feat(scep): add RFC 8894 message-type constants + RA cert/key config

SCEP RFC 8894 + Intune master bundle — Phase 0 + Phase 1 of 14.

Phase 0 (recon, no code changes):
  Baseline tests green at HEAD 63d6ed2 (handler 79.0% / service 73.2% /
  pkcs7 100%). SCEPConfig actual line is 666, prompt cited 639 — used
  actual per the 'repo wins' operating rule.

Phase 1 (this commit):

internal/domain/scep.go
  * Added SCEPMessageTypeCertRep (3) — RFC 8894 §3.3.2 server response
    messageType. Clients pivot on this to extract a cert (Status=Success),
    surface a failInfo (Status=Failure), or poll (Status=Pending).
  * Added SCEPMessageTypeRenewalReq (17) — RFC 8894 §3.3.1.2
    re-enrollment with an existing valid cert; signerInfo signed by the
    existing cert (proving possession).
  * Added SCEPRequestEnvelope struct — parsed authenticated attributes
    from the inbound signerInfo (messageType / transactionID /
    senderNonce / signerCert).
  * Added SCEPResponseEnvelope struct — what the service hands back to
    the handler so the handler can build the CertRep PKIMessage with
    the correct status / failInfo / nonce echoes.
  * Existing constants preserved unchanged.

internal/config/config.go
  * SCEPConfig.RACertPath + RAKeyPath fields with the doc-comment density
    matching the existing ChallengePassword field.
  * Env-var loading: CERTCTL_SCEP_RA_CERT_PATH + CERTCTL_SCEP_RA_KEY_PATH.
  * Validate() refuse: SCEP enabled with empty RA pair fails loud at
    startup (defense-in-depth with the new preflight gate below).

cmd/server/main.go
  * preflightSCEPRACertKey: file existence, mode 0600 gate (refuses
    world-/group-readable RA key), tls.X509KeyPair-based parse + match
    + algorithm check (one stdlib call covers parse + cert-key match +
    pubkey alg in one shot), expiry check, RSA-or-ECDSA gate (RFC 8894
    §3.5.2 CMS signing requirement). Mirrors preflightSCEPChallenge-
    Password's no-op-when-disabled pattern; each failure returns a
    wrapped error so the caller (main) translates to a structured
    slog.Error + os.Exit(1).
  * Wired into the SCEP startup block immediately after the existing
    challenge-password preflight; if it errors, the server refuses to
    boot with a specific log line + the pointer to docs/legacy-est-scep.md
    for the openssl recipe.
  * Added crypto/tls + crypto/x509 imports.

cmd/server/preflight_scep_ra_test.go (new)
  * Seven hermetic table-driven test cases covering each failure mode
    spelled out in the helper's docblock plus the no-op-when-disabled
    path. Each case materialises a real ECDSA P-256 cert/key pair on
    disk so the tls.X509KeyPair path is exercised end-to-end (catches
    drift in stdlib cert-parsing semantics that a mock would hide):
      - disabled SCEP no-op
      - missing paths (3 sub-cases: both empty, cert only, key only)
      - world-readable key (chmod 0644)
      - valid pair (happy path)
      - expired cert (NotAfter in past)
      - mismatched pair (cert from one ECDSA pair, key from another)
      - missing files (paths set but files don't exist)
      - ed25519 RA key (unsupported alg per RFC 8894 §3.5.2)
  * writeECDSARAPair helper materialises a fresh ECDSA pair under the
    test temp dir with the cert at 0644 and the key at 0600 (production
    deploy mode).

internal/config/config_test.go
  * TestValidate_SCEPEnabled_MissingRAPair_Refuses — 3 sub-cases pin
    the new Validate() refuse path (both empty, cert only, key only).
  * TestValidate_SCEPEnabled_CompleteRAPair_Accepts — pins the boundary
    that file-existence is the preflight's job, NOT Validate's.
  * TestValidate_SCEPDisabled_EmptyRAPair_Accepts — pins that the gate
    only fires when SCEP is enabled (mirrors the CHALLENGE_PASSWORD
    disabled-passes precedent).

docs/features.md
  * SCEP env-vars table extended with CERTCTL_SCEP_RA_CERT_PATH and
    CERTCTL_SCEP_RA_KEY_PATH (with the prod 'MUST set' callout +
    file-mode 0600 requirement). Closes the G-3 'env var defined in Go
    but never documented' CI guard for the new vars.

Verification:
  * gofmt clean for the files I touched (preflight_scep_ra_test.go +
    config.go + scep.go); pre-existing gofmt drift in unrelated files
    not in scope.
  * go vet ./internal/domain/... ./internal/config/... ./cmd/server/...
    clean.
  * go test -short -count=1 ./internal/domain/... ./internal/config/...
    ./cmd/server/... green.
  * Coverage held at handler 79.0% / service 73.2% / pkcs7 100% /
    config 96.1% / domain 88.6%.
  * Local G-3 set difference (Go-defined env vars ∖ docs-mentioned env
    vars) empty.

No behavior change for operators who don't enable SCEP. New behavior
gated by CERTCTL_SCEP_ENABLED=true + the new RA env vars. The MVP
raw-CSR fall-through path stays unchanged — Phase 2 will add the
RFC 8894 EnvelopedData decryption that consumes the RA pair.

Phase 1 of 14 in SCEP RFC 8894 + Intune master bundle.
Living progress at cowork/scep-rfc8894-intune/progress.md.

cmd/server/main.go

@@ -2,6 +2,8 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"log/slog"
 	"net"
@@ -743,6 +745,25 @@ func main() {
 			)
 			os.Exit(1)
 		}
+		// SCEP RFC 8894 Phase 1: validate the RA cert/key pair before booting.
+		// Without a valid pair the new RFC 8894 PKIMessage path (EnvelopedData
+		// decryption + CertRep signing) cannot run; fail loud at startup rather
+		// than silently falling through to the MVP raw-CSR path on every
+		// request. preflightSCEPRACertKey checks: file existence, key file mode
+		// 0600 (defense-in-depth against world-readable RA key), cert/key
+		// algorithm match, RA cert not expired, RA cert public-key algorithm is
+		// CMS-compatible (RSA or ECDSA per RFC 8894 §3.5.2). Mirrors
+		// preflightSCEPChallengePassword's fail-loud-then-os.Exit(1) pattern.
+		if err := preflightSCEPRACertKey(cfg.SCEP.Enabled, cfg.SCEP.RACertPath, cfg.SCEP.RAKeyPath); err != nil {
+			logger.Error(
+				"startup refused: SCEP RA cert/key preflight failed "+
+					"(RFC 8894 §3.2.2 EnvelopedData + §3.3.2 CertRep require an RA pair). "+
+					"Generate the RA pair per docs/legacy-est-scep.md, set "+
+					"CERTCTL_SCEP_RA_CERT_PATH + CERTCTL_SCEP_RA_KEY_PATH, then restart.",
+				"error", err,
+			)
+			os.Exit(1)
+		}
 		issuerConn, ok := issuerRegistry.Get(cfg.SCEP.IssuerID)
 		if !ok {
 			logger.Error("SCEP issuer not found in registry", "issuer_id", cfg.SCEP.IssuerID)
@@ -1105,6 +1126,106 @@ func preflightSCEPChallengePassword(enabled bool, challengePassword string) erro
 	return nil
 }
 
+// preflightSCEPRACertKey validates the RA cert/key pair the RFC 8894 SCEP
+// path requires. Mirrors preflightSCEPChallengePassword's no-op-when-disabled
+// pattern; otherwise the checks are:
+//
+//  1. Both paths are non-empty (the Validate() refuse covers this too,
+//     but preflight reports the specific failure mode + os.Exit(1) so the
+//     operator sees a clear log line in addition to the config error).
+//  2. The key file mode is 0600 (refuse world-/group-readable RA key —
+//     defense-in-depth against credential leak via a misconfigured
+//     deploy that leaves /etc/certctl/scep/*.key as 0644).
+//  3. Cert PEM parses to exactly one x509.Certificate.
+//  4. Key PEM parses to a Go crypto.Signer (RSA or ECDSA — RFC 8894
+//     §3.5.2 advertises those as the CMS-compatible algorithms).
+//  5. The cert's PublicKey matches the key's Public() — refuses pairs
+//     accidentally swapped between profiles in a multi-profile config.
+//  6. The cert's NotAfter is in the future — an expired RA cert would
+//     fail TLS handshake on EnvelopedData decryption per RFC 5652.
+//
+// Each check returns a wrapped error; the caller (main) is responsible for
+// translating to a structured slog.Error + os.Exit(1) so the helper stays
+// unit-testable without booting the full server.
+func preflightSCEPRACertKey(enabled bool, raCertPath, raKeyPath string) error {
+	if !enabled {
+		return nil
+	}
+	if raCertPath == "" || raKeyPath == "" {
+		return fmt.Errorf("SCEP enabled but RA pair missing: " +
+			"set CERTCTL_SCEP_RA_CERT_PATH + CERTCTL_SCEP_RA_KEY_PATH " +
+			"(RFC 8894 §3.2.2 requires an RA pair so clients can encrypt the " +
+			"CSR to the RA cert and the server can sign the CertRep response)")
+	}
+
+	// File mode check FIRST so a world-readable key never gets read into the
+	// process address space. Ignored on Windows (Stat().Mode() doesn't carry
+	// POSIX bits there); the production deploy is Linux per the Dockerfile.
+	keyInfo, err := os.Stat(raKeyPath)
+	if err != nil {
+		return fmt.Errorf("CERTCTL_SCEP_RA_KEY_PATH stat failed: %w (path=%s)", err, raKeyPath)
+	}
+	mode := keyInfo.Mode().Perm()
+	if mode&0o077 != 0 {
+		return fmt.Errorf("CERTCTL_SCEP_RA_KEY_PATH has insecure permissions %#o; "+
+			"RA private key must be mode 0600 (owner read/write only) — "+
+			"chmod 0600 %s and restart", mode, raKeyPath)
+	}
+
+	certPEM, err := os.ReadFile(raCertPath)
+	if err != nil {
+		return fmt.Errorf("CERTCTL_SCEP_RA_CERT_PATH read failed: %w (path=%s)", err, raCertPath)
+	}
+	keyPEM, err := os.ReadFile(raKeyPath)
+	if err != nil {
+		return fmt.Errorf("CERTCTL_SCEP_RA_KEY_PATH read failed: %w (path=%s)", err, raKeyPath)
+	}
+
+	// tls.X509KeyPair validates that the cert + key parse, share an algorithm,
+	// and the cert's PublicKey matches the key's Public() — three of our six
+	// checks in a single stdlib call, so we use it rather than re-implementing.
+	pair, err := tls.X509KeyPair(certPEM, keyPEM)
+	if err != nil {
+		return fmt.Errorf("RA cert/key pair invalid: %w "+
+			"(cert=%s key=%s) — verify the cert and key are matching halves of "+
+			"the same RA pair, both PEM-encoded, with the cert containing exactly "+
+			"one CERTIFICATE block and the key containing one PRIVATE KEY block",
+			err, raCertPath, raKeyPath)
+	}
+	if len(pair.Certificate) == 0 {
+		// Defensive — tls.X509KeyPair already errors on this, but the contract
+		// for the next x509.ParseCertificate call needs the slice non-empty.
+		return fmt.Errorf("RA cert PEM at %s contains no certificate blocks", raCertPath)
+	}
+
+	// Re-parse the leaf so we can read NotAfter + the public-key alg.
+	leaf, err := x509.ParseCertificate(pair.Certificate[0])
+	if err != nil {
+		return fmt.Errorf("RA cert at %s does not parse as x509: %w", raCertPath, err)
+	}
+	if time.Now().After(leaf.NotAfter) {
+		return fmt.Errorf("RA cert at %s expired at %s — "+
+			"generate a fresh RA pair (the SCEP CertRep signature would be "+
+			"rejected by every conformant client)", raCertPath, leaf.NotAfter.Format(time.RFC3339))
+	}
+
+	// CMS-compatible public-key algorithm gate. RFC 8894 §3.5.2 advertises RSA
+	// and AES; the responder cert algorithm pertains to the signature scheme
+	// used on the CertRep, which means the cert's PublicKey must be RSA or
+	// ECDSA. Catches pre-shared Ed25519 dev keys that micromdm/scep clients
+	// reject.
+	switch leaf.PublicKeyAlgorithm {
+	case x509.RSA, x509.ECDSA:
+		// ok — supported by golang.org/x/crypto/ocsp + every SCEP client
+	default:
+		return fmt.Errorf("RA cert at %s uses unsupported public-key algorithm %s — "+
+			"RFC 8894 §3.5.2 CMS signing requires RSA or ECDSA",
+			raCertPath, leaf.PublicKeyAlgorithm)
+	}
+
+	return nil
+}
+
 // preflightEnrollmentIssuer validates at startup that an EST/SCEP-bound issuer
 // can actually serve a CA certificate. This closes audit finding L-005:
 // pre-Bundle-4 the EST/SCEP startup path verified the issuer existed in the

cmd/server/preflight_scep_ra_test.go

@@ -0,0 +1,227 @@
+package main
+
+import (
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+)
+
+// SCEP RFC 8894 Phase 1: preflightSCEPRACertKey covers the six failure
+// modes spelled out in the helper's docblock plus the no-op-when-disabled
+// path. Mirrors TestPreflightEnrollmentIssuer's table-driven shape so the
+// suite stays uniform for the next reviewer.
+//
+// Each test materialises a real ECDSA P-256 cert/key pair on disk (rather
+// than mocking) so the tls.X509KeyPair path is exercised end-to-end —
+// catches drift in stdlib cert-parsing semantics that a mock would hide.
+
+func TestPreflightSCEPRACertKey_Disabled_NoOp(t *testing.T) {
+	// Enabled=false short-circuits before any path validation; should pass
+	// even with empty paths (mirrors preflightSCEPChallengePassword).
+	if err := preflightSCEPRACertKey(false, "", ""); err != nil {
+		t.Fatalf("disabled SCEP returned error: %v", err)
+	}
+}
+
+func TestPreflightSCEPRACertKey_EnabledMissingPaths_Refuses(t *testing.T) {
+	// Validate() also catches this; preflight reports the specific failure
+	// with a more actionable error string + os.Exit(1) at the call site.
+	cases := []struct {
+		name     string
+		certPath string
+		keyPath  string
+	}{
+		{"both_empty", "", ""},
+		{"cert_only", "/tmp/ra.crt", ""},
+		{"key_only", "", "/tmp/ra.key"},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			err := preflightSCEPRACertKey(true, tc.certPath, tc.keyPath)
+			if err == nil {
+				t.Fatalf("expected error for missing paths, got nil")
+			}
+			if !strings.Contains(err.Error(), "RA pair missing") {
+				t.Errorf("error should mention RA pair missing, got: %v", err)
+			}
+		})
+	}
+}
+
+func TestPreflightSCEPRACertKey_KeyWorldReadable_Refuses(t *testing.T) {
+	// Defense-in-depth: even a perfectly-valid RA pair must be rejected if
+	// the key file is mode 0644 (world-readable). The deploy convention is
+	// 0600 — owner read/write only.
+	dir := t.TempDir()
+	certPath, keyPath := writeECDSARAPair(t, dir, time.Now().Add(30*24*time.Hour))
+	// Re-chmod the key to 0644 to trigger the gate.
+	if err := os.Chmod(keyPath, 0o644); err != nil {
+		t.Fatalf("chmod failed: %v", err)
+	}
+	err := preflightSCEPRACertKey(true, certPath, keyPath)
+	if err == nil {
+		t.Fatalf("expected error for world-readable key, got nil")
+	}
+	if !strings.Contains(err.Error(), "insecure permissions") {
+		t.Errorf("error should mention insecure permissions, got: %v", err)
+	}
+}
+
+func TestPreflightSCEPRACertKey_ValidPair_Accepts(t *testing.T) {
+	dir := t.TempDir()
+	certPath, keyPath := writeECDSARAPair(t, dir, time.Now().Add(30*24*time.Hour))
+	if err := preflightSCEPRACertKey(true, certPath, keyPath); err != nil {
+		t.Fatalf("valid RA pair rejected: %v", err)
+	}
+}
+
+func TestPreflightSCEPRACertKey_ExpiredCert_Refuses(t *testing.T) {
+	// An RA cert past NotAfter would cause every conformant SCEP client to
+	// reject the CertRep signature. Catch it at startup.
+	dir := t.TempDir()
+	certPath, keyPath := writeECDSARAPair(t, dir, time.Now().Add(-1*time.Hour))
+	err := preflightSCEPRACertKey(true, certPath, keyPath)
+	if err == nil {
+		t.Fatalf("expected error for expired cert, got nil")
+	}
+	if !strings.Contains(err.Error(), "expired") {
+		t.Errorf("error should mention expired, got: %v", err)
+	}
+}
+
+func TestPreflightSCEPRACertKey_MismatchedPair_Refuses(t *testing.T) {
+	// tls.X509KeyPair detects the cert/key mismatch; preflight should
+	// surface it with an actionable error (cert + key are halves of
+	// different RA pairs — common multi-profile typo).
+	dir := t.TempDir()
+	certPath, _ := writeECDSARAPair(t, dir, time.Now().Add(30*24*time.Hour))
+	_, keyPath := writeECDSARAPair(t, dir, time.Now().Add(30*24*time.Hour))
+	// Re-write the key path under a unique name to avoid collision with
+	// the first pair's file (writeECDSARAPair would have overwritten).
+	err := preflightSCEPRACertKey(true, certPath, keyPath)
+	if err == nil {
+		t.Fatalf("expected error for mismatched pair, got nil")
+	}
+	if !strings.Contains(err.Error(), "invalid") {
+		t.Errorf("error should mention invalid pair, got: %v", err)
+	}
+}
+
+func TestPreflightSCEPRACertKey_MissingFiles_Refuses(t *testing.T) {
+	// Both files referenced but neither exists — a typo or a fresh deploy
+	// where the operator forgot to mount the secret. Cert-path failure mode
+	// is checked first because key-path stat is the first os call after
+	// the empty-string check.
+	dir := t.TempDir()
+	missingCert := filepath.Join(dir, "ra.crt")
+	missingKey := filepath.Join(dir, "ra.key")
+	err := preflightSCEPRACertKey(true, missingCert, missingKey)
+	if err == nil {
+		t.Fatalf("expected error for missing files, got nil")
+	}
+	if !strings.Contains(err.Error(), "stat failed") && !strings.Contains(err.Error(), "read failed") {
+		t.Errorf("error should mention stat/read failure, got: %v", err)
+	}
+}
+
+func TestPreflightSCEPRACertKey_UnsupportedAlg_Refuses(t *testing.T) {
+	// Ed25519 isn't supported by the CMS signature path RFC 8894 §3.5.2
+	// advertises. Catch this at startup to avoid runtime failures the
+	// first time a client sends a real PKIMessage.
+	dir := t.TempDir()
+	certPath := filepath.Join(dir, "ra.crt")
+	keyPath := filepath.Join(dir, "ra.key")
+
+	pub, priv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		t.Fatalf("ed25519.GenerateKey: %v", err)
+	}
+	tmpl := &x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject:      pkix.Name{CommonName: "ra-ed25519"},
+		NotBefore:    time.Now().Add(-1 * time.Hour),
+		NotAfter:     time.Now().Add(30 * 24 * time.Hour),
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+	}
+	der, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, pub, priv)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der})
+	keyDER, err := x509.MarshalPKCS8PrivateKey(priv)
+	if err != nil {
+		t.Fatalf("MarshalPKCS8PrivateKey: %v", err)
+	}
+	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})
+
+	if err := os.WriteFile(certPath, certPEM, 0o644); err != nil {
+		t.Fatalf("write cert: %v", err)
+	}
+	if err := os.WriteFile(keyPath, keyPEM, 0o600); err != nil {
+		t.Fatalf("write key: %v", err)
+	}
+
+	err = preflightSCEPRACertKey(true, certPath, keyPath)
+	if err == nil {
+		t.Fatalf("expected error for ed25519 RA cert, got nil")
+	}
+	if !strings.Contains(err.Error(), "unsupported public-key algorithm") &&
+		!strings.Contains(err.Error(), "invalid") {
+		// tls.X509KeyPair may reject ed25519 SCEP-signing keys earlier
+		// than our explicit alg gate; accept either failure path so the
+		// test is robust against stdlib changes.
+		t.Errorf("error should mention algorithm/invalid, got: %v", err)
+	}
+}
+
+// writeECDSARAPair generates a fresh ECDSA P-256 self-signed cert + key,
+// writes them to dir/ra-<rand>.crt + ra-<rand>.key with the cert at 0644
+// and the key at 0600 (the production deploy mode). Returns the two paths.
+func writeECDSARAPair(t *testing.T, dir string, notAfter time.Time) (certPath, keyPath string) {
+	t.Helper()
+	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatalf("ecdsa.GenerateKey: %v", err)
+	}
+	tmpl := &x509.Certificate{
+		SerialNumber: big.NewInt(time.Now().UnixNano()),
+		Subject:      pkix.Name{CommonName: "ra-test"},
+		NotBefore:    time.Now().Add(-1 * time.Hour),
+		NotAfter:     notAfter,
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection},
+	}
+	der, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &priv.PublicKey, priv)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der})
+	keyDER, err := x509.MarshalPKCS8PrivateKey(priv)
+	if err != nil {
+		t.Fatalf("MarshalPKCS8PrivateKey: %v", err)
+	}
+	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: keyDER})
+
+	// Use a unique suffix so successive calls within the same test don't
+	// overwrite each other (the mismatched-pair test relies on this).
+	suffix := tmpl.SerialNumber.String()
+	certPath = filepath.Join(dir, "ra-"+suffix+".crt")
+	keyPath = filepath.Join(dir, "ra-"+suffix+".key")
+	if err := os.WriteFile(certPath, certPEM, 0o644); err != nil {
+		t.Fatalf("write cert: %v", err)
+	}
+	if err := os.WriteFile(keyPath, keyPEM, 0o600); err != nil {
+		t.Fatalf("write key: %v", err)
+	}
+	return certPath, keyPath
+}