From 8a4778325f6c7ed030e203308a145c193c48c4b4 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Oct 20 2020 19:22:16 +0000
Subject: Don't report a spurious error if no SCEP pkiMessage is ready yet


On a brand new request in the state op_pkcsreq there will be no
pkiMessage to send yet because there is no CSR yet.

It correctly detects this state but also displays the message:

    Error reading request.  Expected PKCS7 data containing a
    PKCSReq pkiMessage, got nothing.

This is confusing if the request eventually succeeds.

It really only needs to report this if it is passed in a file name
to read the message from, otherwise silently return
CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES.

The same issue existed in the op_get_cert_initial state.

https://bugzilla.redhat.com/show_bug.cgi?id=1253009

---

diff --git a/src/scep.c b/src/scep.c
index e384e8d..fb5b87e 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -384,13 +384,16 @@ main(int argc, const char **argv)
 			if ((message == NULL) || (strlen(message) == 0)) {
 				if (poptPeekArg(pctx) != NULL) {
 					message = cm_submit_u_from_file(poptGetArg(pctx));
+					if ((message == NULL) || (strlen(message) == 0)) {
+						printf(_("Error reading request.  Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
+						rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
+						goto done;
+					}
+				} else {
+					rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
+					goto done;
 				}
 			}
-			if ((message == NULL) || (strlen(message) == 0)) {
-				printf(_("Error reading request.  Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
-				rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
-				goto done;
-			}
 			/* First step: read capabilities for our use. */
 			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
 		}
@@ -404,13 +407,16 @@ main(int argc, const char **argv)
 			if ((message == NULL) || (strlen(message) == 0)) {
 				if (poptPeekArg(pctx) != NULL) {
 					message = cm_submit_u_from_file(poptGetArg(pctx));
+					if ((message == NULL) || (strlen(message) == 0)) {
+						printf(_("Error reading request.  Expected PKCS7 data containing a PKCSReq pkiMessage, got nothing.\n"));
+						rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
+						goto done;
+					}
+				} else {
+					rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
+					goto done;
 				}
 			}
-			if ((message == NULL) || (strlen(message) == 0)) {
-				printf(_("Error reading request.  Expected PKCS7 data containing a PKCSReq pkiMessage, got nothing.\n"));
-				rval = CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
-				goto done;
-			}
 			/* First step: read capabilities for our use. */
 			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
 		}