Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support NDES with scepclient #43

Merged
merged 4 commits into from
Jul 9, 2017
Merged

Support NDES with scepclient #43

merged 4 commits into from
Jul 9, 2017

Conversation

groob
Copy link
Member

@groob groob commented Jul 9, 2017

Refactoring a bunch of related bugs to make scpeclient work with windows.

groob added 2 commits July 8, 2017 23:00
@groob
encode GET and POST PKIOperation
16b5328 
Usually I would write request.Body = ioutil.NopCloser(someReader) but this breaks
IIS because it doesnot support chunked Transfer-Encoding unless explicitly
configured.

Example sending ioutil.NopCloser(strings.NewReader("hello")) to a server:

	POST / HTTP/1.1
	Host: localhost:9000
	Transfer-Encoding: chunked
	Accept-Encoding: gzip
	Content-Type: application/x-www-form-urlencoded
	User-Agent: Go-http-client/1.1

	5
	hello
	0

With this request, IIS responds with:

	HTTP/1.1 200 OK
	Content-Length: 0
	Date: Sat, 08 Jul 2017 20:12:56 GMT
	Server: Microsoft-IIS/10.0
	X-Powered-By: ASP.NET

If the message is not a io.ReadCloser, then Content-Length is set:

	POST / HTTP/1.1
	Host: localhost:9000
	Accept-Encoding: gzip
	Content-Length: 5
	Content-Type: application/x-www-form-urlencoded
	User-Agent: Go-http-client/1.1

	hello%
@groob
improve error handling in client
948cec0 
- check for failInfo if needed.
- wrap errors.
- implement fmt.Stringer for failInfo and messageType.
groob added 2 commits July 9, 2017 00:31
@groob
add ca fingerprint flag
8cf6ada 
use an md5 fingerprint to determinte the recipient of the pkcs7 message and
return a chain starting with that cert.

Sample for NDES server (2 is the fingerprint):

	0 WINSRV-MSCEP-RA  7b6673d4e87eaf5a66d7772bb86f5c94
	1 WINSRV-MSCEP-RA  f10007498a27451802f67f4e6a0daaf1
	2 WINSRV-CA  	   81c827d23daaf3b47399963267609b30
@groob
handle PENDING pkiStatus response from the server
0f9a1a6 
If the server returns a PENDING status, retry until SUCCESS or FAILURE.
@groob groob changed the title WIP: support NDES with scepclient Support NDES with scepclient Jul 9, 2017
@groob groob merged commit d09edff into micromdm:master Jul 9, 2017
@groob groob deleted the ndes_compatible_client branch July 9, 2017 05:19
@groob groob mentioned this pull request Jul 9, 2017
Closed
@groob groob mentioned this pull request Nov 6, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@groob