ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

h1. Iteration 4

*Target:* CRL/OCSP, certificate detailed view

h2. Tasks

h3. Implement certificate revocation, add CRL distribution point and OCSP endpoint to certificate extensions

* One Rest API endpoint: POST /certificates/{id}/revoke body =  { reason: "<reason for revocation>"} 

with reason: [unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise].

The reason will be optional and if not present, unspecified is used. 

* Controller will call a method revoke_certificate(id) of CertificateService.

* Certificate service will call a CertificateRepository set_certificate_revoked(id, timestamp, reason) to set the certificate revoked.

* Database must be extended with the following data: revocation date (Unix timestamp, generated automatically by the CertificateService), bool flag if is revoked, the reason for revocation(may be implemented as a second table with revocation reason values).

* CertificateRepository shall expose the following method get_all_revoked_by(id) that returns all certificates that were issued by the given CA and are now revoked.

h3. Implement certificate deletion endpoint

h3. Implement endpoint for retrieving public/private key for each certificate

h3. Implement endpoint for retrieving all certificates issued by a given CA

h3. Implement creation OpenSSL index file

https://pki-tutorial.readthedocs.io/en/latest/cadb.html

h3. Implement CRL service and corresponding endpoint 

h3. Implement OCSP service and corresponding endpoint

h3. Logging

h3. Application initialization and DI

h3. Database initialization

h3. Dependency injection

h3. Certificate detailed view