GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  OPENXPKI::SERVICE::SCEP::COMMAND::PKIOPERATION (3)

.ds Aq ’

Name

OpenXPKI::Service::SCEP::Command::PKIOperation

CONTENTS

Description

Implements the functionality required to answer SCEP PKIOperation messages.

Functions

    execute

Parses the PKCS#7 container for the message type, calls a function depending on that type and returns the result, including the HTTP header needed for the scep CGI script.

    __send_cert

Create the response for the GetCert request by extracting the serial number from the request, find the certificate and return it.

    __send_crl

Create the response for the GetCRL request by extracting the used CA certificate from the request and returning its crl.

    __pkcs_req

Called by execute if the message type is ’PKCSReq’ (19). This is the message type that is used when an SCEP client asks for a certificate. Named parameters are TOKEN and PKCS7, where token is a token from the OpenXPKI::Crypto::TokenManager of type ’SCEP’. PKCS7 is the PKCS#7 data received from the client. Using the crypto token, the transaction ID of the request is acquired. Using this transaction ID, a database lookup is done (using the datapool) to see whether there is already an existing workflow corresponding to the transaction ID.

If there is no workflow, a new one of the type defined in the server configuration is created and the (base64-encoded) PKCS#7 request as well as the transaction ID is saved in the workflow context. From there on, the work takes place in the workflow.

If there is a workflow, the status of this workflow is looked up and the response depends on the status:
- if the status is not ’SUCCESS’ or ’FAILURE’, the request is still
pending, and a corresponding message is returned to the SCEP client.
- if the status is ’SUCCESS’, the certificate is extracted from the
workflow and returned to the SCEP client.
- if the status is ’FAILURE’ and the retry interval has not elapsed,
the failure code is extracted from the workflow and returned to
the client.
- if the status is ’FAILURE’ and the retry interval has elapsed,
the failed workflow is unlinked from this transaction id and a
new one is started

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 OPENXPKI::SERVICE::SCEP::COMMAND::PKIOPERATION (3) 2016-04-03

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.