Re: [Libpki-users] Fwd: ejbca does not recognize

[Massimiliano P. <Mas...@Da...>]

Hi,

you should not use the _get_certs_num() as that will return the number
of signing certificates - that is when the PKCS#7 file has been signed.

Since the data in the response is the certificate and it is not encrypted,
you should just retrieve the bytes from the PKCS#7 and generate a new
cert. I should add the function to the SCEP API, for now, try this:

    // Assuming you have your data in p7 variables (PKI_X509_PKCS7)

    PKI_MEM *mem = NULL;
    PKI_X509_CERT *cert = NULL;

    if((mem = PKI_X509_PKCS7_get_data( p7, NULL, NULL )) == NULL ) {
       // Memory error
       ...
    }

    if( cert = PKI_X509_get_mem( mem, PKI_DATATYPE_X509_CERT,
                                          NULL, NULL) == PKI_ERR) {
       // An error occurred
    };

    // Now you can safely save the certificate
    rv = PKI_X509_CERT_put( cert, PKI_DATA_FORMAT_PEM, "cert.pem",
                                          NULL, NULL, NULL);

    if( rv == PKI_ERR ) {
       // Error while saving...
       ...
    };

Let me know if this works. This might become the core of a new function:

    PKI_X509 * obj = PKI_SCEP_DATA_get_x509_obj( PKI_X509_PKCS7 *p7,
                                         PKI_DATATYPE type );

Cheers,
Max


On 02/23/2011 03:55 AM, pradeep reddy wrote:
>
>
> Hi Max,
> I used the first method, using PKI_X509_PKCS7 structures.
> And EJBCA is sending the sucess response.But response mesage does not
> contain created certificate
> I am running folowing code:
> URL_put_data_url ( url, scepmem, (char *) mime, &sceprespmem, 60, 0, ssl );
> p7_resp = PKI_X509_PKCS7_get_mem ( p7_resp_mem, NULL );
> PKI_X509_PKCS7_put ( p7_resp, PKI_DATA_FORMAT_PEM, "scep-resp.pem",NULL,
> cred, NULL );
> PKI_X509_PKCS7_put ( p7_resp, PKI_DATA_FORMAT_TXT, "scep-resp.txt",NULL,
> cred, NULL );
> int certnum =  PKI_X509_PKCS7_get_certs_num( p7_resp );
> Here certnum returns -1. Below o/p, certificates fields is NULL, though




-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                   op...@ac...
                                                  pro...@op...

Dartmouth Computer Science Dept               Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory                          Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
							   -- Isaac Asimov