Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help


       Implements the functionality required to	answer SCEP PKIOperation

       Parses the PKCS#7 container for the message type, calls a function
       depending on that type and returns the result, including	the HTTP
       header needed for the scep CGI script.

       Create the response for the GetCert request by extracting the serial
       number from the request,	find the certificate and return	it.

       Create the response for the GetCRL request by extracting	the used CA
       certificate from	the request and	returning its crl.

       Called by execute if the	message	type is	'PKCSReq' (19).	This is	the
       message type that is used when an SCEP client asks for a	certificate.
       Named parameters	are TOKEN and PKCS7, where token is a token from the
       OpenXPKI::Crypto::TokenManager of type 'SCEP'. PKCS7 is the PKCS#7 data
       received	from the client. Using the crypto token, the transaction ID of
       the request is acquired.	Using this transaction ID, a database lookup
       is done (using the datapool) to see whether there is already an
       existing	workflow corresponding to the transaction ID.

       If there	is no workflow,	a new one of the type defined in the server
       configuration is	created	and the	(base64-encoded) PKCS#7	request	as
       well as the transaction ID is saved in the workflow context. From there
       on, the work takes place	in the workflow.

       If there	is a workflow, the status of this workflow is looked up	and
       the response depends on the status:
	 - as long as the workflow is not in the "finished" process state, a
	   pending message is send.
	 - if the status is 'SUCCESS', the certificate is extracted from the
	   workflow and	returned to the	SCEP client.
	 - in any other	case a FAILURE response	is sent. If the	context	item
	   scep_error is set to	a proper SCEP error code it is used, default
	   is to send "badRequest".

perl v5.32.0		     OpenXPKI::Service::SCEP::Command::PKIOperation(3)

Name | Description | Functions

Want to link to this manual page? Use this URL:

home | help