Commit c6517823 authored by Vincent Pelletier's avatar Vincent Pelletier

certificate_authority: More documentation.

parent 2dd3c8d9
@startuml
title "Submitting a certificate signature request"
title Automated Certificate Authority Service
actor User
actor Trusted
actor Client
autonumber
User -> Authority : POST /request
== Signing Request Submission ==
User -> Authority : POST the CRL
alt Sining request passes all checks
Authority --> User : Signing request identifier
else
Authority --> User : Error
end
Trusted -> Authority : GET /requests XXX: check plural with Romain
Note over User : See "Certificate Retrieval"
== Certificate Production ==
Note over Trusted : See "Signing Request Submission"
Trusted -> Authority : GET (optional: with result range expression)
Authority --> Trusted : List of pending signing requests with their identifiers
Trusted -> Authority : GET /request with request identifier
Trusted -> Authority : GET with request identifier
Authority --> Trusted : Signing request content
alt Trusted agrees to prvoduce a signed certificate from the signing request
Trusted -> Authority : POST /sign with the signing request identifier
Trusted -> Authority : POST with the signing request identifier
alt Sining request was still pending
Authority --> Trusted : Success
else
Authority --> Trusted : Not found
end
else
Trusted -> Authority : DELETE /request with the signing request identifier
Trusted -> Authority : DELETE with the signing request identifier
Authority --> Trusted : Ok
end
== Certificate Retrieval ==
loop Until certificate obtained or request rejected
User -> Authority : GET /certificate with signing request identifier
User -> Authority : GET with signing request identifier
alt Signing request was signed
Authority --> User : Certificate content
else
Authority --> User : Not found
opt User wants to check request is still pending
User -> Authority : GET /request with signing request identifier
User -> Authority : GET with signing request identifier
alt Sining request is still pending
Authority --> User : Signing request content
else
......@@ -43,4 +54,28 @@ loop Until certificate obtained or request rejected
end
end
end
== Certificate Renewal ==
User -> Authority : POST with the still-valid CRT and a CRL
alt Renewal parameters consistent
Authority --> User : signing request identifier
else
Authority --> User : Error
end
Note over User : See "Certificate Retrieval"
== Certificate Revocation ==
User -> Authority : POST with the CRT
alt Revocation parameters consistent
Authority --> User : Ok
else
Authority --> User : Error
end
== Certificate Validity Check ==
Client -> Authority : GET (optional: with OCSP parameter)
Authority --> Client : Certificate revocation list
@enduml
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment