[OpenXPKI-users] add "edit subject" and "edit san" to SCEP workflow

Fri, 11 Jan 2019 01:55:38 -0800 

Hi,
I am trying to add the functionality to edit the subject DN and SAN information before approving a CSR received through SCEP. So, I duplicated certificate_enroll.yaml, changed its prefix and added / extended the following states, actions and fields (taken from certificate_signing_request_v2) to the workflow: 

state:
    PENDING:
        label: I18N_OPENXPKI_UI_WORKFLOW_STATE_CSR_PENDING_LABEL
        description: I18N_OPENXPKI_UI_WORKFLOW_STATE_CSR_PENDING_DESC
        action:
          - edit_subject > UPDATE_REQUEST
          - edit_san > UPDATE_REQUEST

          - reject_request notify_request_rejected 
global_set_error_rejected > FAILURE ? global_is_operator
          - approve_csr calculate_approval_points > RECHECK_APPROVAL ? 
global_is_operator is_manual_approval_allowed
          - global_clear_error_code > START_APPROVAL ? 
is_eligibility_recheck_allowed

        output:
          - error_code
          - server
          - interface
          - cert_subject
          - cert_subject_alt_name
          - comment
          - cert_profile
          - request_mode
          - is_replace
          - is_eligible
          - eligibility_result
          - transaction_id
          - signer_cert_identifier
          - signer_revoked
          - signer_trusted
          - signer_authorized
          - signer_validity_ok
          - has_valid_challenge_password
          - has_valid_hmac
        button:
          edit_subject:
            format: optional
          edit_san:
            format: optional
          approve_csr:
            format: expected
          global_clear_error_code:

            label: 
I18N_OPENXPKI_UI_WORKFLOW_BUTTON_ELIGIBILITY_RECHECK_LABEL

            format: alternative
          reject_request:
            format: failure

    UPDATE_REQUEST:
        autorun: 1
        action:

          - cancel_approvals render_subject set_workflow_attributes > 
RECHECK_APPROVAL


...

action:
    edit_subject:
        class: OpenXPKI::Server::Workflow::Activity::Tools::SetSource

        uihandle: 
OpenXPKI::Client::UI::Handle::Profile::render_subject_form

        label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SUBJECT_LABEL
        description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SUBJECT_DESC
        input:
          - cert_subject_parts
        param:
            source: USER
        validator:
          - global_cert_subject_parts
          - global_common_name_length

    edit_san:
        class: OpenXPKI::Server::Workflow::Activity::Tools::SetSource

        uihandle: 
OpenXPKI::Client::UI::Handle::Profile::render_subject_form

        label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SAN_LABEL
        description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SAN_DESC
        input:
          - cert_san_parts
        param:
            source: USER
        validator:
          - global_cert_san_parts

    render_subject:
        class: OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject
        param:
            _map_cert_profile: $cert_profile

            _map_cert_subject_style: "[% IF context.cert_subject_style 
%][% context.cert_subject_style %][% ELSE %]enroll[% END %]"


...

field:
    cert_subject_parts:
        label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_LABEL
        name: cert_subject_parts

        description: 
I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_DESC
        placeholder: 
I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_PLACEHOLDER

        tooltip: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_TOOLTIP
        type: cert_subject
        required: 0

    cert_san_parts:
        label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_LABEL
        name: cert_san_parts
        description: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_DESC

        placeholder: 
I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_PLACEHOLDER

        tooltip: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_TOOLTIP
        type: cert_san
        required: 0

...


When a workflow is received through SCEP it pauses in state "PENDING". 
The buttons "edit subject" and "edit san" are displayed, yet, when I 
press either one a new page is displayed:

Edit Subject / Certificate Enrollment

Edit the items in the main subject of the certification request. The 
final subject will be composed from your input based on the selected 
profile and the PKIs policy. You can recheck and edit the subject before 
final submission.

"continue" "go back" "force failure"


But the input fields and their values are missing. When I press the 
"continue" button the error message "One or more subject fields have 
errors." is displayed on the top of the page. When I click "go back" the 
page returns to the "PENDING" page where I can approve the CSR which is 
then issued correctly. So, everything is working correctly except for 
the missing input fields for editing the subject or SAN. I assume that 
something is missing - maybe in "render_subject" action, but what?


Best regards
Ronny

--
*sc synergy GmbH*
Am Kümmerling 24-26 | 55294 Bodenheim | Deutschland
Fon: +49 6135 71691 - 000 | Fax: +49 6135 71691 - 199
http://www.scsynergy.com | [email protected]

Sitz der Gesellschaft Bodenheim, HRB 8830, Amtsgericht Mainz, 
Geschäftsführer: Christian Reichert

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to