Manual Reference Pages - OPENXPKI::SERVICE::SCEP::COMMAND::PKIOPERATION (3)
Implements the functionality required to answer SCEP PKIOperation messages.
Parses the PKCS#7 container for the message type, calls a function
depending on that type and returns the result, including the HTTP
header needed for the scep CGI script.
Create the response for the GetCert request by extracting the serial number
from the request, find the certificate and return it.
Create the response for the GetCRL request by extracting the used CA certificate
from the request and returning its crl.
Called by execute if the message type is PKCSReq (19). This is the
message type that is used when an SCEP client asks for a certificate.
Named parameters are TOKEN and PKCS7, where token is a token from the
OpenXPKI::Crypto::TokenManager of type SCEP. PKCS7 is the PKCS#7 data
received from the client. Using the crypto token, the transaction ID of
the request is acquired. Using this transaction ID, a database lookup is done
(using the datapool) to see whether
there is already an existing workflow corresponding to the transaction ID.
If there is no workflow, a new one of the type defined in the server configuration
is created and the (base64-encoded) PKCS#7 request as well as the transaction
ID is saved in the workflow context. From there on, the work takes place in
If there is a workflow, the status of this workflow is looked up and the response
depends on the status:
- if the status is not SUCCESS or FAILURE, the request is still
pending, and a corresponding message is returned to the SCEP client.
- if the status is SUCCESS, the certificate is extracted from the
workflow and returned to the SCEP client.
- if the status is FAILURE and the retry interval has not elapsed,
the failure code is extracted from the workflow and returned to
- if the status is FAILURE and the retry interval has elapsed,
the failed workflow is unlinked from this transaction id and a
new one is started
|perl v5.20.3 ||OPENXPKI::SERVICE::SCEP::COMMAND::PKIOPERATION (3) ||2016-04-03 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.