fix: base64 encoding mismatch for GET PKIOperation requests (#250)

EncodeSCEPRequest was using base64.URLEncoding (with - and _) but SCEP
servers expect base64.StdEncoding (with + and /). This caused "illegal
base64 data" errors when the client sent GET requests to servers that
don't support POST.

Fixes #249

Author: getvictor

server/transport.go

@@ -50,7 +50,9 @@ func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}
 		if len(req.Message) > 0 {
 			var msg string
 			if req.Operation == "PKIOperation" {
-				msg = base64.URLEncoding.EncodeToString(req.Message)
+				// Use standard base64 encoding (with + and /) as expected by SCEP servers.
+				// The subsequent params.Encode() call will URL-encode the + and / characters.
+				msg = base64.StdEncoding.EncodeToString(req.Message)
 			} else {
 				msg = string(req.Message)
 			}

server/transport_test.go

@@ -85,6 +85,23 @@ func TestGetCACertMessage(t *testing.T) {
 	}
 }
 
+func TestEncodeSCEPRequest_PKIOperation_UsesStdBase64(t *testing.T) {
+	// Data that encodes to "++++////" in standard base64
+	testData := []byte{0xfb, 0xef, 0xbe, 0xff, 0xff, 0xff}
+
+	req, _ := http.NewRequest("GET", "http://example.com/scep", nil)
+	scepserver.EncodeSCEPRequest(context.Background(), req, scepserver.SCEPRequest{
+		Operation: "PKIOperation",
+		Message:   testData,
+	})
+
+	// Verify message decodes correctly with StdEncoding (not URLEncoding)
+	msg := req.URL.Query().Get("message")
+	if _, err := base64.StdEncoding.DecodeString(msg); err != nil {
+		t.Fatalf("message should be valid standard base64: %v", err)
+	}
+}
+
 func TestPKIOperation(t *testing.T) {
 	server, _, teardown := newServer(t)
 	defer teardown()