osmo-smdpp: Make error message more descriptive

Before this patch we had three different error causes that would cause a "Verification failed" error message. Let's state explicitly which part of verification did actually fail. Change-Id: I5030758fe365bb802ae367b494aace5a66bc7a91
2026-03-16 18:38:32 +03:00 · 2024-05-30 19:32:07 +02:00
parent 56912caac7
commit 64a5901c4c
1 changed files with 3 additions and 3 deletions
--- a/osmo-smdpp.py
+++ b/osmo-smdpp.py
@@ -325,14 +325,14 @@ class SmDppHttpServer:
        try:
            cs.verify_cert_chain(euicc_cert)
        except VerifyError:
-            raise ApiError('8.1.3', '6.1', 'Verification failed')
+            raise ApiError('8.1.3', '6.1', 'Verification failed (certificate chain)')
        #   raise ApiError('8.1.3', '6.3', 'Expired')


        # Verify euiccSignature1 over euiccSigned1 using pubkey from euiccCertificate.
        # Otherwise, the SM-DP+ SHALL return a status code "eUICC - Verification failed"
        if not self._ecdsa_verify(euicc_cert, euiccSignature1_bin, euiccSigned1_bin):
-            raise ApiError('8.1', '6.1', 'Verification failed')
+            raise ApiError('8.1', '6.1', 'Verification failed (euiccSignature1 over euiccSigned1)')

        # TODO: verify EID of eUICC cert is  within permitted range of EUM cert

@@ -343,7 +343,7 @@ class SmDppHttpServer:
        # serverChallenge returned by the eUICC. Otherwise, the SM-DP+ SHALL return a status code "eUICC -
        # Verification failed".
        if euiccSigned1['serverChallenge'] != ss.serverChallenge:
-            raise ApiError('8.1', '6.1', 'Verification failed')
+            raise ApiError('8.1', '6.1', 'Verification failed (serverChallenge)')

        # If ctxParams1 contains a ctxParamsForCommonAuthentication data object, the SM-DP+ Shall [...]
        # TODO: We really do a very simplistic job here, this needs to be properly implemented later,