• Łukasz Nowak's avatar
    KeDiFa: Initial implementation · f3a43056
    Łukasz Nowak authored
    Provided tools are kedifa and kedifa-getter.
    
    kedifa is a server to PUT and GET sensitive information, like SSL keys and
    certificates.
    
    kedifa-getter is a client to this server.
    
    As both are closely related to caucase, they allow to use information from
    caucase, like CA Certificate, to validate each other.
    
    Caucase is also used to generate certificates for kedifa-getter used to
    authenticate to kedifa.
    
    Extracted important points of development of the inital version:
    
     * kedifa and kedifa-getter has been implemented
     * TODOs list is kept for future improvements
     * IPv6 and SSL-only support came
     * API has been docstring documented
     * PUTting information is based on query string key authorisation
     * GETting information requires SSL authentication
     * only correct keys are stored in KeDiFa database
     * certificates are served orderd by theirs submission date
     * kedifa-csr has been implemented, and dropped, as started to become openssl
       req implementation
     * caucase.http has been used as base for wsgiref approach
     * caucase.utils has been used for certificate management
     * argparse has been used for command line arguments
     * time comparison has been done in python, instead of SQLite
     * reloading, in caucase way, has been implemented
     * CRLs are in-app checked only, as pythons implementation does not allow
       proper reloads
     * in critical places code raises instead of returning False, in order to
       disallow ignoring result value
     * ids to store data has to be reserved
    f3a43056
TODO.rst 537 Bytes