GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Service::LibSCEP::Command::PKIOperation(3) User Contributed Perl Documentation OpenXPKI::Service::LibSCEP::Command::PKIOperation(3)

OpenXPKI::Service::LibSCEP::Command::PKIOperation

Implements the functionality required to answer SCEP PKIOperation messages.

Parses the PKCS#7 container for the message type, calls a function depending on that type and returns the result, including the HTTP header needed for the scep CGI script.

Create the response for the GetCert request by extracting serial number and issuer from the request, find the certificate and return it.

Create the response for the GetCRL request by extracting the issuer and serial from the request. As we do not support scoped CRLs yet it is sufficient to check the issuer dn but to catch situations where the issuer dn is used over multiple generations we search for both.

Called by execute if the message type is 'PKCSReq' (19). This is the message type that is used when an SCEP client asks for a certificate. Named parameters are TOKEN and PKCS7, where token is a token from the OpenXPKI::Crypto::TokenManager of type 'SCEP'. PKCS7 is the sanitized PKCS#7 data received from the client including an (artificial) start and end line. Using the crypto token, the transaction ID of the request is acquired. Using this transaction ID, a database lookup is done (using the datapool) to see whether there is already an existing workflow corresponding to the transaction ID.

If there is no workflow, a new one of the type defined in the server configuration is created and the (base64-encoded) PKCS#7 request as well as the transaction ID is saved in the workflow context. From there on, the work takes place in the workflow.

If there is a workflow, the status of this workflow is looked up and the response depends on the status: - as long as the workflow is not in the "finished" process state, a pending message is send. - if the status is 'SUCCESS', the certificate is extracted from the workflow and returned to the SCEP client. - in any other case a FAILURE response is sent. If the context item scep_error is set to a proper SCEP error code it is used, default is to send "badRequest".

2022-05-14 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.