Iteration 4 » Historie » Revize 7
Revize 6 (Jan Pašek, 2021-04-08 07:16) → Revize 7/14 (Jan Pašek, 2021-04-08 07:16)
h1. Iteration 4 *Target:* CRL/OCSP, certificate detailed view h2. Tasks h3. Implement certificate revocation, add CRL distribution point and OCSP endpoint to certificate extensions * One Rest API endpoint: POST /certificates/{id}/revoke body = { reason: "<reason for revocation>"} with reason: [unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise]. The reason will be optional and if not present, unspecified is used. * Controller will call a method revoke_certificate(id) of CertificateService. * Certificate service will call a CertificateRepository set_certificate_revoked(id, timestamp, reason) to set the certificate revoked. * Database must be extended with the following data: revocation date (Unix timestamp, generated automatically by the CertificateService), bool flag if is revoked, the reason for revocation(may be implemented as a second table with revocation reason values). * CertificateRepository shall expose the following method get_all_revoked_by(id) that returns all certificates that were issued by the given CA and are now revoked. h3. Implement certificate deletion endpoint h3. Implement endpoint for retrieving public/private key for each certificate h3. Implement endpoint for retrieving all certificates issued by a given CA h3. Implement creation OpenSSL index file https://pki-tutorial.readthedocs.io/en/latest/cadb.html h3. Implement CRL service and corresponding endpoint h3. Implement OCSP service and corresponding endpoint h3. Logging h3. Application initialization and DI h3. Database initialization h3. Dependency injection h3. Certificate detailed view