gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 19:11:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v2.0.49
certctl/internal/domain/scep.go
T
shankar0123 bcefb11e65 feat(M51): add SCEP server (RFC 8894) for MDM and network device enrollment 
Implements Simple Certificate Enrollment Protocol with single-endpoint
operation-based dispatch (GetCACaps, GetCACert, PKIOperation), PKCS#7
SignedData CSR extraction with fallback for raw/base64 CSR, challenge
password authentication via CSR attributes, and shared internal/pkcs7
package extracted from EST handler to eliminate code duplication.

24 new tests (11 service + 13 handler) plus 5 shared pkcs7 package tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-15 16:47:18 -04:00

41 lines
1.5 KiB
Go
Raw Permalink Blame History

package domain
// SCEPEnrollResult holds the result of a SCEP (RFC 8894) enrollment operation.
type SCEPEnrollResult struct {
CertPEM string `json:"cert_pem"` // PEM-encoded signed certificate
ChainPEM string `json:"chain_pem"` // PEM-encoded CA chain
}
// SCEPMessageType identifies the type of SCEP PKI message.
type SCEPMessageType int
const (
// SCEPMessageTypePKCSReq is a PKCS#10 certificate request (initial enrollment).
SCEPMessageTypePKCSReq SCEPMessageType = 19
// SCEPMessageTypeGetCertInitial is a polling request for a pending certificate.
SCEPMessageTypeGetCertInitial SCEPMessageType = 20
)
// SCEPPKIStatus represents the status of a SCEP PKI operation.
type SCEPPKIStatus string
const (
// SCEPStatusSuccess indicates the request was granted.
SCEPStatusSuccess SCEPPKIStatus = "0"
// SCEPStatusFailure indicates the request was rejected.
SCEPStatusFailure SCEPPKIStatus = "2"
// SCEPStatusPending indicates the request is pending manual approval.
SCEPStatusPending SCEPPKIStatus = "3"
)
// SCEPFailInfo represents the reason for a SCEP failure.
type SCEPFailInfo string
const (
SCEPFailBadAlg SCEPFailInfo = "0" // Unrecognized or unsupported algorithm
SCEPFailBadMessageCheck SCEPFailInfo = "1" // Integrity check failed
SCEPFailBadRequest SCEPFailInfo = "2" // Transaction not permitted or supported
SCEPFailBadTime SCEPFailInfo = "3" // Message time field was not sufficiently close to system time
SCEPFailBadCertID SCEPFailInfo = "4" // No certificate could be identified matching the provided criteria
)
Reference in New Issue View Git Blame Copy Permalink