pub async fn post_cmp(
__arg0: State<Arc<AppState>>,
body: Bytes,
) -> Result<Response, KipukaError>Expand description
POST /.well-known/cmp — process a CMP PKIMessage.
RFC 9810 §6.2: CMP messages are transported over HTTP using
Content-Type: application/pkixcmp. The request and response
bodies are DER-encoded PKIMessage values.
§Processing
- Validate Content-Type is
application/pkixcmp. - Parse the PKIMessage to extract message type and protection.
- Verify message protection (signature or MAC).
- Dispatch based on message type:
ir/cr→ enrollment (certificate issuance)kur→ key update (re-enrollment)rr→ revocationgenm→ general message (CA info, algorithms)certConf→ certificate confirmation
- Build and return the response PKIMessage.
§Errors
400 Bad Request— malformed PKIMessage, unsupported type403 Forbidden— MAC verification failure, untrusted signer415 Unsupported Media Type— wrong Content-Type500 Internal Server Error— CA backend failure