summaryrefslogtreecommitdiff
path: root/src/scepclient/scep.h
blob: f64c6b1ccde338497c93fb18fbd3c660081278f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/**
 * @file scep.h
 * @brief SCEP specific functions
 *
 * Contains functions to build and parse SCEP requests and replies
 */

/*
 * Copyright (C) 2005 Jan Hutter, Martin Willi
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#ifndef _SCEP_H
#define _SCEP_H

#include <credentials/certificates/certificate.h>

#include "../pluto/defs.h"
#include "../pluto/pkcs7.h"

/* supported SCEP operation types */
typedef enum {
	SCEP_PKI_OPERATION,
	SCEP_GET_CA_CERT
} scep_op_t;

/* SCEP pkiStatus values */
typedef enum {
   SCEP_SUCCESS,
   SCEP_FAILURE,
   SCEP_PENDING,
   SCEP_UNKNOWN
} pkiStatus_t;

/* SCEP messageType values */
typedef enum {
   SCEP_CertRep_MSG,
   SCEP_PKCSReq_MSG,
   SCEP_GetCertInitial_MSG,
   SCEP_GetCert_MSG,
   SCEP_GetCRL_MSG,
   SCEP_Unknown_MSG
} scep_msg_t;

/* SCEP failure reasons */
typedef enum {
   SCEP_badAlg_REASON =          0,
   SCEP_badMessageCheck_REASON = 1,
   SCEP_badRequest_REASON =      2,
   SCEP_badTime_REASON =         3,
   SCEP_badCertId_REASON =       4,
   SCEP_unknown_REASON =         5
} failInfo_t;

/* SCEP attributes */
typedef struct {
	scep_msg_t  msgType;
	pkiStatus_t pkiStatus;
	failInfo_t  failInfo;
	chunk_t     transID;
	chunk_t     senderNonce;
	chunk_t     recipientNonce;
} scep_attributes_t;

extern const scep_attributes_t empty_scep_attributes;

extern bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
extern void scep_generate_transaction_id(public_key_t *key,
										 chunk_t *transID,
										 chunk_t *serialNumber);
extern chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
extern chunk_t scep_transId_attribute(chunk_t transaction_id);
extern chunk_t scep_messageType_attribute(scep_msg_t m);
extern chunk_t scep_senderNonce_attribute(void);
extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
								  certificate_t *enc_cert, int enc_alg,
								  certificate_t *signer_cert, int digest_alg,
								  private_key_t *private_key);
extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
							  bool http_get_request, chunk_t *response);
extern err_t scep_parse_response(chunk_t response, chunk_t transID,
								 contentInfo_t *data, scep_attributes_t *attrs,
								 certificate_t *signer_cert);

#endif /* _SCEP_H */