|
|
| |
OpenXPKI::Service::SCEP::Command::PKIOperation(3) |
User Contributed Perl Documentation |
OpenXPKI::Service::SCEP::Command::PKIOperation(3) |
OpenXPKI::Service::SCEP::Command::PKIOperation
Implements the functionality required to answer SCEP PKIOperation messages.
Parses the PKCS#7 container for the message type, calls a function depending on
that type and returns the result, including the HTTP header needed for the
scep CGI script.
Create the response for the GetCert request by extracting the serial number from
the request, find the certificate and return it.
Create the response for the GetCRL request by extracting the used CA certificate
from the request and returning its crl.
Called by execute if the message type is 'PKCSReq' (19). This is the message
type that is used when an SCEP client asks for a certificate. Named parameters
are TOKEN and PKCS7, where token is a token from the
OpenXPKI::Crypto::TokenManager of type 'SCEP'. PKCS7 is the PKCS#7 data
received from the client. Using the crypto token, the transaction ID of the
request is acquired. Using this transaction ID, a database lookup is done
(using the datapool) to see whether there is already an existing workflow
corresponding to the transaction ID.
If there is no workflow, a new one of the type defined in the
server configuration is created and the (base64-encoded) PKCS#7 request as
well as the transaction ID is saved in the workflow context. From there on,
the work takes place in the workflow.
If there is a workflow, the status of this workflow is looked up
and the response depends on the status:
- as long as the workflow is not in the "finished" process state, a
pending message is send.
- if the status is 'SUCCESS', the certificate is extracted from the
workflow and returned to the SCEP client.
- in any other case a FAILURE response is sent. If the context item
scep_error is set to a proper SCEP error code it is used, default
is to send "badRequest".
Visit the GSP FreeBSD Man Page Interface. Output converted with ManDoc. |