gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 13:51:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(M51): add SCEP server (RFC 8894) for MDM and network device enrollment

Browse Source 
Implements Simple Certificate Enrollment Protocol with single-endpoint
operation-based dispatch (GetCACaps, GetCACert, PKIOperation), PKCS#7
SignedData CSR extraction with fallback for raw/base64 CSR, challenge
password authentication via CSR attributes, and shared internal/pkcs7
package extracted from EST handler to eliminate code duplication.

24 new tests (11 service + 13 handler) plus 5 shared pkcs7 package tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-04-15 16:47:18 -04:00
parent 75cf8475f5
commit bcefb11e65
16 changed files with 1390 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/domain/scep.go
+40
View File
@@ -0,0 +1,40 @@
package domain
// SCEPEnrollResult holds the result of a SCEP (RFC 8894) enrollment operation.
type SCEPEnrollResult struct {
CertPEM string `json:"cert_pem"` // PEM-encoded signed certificate
ChainPEM string `json:"chain_pem"` // PEM-encoded CA chain
}
// SCEPMessageType identifies the type of SCEP PKI message.
type SCEPMessageType int
const (
// SCEPMessageTypePKCSReq is a PKCS#10 certificate request (initial enrollment).
SCEPMessageTypePKCSReq SCEPMessageType = 19
// SCEPMessageTypeGetCertInitial is a polling request for a pending certificate.
SCEPMessageTypeGetCertInitial SCEPMessageType = 20
)
// SCEPPKIStatus represents the status of a SCEP PKI operation.
type SCEPPKIStatus string
const (
// SCEPStatusSuccess indicates the request was granted.
SCEPStatusSuccess SCEPPKIStatus = "0"
// SCEPStatusFailure indicates the request was rejected.
SCEPStatusFailure SCEPPKIStatus = "2"
// SCEPStatusPending indicates the request is pending manual approval.
SCEPStatusPending SCEPPKIStatus = "3"
)
// SCEPFailInfo represents the reason for a SCEP failure.
type SCEPFailInfo string
const (
SCEPFailBadAlg SCEPFailInfo = "0" // Unrecognized or unsupported algorithm
SCEPFailBadMessageCheck SCEPFailInfo = "1" // Integrity check failed
SCEPFailBadRequest SCEPFailInfo = "2" // Transaction not permitted or supported
SCEPFailBadTime SCEPFailInfo = "3" // Message time field was not sufficiently close to system time
SCEPFailBadCertID SCEPFailInfo = "4" // No certificate could be identified matching the provided criteria
)