From b37b8b0979a665fba897bb251d4b206c29936320 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 11 Jun 2021 11:06:48 -0400
Subject: [PATCH] Don't report a spurious error if no SCEP pkiMessage is ready
 yet

On a brand new request in the state op_pkcsreq there will be no
pkiMessage to send yet because there is no CSR yet.

It correctly detects this state but also displays the message:

    Error reading request.  Expected PKCS7 data containing a
    PKCSReq pkiMessage, got nothing.

This is confusing if the request eventually succeeds.

It really only needs to report this if it is passed in a file name
to read the message from, otherwise silently return
CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES.

The same issue existed in the op_get_cert_initial state.

https://bugzilla.redhat.com/show_bug.cgi?id=1253009
---
 src/scep.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/scep.c b/src/scep.c
index bf181bf..09bdb28 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -375,12 +375,14 @@ main(int argc, const char **argv)
 			if ((message == NULL) || (strlen(message) == 0)) {
 				if (poptPeekArg(pctx) != NULL) {
 					message = cm_submit_u_from_file(poptGetArg(pctx));
+					if ((message == NULL) || (strlen(message) == 0)) {
+						printf(_("Error reading request.  Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
+						return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
+					}
+				} else {
+					return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
 				}
 			}
-			if ((message == NULL) || (strlen(message) == 0)) {
-				printf(_("Error reading request, expected PKCS7 data.\n"));
-				return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
-			}
 			/* First step: read capabilities for our use. */
 			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
 		}
@@ -394,12 +396,14 @@ main(int argc, const char **argv)
 			if ((message == NULL) || (strlen(message) == 0)) {
 				if (poptPeekArg(pctx) != NULL) {
 					message = cm_submit_u_from_file(poptGetArg(pctx));
+					if ((message == NULL) || (strlen(message) == 0)) {
+						printf(_("Error reading request.  Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
+						return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
+					}
+				} else {
+					return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
 				}
 			}
-			if ((message == NULL) || (strlen(message) == 0)) {
-				printf(_("Error reading request, expected PKCS7 data.\n"));
-				return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
-			}
 			/* First step: read capabilities for our use. */
 			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
 		}
-- 
2.26.3