We should minimize the system dependency on the external components, particularly - availability of the CA that has been issued digital certificate.
- That's why we should check the digital signature using lists of the revoked certificates (offline check) instead of online call. Task
- There should be async process that will perform online check of all the digital signatures that has been checked using revoked lists. Task
Every time when DS service performs offline check, it should post message to KAFKA with topic "ds_online_verification" for online verification.
Independent subscriber should process all the messages with the topic ds_online_verification.
- invoke CA
- check validity of the DS
- If it is valid - do nothing (or save verification results to DS DB)
- If it is not valid:
- check attempts_counter
- if counter > configuration
- save failed verification result to digital_signature DB
- send warning email to administrator that includes verification_id and request_id.
- else
- put it back to the queue to be verified after X seconds (configuration)
- if counter > configuration
- check attempts_counter