Re: [OpenXPKI-users] [RPC API] Workflow definition for server-side key generation

Sat, 12 Aug 2023 13:47:56 -0700 

Hello Oliver.

A really appreciate your support. I was able to authenticate the RPC
request.

Now, I want to auto-approve the request based on the Eligibility criteria
set in the *my-realm/rpc/enroll.yaml:*

eligible:
    initial:
       value@: connector:rpc.enroll.connector.intranet
       args: '[% context.url_mac %]'

    renewal:
       value: 1

    onbehalf:
       value: 1

connector:
    intranet:
        class: OpenXPKI::Connector::Regex
        LOCATION: \w+\.openxpki.test(:[\w]+)?\z
    macs:


*In the RPC request:*

POST /rpc/enroll?mac=demo.openxpki.test HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: localhost:8443
Content-Length: 1195

method=RequestCertificate&
pkcs10={CSR}&
comment=test&
signature=a254eb2c1b2087ef190024cc7a3edfb75454a7c77bf8ce0badabeb54bfc2adb7


I am just testing the functionality but have not been successful. I set the
mac in query string with a valid string (must pass the regex evaluation)

*This is the RPC response I  receive :*
{
"result": {
"pid": 1313,
"retry_after": 300,
"data": {
"error_code": "Request was not approved",
"transaction_id": "b760bc72a3a4281c1550df20c2814d52a5e6b92a"
},
"proc_state": "manual",
"state": "PENDING",
"id": 6143
}
}


What am I missing?

An apology for being such a nuisance. If you are able to
receive donations, I would like to support with a donation.

Best regards.

El dom, 6 ago 2023 a las 1:03, Oliver Welter (<[email protected]>) escribió:

> Hello Antonio,
>
> the HMAC Secret is defined in the rpc/enroll.yaml configuration and the
> expected value is an HMAC256 (hex notation) of the DER encoded CSR.
>
> best regards
>
> Oliver
>
> On 05.08.23 06:36, Antonio Gamboa wrote:
> > Hi Oliver.
> >
> > I could set up the RPC API successfully, thanks.
> >
> > But, I have the following question, How I could create the signature
> > parameter in the RPC request? It is the HMAC authentication, right?
> > I want to send this signature to make an authenticated request in
> > order to avoid manual authorization in the UI
> >
> >
> > Best regards.
> >
> >
> > _______________________________________________
> > OpenXPKI-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
> --
> Protect your environment -  close windows and adopt a penguin!
>
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

























					Reply via email to