Commit c6517823 authored by Vincent Pelletier's avatar Vincent Pelletier

certificate_authority: More documentation.

parent 2dd3c8d9
@startuml @startuml
title "Submitting a certificate signature request" title Automated Certificate Authority Service
actor User actor User
actor Trusted actor Trusted
actor Client
autonumber autonumber
User -> Authority : POST /request == Signing Request Submission ==
User -> Authority : POST the CRL
alt Sining request passes all checks alt Sining request passes all checks
Authority --> User : Signing request identifier Authority --> User : Signing request identifier
else else
Authority --> User : Error Authority --> User : Error
end end
Trusted -> Authority : GET /requests XXX: check plural with Romain Note over User : See "Certificate Retrieval"
== Certificate Production ==
Note over Trusted : See "Signing Request Submission"
Trusted -> Authority : GET (optional: with result range expression)
Authority --> Trusted : List of pending signing requests with their identifiers Authority --> Trusted : List of pending signing requests with their identifiers
Trusted -> Authority : GET /request with request identifier Trusted -> Authority : GET with request identifier
Authority --> Trusted : Signing request content Authority --> Trusted : Signing request content
alt Trusted agrees to prvoduce a signed certificate from the signing request alt Trusted agrees to prvoduce a signed certificate from the signing request
Trusted -> Authority : POST /sign with the signing request identifier Trusted -> Authority : POST with the signing request identifier
alt Sining request was still pending alt Sining request was still pending
Authority --> Trusted : Success Authority --> Trusted : Success
else else
Authority --> Trusted : Not found Authority --> Trusted : Not found
end end
else else
Trusted -> Authority : DELETE /request with the signing request identifier Trusted -> Authority : DELETE with the signing request identifier
Authority --> Trusted : Ok Authority --> Trusted : Ok
end end
== Certificate Retrieval ==
loop Until certificate obtained or request rejected loop Until certificate obtained or request rejected
User -> Authority : GET /certificate with signing request identifier User -> Authority : GET with signing request identifier
alt Signing request was signed alt Signing request was signed
Authority --> User : Certificate content Authority --> User : Certificate content
else else
Authority --> User : Not found Authority --> User : Not found
opt User wants to check request is still pending opt User wants to check request is still pending
User -> Authority : GET /request with signing request identifier User -> Authority : GET with signing request identifier
alt Sining request is still pending alt Sining request is still pending
Authority --> User : Signing request content Authority --> User : Signing request content
else else
...@@ -43,4 +54,28 @@ loop Until certificate obtained or request rejected ...@@ -43,4 +54,28 @@ loop Until certificate obtained or request rejected
end end
end end
end end
== Certificate Renewal ==
User -> Authority : POST with the still-valid CRT and a CRL
alt Renewal parameters consistent
Authority --> User : signing request identifier
else
Authority --> User : Error
end
Note over User : See "Certificate Retrieval"
== Certificate Revocation ==
User -> Authority : POST with the CRT
alt Revocation parameters consistent
Authority --> User : Ok
else
Authority --> User : Error
end
== Certificate Validity Check ==
Client -> Authority : GET (optional: with OCSP parameter)
Authority --> Client : Certificate revocation list
@enduml @enduml
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment