smallstep-certificates/scep/scep.go

package scep

import (
	"crypto/x509"
	"encoding/asn1"

	microscep "github.com/micromdm/scep/scep"

	//"github.com/smallstep/certificates/scep/pkcs7"

	"go.mozilla.org/pkcs7"
)

// SCEP OIDs
var (
	oidSCEPmessageType    = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 2}
	oidSCEPpkiStatus      = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 3}
	oidSCEPfailInfo       = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 4}
	oidSCEPsenderNonce    = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 5}
	oidSCEPrecipientNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 6}
	oidSCEPtransactionID  = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 7}
	oidChallengePassword  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 7}
)

// PKIMessage defines the possible SCEP message types
type PKIMessage struct {
	microscep.TransactionID
	microscep.MessageType
	microscep.SenderNonce
	*microscep.CSRReqMessage

	*CertRepMessage

	// DER Encoded PKIMessage
	Raw []byte

	// parsed
	p7 *pkcs7.PKCS7

	// decrypted enveloped content
	pkiEnvelope []byte

	// Used to sign message
	Recipients []*x509.Certificate
}

// CertRepMessage is a type of PKIMessage
type CertRepMessage struct {
	microscep.PKIStatus
	microscep.RecipientNonce
	microscep.FailInfo

	Certificate *x509.Certificate

	degenerate []byte
}
Refactor initialization of SCEP authority 2021-02-25 23:32:21 +00:00			`package scep`

			`import (`
			`"crypto/x509"`
			`"encoding/asn1"`

			`microscep "github.com/micromdm/scep/scep"`

Remove the copy of mozilla/pkcs7 Apparently the existing library works out of the box, after all. We'll have to see how it works out continuing forward. 2021-02-25 23:55:37 +00:00			`//"github.com/smallstep/certificates/scep/pkcs7"`

			`"go.mozilla.org/pkcs7"`
Refactor initialization of SCEP authority 2021-02-25 23:32:21 +00:00			`)`

			`// SCEP OIDs`
			`var (`
			`oidSCEPmessageType = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 2}`
			`oidSCEPpkiStatus = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 3}`
			`oidSCEPfailInfo = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 4}`
			`oidSCEPsenderNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 5}`
			`oidSCEPrecipientNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 6}`
			`oidSCEPtransactionID = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 7}`
			`oidChallengePassword = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 7}`
			`)`

			`// PKIMessage defines the possible SCEP message types`
			`type PKIMessage struct {`
			`microscep.TransactionID`
			`microscep.MessageType`
			`microscep.SenderNonce`
			`*microscep.CSRReqMessage`

			`*CertRepMessage`

			`// DER Encoded PKIMessage`
			`Raw []byte`

			`// parsed`
			`p7 *pkcs7.PKCS7`

			`// decrypted enveloped content`
			`pkiEnvelope []byte`

			`// Used to sign message`
			`Recipients []*x509.Certificate`
			`}`

			`// CertRepMessage is a type of PKIMessage`
			`type CertRepMessage struct {`
			`microscep.PKIStatus`
			`microscep.RecipientNonce`
			`microscep.FailInfo`

			`Certificate *x509.Certificate`

			`degenerate []byte`
			`}`