Iteration 4¶

Target: CRL/OCSP, certificate detailed view

Tasks¶

Implement certificate revocation, add CRL distribution point and OCSP endpoint to certificate extensions¶

• One Rest API endpoint: POST /certificates/{id}/revoke body = { reason: "<reason for revocation>"}
  with reason: [unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise].
  The reason will be optional and if not present, unspecified is used.
• Controller will call a method revoke_certificate(id) of CertificateService.
• Certificate service will call a CertificateRepository set_certificate_revoked(id, timestamp, reason) to set the certificate revoked.
• Database must be extended with the following data: revocation date (Unix timestamp, generated automatically by the CertificateService), bool flag if is revoked, the reason for revocation(may be implemented as a second table with revocation reason values).
• CertificateRepository shall expose the following method get_all_revoked_by(id) that returns all certificates that were issued by the given CA and are now revoked.

Implement certificate deletion endpoint¶

Implement endpoint for retrieving public/private key for each certificate¶

Implement endpoint for retrieving all certificates issued by a given CA¶

Implement creation OpenSSL index file¶

https://pki-tutorial.readthedocs.io/en/latest/cadb.html

Implement CRL service and corresponding endpoint¶

Implement OCSP service and corresponding endpoint¶

Logging¶

Application initialization and DI¶

Database initialization¶

Dependency injection¶

Certificate detailed view¶