Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6907

ACME draft-12 update: New finalize workflow

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.14.0
    • Component/s: None
    • Labels:
      None
    • Stakeholder:
      R&D
    • Epic Link:
    • Sprint:
      EJBCA Sprint 14, EJBCA Sprint 15

      Description

      In ACME draft-06 the CSR was sent as part of the AcmeOrder, but this should now be sent afterwards to a finalize resource.

      We used to grab the identifiers (e.g. DNSNames) from the CSR, but we should now grab these for the Order and later ensure that we don't issue a certificate for any identifier by this one.

      The workflow test should be updated to correspond to these changes and are expected to work after this ticket.

      On a meta-level, this is probably also the place to perform CAA or similar type of validation.

      It is probably not a good idea to split this ticket into smaller pieces to ensure that the changed code really corresponds to the changes in the RFC.

      See also
      https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4
      https://tools.ietf.org/rfcdiff?url1=draft-ietf-acme-acme-06.txt&url2=draft-ietf-acme-acme-12.txt

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                amin Amin Khorsandi
                Reporter:
                johan Johan Eklund
                Verified by:
                Bastian Fredriksson
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 weeks
                  2w
                  Remaining:
                  Time Spent - 1 week, 2 days, 2 hours Remaining Estimate - 2 days, 6 hours
                  2d 6h
                  Logged:
                  Time Spent - 1 week, 2 days, 2 hours Remaining Estimate - 2 days, 6 hours
                  1w 2d 2h