51 sessionInfoPtr->receiveBufSize, &httpReqInfo );
52 memcpy( httpReqInfo.attribute,
"operation", 9 );
54 memcpy( httpReqInfo.value,
"GetCACert", 9 );
56 memcpy( httpReqInfo.extraData,
"message=*", 9 );
58 status = sread( &sessionInfoPtr->stream, &httpDataInfo,
74 "Invalid PKI message length %d", length ) );
77 checkObjectEncoding( sessionInfoPtr->receiveBuffer, length );
82 "Invalid PKI message encoding" ) );
87 sessionInfoPtr->receiveBuffer, length,
96 "Invalid SCEP CA certificate" ) );
98 sessionInfoPtr->iAuthInContext = createInfo.
cryptHandle;
101 status = processKeyFingerprint( sessionInfoPtr );
107 if( !
checkCACert( sessionInfoPtr->iAuthInContext ) )
111 "CA certificate usage restrictions prevent it from being "
134 time_t currentTime =
getTime();
169 &sessionInfoPtr->iCertRequest,
173 static const int version = 1;
202 &sessionInfoPtr->iCertRequest,
211 findSessionInfo( sessionInfoPtr->attributeList,
230 CRYPT_KEYUSAGE_KEYENCIPHERMENT;
257 currentTime += 86400;
269 sessionInfoPtr->privateKey );
275 "Couldn't create ephemeral self-signed SCEP "
295 &iNewCert, CRYPT_IATTRIBUTE_CERTCOPY_DATAONLY );
313 findSessionInfo( sessionInfoPtr->attributeList,
324 if( attributeListPtr != NULL )
336 sessionInfoPtr->privateKey );
342 "Couldn't finalise PKCS #10 certificate request" ) );
362 sessionInfoPtr->receiveBufSize );
370 "Couldn't get PKCS #10 request data from SCEP request "
377 status = envelopeWrap( sessionInfoPtr->receiveBuffer, msgData.
length,
378 sessionInfoPtr->receiveBuffer,
379 sessionInfoPtr->receiveBufSize, &dataLength,
381 sessionInfoPtr->iAuthInContext );
386 "Couldn't encrypt SCEP request data with CA key" ) );
392 status = createScepAttributes( sessionInfoPtr, protocolInfo,
398 "Couldn't create SCEP request signing attributes" ) );
403 status = envelopeSign( sessionInfoPtr->receiveBuffer, dataLength,
404 sessionInfoPtr->receiveBuffer,
405 sessionInfoPtr->receiveBufSize,
406 &sessionInfoPtr->receiveBufEnd,
414 "Couldn't sign request data with ephemeral SCEP "
418 sessionInfoPtr->receiveBufEnd );
446 sessionInfoPtr->receiveBufEnd );
447 status = envelopeSigCheck( sessionInfoPtr->receiveBuffer,
448 sessionInfoPtr->receiveBufEnd,
449 sessionInfoPtr->receiveBuffer,
450 sessionInfoPtr->receiveBufSize, &dataLength,
451 sessionInfoPtr->iAuthInContext, &sigResult,
452 NULL, &iCmsAttributes );
457 "Invalid CMS signed data in CA response" ) );
468 "Bad signature on CA response data" ) );
478 msgData.
length != protocolInfo->nonceSize || \
479 memcmp( buffer, protocolInfo->nonce, protocolInfo->nonceSize ) )
484 "Returned nonce doesn't match our original nonce" ) );
488 status = getScepStatusValue( iCmsAttributes,
493 status = getScepStatusValue( iCmsAttributes,
499 status = getScepStatusValue( iCmsAttributes,
510 "SCEP server reports that certificate issue operation "
511 "failed with error code %d", value ) );
515 status = envelopeUnwrap( sessionInfoPtr->receiveBuffer, dataLength,
516 sessionInfoPtr->receiveBuffer,
517 sessionInfoPtr->receiveBufSize, &dataLength,
518 sessionInfoPtr->privateKey );
523 "Couldn't decrypt CMS enveloped data in CA response" ) );
530 sessionInfoPtr->receiveBuffer, dataLength,
539 "Invalid PKCS #7 certificate chain in CA response" ) );
541 sessionInfoPtr->iCertResponse = createInfo.
cryptHandle;
564 if( sessionInfoPtr->iAuthInContext ==
CRYPT_ERROR )
566 status = createAdditionalScepRequest( sessionInfoPtr );
573 initSCEPprotocolInfo( &protocolInfo );
574 status = createScepCertRequest( sessionInfoPtr );
576 status = createScepCert( sessionInfoPtr, &protocolInfo );
581 status = createScepRequest( sessionInfoPtr, &protocolInfo );
585 sioctlSetString( &sessionInfoPtr->stream, STREAM_IOCTL_QUERY,
586 "operation=PKIOperation", 22 );
592 status = readPkiDatagram( sessionInfoPtr );
594 status = checkScepResponse( sessionInfoPtr, &protocolInfo );
610 return( clientTransact( sessionInfoPtr ) );
615 sessionInfoPtr->transactFunction = clientTransact;
616 status = pnpPkiSession( sessionInfoPtr );
617 sessionInfoPtr->transactFunction = clientTransactWrapper;
628 void initSCEPclientProcessing(
SESSION_INFO *sessionInfoPtr )
632 sessionInfoPtr->transactFunction = clientTransactWrapper;