Compatibility with OpenXPKI

[tobuh]

Hi

Anyone tried to use this client with OpenXPKI server?

I tried to run the client, but got errors: ts=2023-12-21T15:56:06.228258504Z level=info op=PKIOperation error="http request failed with status 400 Unable to parse request, msg: [some binary data]

I use initial docker config for OpenXPKI. The setup is succesfully tested with sscep.

Greetings Tobi

[tobuh]

Meanwhile, I made a little progress. I enabled tracing on OpenXPKI and noticed some differences to SSCEP.

SSCEP uses content type "application/pkcs7", so I changed this manually in func EncodeSCEPRequest.

The other topic is the transaction id. I noticed a regex error on OpenXPKI side. SSCEP provides a hexadecimal string (e.g. "71BE711D014F473E51499455F3D32431"), while this library uses base64 encoding. I temporarily hardcoded the transaction id.

With both things changed I could successfully receive a certificate. How to proceed now? Who is out of specification? How do other servers behave? Can I overwrite the behaviour while calling the library? If yes, how?

Renewal is still not working (400 Signature invalid), but this still needs some proper investigation on my side.