Skip to content

feat: As a Central Server Administrator I want to be able to define my TSA and OCSP as free or paid so that users can make a choice based on the information #3048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 29, 2025
Merged

feat: As a Central Server Administrator I want to be able to define my TSA and OCSP as free or paid so that users can make a choice based on the information #3048

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
14d2d70
feat: As a Central Server Administrator I want to be able to define m…
Oct 20, 2025
c8e955d
feat: As a Central Server Administrator I want to be able to define m…
Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions development/hurl/scenarios/setup.hurl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ POST https://{{cs_host}}:4000/api/v1/certification-services/{{ca_id}}/ocsp-respo
X-XSRF-TOKEN: {{cs_xsrf_token}}
[MultipartFormData]
url: http://{{ca_host}}:8888
cost_type: FREE
certificate: file,ca/ocsp.pem;

HTTP 201
Expand All @@ -181,6 +182,7 @@ POST https://{{cs_host}}:4000/api/v1/timestamping-services
X-XSRF-TOKEN: {{cs_xsrf_token}}
[MultipartFormData]
url: http://{{ca_host}}:8899
cost_type: FREE
certificate: file,ca/tsa.pem;


Expand Down
19 changes: 10 additions & 9 deletions doc/Architecture/spec-al_x-road_audit_log_events.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Audit log events

Version: 1.14
Version: 1.15

Doc. ID: SPEC-AL

Expand All @@ -26,6 +26,7 @@ Doc. ID: SPEC-AL
| 09.12.2023 | 1.12 | Management service TLS certificate | Eneli Reimets |
| 29.01.2025 | 1.13 | Inactive token deletion | Eneli Reimets |
| 17.03.2025 | 1.14 | Syntax and styling | Pauline Dimmek |
| 28.10.2025 | 1.15 | Added cost type to tsa and ocsp responders | Mikk-Erik Bachmann |

## Table of Contents

Expand Down Expand Up @@ -247,20 +248,20 @@ The audit log events related to configuration of the X-Road certification servic
| Delete certification service | <ul><li>caId - the identifier of the deleted certification service</li></ul> |
| Add intermediate CA | <ul><li>caId - the identifier of the selected certification service</li><li>intermediateCaId - the identifier of the intermediate CA added to the selected certification service</li><li>intermediateCaCertHash - the hash of the intermediate CA certificate</li><li>intermediateCaCertHashAlgorithm - the hash algorithm used to calculate value of the field intermediateCaCertHash</li></ul> |
| Delete intermediate CA | <ul><li>intermediateCaId - the identifier of the deleted intermediate CA</li></ul> |
| Add OCSP responder of certification service | <ul><li>caId - the identifier of the selected certification service</li><li>ocspId - the identifier of the OCSP responder added to the selected certification service</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
| Add OCSP responder of intermediate CA | <ul><li>intermediateCaId - the identifier of the selected intermediate CA</li><li>ocspId - the identifier of the OCSP responder added to the selected intermediate CA</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
| Edit OCSP responder | <ul><li>ocspId - the identifier of the edited OCSP responder</li><li>ocspUrl - the (new) URL of the edited OCSP responder</li><li>ocspCertHash - the (new) hash of the edited OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
| Add OCSP responder of certification service | <ul><li>caId - the identifier of the selected certification service</li><li>ocspId - the identifier of the OCSP responder added to the selected certification service</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCostType - the cost type of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
| Add OCSP responder of intermediate CA | <ul><li>intermediateCaId - the identifier of the selected intermediate CA</li><li>ocspId - the identifier of the OCSP responder added to the selected intermediate CA</li><li>ocspUrl - the URL of the added OCSP responder</li><li>ocspCostType - the cost type of the added OCSP responder</li><li>ocspCertHash - the hash of the added OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
| Edit OCSP responder | <ul><li>ocspId - the identifier of the edited OCSP responder</li><li>ocspUrl - the (new) URL of the edited OCSP responder</li><li>ocspCostType - the (new) cost type of the edited OCSP responder</li><li>ocspCertHash - the (new) hash of the edited OCSP responder certificate</li><li>ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash</li></ul> |
| Delete OCSP responder | <ul><li>ocspId - the identifier of the deleted OCSP responder</li></ul> |

#### 2.1.7 Timestamping Services Events

The audit log events related to configuration of the X-Road timpestamping services.

| Event | Data fields |
|-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Add timestamping service | <ul><li>tsaId - the identifier of the added timestamping service</li><li>tsaName - the name of the added timestamping service</li><li>tsaUrl - the URL of the added timestamping service</li><li>tsaCertHash - the hash of the timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
| Edit timestamping service | <ul><li>tsaId - the identifier of the edited timestamping service</li><li>tsaName - the (new) name of the edited timestamping service</li><li>tsaUrl - the (new) URL of the edited timestamping service</li><li>tsaCertHash - the hash of the edited timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
| Delete timestamping service | <ul><li>tsaId - the identifier of the deleted timestamping service</li><li>tsaName - the name of the deleted timestamping service</li><li>tsaUrl - the URL of the deleted timestamping service</li></ul> |
| Event | Data fields |
|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Add timestamping service | <ul><li>tsaId - the identifier of the added timestamping service</li><li>tsaName - the name of the added timestamping service</li><li>tsaUrl - the URL of the added timestamping service</li><li>tsaCostType - the cost type of the added timestamping service</li><li>tsaCertHash - the hash of the timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
| Edit timestamping service | <ul><li>tsaId - the identifier of the edited timestamping service</li><li>tsaName - the (new) name of the edited timestamping service</li><li>tsaUrl - the (new) URL of the edited timestamping service</li><li>tsaCostType - the (new) cost type of the edited timestamping service</li><li>tsaCertHash - the hash of the edited timestamping service certificate</li><li>tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash</li></ul> |
| Delete timestamping service | <ul><li>tsaId - the identifier of the deleted timestamping service</li><li>tsaName - the name of the deleted timestamping service</li><li>tsaUrl - the URL of the deleted timestamping service</li></ul> |

#### 2.1.8 Management Requests Events

Expand Down
41 changes: 22 additions & 19 deletions doc/DataModels/dm-cs_x-road_central_server_configuration_data_model.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# X-Road: Central Server Configuration Data Model

Version: 1.16
Version: 1.17
Doc. ID: DM-CS

| Date | Version | Description | Author |
Expand Down Expand Up @@ -30,6 +30,7 @@ Doc. ID: DM-CS
| 09.01.2025 | 1.14 | Restructure heading levels to work better with the documentation platform | Raido Kaju |
| 21.03.2025 | 1.15 | Syntax dand styling fixes | Pauline Dimmek |
| 30.04.2025 | 1.16 | Added maintenance mode related fields to security_servers table | Ovidijus Narkevičius |
| 28.10.2025 | 1.17 | Added cost type columns to ocsp_infos and approved_tsas | Mikk-Erik Bachmann |



Expand Down Expand Up @@ -295,16 +296,17 @@ New record creation process starts when an X-Road system administrator receives

#### 2.6.1 Attributes

| Name | Columns | Name | Columns |
|:----------- |:-----------------:|:----------- |:-----------------:|
| id [PK] | integer | NOT NULL | Primary key |
| name | character varying(255) | | Name of the TSA, used in user interfaces. Technically, this is the subject name of the TSA certificate. |
| url | character varying(255) | | URL that is used for sending time-stamping requests. Must correspond to the URL format. Cannot be NULL. |
| cert | bytea | | TSA certificate that is used to verify issued time stamps. Stored in DER-encoded form. Cannot be NULL. |
| valid_from | timestamp without time zone | | Start of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
| valid_to | timestamp without time zone | | End of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
| Name | Columns | Name | Columns |
|:-----------|:---------------------------:|:---------|:-------------------------------------------------------------------------------------------------------:|
| id [PK] | integer | NOT NULL | Primary key |
| name | character varying(255) | | Name of the TSA, used in user interfaces. Technically, this is the subject name of the TSA certificate. |
| url | character varying(255) | | URL that is used for sending time-stamping requests. Must correspond to the URL format. Cannot be NULL. |
| cert | bytea | | TSA certificate that is used to verify issued time stamps. Stored in DER-encoded form. Cannot be NULL. |
| valid_from | timestamp without time zone | | Start of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
| valid_to | timestamp without time zone | | End of validity period of the TSA's certificate. Extracted from the uploaded certificate. |
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
| cost_type | character varying(255) | NOT NULL | Cost type of the TSA, either FREE, PAID or UNDEFINED. Cannot be NULL. |

### 2.7 AUTH_CERTS

Expand Down Expand Up @@ -543,14 +545,15 @@ The record is created when a new OCSP responder needs to be registered for eithe

#### 2.17.2 Attributes

| Name | Type | Modifiers | Description |
|:----------- |:-----------------:|:----------- |:-----------------:|
| id [PK] | integer | NOT NULL | Primary key. |
| url | character varying(255) | | URL of the OCSP server. Must correspond to the URL format. Cannot be NULL. |
| cert | bytea | | Certificate used by the OCSP server to sign OCSP responses (in DER encoding). |
| ca_info_id [FK] | integer | | ID of the CA info record this OCSP info belongs to. References id attribute of ca_infos entity. Cannot be NULL. |
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
| Name | Type | Modifiers | Description |
|:----------------|:---------------------------:|:----------|:---------------------------------------------------------------------------------------------------------------:|
| id [PK] | integer | NOT NULL | Primary key. |
| url | character varying(255) | | URL of the OCSP server. Must correspond to the URL format. Cannot be NULL. |
| cert | bytea | | Certificate used by the OCSP server to sign OCSP responses (in DER encoding). |
| ca_info_id [FK] | integer | | ID of the CA info record this OCSP info belongs to. References id attribute of ca_infos entity. Cannot be NULL. |
| created_at | timestamp without time zone | NOT NULL | Record creation time, managed automatically. |
| updated_at | timestamp without time zone | NOT NULL | Record last modified time, managed automatically. |
| cost_type | character varying(255) | NOT NULL | Cost type of the OCSP server, either FREE, PAID or UNDEFINED. Cannot be NULL. |

### 2.18 REQUEST_PROCESSINGS

Expand Down
Loading
Loading