Feature #8571
Aktualizováno uživatelem Jan Pašek před téměř 4 roky(ů)
Implement certificate revocation endpoint and specify CRL/OCSP distribution points in extensions
* One Rest API endpoint: POST /api/certificates/{id}/revoke body = { reason: "<reason for revocation>"} with reason: [unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise].
* The reason will be optional and if not present, unspecified is used.
* Controller will call a method revoke_certificate(id) of CertificateService.
* Certificate service will call a CertificateRepository set_certificate_revoked(id, timestamp, reason) to set the certificate revoked.
* Database must be extended with the following data: revocation date (Unix timestamp, generated automatically by the CertificateService), bool flag if is revoked, the reason for revocation(may be implemented as a second table with revocation reason values).
* CertificateRepository shall expose the following method get_all_revoked_by(id) that returns all certificates that were issued by the given CA and are now revoked.
* Extensions of each certificate shall contain CRL and OCSP distribution points. Base URL of the server must be determined from the configuration
Requirements: FR 1.2.1, FR 2.2.1, FR 3.3
Reviewer: Stanislav Král