Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Service::SCEUseroContributed:PerliDocumCEP::Command::PKIOperation(3)

Name
       OpenXPKI::Service::SCEP::Command::PKIOperation

Description
       Implements the functionality required to	answer SCEP PKIOperation
       messages.

Functions
   execute
       Parses the PKCS#7 container for the message type, calls a function
       depending on that type and returns the result, including	the HTTP
       header needed for the scep CGI script.

   __send_cert
       Create the response for the GetCert request by extracting the serial
       number from the request,	find the certificate and return	it.

   __send_crl
       Create the response for the GetCRL request by extracting	the used CA
       certificate from	the request and	returning its crl.

   __pkcs_req
       Called by execute if the	message	type is	'PKCSReq' (19).	This is	the
       message type that is used when an SCEP client asks for a	certificate.
       Named parameters	are TOKEN and PKCS7, where token is a token from the
       OpenXPKI::Crypto::TokenManager of type 'SCEP'. PKCS7 is the PKCS#7 data
       received	from the client. Using the crypto token, the transaction ID of
       the request is acquired.	Using this transaction ID, a database lookup
       is done (using the datapool) to see whether there is already an
       existing	workflow corresponding to the transaction ID.

       If there	is no workflow,	a new one of the type defined in the server
       configuration is	created	and the	(base64-encoded) PKCS#7	request	as
       well as the transaction ID is saved in the workflow context. From there
       on, the work takes place	in the workflow.

       If there	is a workflow, the status of this workflow is looked up	and
       the response depends on the status:
	 - if the status is not	'SUCCESS' or 'FAILURE',	the request is still
	   pending, and	a corresponding	message	is returned to the SCEP
       client.
	 - if the status is 'SUCCESS', the certificate is extracted from the
	   workflow and	returned to the	SCEP client.
	 - if the status is 'FAILURE' and the retry interval has not elapsed,
	   the failure code is extracted from the workflow and returned	to
	   the client.
	 - if the status is 'FAILURE' and the retry interval has elapsed,
	   the failed workflow is unlinked from	this transaction id and	a
	   new one is started

perl v5.24.1		     OpenXPKI::Service::SCEP::Command::PKIOperation(3)

Name | Description | Functions

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Service::SCEP::Command::PKIOperation&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help