Skip to content

Commit def834d

Browse files
mikkbachmannmikkbachmann
authored
Merge pull request #3048 from nordic-institute/XRDDEV-2979
feat: As a Central Server Administrator I want to be able to define my TSA and OCSP as free or paid so that users can make a choice based on the information
2 parents 09b3e15 + c8e955d commit def834d

File tree

111 files changed

+4901
-239
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

111 files changed

+4901
-239
lines changed

development/hurl/scenarios/setup.hurl

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -172,6 +172,7 @@ POST https://{{cs_host}}:4000/api/v1/certification-services/{{ca_id}}/ocsp-respo
172172
X-XSRF-TOKEN: {{cs_xsrf_token}}
173173
[MultipartFormData]
174174
url: http://{{ca_host}}:8888
175+
cost_type: FREE
175176
certificate: file,ca/ocsp.pem;
176177

177178
HTTP 201
@@ -181,6 +182,7 @@ POST https://{{cs_host}}:4000/api/v1/timestamping-services
181182
X-XSRF-TOKEN: {{cs_xsrf_token}}
182183
[MultipartFormData]
183184
url: http://{{ca_host}}:8899
185+
cost_type: FREE
184186
certificate: file,ca/tsa.pem;
185187

186188

doc/Architecture/spec-al_x-road_audit_log_events.md

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Audit log events
22

3-
Version: 1.14
3+
Version: 1.15
44

55
Doc. ID: SPEC-AL
66

@@ -26,6 +26,7 @@ Doc. ID: SPEC-AL
2626
| 09.12.2023 | 1.12 | Management service TLS certificate | Eneli Reimets |
2727
| 29.01.2025 | 1.13 | Inactive token deletion | Eneli Reimets |
2828
| 17.03.2025 | 1.14 | Syntax and styling | Pauline Dimmek |
29+
| 28.10.2025 | 1.15 | Added cost type to tsa and ocsp responders | Mikk-Erik Bachmann |
2930

3031
## Table of Contents
3132

@@ -247,20 +248,20 @@ The audit log events related to configuration of the X-Road certification servic
247248
| Delete certification service | <ul><li>caId - the identifier of the deleted certification service</li></ul> |
248249
| Add intermediate CA | <ul><li>caId - the identifier of the selected certification service</li><li>intermediateCaId - the identifier of the intermediate CA added to the selected certification service</li><li>intermediateCaCertHash - the hash of the intermediate CA certificate</li><li>intermediateCaCertHashAlgorithm - the hash algorithm used to calculate value of the field intermediateCaCertHash</li></ul> |
249250
| Delete intermediate CA | <ul><li>intermediateCaId - the identifier of the deleted intermediate CA</li></ul> |
250-
| Add OCSP responder of certification service | <ul><li>caId - the identifier of the selected certification service</li><li>ocspId - the identifier of the OCSP responder added to the selected certification service</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
251-
| Add OCSP responder of intermediate CA | <ul><li>intermediateCaId - the identifier of the selected intermediate CA</li><li>ocspId - the identifier of the OCSP responder added to the selected intermediate CA</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
252-
| Edit OCSP responder | <ul><li>ocspId - the identifier of the edited OCSP responder</li><li>ocspUrl - the (new) URL of the edited OCSP responder</li><li>ocspCertHash - the (new) hash of the edited OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
251+
| Add OCSP responder of certification service | <ul><li>caId - the identifier of the selected certification service</li><li>ocspId - the identifier of the OCSP responder added to the selected certification service</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCostType - the cost type of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
252+
| Add OCSP responder of intermediate CA | <ul><li>intermediateCaId - the identifier of the selected intermediate CA</li><li>ocspId - the identifier of the OCSP responder added to the selected intermediate CA</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCostType - the cost type of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
253+
| Edit OCSP responder | <ul><li>ocspId - the identifier of the edited OCSP responder</li><li>ocspUrl - the (new) URL of the edited OCSP responder</li><li>ocspCostType - the (new) cost type of the edited OCSP responder</li><li>ocspCertHash - the (new) hash of the edited OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
253254
| Delete OCSP responder | <ul><li>ocspId - the identifier of the deleted OCSP responder</li></ul> |
254255

255256
#### 2.1.7 Timestamping Services Events
256257

257258
The audit log events related to configuration of the X-Road timpestamping services.
258259

259-
| Event | Data fields |
260-
|-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
261-
| Add timestamping service | <ul><li>tsaId - the identifier of the added timestamping service</li><li>tsaName - the name of the added timestamping service</li><li>tsaUrl - the URL of the added timestamping service</li><li>tsaCertHash - the hash of the timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
262-
| Edit timestamping service | <ul><li>tsaId - the identifier of the edited timestamping service</li><li>tsaName - the (new) name of the edited timestamping service</li><li>tsaUrl - the (new) URL of the edited timestamping service</li><li>tsaCertHash - the hash of the edited timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
263-
| Delete timestamping service | <ul><li>tsaId - the identifier of the deleted timestamping service</li><li>tsaName - the name of the deleted timestamping service</li><li>tsaUrl - the URL of the deleted timestamping service</li></ul> |
260+
| Event | Data fields |
261+
|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
262+
| Add timestamping service | <ul><li>tsaId - the identifier of the added timestamping service</li><li>tsaName - the name of the added timestamping service</li><li>tsaUrl - the URL of the added timestamping service</li><li>tsaCostType - the cost type of the added timestamping service</li><li>tsaCertHash - the hash of the timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
263+
| Edit timestamping service | <ul><li>tsaId - the identifier of the edited timestamping service</li><li>tsaName - the (new) name of the edited timestamping service</li><li>tsaUrl - the (new) URL of the edited timestamping service</li><li>tsaCostType - the (new) cost type of the edited timestamping service</li><li>tsaCertHash - the hash of the edited timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
264+
| Delete timestamping service | <ul><li>tsaId - the identifier of the deleted timestamping service</li><li>tsaName - the name of the deleted timestamping service</li><li>tsaUrl - the URL of the deleted timestamping service</li></ul> |
264265

265266
#### 2.1.8 Management Requests Events
266267

doc/DataModels/dm-cs_x-road_central_server_configuration_data_model.md

Lines changed: 22 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# X-Road: Central Server Configuration Data Model
22

3-
Version: 1.16
3+
Version: 1.17
44
Doc. ID: DM-CS
55

66
| Date | Version | Description | Author |
@@ -30,6 +30,7 @@ Doc. ID: DM-CS
3030
| 09.01.2025 | 1.14 | Restructure heading levels to work better with the documentation platform | Raido Kaju |
3131
| 21.03.2025 | 1.15 | Syntax dand styling fixes | Pauline Dimmek |
3232
| 30.04.2025 | 1.16 | Added maintenance mode related fields to security_servers table | Ovidijus Narkevičius |
33+
| 28.10.2025 | 1.17 | Added cost type columns to ocsp_infos and approved_tsas | Mikk-Erik Bachmann |
3334

3435

3536

@@ -295,16 +296,17 @@ New record creation process starts when an X-Road system administrator receives
295296

296297
#### 2.6.1 Attributes
297298

298-
| Name | Columns | Name | Columns |
299-
|:----------- |:-----------------:|:----------- |:-----------------:|
300-
| id [PK] | integer | NOT NULL | Primary key |
301-
| name | character varying(255) | | Name of the TSA, used in user interfaces. Technically, this is the subject name of the TSA certificate. |
302-
| url | character varying(255) | | URL that is used for sending time-stamping requests. Must correspond to the URL format. Cannot be NULL. |
303-
| cert | bytea | | TSA certificate that is used to verify issued time stamps. Stored in DER-encoded form. Cannot be NULL. |
304-
| valid_from | timestamp without time zone | | Start of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
305-
| valid_to | timestamp without time zone | | End of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
306-
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
307-
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
299+
| Name | Columns | Name | Columns |
300+
|:-----------|:---------------------------:|:---------|:-------------------------------------------------------------------------------------------------------:|
301+
| id [PK] | integer | NOT NULL | Primary key |
302+
| name | character varying(255) | | Name of the TSA, used in user interfaces. Technically, this is the subject name of the TSA certificate. |
303+
| url | character varying(255) | | URL that is used for sending time-stamping requests. Must correspond to the URL format. Cannot be NULL. |
304+
| cert | bytea | | TSA certificate that is used to verify issued time stamps. Stored in DER-encoded form. Cannot be NULL. |
305+
| valid_from | timestamp without time zone | | Start of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
306+
| valid_to | timestamp without time zone | | End of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
307+
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
308+
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
309+
| cost_type | character varying(255) | NOT NULL | Cost type of the TSA, either FREE, PAID or UNDEFINED. Cannot be NULL. |
308310

309311
### 2.7 AUTH_CERTS
310312

@@ -543,14 +545,15 @@ The record is created when a new OCSP responder needs to be registered for eithe
543545

544546
#### 2.17.2 Attributes
545547

546-
| Name | Type | Modifiers | Description |
547-
|:----------- |:-----------------:|:----------- |:-----------------:|
548-
| id [PK] | integer | NOT NULL | Primary key. |
549-
| url | character varying(255) | | URL of the OCSP server. Must correspond to the URL format. Cannot be NULL. |
550-
| cert | bytea | | Certificate used by the OCSP server to sign OCSP responses (in DER encoding). |
551-
| ca_info_id [FK] | integer | | ID of the CA info record this OCSP info belongs to. References id attribute of ca_infos entity. Cannot be NULL. |
552-
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
553-
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
548+
| Name | Type | Modifiers | Description |
549+
|:----------------|:---------------------------:|:----------|:---------------------------------------------------------------------------------------------------------------:|
550+
| id [PK] | integer | NOT NULL | Primary key. |
551+
| url | character varying(255) | | URL of the OCSP server. Must correspond to the URL format. Cannot be NULL. |
552+
| cert | bytea | | Certificate used by the OCSP server to sign OCSP responses (in DER encoding). |
553+
| ca_info_id [FK] | integer | | ID of the CA info record this OCSP info belongs to. References id attribute of ca_infos entity. Cannot be NULL. |
554+
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
555+
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
556+
| cost_type | character varying(255) | NOT NULL | Cost type of the OCSP server, either FREE, PAID or UNDEFINED. Cannot be NULL. |
554557

555558
### 2.18 REQUEST_PROCESSINGS
556559

0 commit comments

Comments
 (0)