Update import aliases from microscep to smallscep

scep/api/api.go

@@ -14,7 +14,7 @@ import (
 
 	"github.com/go-chi/chi/v5"
 	"github.com/smallstep/pkcs7"
-	microscep "github.com/smallstep/scep"
+	smallscep "github.com/smallstep/scep"
 
 	"github.com/smallstep/certificates/api"
 	"github.com/smallstep/certificates/api/log"
@@ -320,7 +320,7 @@ func GetCACert(ctx context.Context) (Response, error) {
 		// create degenerate pkcs7 certificate structure, according to
 		// https://tools.ietf.org/html/rfc8894#section-4.2.1.2, because
 		// not signed or encrypted data has to be returned.
-		data, err := microscep.DegenerateCertificates(certs)
+		data, err := smallscep.DegenerateCertificates(certs)
 		if err != nil {
 			return Response{}, err
 		}
@@ -345,16 +345,16 @@ func GetCACaps(ctx context.Context) (Response, error) {
 
 // PKIOperation performs PKI operations and returns a SCEP response
 func PKIOperation(ctx context.Context, req request) (Response, error) {
-	// parse the message using microscep implementation
-	microMsg, err := microscep.ParsePKIMessage(req.Message)
+	// parse the message using smallscep implementation
+	microMsg, err := smallscep.ParsePKIMessage(req.Message)
 	if err != nil {
 		// return the error, because we can't use the msg for creating a CertRep
 		return Response{}, err
 	}
 
-	// this is essentially doing the same as microscep.ParsePKIMessage, but
+	// this is essentially doing the same as smallscep.ParsePKIMessage, but
 	// gives us access to the p7 itself in scep.PKIMessage. Essentially a small
-	// wrapper for the microscep implementation.
+	// wrapper for the smallscep implementation.
 	p7, err := pkcs7.Parse(microMsg.Raw)
 	if err != nil {
 		return Response{}, err
@@ -384,12 +384,12 @@ func PKIOperation(ctx context.Context, req request) (Response, error) {
 	// even if using the renewal flow as described in the README.md. MicroMDM SCEP client also only does PKCSreq by default, unless
 	// a certificate exists; then it will use RenewalReq. Adding the challenge check here may be a small breaking change for clients.
 	// We'll have to see how it works out.
-	if msg.MessageType == microscep.PKCSReq || msg.MessageType == microscep.RenewalReq {
+	if msg.MessageType == smallscep.PKCSReq || msg.MessageType == smallscep.RenewalReq {
 		if err := auth.ValidateChallenge(ctx, csr, challengePassword, transactionID); err != nil {
 			if errors.Is(err, provisioner.ErrSCEPChallengeInvalid) {
-				return createFailureResponse(ctx, csr, msg, microscep.BadRequest, err)
+				return createFailureResponse(ctx, csr, msg, smallscep.BadRequest, err)
 			}
-			return createFailureResponse(ctx, csr, msg, microscep.BadRequest, errors.New("failed validating challenge password"))
+			return createFailureResponse(ctx, csr, msg, smallscep.BadRequest, errors.New("failed validating challenge password"))
 		}
 	}
 
@@ -407,7 +407,7 @@ func PKIOperation(ctx context.Context, req request) (Response, error) {
 			// TODO(hs): ignore this error case? It's not critical if the notification fails; but logging it might be good
 			_ = notifyErr
 		}
-		return createFailureResponse(ctx, csr, msg, microscep.BadRequest, fmt.Errorf("error when signing new certificate: %w", err))
+		return createFailureResponse(ctx, csr, msg, smallscep.BadRequest, fmt.Errorf("error when signing new certificate: %w", err))
 	}
 
 	if notifyErr := auth.NotifySuccess(ctx, csr, certRep.Certificate, transactionID); notifyErr != nil {
@@ -448,7 +448,7 @@ func fail(w http.ResponseWriter, err error) {
 	http.Error(w, err.Error(), http.StatusInternalServerError)
 }
 
-func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info microscep.FailInfo, failError error) (Response, error) {
+func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info smallscep.FailInfo, failError error) (Response, error) {
 	auth := scep.MustFromContext(ctx)
 	certRepMsg, err := auth.CreateFailureResponse(ctx, csr, msg, scep.FailInfoName(info), failError.Error())
 	if err != nil {

scep/authority.go

@@ -9,8 +9,8 @@ import (
 	"sync"
 
 	"github.com/smallstep/pkcs7"
-	microscep "github.com/smallstep/scep"
-	microx509util "github.com/smallstep/scep/x509util"
+	smallscep "github.com/smallstep/scep"
+	smallscepx509util "github.com/smallstep/scep/x509util"
 
 	"go.step.sm/crypto/x509util"
 
@@ -203,14 +203,14 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
 	msg.pkiEnvelope = envelope
 
 	switch msg.MessageType {
-	case microscep.CertRep:
-		certs, err := microscep.CACerts(msg.pkiEnvelope)
+	case smallscep.CertRep:
+		certs, err := smallscep.CACerts(msg.pkiEnvelope)
 		if err != nil {
 			return fmt.Errorf("error extracting CA certs from pkcs7 degenerate data: %w", err)
 		}
 		msg.CertRepMessage.Certificate = certs[0]
 		return nil
-	case microscep.PKCSReq, microscep.UpdateReq, microscep.RenewalReq:
+	case smallscep.PKCSReq, smallscep.UpdateReq, smallscep.RenewalReq:
 		csr, err := x509.ParseCertificateRequest(msg.pkiEnvelope)
 		if err != nil {
 			return fmt.Errorf("parse CSR from pkiEnvelope: %w", err)
@@ -219,17 +219,17 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
 			return fmt.Errorf("invalid CSR signature; %w", err)
 		}
 		// extract the challenge password
-		cp, err := microx509util.ParseChallengePassword(msg.pkiEnvelope)
+		cp, err := smallscepx509util.ParseChallengePassword(msg.pkiEnvelope)
 		if err != nil {
 			return fmt.Errorf("parse challenge password in pkiEnvelope: %w", err)
 		}
-		msg.CSRReqMessage = &microscep.CSRReqMessage{
+		msg.CSRReqMessage = &smallscep.CSRReqMessage{
 			RawDecrypted:      msg.pkiEnvelope,
 			CSR:               csr,
 			ChallengePassword: cp,
 		}
 		return nil
-	case microscep.GetCRL, microscep.GetCert, microscep.CertPoll:
+	case smallscep.GetCRL, smallscep.GetCert, smallscep.CertPoll:
 		return errors.New("not implemented")
 	}
 
@@ -312,7 +312,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 	cert := certChain[0]
 
 	// and create a degenerate cert structure
-	deg, err := microscep.DegenerateCertificates([]*x509.Certificate{cert})
+	deg, err := smallscep.DegenerateCertificates([]*x509.Certificate{cert})
 	if err != nil {
 		return nil, fmt.Errorf("failed generating degenerate certificate: %w", err)
 	}
@@ -331,11 +331,11 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 			},
 			{
 				Type:  oidSCEPpkiStatus,
-				Value: microscep.SUCCESS,
+				Value: smallscep.SUCCESS,
 			},
 			{
 				Type:  oidSCEPmessageType,
-				Value: microscep.CertRep,
+				Value: smallscep.CertRep,
 			},
 			{
 				Type:  oidSCEPrecipientNonce,
@@ -374,8 +374,8 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 	}
 
 	cr := &CertRepMessage{
-		PKIStatus:      microscep.SUCCESS,
-		RecipientNonce: microscep.RecipientNonce(msg.SenderNonce),
+		PKIStatus:      smallscep.SUCCESS,
+		RecipientNonce: smallscep.RecipientNonce(msg.SenderNonce),
 		Certificate:    cert,
 		degenerate:     deg,
 	}
@@ -384,7 +384,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 	crepMsg := &PKIMessage{
 		Raw:            certRepBytes,
 		TransactionID:  msg.TransactionID,
-		MessageType:    microscep.CertRep,
+		MessageType:    smallscep.CertRep,
 		CertRepMessage: cr,
 	}
 
@@ -423,7 +423,7 @@ func (a *Authority) CreateFailureResponse(ctx context.Context, _ *x509.Certifica
 			},
 			{
 				Type:  oidSCEPpkiStatus,
-				Value: microscep.FAILURE,
+				Value: smallscep.FAILURE,
 			},
 			{
 				Type:  oidSCEPfailInfo,
@@ -435,7 +435,7 @@ func (a *Authority) CreateFailureResponse(ctx context.Context, _ *x509.Certifica
 			},
 			{
 				Type:  oidSCEPmessageType,
-				Value: microscep.CertRep,
+				Value: smallscep.CertRep,
 			},
 			{
 				Type:  oidSCEPsenderNonce,
@@ -469,16 +469,16 @@ func (a *Authority) CreateFailureResponse(ctx context.Context, _ *x509.Certifica
 	}
 
 	cr := &CertRepMessage{
-		PKIStatus:      microscep.FAILURE,
-		FailInfo:       microscep.FailInfo(info),
-		RecipientNonce: microscep.RecipientNonce(msg.SenderNonce),
+		PKIStatus:      smallscep.FAILURE,
+		FailInfo:       smallscep.FailInfo(info),
+		RecipientNonce: smallscep.RecipientNonce(msg.SenderNonce),
 	}
 
 	// create a CertRep message from the original
 	crepMsg := &PKIMessage{
 		Raw:            certRepBytes,
 		TransactionID:  msg.TransactionID,
-		MessageType:    microscep.CertRep,
+		MessageType:    smallscep.CertRep,
 		CertRepMessage: cr,
 	}
 

scep/scep.go

@@ -6,11 +6,11 @@ import (
 	"encoding/asn1"
 
 	"github.com/smallstep/pkcs7"
-	microscep "github.com/smallstep/scep"
+	smallscep "github.com/smallstep/scep"
 )
 
 // FailInfoName models the name/value of failInfo
-type FailInfoName microscep.FailInfo
+type FailInfoName smallscep.FailInfo
 
 // FailInfo models a failInfo object consisting of a
 // name/identifier and a failInfoText, the latter of
@@ -35,10 +35,10 @@ var (
 
 // PKIMessage defines the possible SCEP message types
 type PKIMessage struct {
-	microscep.TransactionID
-	microscep.MessageType
-	microscep.SenderNonce
-	*microscep.CSRReqMessage
+	smallscep.TransactionID
+	smallscep.MessageType
+	smallscep.SenderNonce
+	*smallscep.CSRReqMessage
 
 	*CertRepMessage
 
@@ -57,9 +57,9 @@ type PKIMessage struct {
 
 // CertRepMessage is a type of PKIMessage
 type CertRepMessage struct {
-	microscep.PKIStatus
-	microscep.RecipientNonce
-	microscep.FailInfo
+	smallscep.PKIStatus
+	smallscep.RecipientNonce
+	smallscep.FailInfo
 
 	Certificate *x509.Certificate