Iteration 4 » Historie » Revize 6
Revize 5 (Jan Pašek, 2021-04-08 07:01) → Revize 6/14 (Jan Pašek, 2021-04-08 07:16)
h1. Iteration 4
*Target:* CRL/OCSP, certificate detailed view
h2. Tasks
h3. Implement certificate revocation, add CRL distribution point and OCSP endpoint to certificate extensions
* One Rest API endpoint: POST /certificates/{id}/revoke body = { reason: "<reason for revocation>"}
with reason: [unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise].
The reason will be optional and if not present, unspecified is used.
* Controller will call a method revoke_certificate(id) of CertificateService.
* Certificate service will call a CertificateRepository set_certificate_revoked(id, timestamp, reason) to set the certificate revoked.
* Database must be extended with the following data: revocation date (Unix timestamp, generated automatically by the CertificateService), bool flag if is revoked, the reason for revocation(may be implemented as a second table with revocation reason values).
* CertificateRepository shall expose the following method get_all_revoked_by(id) that returns all certificates that were issued by the given CA and are now revoked.
h3. Implement certificate deletion endpoint
h3. Implement endpoint for retrieving public/private key for each certificate
h3. Implement endpoint for retrieving all certificates issued by a given CA
h3. Implement creation OpenSSL index file
https://pki-tutorial.readthedocs.io/en/latest/cadb.html
h3. Implement CRL service and corresponding endpoint
h3. Implement OCSP service and corresponding endpoint
h3. Logging
h3. Application initialization and DI
h3. Database initialization
h3. Dependency injection
h3. Certificate detailed view