Remove some duplicate and unnecessary logic

ca/ca.go

@@ -156,7 +156,6 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
 	// well as certificates via SCEP.
 	tlsConfig = nil
 
-	// TODO: get the SCEP service
 	scepPrefix := "scep"
 	scepAuthority, err := scep.New(auth, scep.AuthorityOptions{
 		IntermediateCertificatePath: config.IntermediateCert,

scep/api/api.go

@@ -16,6 +16,7 @@ import (
 	"github.com/smallstep/certificates/api"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/scep"
+	"go.mozilla.org/pkcs7"
 
 	microscep "github.com/micromdm/scep/scep"
 )
@@ -269,16 +270,24 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
 
 	response := SCEPResponse{Operation: opnPKIOperation}
 
+	// parse the message using microscep implementation
 	microMsg, err := microscep.ParsePKIMessage(request.Message)
 	if err != nil {
 		return SCEPResponse{}, err
 	}
 
+	p7, err := pkcs7.Parse(microMsg.Raw)
+	if err != nil {
+		return SCEPResponse{}, err
+	}
+
+	// copy over properties to our internal PKIMessage
 	msg := &scep.PKIMessage{
 		TransactionID: microMsg.TransactionID,
 		MessageType:   microMsg.MessageType,
 		SenderNonce:   microMsg.SenderNonce,
 		Raw:           microMsg.Raw,
+		P7:            p7,
 	}
 
 	if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {

scep/authority.go

@@ -198,27 +198,7 @@ func (a *Authority) GetCACertificates() ([]*x509.Certificate, error) {
 // DecryptPKIEnvelope decrypts an enveloped message
 func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) error {
 
-	data := msg.Raw
+	p7c, err := pkcs7.Parse(msg.P7.Content)
-
-	p7, err := pkcs7.Parse(data)
-	if err != nil {
-		return err
-	}
-
-	var tID microscep.TransactionID
-	if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
-		return err
-	}
-
-	var msgType microscep.MessageType
-	if err := p7.UnmarshalSignedAttribute(oidSCEPmessageType, &msgType); err != nil {
-		return err
-	}
-
-	msg.p7 = p7
-
-	//p7c, err := pkcs7.Parse(p7.Content)
-	p7c, err := pkcs7.Parse(p7.Content)
 	if err != nil {
 		return err
 	}
@@ -253,7 +233,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
 			CSR:               csr,
 			ChallengePassword: cp,
 		}
-		//msg.Certificate = p7.Certificates[0] // TODO: check if this is necessary to add (again)
 		return nil
 	case microscep.GetCRL, microscep.GetCert, microscep.CertPoll:
 		return fmt.Errorf("not implemented") //errNotImplemented
@@ -355,7 +334,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 		return nil, err
 	}
 
-	e7, err := pkcs7.Encrypt(deg, msg.p7.Certificates)
+	e7, err := pkcs7.Encrypt(deg, msg.P7.Certificates)
 	if err != nil {
 		return nil, err
 	}

scep/scep.go

@@ -35,7 +35,7 @@ type PKIMessage struct {
 	Raw []byte
 
 	// parsed
-	p7 *pkcs7.PKCS7
+	P7 *pkcs7.PKCS7
 
 	// decrypted enveloped content
 	pkiEnvelope []byte