Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Service::SCEUseroContributed:PerliDocumCEP::Command::PKIOperation(3)

Name
       OpenXPKI::Service::SCEP::Command::PKIOperation

Description
       Implements the functionality required to	answer SCEP PKIOperation
       messages.

Functions
   execute
       Parses the PKCS#7 container for the message type, calls a function
       depending on that type and returns the result, including	the HTTP
       header needed for the scep CGI script.

   __send_cert
       Create the response for the GetCert request by extracting the serial
       number from the request,	find the certificate and return	it.

   __send_crl
       Create the response for the GetCRL request by extracting	the used CA
       certificate from	the request and	returning its crl.

   __pkcs_req
       Called by execute if the	message	type is	'PKCSReq' (19).	This is	the
       message type that is used when an SCEP client asks for a	certificate.
       Named parameters	are TOKEN and PKCS7, where token is a token from the
       OpenXPKI::Crypto::TokenManager of type 'SCEP'. PKCS7 is the PKCS#7 data
       received	from the client. Using the crypto token, the transaction ID of
       the request is acquired.	Using this transaction ID, a database lookup
       is done (using the datapool) to see whether there is already an
       existing	workflow corresponding to the transaction ID.

       If there	is no workflow,	a new one of the type defined in the server
       configuration is	created	and the	(base64-encoded) PKCS#7	request	as
       well as the transaction ID is saved in the workflow context. From there
       on, the work takes place	in the workflow.

       If there	is a workflow, the status of this workflow is looked up	and
       the response depends on the status:
	 - as long as the workflow is not in the "finished" process state, a
	   pending message is send.
	 - if the status is 'SUCCESS', the certificate is extracted from the
	   workflow and	returned to the	SCEP client.
	 - in any other	case a FAILURE response	is sent. If the	context	item
	   scep_error is set to	a proper SCEP error code it is used, default
	   is to send "badRequest".

perl v5.32.0		     OpenXPKI::Service::SCEP::Command::PKIOperation(3)

Name | Description | Functions

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Service::SCEP::Command::PKIOperation&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help