pub async fn post_cms_simpleenroll(
label: LabelExtractor,
__arg1: State<Arc<AppState>>,
body: Bytes,
) -> Result<Response, KipukaError>Expand description
POST /.well-known/est/cms/simpleenroll
CMS-wrapped simple enrollment (RFC 8295 §4 + RFC 7030 §4.2).
§Request
| Header | Value |
|---|---|
| Content-Type | application/pkcs7-mime |
| Body | DER-encoded CMS SignedData wrapping a PKCS#10 CSR |
§Processing
- Verify CMS SignedData signature and signer certificate chain.
- Extract the PKCS#10 CSR payload from the signed content.
- Extract signer identity for authorization.
- Delegate to the standard enrollment logic.
- Optionally wrap the response certificate in CMS EnvelopedData.
§Response
| Header | Value |
|---|---|
| Content-Type | application/pkcs7-mime |
| Body | DER-encoded CMS EnvelopedData (or raw cert if encryption disabled) |