Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

We should minimize the system dependency on the external components, particularly - availability of the CA that has been issued digital certificate.

  •  That's why we should check the digital signature using lists of the revoked certificates (offline check) instead of online call. Task
  •  There should be async process that will perform online check of all the digital signatures that has been checked using revoked lists. Task


Every time when DS service performs offline check, it should post message to KAFKA with topic "ds_online_verification" for online verification.

Independent subscriber should process all the messages with the topic ds_online_verification.

  • invoke CA
  • check validity of the DS
    • If it is valid - do nothing
    • If it is not valid:
      • check attempts_counter
        • if counter > configuration
          • save failed verification result to digital_signature DB
          • send warning email to administrator that includes verification_id and request_id.
        • else
          • put it back to the queue to be verified after X seconds (configuration)