smallstep-certificates/scep/scep.go
2023-10-24 21:48:24 +02:00

68 lines
1.7 KiB
Go

// Package scep implements Simple Certificate Enrollment Protocol related functionality.
package scep
import (
"crypto/x509"
"encoding/asn1"
"github.com/smallstep/pkcs7"
smallscep "github.com/smallstep/scep"
)
// FailInfoName models the name/value of failInfo
type FailInfoName smallscep.FailInfo
// FailInfo models a failInfo object consisting of a
// name/identifier and a failInfoText, the latter of
// which can be more descriptive and is intended to be
// read by humans.
type FailInfo struct {
Name FailInfoName
Text string
}
// SCEP OIDs
var (
oidSCEPmessageType = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 2}
oidSCEPpkiStatus = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 3}
oidSCEPfailInfo = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 4}
oidSCEPsenderNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 5}
oidSCEPrecipientNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 6}
oidSCEPtransactionID = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 7}
oidSCEPfailInfoText = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 24}
//oidChallengePassword = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 7}
)
// PKIMessage defines the possible SCEP message types
type PKIMessage struct {
smallscep.TransactionID
smallscep.MessageType
smallscep.SenderNonce
*smallscep.CSRReqMessage
*CertRepMessage
// DER Encoded PKIMessage
Raw []byte
// parsed
P7 *pkcs7.PKCS7
// decrypted enveloped content
pkiEnvelope []byte
// Used to sign message
Recipients []*x509.Certificate
}
// CertRepMessage is a type of PKIMessage
type CertRepMessage struct {
smallscep.PKIStatus
smallscep.RecipientNonce
smallscep.FailInfo
Certificate *x509.Certificate
degenerate []byte
}