[rs-commit] r111 - in /rs-manual/trunk/src/site: resources/images/ xhtml5/mod/
rs-commit at redwax.eu
rs-commit at redwax.eu
Wed Oct 23 01:46:39 CEST 2019
Author: minfrin at redwax.eu
Date: Wed Oct 23 01:46:38 2019
New Revision: 111
Log:
Add the hook reference for the core mod_ca module.
Added:
rs-manual/trunk/src/site/resources/images/mod_ca-ca_certstore.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_getca.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_getcertstatus.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_getchain.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_getcrl.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_getnextca.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_gettime.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_makekey.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_makeserial.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_reqauthz.png (with props)
rs-manual/trunk/src/site/resources/images/mod_ca-ca_sign.png (with props)
Modified:
rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_certstore.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_certstore.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getca.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getca.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getcertstatus.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getcertstatus.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getchain.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getchain.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getcrl.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getcrl.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getnextca.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_getnextca.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_gettime.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_gettime.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_makekey.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_makekey.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_makeserial.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_makeserial.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_reqauthz.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_reqauthz.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/resources/images/mod_ca-ca_sign.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca-ca_sign.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5 (original)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca.xhtml5 Wed Oct 23 01:46:38 2019
@@ -2,53 +2,296 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
- <title>Virtual Library</title>
+ <title>mod_ca Module</title>
<meta name="description" content="Base module that ties frontend and backend modules together." />
<meta name="mod-ca-type" content="core" />
</head>
<body>
<div class="index align-left">
- <section>
- <header>
- <h2>My Header</h2>
- </header>
- <div class="content">
- <p>Moved to <a href="http://example.org/">example.org</a>.</p>
-
-<table>
-<tbody>
-<tr>
- <td>Description</td>
- <td>Foo</td>
-</tr>
-<tr>
- <td>Syntax</td>
- <td>Foo</td>
-</tr>
-<tr>
- <td>Default</td>
- <td>Foo</td>
-</tr>
-<tr>
- <td>Context</td>
- <td>Foo</td>
-</tr>
-<tr>
- <td>Status</td>
- <td>Foo</td>
-</tr>
-<tr>
- <td>Module</td>
- <td>Foo</td>
-</tr>
-<tr>
- <td>Compatibility</td>
- <td>Foo</td>
-</tr>
-</tbody>
-</table>
-
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>Core Module</h2>
+ <p>This module provides the hooks that tie frontend and backend modules together.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+
+ <p>This module provides a set of hooks that allow different hook
+ implementations to be plugged as required to build up a working
+ certificate authority.
+ </p>
+
+ <p>
+ Each hook implementation is a piece of a puzzle, the pieces of which
+ can be swapped out to meet the exact needs of a given certificate
+ authority. Only the hook implementations needed to meet a specific
+ objective need be deployed, and the configuration can be hardened
+ down to only those implementations required.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+ <section class="wrapper style1 align-center"
+ id="hook-reference">
+ <div class="inner">
+ <h2>Hook Reference</h2>
+ <p>
+ The following hooks are provided by this module.
+ </p>
+ <div class="index align-left">
+
+ <section id="ca_sign">
+ <header>
+ <h3><a href="mod_ca.html#ca_sign">Sign Request</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_sign.png" />
+ Signs the certificate sign request.
+ </p>
+
+ <p>
+ This hook receives a certificate sign request, and has the option
+ to the process the certificate sign request immediately and return
+ a signed certificate, or set aside the certificate sign request for
+ later processing, and return confirmation that the certificate sign
+ request was accepted.
+ </p>
+
+ <p>
+ This hook is typically mandatory, in that if a hook implementation
+ is not supplied, the request will fail.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getca">
+ <header>
+ <h3><a href="mod_ca.html#ca_getca">Get Certificate Authority</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getca.png" />
+ Returns the certificate authority certificate used to sign the request.
+ </p>
+
+ <p>
+ This is the last certificate in the certificate chain, and is usually
+ the root certificate.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getnextca">
+ <header>
+ <h3><a href="mod_ca.html#ca_getnextca">Get Next Certificate Authority</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getnextca.png" />
+ Returns the next certificate authority certificate that will be used to sign
+ future requests.
+ </p>
+
+ <p>
+ For protocols that support certificate rollover, the next certificate
+ authority certificate is provided by this hook on request.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getchain">
+ <header>
+ <h3><a href="mod_ca.html#ca_getchain">Get Chain</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getchain.png" />
+ Returns the chain of certificates used to sign the request.
+ </p>
+
+ <p>
+ The certificate chain consists of all certificates apart from
+ the last certificate specified in the file.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_makeserial">
+ <header>
+ <h3><a href="mod_ca.html#ca_makeserial">Make Serial</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_makeserial.png" />
+ Returns the serial number to be used while signing a certificate
+ sign request.
+ </p>
+
+ <p>
+ Hook implementations that issue a certificate immediately will typically
+ use this hook to provide the serial number to the signing process.
+ Alternatively, hook implementations that save the certificate sign
+ request for later processing, or that pass the certificate sign
+ request to external systems will rely on those external systems to
+ handle the serial number.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_makekey">
+ <header>
+ <h3><a href="mod_ca.html#ca_makekey">Make Key</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_makekey.png" />
+ Returns a generated public/private key pair.
+ </p>
+
+ <p>
+ Protocols that require that the public/private key pair be
+ generated by the certificate authority will call this hook.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_gettime">
+ <header>
+ <h3><a href="mod_ca.html#ca_gettime">Get Time</a></h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_gettime.png" />
+ Returns the time to be used for a given signature.
+ </p>
+
+ <p>
+ This hook is called when a protocol needs to know the time to
+ sign a certificate sign request, or when responding to a timestamp
+ request.
+ </p>
+
+ <p>
+ Hook implementations might source the time from the system, or
+ might source the time from dedicated hardware for this purpose.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_reqauthz">
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Request Authorization</a>
+ </h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_reqauthz.png" />
+ Verify the parameters
+ included with the certificate sign request, such as the
+ challenge password.
+ </p>
+
+ <p>
+ This hook is optional, in that if a hook implementation
+ is not supplied, the request will succeed.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_certstore">
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_certstore">Certificate Storage</a>
+ </h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_certstore.png" />
+ Store the newly generated certificate to locally or in a database
+ or directory.
+ </p>
+
+ <p>
+ This hook is optional, in that if a hook implementation
+ is not supplied, the request will succeed.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getcrl">
+ <header>
+ <h3>Get Certificate Revocation List</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getcrl.png" />
+ Returns the certificate revocation list.
+ </p>
+
+ <p>
+ The certificate revocation list might be stored on disk or in a
+ directory, or the certificate revocation list might be generated
+ on the fly.
+ </p>
+
+ </div>
+ </section>
+
+ <section id="ca_getcertstatus">
+ <header>
+ <h3>Get Certificate Status</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ <img class="image right" src="../images/mod_ca-ca_getcertstatus.png" />
+ Return the status of a specific certificate from
+ the certificate revocation list.
+ </p>
+
+ <p>
+ This hook is used for protocols where the status of a single certificate
+ can be queried.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
</div>
</section>
More information about the rs-commit
mailing list