execute

Parses the PKCS#7 container for the message type, calls a function depending on that type and returns the result, including the HTTP header needed for the scep CGI script.

__send_cert

Create the response for the GetCert request by extracting the serial number from the request, find the certificate and return it.

__send_crl

Create the response for the GetCRL request by extracting the used CA certificate from the request and returning its crl.

__pkcs_req

Called by execute if the message type is 'PKCSReq' (19). This is the message type that is used when an SCEP client asks for a certificate. Named parameters are TOKEN and PKCS7, where token is a token from the OpenXPKI::Crypto::TokenManager of type 'SCEP'. PKCS7 is the PKCS#7 data received from the client. Using the crypto token, the transaction ID of the request is acquired. Using this transaction ID, a database lookup is done (using the datapool) to see whether there is already an existing workflow corresponding to the transaction ID.

If there is no workflow, a new one of the type defined in the server configuration is created and the (base64-encoded) PKCS#7 request as well as the transaction ID is saved in the workflow context. From there on, the work takes place in the workflow.

If there is a workflow, the status of this workflow is looked up and the response depends on the status:
- as long as the workflow is not in the "finished" process state, a
pending message is send.
- if the status is 'SUCCESS', the certificate is extracted from the
workflow and returned to the SCEP client.
- in any other case a FAILURE response is sent. If the context item
scep_error is set to a proper SCEP error code it is used, default
is to send "badRequest".