2022-03-24 15:08:23 +00:00
|
|
|
// Package scep implements Simple Certificate Enrollment Protocol related functionality.
|
2021-02-25 23:32:21 +00:00
|
|
|
package scep
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/x509"
|
|
|
|
"encoding/asn1"
|
|
|
|
|
2021-03-26 21:04:18 +00:00
|
|
|
microscep "github.com/micromdm/scep/v2/scep"
|
2021-02-25 23:55:37 +00:00
|
|
|
"go.mozilla.org/pkcs7"
|
2021-02-25 23:32:21 +00:00
|
|
|
)
|
|
|
|
|
2021-03-10 20:13:05 +00:00
|
|
|
// FailInfoName models the name/value of failInfo
|
|
|
|
type FailInfoName microscep.FailInfo
|
|
|
|
|
|
|
|
// FailInfo models a failInfo object consisting of a
|
|
|
|
// name/identifier and a failInfoText, the latter of
|
|
|
|
// which can be more descriptive and is intended to be
|
|
|
|
// read by humans.
|
|
|
|
type FailInfo struct {
|
|
|
|
Name FailInfoName
|
|
|
|
Text string
|
|
|
|
}
|
|
|
|
|
2021-02-25 23:32:21 +00:00
|
|
|
// SCEP OIDs
|
|
|
|
var (
|
|
|
|
oidSCEPmessageType = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 2}
|
|
|
|
oidSCEPpkiStatus = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 3}
|
|
|
|
oidSCEPfailInfo = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 4}
|
|
|
|
oidSCEPsenderNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 5}
|
|
|
|
oidSCEPrecipientNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 6}
|
|
|
|
oidSCEPtransactionID = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 7}
|
2021-03-10 20:13:05 +00:00
|
|
|
oidSCEPfailInfoText = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 24}
|
2021-03-10 21:39:20 +00:00
|
|
|
//oidChallengePassword = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 7}
|
2021-02-25 23:32:21 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// PKIMessage defines the possible SCEP message types
|
|
|
|
type PKIMessage struct {
|
|
|
|
microscep.TransactionID
|
|
|
|
microscep.MessageType
|
|
|
|
microscep.SenderNonce
|
|
|
|
*microscep.CSRReqMessage
|
|
|
|
|
|
|
|
*CertRepMessage
|
|
|
|
|
|
|
|
// DER Encoded PKIMessage
|
|
|
|
Raw []byte
|
|
|
|
|
|
|
|
// parsed
|
2021-03-06 22:24:49 +00:00
|
|
|
P7 *pkcs7.PKCS7
|
2021-02-25 23:32:21 +00:00
|
|
|
|
|
|
|
// decrypted enveloped content
|
|
|
|
pkiEnvelope []byte
|
|
|
|
|
|
|
|
// Used to sign message
|
|
|
|
Recipients []*x509.Certificate
|
|
|
|
}
|
|
|
|
|
|
|
|
// CertRepMessage is a type of PKIMessage
|
|
|
|
type CertRepMessage struct {
|
|
|
|
microscep.PKIStatus
|
|
|
|
microscep.RecipientNonce
|
|
|
|
microscep.FailInfo
|
|
|
|
|
|
|
|
Certificate *x509.Certificate
|
|
|
|
|
|
|
|
degenerate []byte
|
|
|
|
}
|