Iteration 5¶

Target: User-provided private key, List filtering and pagination, Robots

Tasks¶

User-provided key¶

The application shall provide a possibility to provide his own private key or to let the application generate a key with a user-selected password.

Req: FR 1.1.2, 1.1.3, 1.1.4, 2.1.2, 2.1.3, 2.1.4

GUI¶

• Web GUI - The certificate creation page shall contain a new checkbox "Generate key pair".
• Web GUI - The certificate creation page shall contain a text field to specify a password for the private key.

Core¶

• Rest API shall enable a PEM encoded PK to be specified within the request for creating a certificate.
• Rest API shall enable a password to be specified within the request for creating a certificate.
  • If a password is present in the request and the private key is not present, the server generates a key protected by the given passphrase.
  • If a password is not present in the request and the private key is present, the server uses the given key. However, the server must do a check if the private key is
    not protected by a passphrase -> if yes, an error response is returned.
  • If both password and key are not present, the server generates a key without passphrase protection.
  • If both password and key are present, the server uses the given key and checks whether the given passphrase decyphers the key-> if not an error response is returned.

Validity check¶

The application shall provide an endpoint to verify the validity of the selected certificate.

Req: FR 1.3

GUI¶

• Web GUI - The certificate details page provides an indication of certificate validity.

Core¶

• Rest API shall provide an endpoint /api/certificate/{id}/status to query certificate status
• The application shall distinguish three types of status: valid, expired, revoked

Templating¶

Req: FR 8.1

GUI

• Web GUI - The certificate creation page shall provide a text area, that enables the user to specify his own extensions that will be added into the certificate.

• Specified extensions must follow the OpenSSL format

Core¶

• Rest API endpoint for creating a certificate shall accept extensions specification that will be passed to bottom layers and written into the certificate.
• If the user specifies wrong extensions (not in compliance with the OpenSSL), the CryptographyService throws a CryptographyException, that must be intercepted by the controller and the server shall not
  return code 500 in that case.

Robots¶

• The Web GUI shall be tested using automatic tests.
• The tests shall utilize the Robots framework with the Selenium backend.
• The test cases shall follow the user stories (user stories may require to be updated).
• The tests must be integrated into the CI/CD pipeline.