/1,
          verify_ocsp_response/3,
          decode_ocsp_response/1]).
+%% Tracing
+-export([handle_trace/3]).
 
 -spec get_ocsp_responder_id(#'Certificate'{}) -> binary().
 get_ocsp_responder_id(#'Certificate'{tbsCertificate = TbsCert}) ->
@@ -204,3 +206,36 @@ enc_pub_key({DsaInt, #'Dss-Parms'{}}) when is_integer(DsaInt) ->
     public_key:der_encode('DSAPublicKey', DsaInt);
 enc_pub_key({#'ECPoint'{point = Key}, _ECParam}) ->
     Key.
+
+%%%################################################################
+%%%#
+%%%# Tracing
+%%%#
+handle_trace(csp,
+             {call, {?MODULE, do_verify_ocsp_response, [BasicOcspResponse | _]}}, Stack) ->
+    #'BasicOCSPResponse'{
+       tbsResponseData =
+           #'ResponseData'{responderID = ResponderID,
+                           producedAt = ProducedAt}} = BasicOcspResponse,
+    {io_lib:format("ResponderId = ~W producedAt = ~p", [ResponderID, 5, ProducedAt]), Stack};
+handle_trace(csp,
+             {call, {?MODULE, match_single_response,
+                     [_IssuerName, _IssuerKey, _SerialNum,
+                     [#'SingleResponse'{thisUpdate = ThisUpdate,
+                                        nextUpdate = NextUpdate}]]}}, Stack) ->
+    {io_lib:format("ThisUpdate = ~p NextUpdate = ~p", [ThisUpdate, NextUpdate]), Stack};
+handle_trace(csp,
+             {call, {?MODULE, is_responder, [Id, Cert]}}, Stack) ->
+    {io_lib:format("~nId = ~P~nCert = ~P", [Id, 10, Cert, 10]), Stack};
+handle_trace(csp,
+             {call, {?MODULE, find_single_response, [Cert, IssuerCert | _]}}, Stack) ->
+    {io_lib:format("#2 OCSP validation started~nCert = ~W IssuerCert = ~W",
+                   [Cert, 7, IssuerCert, 7]), Stack};
+    %% {io_lib:format("#2 OCSP validation started~nCert = ~s IssuerCert = ~s",
+    %%                [ssl_test_lib:format_cert(Cert),
+    %%                 ssl_test_lib:format_cert(IssuerCert)]), Stack};
+
+handle_trace(csp,
+             {return_from, {?MODULE, is_responder, 2}, Return},
+             Stack) ->
+    {io_lib:format("Return = ~p", [Return]), Stack}.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 50e75dc899..3fa419802c 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -69,6 +69,8 @@
          cacerts_load/1,
          cacerts_clear/0
 	]).
+%% Tracing
+-export([handle_trace/3]).
 
 %%----------------
 %% Moved to ssh
@@ -2060,3 +2062,40 @@ ocsp_responses(OCSPResponseDer, ResponderCerts, Nonce) ->
 
 subject_public_key_info(Alg, PubKey) ->
     #'OTPSubjectPublicKeyInfo'{algorithm = Alg, subjectPublicKey = PubKey}.
+
+%%%################################################################
+%%%#
+%%%# Tracing
+%%%#
+handle_trace(csp,
+             {call, {?MODULE, ocsp_responder_id, [Cert]}}, Stack) ->
+    {io_lib:format("pkix_decode_cert(Cert, plain) = ~W", [Cert, 5]),
+    %% {io_lib:format("pkix_decode_cert(Cert, plain) = ~s", [ssl_test_lib:format_cert(Cert)]),
+     Stack};
+handle_trace(csp,
+             {return_from, {?MODULE, ocsp_responder_id, 1}, Return},
+             Stack) ->
+    {io_lib:format("OCSP Responder ID = ~P", [Return, 10]), Stack};
+handle_trace(csp,
+             {call, {?MODULE, ocsp_responses, _Args}}, Stack) ->
+    {io_lib:format("[pkix_decode_cert(C, plain) || C <- ResponderCerts]", []),
+     Stack};
+handle_trace(crt,
+             {call, {?MODULE, pkix_decode_cert, [Cert, _Type]}}, Stack) ->
+    {io_lib:format("Cert = ~W", [Cert, 5]), Stack};
+    %% {io_lib:format("Cert = ~s", [ssl_test_lib:format_cert(Cert)]), Stack};
+handle_trace(csp,
+             {call, {?MODULE, pkix_ocsp_validate, [Cert, IssuerCert | _]}}, Stack) ->
+    {io_lib:format("#2 OCSP validation started~nCert = ~W IssuerCert = ~W",
+                   [Cert, 7, IssuerCert, 7]), Stack};
+    %% {io_lib:format("#2 OCSP validation started~nCert = ~s IssuerCert = ~s",
+    %%                [ssl_test_lib:format_cert(Cert),
+    %%                 ssl_test_lib:format_cert(IssuerCert)]), Stack};
+handle_trace(csp,
+             {call, {?MODULE, otp_cert, [Cert]}}, Stack) ->
+    {io_lib:format("Cert = ~W", [Cert, 5]), Stack};
+    %% {io_lib:format("Cert = ~s", [ssl_test_lib:format_cert(otp_cert(Cert))]), Stack};
+handle_trace(csp,
+             {return_from, {?MODULE, pkix_ocsp_validate, 5}, Return},
+             Stack) ->
+    {io_lib:format("#2 OCSP validation result = ~p", [Return]), Stack}.
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 0ea7a0ac16..c8b7bb3dde 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -834,11 +834,14 @@ cert_auth_member(ChainSubjects, CertAuths) ->
 handle_trace(crt,
              {call, {?MODULE, validate, [Cert, StatusOrExt| _]}}, Stack) ->
     {io_lib:format("[~W] StatusOrExt = ~W", [Cert, 3, StatusOrExt, 10]), Stack};
+    %% {io_lib:format("(~s) StatusOrExt = ~W",
+    %%                [ssl_test_lib:format_cert(Cert), StatusOrExt, 10]), Stack};
 handle_trace(crt, {call, {?MODULE, verify_cert_extensions,
                           [Cert,
                            _UserState,
                            [], _Context]}}, Stack) ->
     {io_lib:format(" no more extensions [~W]", [Cert, 3]), Stack};
+    %% {io_lib:format(" no more extensions (~s)", [ssl_test_lib:format_cert(Cert)]), Stack};
 handle_trace(crt, {call, {?MODULE, verify_cert_extensions,
                           [Cert,
                            #{ocsp_responder_certs := _ResponderCerts,
@@ -849,7 +852,11 @@ handle_trace(crt, {call, {?MODULE, verify_cert_extensions,
     {io_lib:format("#2 OcspState = ~W Issuer = [~W] OcspResponsDer = ~W [~W]",
                    [OcspState, 10, Issuer, 3, OcspResponsDer, 2, Cert, 3]),
      Stack};
+    %% {io_lib:format("#2 OcspState = ~W Issuer = (~s) OcspResponsDer = ~W (~s)",
+    %%                [OcspState, 10, ssl_test_lib:format_cert(Issuer),
+    %%                 OcspResponsDer, 2, ssl_test_lib:format_cert(Cert)]),
 handle_trace(crt, {return_from,
                    {ssl_certificate, verify_cert_extensions, 4},
                    {valid, #{issuer := Issuer}}}, Stack) ->
     {io_lib:format(" extensions valid Issuer = ~W", [Issuer, 3]), Stack}.
+    %% {io_lib:format(" extensions valid Issuer = ~s", [ssl_test_lib:format_cert(Issuer)]), Stack}.
diff --git a/lib/ssl/src/ssl_trace.erl b/lib/ssl/src/ssl_trace.erl
index c91297a0b8..80aa2e8283 100644
--- a/lib/ssl/src/ssl_trace.erl
+++ b/lib/ssl/src/ssl_trace.erl
@@ -431,11 +431,18 @@ trace_profiles() ->
       [{ssl_handshake, [{maybe_add_certificate_status_request, 4},
                         {client_hello_extensions, 10}, {cert_status_check, 5},
                         {get_ocsp_responder_list, 1}, {handle_ocsp_extension, 2},
+                        {path_validation, 10},
                         {handle_server_hello_extensions, 10},
                         {handle_client_hello_extensions, 10},
                         {cert_status_check, 5}]},
-       {public_key, [{ocsp_extensions, 1}, %%{pkix_decode_cert, 2},
-                     {pkix_ocsp_validate, 5}]},
+       {public_key, [{ocsp_extensions, 1}, {ocsp_responses, 3},
+                     {pkix_ocsp_validate, 5}, {ocsp_responder_id, 1},
+                     {ocsp_status, 3}, {otp_cert, 1}]},
+       {pubkey_ocsp, [{find_responder_cert, 2}, {do_verify_ocsp_signature, 4},
+                      {verify_ocsp_response, 3}, {verify_ocsp_nonce, 2},
+                      {verify_ocsp_signature, 5}, {do_verify_ocsp_response, 3},
+                      {is_responder, 2}, {find_single_response, 3},
+                      {ocsp_status, 1}, {match_single_response, 4}]},
        {ssl, [{opt_ocsp, 3}]},
        {ssl_certificate, [{verify_cert_extensions, 4}]},
        {ssl_test_lib, [{init_openssl_server, 3}, {openssl_server_loop, 3}]},
@@ -447,11 +454,18 @@ trace_profiles() ->
      {crt, %% certificates
       fun(M, F, A) -> dbg:tpl(M, F, A, x) end,
       fun(M, F, A) -> dbg:ctpl(M, F, A) end,
-      [{public_key, [{pkix_path_validation, 3}]},
-       {ssl_certificate, [{validate, 3}]},
+      [{public_key, [{pkix_path_validation, 3}, {path_validation, 2},
+                     {pkix_decode_cert, 2}]},
+       {ssl_certificate, [{validate, 3}, {trusted_cert_and_paths, 4},
+                          {certificate_chain, 3}, {certificate_chain, 5},
+                          {issuer, 1}]},
+       {ssl_cipher, [{filter, 3}]},
        {ssl_gen_statem, [{initial_hello, 3}]},
        {ssl_handshake, [{path_validate, 11}, {path_validation, 10},
+                        {select_hashsign, 5}, {get_cert_params, 1},
+                        {cert_curve, 3},
                         {maybe_check_hostname, 3}, {maybe_check_hostname, 3}]},
+       {ssl_pkix_db, [{decode_cert, 2}]},
        {tls_handshake_1_3, [{path_validation, 10}]},
        {tls_server_connection_1_3, [{init,1}]},
        {tls_client_connection_1_3, [{init,1}]},
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 2cda32efde..bf552550a2 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1464,7 +1464,9 @@ format_cert(#'OTPCertificate'{tbsCertificate = Cert} = OtpCert) ->
                 {error, _} ->
                     io_lib:format("~.3w:~s ->    :~s", [Nr, format_subject(Subject), format_subject(Issuer)])
             end
-    end.
+    end;
+format_cert(Cert) ->
+    io_lib:format("Format failed for ~p", [Cert]).
 
 format_subject({rdnSequence, Seq}) ->
     format_subject(Seq);