Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.2.3
    • Component/s: None
    • Labels:
      None

      Description

      EJBCA should publish certificate issuance and life cycle events (revoke and unrevoke) to Cert Safe server using the Cert Safe REST API.

      Publishing to the Cert Safe server will be implemented as a Custom Publisher in EJBCA. This is added in the list of available publishers in EJBCA as "org.ejbca.core.model.ca.publisher.CertSafePublisher".

      EJBCA Versions
      ----------------------
      For EJBCA versions other than version 6 the publisher should be developed in such a way that it can be added as a few new files in an ejbca-custom directory.

      A custom publisher should be developed for EJBCA 4, 5 and 6. The configuration is slightly easier in EJBCA 6 (drop down selection of custom publisher class instead of free type form), but the functionality can be the same in all releases.

      Publisher functions
      --------------------------

      • Test connection: will use the "GET /:account" API function.
      • storeCertificate (new issuance): will use the POST /:account/certificates API function
      • storeCertificate (revoke and unrevoke event): will use the POST /:account/certificates API function

      Configuration
      -------------------
      Configuration is done in the admin GUI with properties in the properties field. For example:

      certSafeAccountName=primekey
      certSafeClientKey=/etc/certsafe/key.pem
      certSafeClientCert=/etc/certsafe/cert.pem
      certSafeServerCA=/etc/certsafe/ca.pem
      connectionTimeout=10

      Non functional requirements
      -------------------------------------

      • Error handling, parsing and logging errors from Cert Safe server
      • Timeout on connection to Cert Safe server (default 10s)

      Development tasks
      ---------------------------

      • Develop REST API code for sending and receiving (parsing) requests and responses using https with client authentication.
      • Develop custom publisher
      • Develop simple Cert Safe server that can be used for testing and JUnit testing
      • Test against our own simple Cert Safe server
      • Test against real Cert Safe test server (provided by GlobalSign)
      • Porting to EJBCA 4, 5 and 6, including QA.
      • Documentation and “howto” docs for all versions of EJBCA.

        Attachments

        1. Basic Testing of CERT-SAFE API.docx
          17 kB
        2. CERT-SAFE API v0.pdf
          194 kB
        3. cert-safe-publisher.odt
          75 kB
        4. GENERIC CERT-SAFE PLUG-IN v01.docx
          53 kB
        5. localhost.jks
          3 kB
        6. managementca.jks
          0.9 kB
        7. RFP CERT-SAFE MSCA Plug-In.docx
          16 kB
        8. SSLClientWithJSON.jar
          56 kB
        9. SSLServerWithJSON.jar
          139 kB

          Activity

            People

            • Assignee:
              aveen Aveen Ismail
              Reporter:
              aveen Aveen Ismail
              Verified by:
              Tomas Gustavsson
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 6 weeks
                6w
                Remaining:
                Remaining Estimate - 6 weeks
                6w
                Logged:
                Time Spent - Not Specified
                Not Specified