| blob | f71d5dba13324efb275bee6ea75ea67086628951 |
1 <workflow>
2 <type>I18N_OPENXPKI_WF_TYPE_SCEP_REQUEST</type>
3 <description>I18N_OPENXPKI_WF_DESC_SCEP_REQUEST</description>
4 <persister>OpenXPKI</persister>
6 <state name="INITIAL">
7 <description>I18N_OPENXPKI_WF_STATE_SCEP_REQUEST_INITIAL</description>
8 <action name="extract_csr"
9 resulting_state="CSR_EXTRACTED">
10 </action>
11 </state>
13 <state name="CSR_EXTRACTED" autorun="yes">
14 <action name="null"
15 resulting_state="SIGNATURE_OK">
16 <condition name="valid_signature"/>
17 </action>
18 <action name="set_error_code_1"
19 resulting_state="FAILURE">
20 <condition name="!valid_signature"/>
21 </action>
22 </state>
24 <state name="SIGNATURE_OK" autorun="yes">
25 <action name="null"
26 resulting_state="RENEWAL">
27 <condition name="!is_initial_enrollment"/>
28 </action>
29 <action name="null2"
30 resulting_state="INITIAL_ENROLLMENT">
31 <condition name="is_initial_enrollment"/>
32 </action>
33 </state>
35 <state name="INITIAL_ENROLLMENT" autorun="yes">
36 <description>I18N_OPENXPKI_WF_STATE_SCEP_INITIAL_ENROLLMENT</description>
37 <action name="set_context_from_csr"
38 resulting_state="PENDING">
39 <condition name="initial_enrollment_allowed"/>
40 </action>
41 <action name="set_error_code_4"
42 resulting_state="FAILURE">
43 <condition name="!initial_enrollment_allowed"/>
44 </action>
45 </state>
47 <state name="RENEWAL" autorun="yes">
48 <description>I18N_OPENXPKI_WF_STATE_SCEP_RENEWAL</description>
49 <action name="null"
50 resulting_state="RENEWAL_ALLOWED">
51 <condition name="auto_renewal_allowed"/>
52 </action>
53 <action name="set_error_code_2"
54 resulting_state="FAILURE">
55 <condition name="!auto_renewal_allowed"/>
56 </action>
57 </state>
59 <state name="RENEWAL_ALLOWED" autorun="yes">
60 <description>I18N_OPENXPKI_WF_STATE_SCEP_RENEWAL_ALLOWED</description>
61 <action name="null"
62 resulting_state="NUMBER_OF_VALID_CERTS_CORRECT">
63 <condition name="correct_number_of_valid_certs"/>
64 </action>
65 <action name="set_error_code_2"
66 resulting_state="FAILURE">
67 <condition name="!correct_number_of_valid_certs"/>
68 </action>
69 </state>
71 <state name="NUMBER_OF_VALID_CERTS_CORRECT" autorun="yes">
72 <action name="set_context_from_original_cert"
73 resulting_state="TIMING_CORRECT">
74 <condition name="correct_timing"/>
75 </action>
76 <action name="set_error_code_2"
77 resulting_state="FAILURE">
78 <condition name="!correct_timing"/>
79 </action>
80 </state>
82 <state name="TIMING_CORRECT" autorun="yes">
83 <action name="persist_csr"
84 resulting_state="APPROVED">
85 <condition name="ACL::persist_csr"/>
86 <condition name="auto_approval_allowed"/>
87 <condition name="signed_using_original_cert"/>
88 </action>
89 <action name="null"
90 resulting_state="PENDING">
91 <condition name="auto_approval_allowed"/>
92 <condition name="!signed_using_original_cert"/> <!-- this is equivalent to self-signed -->
93 </action>
94 <action name="null2"
95 resulting_state="PENDING">
96 <condition name="!auto_approval_allowed"/>
97 <condition name="!signed_using_original_cert"/>
98 </action>
99 <action name="null3"
100 resulting_state="PENDING">
101 <condition name="!auto_approval_allowed"/>
102 <condition name="signed_using_original_cert"/>
103 </action>
104 </state>
107 <state name="PENDING">
108 <action name="I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_ROLE"
109 resulting_state="PENDING">
110 <condition name="ACL::change_csr_role"/>
111 </action>
112 <action name="I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_PROFILE"
113 resulting_state="PENDING">
114 <condition name="ACL::change_csr_profile"/>
115 </action>
116 <action name="I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_SUBJECT_STYLE"
117 resulting_state="PENDING">
118 <condition name="ACL::change_csr_subject_style"/>
119 </action>
120 <action name="I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_SUBJECT"
121 resulting_state="PENDING">
122 <condition name="ACL::change_csr_subject"/>
123 </action>
124 <action name="I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_SUBJECT_ALT_NAME"
125 resulting_state="PENDING">
126 <condition name="ACL::change_csr_subject_alt_name"/>
127 </action>
128 <action name="I18N_OPENXPKI_WF_ACTION_APPROVE_CSR"
129 resulting_state="APPROVAL">
130 <condition name="ACL::approve_csr"/>
131 </action>
132 <action name="I18N_OPENXPKI_WF_ACTION_REJECT_CSR"
133 resulting_state="FAILURE">
134 <condition name="ACL::reject_csr"/>
135 </action>
136 </state>
138 <state name="APPROVAL">
139 <description>I18N_OPENXPKI_WF_STATE_DESC_APPROVAL</description>
140 <action name="I18N_OPENXPKI_WF_ACTION_PERSIST_CSR"
141 resulting_state="APPROVED">
142 <condition name="ACL::persist_csr"/>
143 <condition name="Condition::check_csr_approvals"/>
144 </action>
145 <!-- perhaps we need more than one approval or -->
146 <!-- perhaps the first approval was from a not authorized role -->
147 <action name="I18N_OPENXPKI_WF_ACTION_APPROVE_CSR"
148 resulting_state="APPROVAL">
149 <condition name="ACL::approve_csr"/>
150 </action>
151 <action name="I18N_OPENXPKI_WF_ACTION_CANCEL_CSR_APPROVAL"
152 resulting_state="PENDING">
153 <condition name="ACL::cancel_csr_approval"/>
154 </action>
155 <action name="I18N_OPENXPKI_WF_ACTION_REJECT_CSR"
156 resulting_state="FAILURE">
157 <condition name="ACL::reject_csr"/>
158 </action>
159 </state>
161 <state name="APPROVED" autorun="yes">
162 <description>I18N_OPENXPKI_WF_STATE_DESC_APPROVED</description>
163 <action name="fork_cert_issuance_instance"
164 resulting_state="WAITING_FOR_CHILD">
165 </action>
166 </state>
168 <!-- if no autorun is available here, we are stuck in this state.
169 Every time a corresponding SCEP request comes in, the service
170 checks if we have an available action to execute and executes it -->
171 <state name="WAITING_FOR_CHILD">
172 <action name="child_finished_successfully"
173 resulting_state="SUCCESS">
174 <condition name="all_wf_children_instances_finished"/>
175 </action>
176 <!-- = set_error_code_2 -->
177 <action name="child_finished_failure"
178 resulting_state="FAILURE">
179 </action>
180 </state>
181 <state name="FAILURE" />
182 <state name="SUCCESS" />
183 </workflow>